Operating a crypto exchange can indeed be rather advantageous, though it comes with the looming threat of a digital break-in. This is a global phenomenon, however, running an exchange in South Korea might leave you shell-shocked. Barring any regulatory changes, crypto exchanges in South Korea will completely absorb the financial burden from breaches, not considering who's at fault.
Per reports As reported by The Korea Herald, an Asian news outlet, five digital exchanges have significantly scaled up their accountability to their users in cases of security breaches. By revising their service terms, these entities have adhered to a corrective guideline recommended by the Fair Trade Commission (FTC), the nation’s financial regulator.
Increased Liability
The report highlights that, way back in 2018, the FTC had advised that cryptocurrency exchanges within the region ought to enforce an updated service clause. Prior to this, South Korean exchanges weren't expected to cover cyber mishaps unless they resulted from their own negligence or system breakdown.
Nonetheless, according to the latest report, these trading platforms will now bear responsibility for any unauthorized transactions, irrelevant of where the fault may lie. Several of these platforms have made commendable progress in keeping track of errors and openly admitting to them.
Take Bithumb , as an illustrative case. The popular exchange had its latest breach back in March, stating it had detected unusual withdrawal patterns in its network. In the corresponding blog update, the exchange took accountability for the intrusion, asserting that although its defenses were sufficiently robust against outside threats, this particular incident involved 'insiders.'
[Notice????]
We sincerely apologize to our members for the hold-up in cryptocurrency deposit and withdrawal services and wish to assure you that your assets remain safe.
For more details >> https://t.co/dOvT78P0sK— Bithumb (@BithumbOfficial) March 30, 2019
While their statement mentioned the theft of approximately 3 million EOS (valued at around $12.5 million at the time) from exchange resources, a different report by The Block stated that approximately 20 million XRP (equivalent to about $6.2 million then) was also taken.
Unfair to Exchanges?
Undoubtedly, this escalation in liability could prove detrimental for any exchange that suffers a breach moving forward. Although many cyber incursions on crypto platforms can often be traced back to security lapses and neglect by the exchanges themselves, it might also be fair to say that users share a fraction of the responsibility.
As full responsibility now lies with the exchanges, they will need to compensate their clients while ensuring that these breaches don’t impact their financial stability.
Protecting customers must take precedence, even if it means redirecting potential profit margins to cover customer reimbursements, and existing reserves (for those possessing any) may deplete sooner than anticipated. As noted by Blockonomi reported , Bithumb reported a staggering net loss of $180 million last year.
Imposing total liability on exchanges does seem somewhat harsh, particularly when considering the extensive assets these platforms manage. If exchanges bear the entire brunt, it might inadvertently encourage users to be careless with their login details and private keys. Take the recent phishing scam on UPbit as a case in point.
Just last month, CoinDesk Korea reported that suspected cybercriminals sent emails to UPbit patrons under the guise of legitimate exchange communication. These impersonators feigned a giveaway competition, while their emails housed a dangerous attachment.
Named 'Event Winner Personal Information Collection and Usage Agreement.hwp,' this attachment was said to execute harmful code on a user’s system upon being accessed. However, UPbit swiftly identified the threat and took immediate action by publishing a statement , warning users against opening emails from the address '[email protected].'
Under the revised clauses, anyone who, perhaps due to oversight, failed to heed UPbit’s warning and disclosed their information to imposters would not be held responsible. Instead, all accountability would fall squarely on UPbit.
Historically, exchanges only focused on upholding the highest levels of security at their end. Nowadays, they must also depend on their customer base exercising awareness and diligence regarding security.
1Comment
This directive from the Korean FTC elevates the security standards considerably. Exchanges face the challenge of warding off attacks using typical single signature and multi-signature transaction authorization models.
Recently, threshold signatures have been gaining traction for bolstering security and mitigating the risk of pilfered or lost digital assets. Unlike multi-signature, threshold-signature setups allow exchanges to execute multi-party approvals without inflating transaction size or fees.
This enhances the feasibility for exchanges to fortify security using a tripartite approval mechanism.
1) The end-user validates transactions using personal credentials
2) The exchange confirms post-evaluation of credentials and alignment of the transaction with exchange regulations,
3) An accredited third party signs off following verification that the exchange hasn't been compromised and the transaction adheres to the exchange's policy.
Such methods significantly slash the risk of theft from both external and internal threats.
Sepior offers an insightful white paper on threshold signatures for those who wish to delve deeper. Visit: https://sepior.com/thresholdsig