Urgent Need for Gov't Regulation

Bithumb
Bithumb, Korea's largest virtuall currency exchange, was hacked on June 20.

Bithumb, the largest virtual currency exchange in Korea, announced on June 20 that it has suffered damage from hacking. Bithumb said 35 billion won (US$31 million) worth of virtual money was stolen, including Ripple.

The announcement fueled disbelief in the domestic cryptocurrency trading industry as a whole. At the same time, it highlighted the acute need for government regulations in virtual currency trading.

This hacking incident happened less than 10 days after Coinrail, a small-sized virtual currency exchange, had 40 billion won worth of virtual currency leaked due to hacking.

Prior to this, Yapizone had a 5.5 billion worth of damage in April last year. In December, after changing its name to Youbit, it was hacked again and 17.2 billion won worth of virtual currency was stolen.

Hacking incidents have occurred in the small and medium sized exchanges until now without having big repercussions but the situation is different this time. The news on Bithumb is shocking to the industry and investors as it is one of the largest exchanges in the industry and has been confident about its security as it invested heavily in the security sector.

Bithumb has released a press release in February, saying that it introduced the integrated security solution “Anlab Safe Transaction,” which is being used by established financial institutions, for the first time in the virtual money market.

Last month, it announced that it complied with the “5.5.7 Regulations,” a representative information protection clause of the financial industry.

This regulation is a recommendation from financial authorities that financial institutions allocate 5% of their manpower to information technology (IT), 5% of their IT manpower to information security, and 7% of their total budget to information protection.

According to Bithumb, as of May, IT personnel accounted for 21% of its workforce and those working for information protection took 10% of its IT personnel. In addition, about 8% of the annual spending budget is used for information protection activities.

The total number of employees of Bithumb, however, is 300, which is small compared to the number of its users.

The Korea Blockchain Association is trying to strengthen security by self-regulation. It advises exchanges to transfer 70% of their virtual money to "cold wallet," which is not connected with the Internet, but it is not sufficient.

As the regulation is autonomous, exchanges do not have the obligation to comply with it, nor do they hold themselves to a high level of regulation. There are 14 exchanges where the association conducts self-regulation reviews, which is just over half of the 23 member exchanges.

Four major exchanges, including Bithumb, Upbit, Cobit, and Coinone, have been designated for mandatory ISMS certification this year, but none have been certified yet.

Bithumb filed a preliminary application last month, and Upbit said it is preparing for a third-quarter review. Coinone said its goal is to apply in the second half of the year and be certified within the year.

The fact that there is only a small time gap between the damages to Coinrail and Bithumb raises a suspicion that there may be other victims.

Bithumb said unusual attacks have increased since the hacking of Coinrail. It is likely that Coinrail hackers have turned to Bithumb.

However, there are no signs of abnormal attacks on other major exchanges such as Upbit or Coinone.

The fact that most of the major exchanges in the virtual money market are involved in incidents shows the limitations of self-regulation in the industry.

Upbit was seized by the prosecutors on suspicion of "trading in books" without actually holding virtual money.

The CEO and executives of Coinone were booked without detention as its margin trading offered to its customers was considered gambling.

Kim Seung-joo, a professor of the Graduate School of Information Security at Korea University, said, "Domestic exchanges have poor conditions in terms of technology and security personnel. Since the exchanges are not legally bound, they should regulate themselves and invest in manpower, equipment, and budget.”

"There is a discussion on the government’s role. To regulate virtual currency exchanges, the nature of virtual currency should be defined and it should be put into a legal framework. The government, however, has yet to decide whether to put virtual currency within a legal framework,” said Kim.

Copyright © BusinessKorea. Prohibited from unauthorized reproduction and redistribution