[Q&A] Crypto exchanges Bithumb, Upbit, Korbit get green light
[THE INVESTOR] The Korea Blockchain Association on July 11 said a dozen cryptocurrency exchanges received the green light during its inaugural self-regulatory review. They include Bithumb, Upbit, Korbit, Coinone, Dexko, Neoframe, Gopax, OKCoin Korea, Coinzest, Coinplug, Hanbitco and Huobi Korea.
Initially, 14 exchanges signed up for the evaluation in April, but two withdrew. The association declined to give further information about them.
The review, conducted by third-party experts, consisted of two parts: general review and security assessment.
Under the general review that inspected 28 criteria, the exchanges are required to have more than 2 billion won (US$1.78 million) in assets, disclose information of new coin listings, store at least 70 percent of cryptocurrency deposits in a “cold wallet,” prevent price manipulation and install a set of anti-money-laundering rules, among others.
The security assessment was conducted through four rounds of interviews with the security officers of the exchanges. In total, it reviewed 66 criteria within eight large sections, including user certification, network, wallet, server, access control, restoration, management and personal data protection.
“Passing the evaluation does not mean the exchanges have perfect security or service,” Jeon Ha-jin, chairman of the self-regulatory committee of the association, told reporters in Seoul. “They simply met the minimum standard required to protect users.”
The association -- composed of 23 exchanges -- said it will review the remaining 11 exchanges as soon as possible.
Following is the Q&A session during a related press conference.
Q: Can you disclose the evaluation results of individual exchanges?
A: We cannot give out the exact scores, as it could make some of them vulnerable to cyberattacks. The review is to certify that these exchanges are armed with minimum security standards to protect users. We plan to adopt a more systematic grading process in the next round.
Q: What caused the delay in the assessment that was supposed to be announced in June?
A: All 12 exchanges passed the general review. But for the security assessment, there was a huge gap between the exchanges in their level of cybersecurity. Nine of the exchange’s security systems were deemed insufficient compared to what we had expected. So we requested for modifications, which caused the delay.
Q: You began the self-review with 14 exchanges initially. What happened to the other two firms?
A: In April, 14 exchanges applied for self-evaluation. But two of exchanges felt they weren’t ready so they backed out, saying they will do it when they are ready. So only 12 exchanges conducted the self-review.
Q: Are all member exchanges required to pass self-regulatory measures?
A: When the association first kicked off with 23 member exchanges, we had not prepared the self-regulatory measures. But from now on, we are planning to make self-review as a prerequisite to gain membership of the association.
Q: Are you seeking to enroll a group insurance program for the exchanges?
A: We are currently reviewing three insurers -- Hanwha General Insurance, Hyundai Marine & Fire Insurance and DB Insurance, that have offered their program to us. But all the exchanges differ by asset size and transaction volumes. So we will soon select a preferred insurer for the association, and each exchange can contact the insurer to discuss the terms.
Q: Some exchanges are still unable to operate here because the banks are refusing to issue new real-name accounts. What’s the update? Would the exchanges that passed the self-review gain bank approval?
A: At the moment, no such discussion between the association and the banks or the government is going on.
Q: Despite the self-review initiative, hacking incidents are still occurring, including that of Bithumb. What is your position?
A: The self-review approval cannot prevent cyberattacks entirely. Exchanges with bigger assets are more vulnerable to such attacks because of their fund size. These exchanges have to continue to strengthen their security. There is no such thing as a safe exchange. The self-review is a minimum requirement to assure security.
By Ahn Sung-mi (firstname.lastname@example.org)