With about 44.5 billion won worth of virtual assets hacked at Upbit, Korea's No. 1 virtual asset exchange, the financial authorities will set standards for security budgets and dedicated personnel at virtual asset exchanges. The financial authorities are also considering requiring companies to appoint a chief information security officer (CISO).
According to the industry on the 7th, the financial authorities are preparing to introduce new security obligations for virtual asset exchanges through the Digital Assets Basic Act. The Digital Assets Basic Act, which the financial authorities aim to submit to the National Assembly within the year, seeks to comprehensively regulate virtual asset operators, virtual asset transactions, and related infrastructure in a single law. It is additional legislation to cover areas not regulated by the current Virtual Asset User Protection Act. The Financial Supervisory Service (FSS) is reviewing requirements to designate a CISO at virtual asset exchanges as well as standards for security budgets and the scale of dedicated personnel.
Currently, major domestic virtual asset exchanges Upbit, Bithumb, and Coinone have CISOs. That is because they are subject to the Act on Promotion of Information and Communications Network Utilization and Information Protection, led by the Korea Media and Communications Commission. The Act on Promotion of Information and Communications Network Utilization and Information Protection specifies that information and communications service providers must designate a CISO. However, because the agency supervising virtual asset exchanges is the Financial Supervisory Service (FSS), the financial authorities plan to reflect the relevant provisions in the Digital Assets Basic Act to raise the level of oversight.
The reason the financial authorities are moving to strengthen information security is the frequent hacking incidents in the virtual asset industry. On the 27th of last month, a hack at Upbit led to 44.5 billion won in assets leaking externally. Upbit suspended all deposits and withdrawals, then resumed them on the 1st, causing inconvenience to numerous customers.
Lee Chan-jin, governor of the Financial Supervisory Service (FSS), criticized at a press briefing on the 1st, "Compared with other countries, security system investment in Korea is at a poor level." He added, "They must fully recognize that if security is breached, it can be dangerous enough to bring down a company. To underscore that security is about survival, we will push to amend the law to strengthen regulations to a level comparable to the Financial Investment Services and Capital Markets Act."
The Financial Investment Services and Capital Markets Act specifies that an entity must have sufficient personnel, IT systems, and other physical facilities to protect investors and to conduct the intended financial investment business. An official at the Financial Supervisory Service (FSS) said, "We are reviewing various measures to strengthen security at virtual asset exchanges, including CISO designation and expansion of physical facilities."