As about 44.5 billion won worth of virtual assets were hacked at Upbit, the No. 1 domestic virtual asset exchange, the financial authorities are reviewing setting standards for security budgets and dedicated personnel at virtual asset exchanges. The financial authorities are also considering a plan to require a chief information security officer (CISO).
According to the industry on the 7th, the financial authorities are reviewing a plan to establish security obligations for virtual asset exchanges through the "Basic Act on Digital Assets." The Basic Act on Digital Assets, which the financial authorities are preparing with the aim of submitting to the National Assembly within the year, seeks to comprehensively regulate virtual asset operators, virtual asset transactions, and related infrastructure in a single law. It is additional legislation to cover areas not regulated by the current "Virtual Asset User Protection Act." The Financial Supervisory Service is reviewing, together with the obligation to designate a CISO at virtual asset exchanges, standards for security budgets and the size of dedicated personnel.
Currently, major domestic virtual asset exchanges Upbit, Bithumb, and Coinone have CISOs. That is because they are subject to the Act on Promotion of Information and Communications Network Utilization and Information Protection, led by the Korea Media and Communications Commission. The Act on Promotion of Information and Communications Network Utilization and Information Protection specifies that information and communications service providers must designate a CISO. However, since the supervising agency for virtual asset exchanges is the Financial Supervisory Service (FSS), the financial authorities plan to reflect the relevant provisions in the Basic Act on Digital Assets to raise the level of oversight.
The reason the financial authorities seek to strengthen information security is that hacking incidents occur frequently in the virtual asset industry. On the 27th of last month, a hacking incident occurred at Upbit, resulting in the external outflow of 44.5 billion won in assets. Upbit suspended all deposits and withdrawals, then resumed on the 1st, causing inconvenience to countless customers.
Lee Chan-jin, governor of the Financial Supervisory Service (FSS), criticized at a press briefing on the 1st, "Compared with other countries, Korea's investment in security systems is at a poor level." He added, "It must be properly recognized that if security is breached, a company can collapse. To instill the recognition that security is for survival, we will push for legal revisions to strengthen regulations to a level comparable to the Financial Investment Services and Capital Markets Act."
The Financial Investment Services and Capital Markets Act specifies that "there must be sufficient personnel and computer systems, and other physical facilities necessary to protect investors and to conduct the intended financial investment business." An official at the Financial Supervisory Service (FSS) said, "We are reviewing, from multiple angles, measures to strengthen security at virtual asset exchanges, such as designating a CISO and expanding physical facilities."