National Assembly recommends crypto exchanges use cold wallets
The National Assembly Research Service (NARS) said cryptocurrency exchanges should start considering ways to deposit assets in a cold wallet, or offline storage. The suggestion was part of the NARS’ annual summary report of issues in the 2020 parliamentary inspections. The policy committee and the strategy & finance committee under the National Assembly suggested methods to protect crypto traders from hacking attempts. “There should be an inspection to see if exchanges have equipment that can detect suspicious approaches to their system. In case the job is outsourced to external companies, there needs to be verification to see whether the client has a management system for monitoring,” said the report. “It is also necessary to develop ways that prevent illegal leakage of crypto assets by limiting methods of storage for exchange customers.” One example cited was Japan. In Jan. 2018, crypto assets saved at Coin Check were leaked. The incident provoked a heated debate in the country to think of ways to use cold wallets in managing assets. There are largely two forms of crypto asset storage — hot wallets and cold wallets. Hot wallet refers to a method where verification codes needed to trade crypto assets are kept online. Cold wallets, on the other hand, store passwords offline and are therefore deemed more effective security-wise. The Coin Check accident affected traders using the hot wallet system but none using the cold wallet system. From the case, the NARS report noted that Korean exchanges should consider storing crypto assets via cold wallets apart unless speed is required in trades or transfers. According to the Ministry of Science & ICT and the Korea Internet & Security Agency, crypto exchanges in the country have been subject to nine hacking attempts in the past five years. The total amount of damage done surpasses 126.6 billion won. Eight of nine cases incurred crypto asset leaks; and in the other one, customer information was leaked. Several exchanges involved in these cases failed to recover and went bankrupt. Yapizon was one of them. The exchange was hacked for 5.5 billion won worth of assets in April 2017 and six months later, the company changed its name to Youbit. But in December that year, it was attacked once again and lost 17 billion won. After that, it was acquired by Coinbean. Coinbean had also overcome several hacking incidents but eventually went bankrupt in Feb. 2019. Both institutions said in the report that it takes a considerable amount of time for exchanges to track down stolen crypto assets and return them to users. If crypto exchanges go bankrupt, users were often not able to withdraw their assets. Despite such damages, Korea still lacks a system that lays out the principles to cope with such a situation. The report urged that there needs to be constant monitoring and activities to prevent hacking attempts on crypto exchanges. The special finance act that will go into effect next March will oblige exchanges to register for business licenses with the Korea Financial Intelligence Unit. And in the process of obtaining that approval, they need to have their information security management system (ISMS) verified by qualified institutes. “Exchanges will need to obtain their ISMS certification before the implementation of the special finance act. But as hacking attempts can happen before that time, there needs to be a wide inspection to see whether exchanges without an ISMS have the capacity to fight back hackers,” the report said. https://www.blockmedia.co.kr/archives/148642 ※This article is published with the permission of Blockmedia.