South Korea’s DAXA rolls out new API key rules targeting price manipulation and unfair crypto trading across major exchanges.
South Korea is tightening its grip on crypto trading. The Digital Asset Exchange Alliance
(DAXA) rolled out a new compliance standard on May 28.
The policy targets the improper lending of API keys across member exchanges.
Automated trading makes up roughly 30% of domestic crypto turnover, according to the Financial Supervisory Service. The move signals a sharper regulatory focus on market fairness.
Read also:
South Korea’s Forex Law Shakeup Could Reshape Crypto Trading
DAXA’s New API Key Policy Explained
API keys are credentials that allow users to interact with crypto exchanges. They enable functions like order placement, balance checks, and fund transfers.
DAXA says some users have been lending or sharing these keys with third parties. Those third parties then use the keys to carry out unfair trading practices, including price manipulation.
Under the new standard, exchanges will monitor suspicious API activity closely.
If a key shows signs of improper sharing, the platform can issue warnings. It can also force re-authentication or permanently expire the key. The response level depends on the assessed risk of the activity.
DAXA stated that the policy applies across all its member companies. Upbit, Bithumb, Coinone, Korbit, and Gopax all fall under this framework. Each exchange is now expected to meet the new compliance requirements consistently.
South Korea’s DAXA Tightens Crypto Exchange API Controls
South Korea’s Digital Asset Exchange Alliance (DAXA) introduced a new compliance standard requiring member exchanges to invalidate API keys suspected of improper sharing. The FSS said automated trading accounts for around… pic.twitter.com/OPtnSEeqso
— Wu Blockchain (@WuBlockchain) May 29, 2026
Stronger Security Systems Across Member Exchanges
Beyond monitoring, DAXA is pushing exchanges to upgrade their security infrastructure.
One key measure is the introduction of IP whitelisting. This system restricts API key access to pre-registered IP addresses only.
The change means that even if someone obtains another user’s API key, they cannot use it from an unregistered device or location. It adds a practical barrier against unauthorized access. Exchanges will also require users to re-verify their identity following warning notifications.
These steps reflect a broader push to close loopholes that bad actors have exploited. The combination of monitoring, alerts, and technical controls creates a layered defense.
DAXA believes the approach addresses both current threats and future risks.
What This Means for Crypto Market Integrity
DAXA’s Executive Vice Chairman, Jaejin Kim, spoke directly to the intent behind the policy.
He said the alliance and its member companies will respond quickly to new threats. Kim added that strong measures will follow wherever user protection demands it.
The crackdown comes as South Korean regulators pay closer attention to automated trading.
With nearly a third of crypto volume tied to automated systems, oversight gaps carry real market consequences. Addressing API misuse directly targets one route through which manipulation enters the market.
DAXA has not announced a specific enforcement date for the new measures. However, the policy is already in effect as a binding standard for all member exchanges.