South Korea’s Digital Asset eXchange Alliance (DAXA) has established a new standard to stop improper API key lending on virtual asset exchanges. The alliance announced the move on May 28, 2026. It was developed alongside the Financial Supervisory Service (FSS) and DAXA’s member exchanges.
API keys are credentials that connect external programs to exchange functions. These functions include price checks, order placement, and fund transfers. Some users had been lending or sharing these keys with others. Those keys were then used to carry out unfair trading, including price manipulation.
DAXA
Staged Enforcement Measures Target API Key Misuse
The new standard sets out a tiered response system for suspected API key lending. Exchanges will apply measures based on the assessed level of risk. The steps are applied in stages, not all at once.
Those stages include intensive monitoring, warning notices, and renewed identity verification. In higher-risk cases, exchanges will forcibly expire the API key. This cuts off unauthorised access immediately.
The staged approach gives exchanges flexibility. It also ensures that responses are proportionate to the level of suspected abuse.
IP Whitelist System Adds Another Layer of Security
Member exchanges will also roll out an IP whitelist system under the new standard. This system limits API key access to pre-registered IP addresses only. It blocks third parties from using a key even if they obtain it.
This technical safeguard directly addresses the method of exploitation. It prevents unauthorised parties from accessing accounts remotely. Users who register their own IP addresses and keep their keys private will not face disruption.
DAXA Executive Vice Chairman Outlines Priorities
DAXA Executive Vice Chairman Kim Jae-jin addressed the reasoning behind the standard.
“The new standard is part of member exchanges’ ongoing efforts to block unfair trading at the source,” Kim said.
He added that DAXA and its members would respond swiftly to new threats and enforce necessary measures with user protection as the top priority.
Kim’s statement reflects DAXA’s broader regulatory posture. The alliance has been expanding its self-regulatory reach across multiple areas this year. These include tightened withdrawal rules, internal control upgrades, and anti-money laundering compliance reviews.
The new API key standard reinforces South Korea’s position as one of the most actively regulated crypto markets globally. For traders using automated tools, the key takeaway is clear: API keys must stay personal, secured, and properly managed to avoid forced expiration.
Also Read: Indonesia Blocks Polymarket After Bets on Prabowo’s Presidency Spark Controversy
FAQS
Q1: What is DAXA’s new API key standard?
DAXA’s new standard requires virtual asset exchanges to detect and forcibly expire API keys that users have improperly loaned or shared with others.
Q2: Why did DAXA introduce this standard?
Shared API keys were being used to carry out unfair trading practices, including price manipulation. DAXA acted to close that security gap.
Q3: What happens if an exchange suspects improper API key lending?
Exchanges apply staged measures based on risk level. These include intensive monitoring, warning notices, renewed identity verification, and forced key expiration.
Q4: What is the IP whitelist system, and how does it help?
The IP whitelist system restricts API key access to pre-registered IP addresses only. It blocks unauthorised parties from using a key even if they obtain it.
Q5: Will legitimate API users be affected by this standard?
Users who keep their API keys private and register their own IP addresses should not face disruption. Only keys flagged for improper lending or sharing will be subject to enforcement action.
Disclaimer
The information provided is not trading advice, Crafmin holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
