Russia sets course for crypto framework, enforcement planned for 2027

BOK Staffers Assess Crypto Market Vulnerabilities and Their ImplicationsOn Thursday, the Bank of Korea’s (BOK) staff members published an assessment of the vulnerabilities in the cryptocurrency market and their potential implications. Here is the summary of the report.Photo by D Tan on Unsplash2022 crypto winterThroughout 2022, the worldwide crypto market faced a series of adverse occurrences, such as significant drops in the prices of major crypto-assets and the collapse of prominent crypto companies. These events shed light on the vulnerabilities that had accumulated during the rapid growth of the market.The first major event occurred in May 2022 when the algorithmic stablecoin TerraUSD experienced a sharp decline, resulting in substantial losses and bankruptcies for numerous retail investors and crypto firms. This incident significantly eroded confidence in the overall crypto market. The subsequent bankruptcies of prominent crypto lender Celsius and hedge fund Three Arrows Capital (3AC) further highlighted the realization of risks commonly associated with traditional financial markets, such as multiple collateral loans and maturity and liquidity mismatches, within the crypto market.In November 2022, the well-known crypto exchange FTX filed for bankruptcy, demonstrating that the activities of a large crypto company can propagate risks through moral hazard and excessive profit-seeking behavior when it operates outside the realm of regulatory oversight.Similarities with TradFiThese negative events that unfolded in the global crypto market in 2022 share similarities with issues previously observed in financial markets, such as unsustainable business models, liquidity risk, leverage, and lack of transparency in financial conditions. These parallels suggest that if the crypto markets were subjected to comparable levels of regulation as traditional financial markets, it is plausible that the triggering of these risks could have been avoided altogether, or at the very least, the resulting damage could have been mitigated to some extent.Implications for the Korean marketAt present, it is deemed unlikely that events akin to those witnessed in overseas crypto markets will transpire in the Korean market. The Korean crypto-asset market has primarily evolved through exchanges, with limited influence from other enterprises such as crypto issuers and decentralized lending platforms. In addition, Korean crypto exchanges are subject to regulation under the Act on Reporting and Using Specified Financial Transaction Information. This mandates the separation of customer deposits from exchange assets and the strict management of custodial crypto-assets through secure wallets. Additionally, Korean exchanges are prohibited from listing their own tokens on their platforms.However, there remains a dearth of information regarding the business structures of crypto companies that offer services similar to those in the traditional financial industry. This lack of information poses challenges in accurately assessing risk and providing adequate investor protection. Meanwhile, there is a potential for a deeper integration between the crypto market and users’ daily lives, particularly through major technology companies, gaming companies, and security tokens.SuggestionsIt is vital to ensure that crypto-assets are regulated based on the principle of “same activity, same risk, same regulation” through the ongoing development of crypto-asset-related legislation. The Financial Stability Board, an international body monitoring the global financial system, explained this principle in a 2022 paper: “Where crypto-assets and intermediaries perform an equivalent economic function to one performed by instruments and intermediaries of the traditional financial sector, they should be subject to equivalent regulation.”Additionally, it is necessary to stay aligned with major countries in terms of the speed and comprehensiveness of regulatory measures to prevent regulatory discrepancies across borders due to the global nature of crypto risks.Enhancing the effectiveness and efficiency of regulation requires the establishment and maintenance of a close cooperation system between authorities. This collaborative effort should encompass various aspects, including monitoring, information gathering, and supervision of the crypto-asset market. Notably, the widespread adoption of stablecoins can affect the stability of the overall financial system, including monetary systems and payment and settlement systems. Hence, it is necessary to strengthen the involvement of central banks in the monitoring and supervision framework for crypto-assets, including stablecoins, as demonstrated by legislative approaches adopted by major economies like the EU. Furthermore, imposing disclosure requirements, external audits, and documentation submission obligations on crypto-asset operators is advisable.

South Korean cryptocurrency exchange Flybit, which is operated by the Korean Fintech Industry Association, has passed the post-audit for its Information Security and Privacy Management System certification (ISMS-P), according to local news website News1 on Wednesday (KST).Photo by FlyD on UnsplashRigorous certification standardsThe ISMS-P is a security management system jointly operated by South Korea’s Ministry of Science and ICT and the Personal Information Protection Commission, representing the highest level of security management in the country. It combines 80 requirements for Information Security Management System (ISMS) certification and 22 requirements for Personal Information Management System (PIMS) certification, totaling 102 requirements that must be met. Once obtained, certification is valid for three years, and annual post-audits are required to maintain its validity. Flybit’s commitment to security"Cryptocurrency exchanges are businesses that manage customers' valuable assets. All Flybit members approach their work by recognizing the fact that the protection of personal information is our most important value,” the exchange said. "We will continually strive to maintain security accidents since the establishment of the exchange." Flybit first obtained the ISMS certification in December 2020 and the ISMS-P certification two years later in December 2022. The most recent ISMS-P follow-up audit was conducted last month. After a thorough examination, the results of the audit were delivered by the Korea Internet and Security Agency (KISA) on Dec. 12, which stated that the exchange could maintain its certification. In October last year, the firm also received the highest rating in the comprehensive anti-money laundering (AML) evaluation conducted annually by the Financial Intelligence Unit (FIU) under the Financial Services Commission.

Remitano Struck by $2.7M Alleged HackHacks have been an unfortunate constant in the crypto and DeFi space with that reality having been compounded by news that Seychelles-based crypto exchange Remitano is believed to have been the victim of a $2.7 million heist.Photo by Growtika on UnsplashSuspicious transactionsIt’s understood that the firm encountered highly suspicious transactions, with the $2.7 million having seemingly vanished from its wallet, all at the hands of a single account. The incident unfolded on Thursday and has left blockchain analysts speculating about a potential security breach.The Remitano hot wallet initiated transfers to an address devoid of any prior transaction history. These transfers amounted to approximately $1.4 million in Tether (USDT), $208,000 in USD Coin (USDC), and 104,000 ANKR tokens (valued at $2,000 at the time). Those transfers raised concerns about the security of the platform.Israeli blockchain analytics platform Cyvers promptly sounded the alarm, notifying the crypto community about these suspicious transactions that had drained significant sums from Remitano’s coffers. This sudden event raised concern within the crypto space and naturally among Remitano customers.Tether freezes wallet addressAmid the growing apprehension, Tether, the issuer of USD stablecoin USDT, took decisive action by freezing the address associated with the alleged attacker. This swift intervention effectively halted any further movement of $1.4 million worth of drained cryptocurrency. Tether’s proactive response could potentially have prevented additional loss, preserving customers’ assets from further depletion.Remitano had remained notably silent initially in the wake of this incident, declining to issue any formal statement regarding the breach. It has since acted, as on Friday, it published a statement relative to the issue on its website. The absence of communication from the exchange had only fueled greater speculation surrounding the incident. However, the statement outlined:”On September 14, 2023, our Security Management team discovered a data breach from a third-party source that had compromised some of our sensitive information. As a result, a small amount of funds from the exchange’s hot wallets were transferred to suspicious wallet addresses through unauthorized withdrawal transactions.”Remitano, recognized as a peer-to-peer cryptocurrency exchange and payment processor, primarily caters to users in emerging markets across several countries, including Pakistan, Ghana, Venezuela, Cambodia, Kenya, Malaysia, India, South Africa, Vietnam, and Nigeria.The firm sought to reassure its customers:”As of now, Remitano ensures that users’ assets have NOT been and will NOT be affected by this incident. We are working tirelessly to uphold our commitment to ensuring the security and protection of your crypto assets.”Remitano was established in 2015; it is operated by Babylon Solutions Limited, which is headquartered in the Seychelles.Unfortunately, this episode adds to the troubling trend of cryptocurrency exchange hacks witnessed in 2023. Authorities in the United States have attributed these attacks to the Lazarus Group, a notorious cyber-crime organization allegedly linked to the North Korean government which has wreaked havoc globally although disproportionately so within the Asian region.