On September 27, 2019, a South Korean court made a landmark ruling concerning local cryptocurrency exchange Coinone which could affect the way exchanges function going forward.
According to local news coverage of the filing, the Seoul Southern District Court wants the exchange to cover losses that occurred due to loopholes in its security policy. In this case, Coinone will have to pay about $21,000 (25 million Korean won) to an investor whose account was hacked last year. This ruling may set a precedent for other cryptocurrency exchanges, requiring them to compensate customers in the event of hacks or other security breaches.
Inadequate Safeguards
The Coinone theft in question occurred In December 2018, when an unnamed investor's login details were stolen. At the time, the attacker was reported to have hidden their IP address and location by employing a Virtual Private Network (VPN) based in the Netherlands.
Armed with anonymity, the attacker went on to convert the investor's funds into bitcoin, then withdrew those funds from the exchange in two separate transactions. At the time, the total value of the cryptocurrencies stolen was said to be about $39,500 (47.7 million won).
Though stories of cryptocurrency exchanges being hacked or breached were becoming common at the time, this case stood out because of a Coinone policy that mandated a 20 million won daily transaction limit on all accounts. If the withdrawal limit had been properly put in place, the hacker shouldn't have been able to empty the account.
The investor went on to sue the exchange, arguing two primary points: The first was that the exchange should have never allowed a withdrawal above the 20 million won limit and the second was that it should have blocked access from foreign IP addresses that were different from the usual access point of users.
A Win-Lose Verdict
In its resolution, the court's sentiment concerning the second argument favored the exchange, as it claimed that IP address restrictions weren’t a safeguard that the exchange was compelled to employ.
However, the court found reasonable fault with the exchange concerning a failure to enforce the daily transaction limit it put in place. Therefore, while the initial 20 million won stolen was ruled to be fair game, the court demanded that the investor should be compensated for additional losses above that amount.
The investor’s recovered amount represents just a fraction of what he lost in total. However, the ruling also shows that exchanges can now be held liable for enforcing the security policies that they set.
Increased Regulation for South Korean Exchanges
South Korea has been one of the most active nations concerning cryptocurrency regulations, with law enforcement agencies holding an impressive track record of prosecuting fraudulent exchanges and keeping others in check over their security.
In August 2019, the Financial Intelligence Unit (FIU), an arm of the country’s Financial Services Commission, announced a broad plan to regulate exchanges. According to a report from Business Korea, the FIU will be introducing a licensing system for local exchanges, with the aim of enhancing transparency in transactions.