Hacks Force South Korean Exchanges to Seek ISO 27001 Accreditation

Tim Alper
Last updated: | 1 min read

Korbit, one of South Korea’s largest and longest-running exchanges, has announced that it has obtained the ISO 27001 information security standard, making it the first major platform in the country to do so.

Source: iStock/Luca_Daviddi

The news comes around a week after rival exchange GoPax – a newer platform – claimed to be the first in the country to obtain ISO 27001 certification. A number of other South Korean exchanges are also thought to be pursuing accreditation.

The certification is issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), who require companies to meet 114 examination criteria across 14 areas in order to obtain certification.

News agency Yonhap quotes Korbit’s Chief Information Security Officer, Kim Jong-won, as saying, “Gaining ISO 27001 certification [proves] that Korbit’s system is exceptionally secure.”

However, some claim that security levels remain lax at South Korean exchanges. Media outlet eToday reports that a government audit of 21 of the country’s exchanges conducted earlier this year revealed that all had failed to meet Seoul’s security guidelines.

Per the Wall Street Journal, Kimberly Grauer, a senior economist at an American blockchain analysis firm, South Korean exchanges are growing exponentially, but their security networks often lag behind.

Exchanges are hoping to turn around what has been a tumultuous year for them so far, with multiple hacks, as well as fraud allegations and other controversies. Bithumb, one of the country’s “big two” exchanges recently pledged to meet government security guidelines for financial services companies. The company is also hoping to launch operations in Japan and Thailand, and has applied for operating licenses in both countries.

Bithumb’s biggest rival, Upbit, has famously “never been hacked,” and earlier this month claimed its security system had caught an attempted voice phishing attack on a customer – leading to a police arrest.