Cryptocurrency exchanges in Korea are introducing an information security management system (ISMS) one after another to step up their cyber security. Gopax became the first domestic exchange to win the ISMS certification last month and Upbit, the largest crypto exchange, has completed the relevant certification. Other major exchanges including Bithumb are also ready to carry out the ISMS certification.

Upbit said Monday that it had won the certification from the Korea Internet & Security Agency (KISA). The exchange’s certification will be valid through 2021. Now Upbit became the first crypto exchange to win the certification among the four major exchanges designated by the Ministry of Science and ICT to undergo the certification. The ministry obliged Upbit and three other exchanges - Coinone, Bithumb and Korbit - to undergo the ISMS certification at the KISA last year.

The ISMS is a certification scheme concerning a comprehensive management system including technical and physical protection measures to secure the stability of information and communication networks. Last December the Ministry of Science and ICT obliged crypto exchanges over certain sizes in sales and visitors to face obligatory evaluations. The evaluation is to be conducted in 253 items with 104 inspection standards set.

Bithumb, Coinone and Korbit are also waiting to undergo the evaluation to win the certificate. “Upon being designated, we took measures to refine our system and have been waiting for the results of the evaluation since September. We expect to obtain the accreditation by the end of this year,” a Bithumb official said. A KISA official confirmed that the evaluation process of the three other exchanges is going on, saying, “Supplementary measures are taken for 90 days to make up for what is lacking. We asked each of them to take measures and they are being checked again.”

There has been a case of having won the certification, apart from the ministry’s obligation concerning the ISMS. For the first time in Korea, Gopax obtained the certificate last month, and two other smaller exchanges are reportedly going through the evaluation process.

Kim Ki-hong, an official at the ministry’s cyber security & threat management division, said, “Exchanges themselves are fully aware of the importance of security as security problems have hobbled them this year. Each exchange also has to name a chief information security officer (CISO) in addition to the ISMS obligation.” He also said that companies not in compliance with the ISMS obligation would face up to 30 million won in fines but penalties might be curtailed according to security measures.

/Eundong Shin Reporter edshin@decenter.kr

신은동 기자

edshin@decenter.kr