Korea moves on the trading bots quietly draining its order books

South Korea's Digital Asset Exchange Alliance (DAXA) has introduced a mandatory compliance standard requiring member exchanges to invalidate API keys suspected of being shared or lent to third parties. The move is a direct response to a specific and well-documented form of market abuse: programmatic spoofing, where traders hand over API access to allow bots to place and cancel large buy orders, creating artificial demand before selling into the resulting price bounce.

What the new rules require

The policy, announced on May 28, sets out a tiered response framework for member exchanges. When suspicious API-sharing behaviour is detected, platforms can issue warnings, force re-verification, or permanently expire the key. The response level scales with the assessed risk of the activity. Exchanges will also deploy IP whitelisting, restricting API key access to addresses pre-registered by the account holder. Critically, the rule does not ban API trading outright. As crypto.news noted, it specifically targets cases where users hand keys to others or allow third parties to trade through their accounts.

The five exchanges covered are @Official_Upbit, @BithumbOfficial, Coinone, Korbit, and Gopax, which together dominate South Korea's regulated crypto market. DAXA Executive Vice Chairman Jaejin Kim said the alliance and its members will respond swiftly to new threats and take strong measures wherever user protection demands it.

Why regulators are moving now

The scale of the problem is driving urgency. South Korea's Financial Supervisory Service (FSS) has said that API-based trading now accounts for roughly 30% of domestic crypto turnover, a share large enough that oversight gaps carry real market consequences. The FSS has warned that automated tools are being used to inflate volumes and distort token prices, citing patterns including repeated small trades, spoofed orders, and coordinated activity across multiple accounts.

The API crackdown fits into a broader regulatory push. Earlier in 2026, the FSS outlined plans to deploy AI-driven surveillance to detect abnormal price movements and identify coordinated trading networks. The DAXA standard gives exchanges a direct operational tool to act before enforcement becomes necessary, complementing the regulator's longer-term technology investment.

Sources:
crypto.news: South Korea's DAXA targets crypto API keys after 30% warning
The Asia Business Daily: DAXA Establishes Standards to Block Improper API Key Lending
Crypto Adventure: South Korea's DAXA Tightens Crypto Exchange API Controls