Buy Crypto
Pay with
USD
USD
Buy & Sell
HOT
Buy and sell crypto via Apple Pay, cards, Google Pay, bank transfers, and more
P2P
0 Fees
Zero fees, 400+ payment options, and seamless cryptocurrency buying & selling
Gate Card
Offer easy crypto transactions globally
Markets
Trade
Trading Type
Trading Tools
Futures
Futures
Hundreds of contracts settled in USDT or BTC
Options
HOT
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Futures Kickoff
Get prepared for your futures trading
Futures Events
Participate in events to win generous rewards
Demo Trading
Use virtual funds to experience risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
NEW
Trade on-chain assets and enjoy airdrop rewards!
Futures Points
NEW
Earn futures points and claim airdrop rewards
Investment
Community
Square
Gate Fun
Share your post and stay informed about crypto and beyond
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
web3
Web3
More
Promotions
Beginner's Guide
giveaways
Rewards Hub
Square
Latest
Hot
News
Profile

Widespread Lack of Security Certification on South Korean Exchanges, Top Platforms Allocate Only 10% of Budget to Security

SignatureVerifiervip

[Crypto World] South Korea’s crypto exchanges have exposed yet another security loophole. The latest report from the Internet Security Agency shows that many platforms haven’t even obtained the most basic personal information protection certifications.

Among the six illegal crypto exchanges registered with the financial intelligence unit this year, five only received the basic ISMS certification—which doesn’t cover personal information protection at all. To make things more awkward, mainstream platform GOPAX hasn’t obtained the ISMS-P certification either. What’s the difference between these two certifications? The former only looks at system security, while the latter covers how you protect user privacy.

The investment data from major platforms is even more telling. Financial reports submitted by Upbit, Bithumb, and GOPAX to the security agency show they allocate around 10% of their total IT budget to information security—sounds like a lot? But security team members only account for 9% to 12.5% of their staff. With this setup, a 100-person tech team might have only about a dozen people monitoring security vulnerabilities.

Coinone and Korbit, ranked third and fourth, don’t even voluntarily disclose their security measures. Disclosure is required by regulators, but in practice, it’s all on the honor system—this approach has become the norm in the Korean market.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 7
  • Repost
  • Share
Comment
0/400
0xDreamChaservip
· 12-07 07:49
This move by the Korean exchange is really... Only a dozen people on the security team guarding the entire platform? Isn't that like trying to stop bullets with chopsticks?
View OriginalReply0
ChainMemeDealervip
· 12-06 23:17
The Korean exchange's security investment in these ten minutes is hilarious. Out of a hundred people, only about ten are working on security? That's no different from having no security at all.
View OriginalReply0
SignatureLiquidatorvip
· 12-06 18:55
Damn, top Korean exchanges only allocate 10% of their budget to security? Isn’t that just giving up? --- GOPAX hasn’t even obtained ISMS-P? So even mainstream platforms are slacking off. --- A hundred-person team with only ten people on security, isn’t that just asking to get exploited? --- Incomplete certifications and insufficient funding—how can users feel safe with their coins? --- They even dare to skip basic privacy protection certifications—how far are they from an exit scam? --- No wonder Korean exchanges have frequent incidents; with such low investment, who can handle it? --- Around 10% of the budget feels just like a formality. Real security requires serious money. --- They can’t even tell ISMS from ISMS-P—is this really the state of Korean platforms? --- With security teams making up less than 15%, these exchanges really don’t care about users’ assets. --- Looking at this data, I don’t even dare to touch coins on Korean exchanges anymore.
View OriginalReply0
DegenWhisperervip
· 12-04 08:28
The way Korean exchanges operate is really terrible. Ten people trying to keep an eye on a hundred vulnerabilities—who could possibly handle that?
View OriginalReply0
memecoin_therapyvip
· 12-04 08:21
The way these Korean exchanges operate, it's basically "I have a budget but I won't use it." They can't even get ISMS-P, yet they have the nerve to call themselves top platforms? Ten people watching over vulnerabilities in a hundred people-sized system—this is playing with fire. All these platforms care about is rushing to the blockchain, but their security investments are just for show. They throw money at it but not manpower. How uncomfortable must that be for users’ assets? GOPAX got hit too? Are there any safe exchanges left in Korea, haha. A 10% budget allocation sounds okay, but with such a shabby staffing setup... issues are to be expected, right? Yet another "massive pitfall" level security failure. Who knows how many people are still trapped here.
View OriginalReply0
StillBuyingTheDipvip
· 12-04 08:21
The way Korean exchanges operate, no wonder they keep getting criticized. A 10% budget assigned to 9 people—who came up with this math problem?
View OriginalReply0
0xLostKeyvip
· 12-04 08:11
The security level of Korean exchanges is really something else—ten people watching over a hundred vulnerabilities, they must have a lot of free time. This is why I diversify my assets and don’t trust any single platform. GOPAX hasn’t even sorted out basic authentication? How unprofessional is that? Keeping money on exchanges is playing with fire, it’s more reliable to protect yourself. This report from the Internet Security Agency is harsh—even the top platforms are so sloppy. Looking at it this way, there’s a huge gap between ISMS and ISMS-P; I bet a lot of people on these platforms get them mixed up. With such a low proportion of investment in security, it’s no surprise when things go wrong. Forget it, I’m done with Korean exchanges—the risk is just too high. With this kind of budget allocation, it’s only a matter of time before something blows up. Someone should have cracked down on this long ago.
View OriginalReply0
  • Pin
Sitemap
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate App
Community
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)
    • About UsCareersNewsroomSponsor of Oracle Red Bull RacingFC Inter Official Sleeve PartnerUser AgreementRisk WarningPrivacy PolicyCookie PolicyMedia KitProof of ReservesLicenseSecurityGateToken (GT)GUSDGate ChainGate EventsLaw EnforcementSummitsGate Ventures
    P2PConvert & Block TradingSpot TradingFutures TradingStocksAlphaMarginLeveraged TokensNFTGate PayGate LifeGift CardGate OTCGate CharityGate ShopWeb3Gate Perp DEXGate Vault
    VIP BenefitsInstitutionalUser FeedbackAnnouncementFeesHelp CenterSubmit a RequestListingSmart Contract SecurityDevelopersVerification SearchP2P Merchant ApplicationAffiliate ProgramCrypto CalendarCross-Chain Solution
    Gate LearnCrypto CoursesCrypto GlossaryCryptocurrency PricesBig DataBitcoin HalvingEthereum (ETH) UpgradeCrypto WikiCrypto Calculator