[New Wave] Virtual Asset Trading Requires Prior Strengthening of Personal Security Awareness

The so-called virtual asset investment "boom" continues, and cybercrimes related to it are rapidly increasing as well. Recently, users of a virtual asset exchange experienced crimes where their personal mobile phones were hacked, and virtual assets stored in the exchange were withdrawn within minutes without their knowledge, prompting the police to launch an investigation. Additionally, phishing and smishing cases impersonating virtual asset exchanges have been reported daily, making related crimes a significant social issue.

According to the Ministry of Science and ICT and the National Police Agency, 32 fake websites disguised as exchanges were discovered in the past three months, and the number of virtual asset-related crimes apprehended in 2020 increased by 3.3 times compared to the previous year. In response, the Ministry of Science and ICT and the National Police Agency announced plans to strengthen a 24-hour monitoring system for detecting and blocking hacking and phishing sites related to virtual assets and are working on countermeasures.

What is the most important factor for safe virtual asset trading? While it is important for exchanges to establish investor protection measures and enhance security, above all, investors themselves must have thorough security awareness. Especially in cases where personal information or virtual assets are stolen through increasingly common phishing or smishing tactics, it is difficult for exchanges to respond actively. Criminal methods targeting investors are becoming more sophisticated and cunning. Furthermore, since the government does not yet recognize virtual assets as financial assets and it is difficult to identify suspects due to the nature of virtual assets, strict adherence to security rules and special caution at the individual level are required.

The most representative form of cybercrime related to virtual assets is inducing users to access fake websites impersonating exchanges to steal information such as IDs, passwords, and OTPs. Attackers then use the stolen personal information to access the actual exchange and withdraw virtual assets without the investor’s knowledge. Therefore, individual users should be cautious of emails and SMS messages impersonating virtual asset exchanges. Do not click on suspicious URLs included in emails or SMS messages sent under the exchange’s name, and always check whether the URL in the address bar is the actual site address before logging into the exchange site.

Another form of damage involves distributing malicious code embedded in browser extensions to steal virtual assets. Malicious code hidden in extensions that users unknowingly install on their PCs or mobiles secretly changes the withdrawal address to the attacker’s address when the user withdraws virtual assets, causing the withdrawal request to be sent to the attacker’s address instead of the user’s. There are also malicious codes that steal private keys, which serve as passwords on online-based virtual asset personal wallet sites. If the private key is stolen, the attacker can transfer all virtual assets to their own wallet. Therefore, individual users should always use extensions from trusted sources and immediately delete any suspicious extensions.

Currently, there are about 4 million users of domestic virtual asset exchanges. Along with strengthening the security awareness of these individuals, exchanges must also prepare more concrete and practical security measures. Beyond complying with security standards stipulated by laws such as the Act on Reporting and Using Specified Financial Transaction Information (Special Financial Transactions Act), exchanges should proactively invest in security systems and professional personnel, and conduct regular and objective security vulnerability analyses and penetration testing through external security experts.

Only when comprehensive efforts by individual investors and virtual asset exchanges, supported by the government’s role as a control tower, are combined will a safer virtual asset trading environment be established.

Choi Jeong-su, Head of Core Research Team, Raon White Hat

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.