Korea Financial Security Institute "Stablecoin security importance surges…verification framework to be released within the year"

"Stablecoins have the potential for financial innovation, but at the same time they pose new vulnerabilities and risks to financial stability and security. The Financial Security Institute plans to publish a framework within the year that the industry can use when reviewing or verifying security aspects related to this."

Heo Se-gyeong, head of the Digital Finance Strategy Team at the Korea Financial Security Institute (photo), emphasized this on the 28th at the 'NEXT FINANCE: Digital Finance and Security Strategies Opened by Stablecoins' seminar held at the Financial Investment Center in Yeouido, Seoul.

This seminar was organized to discuss security enhancement measures for the safe issuance and circulation of stablecoins and the infrastructure needed to support a stable stablecoin environment, in the context of the second-stage virtual asset legislation ahead that includes a regulatory regime for won-denominated stablecoins. At the seminar, topics ranged widely from financial authorities' policy trends to practical insights from digital asset experts, covering security, infrastructure, and anti-money laundering measures to build trust in stablecoins.

Heo said, "As stablecoins emerge as a new financial infrastructure, the importance of security is rapidly increasing," and noted, "Most stablecoin incidents are not caused by problems with the coin itself but by operational and management issues." She cited as reasons why stablecoin security is important: the potential to replace existing payment and remittance networks; the fact that smart contract permissions are similar to currency issuance authority; and that, due to the nature of blockchain, incidents can spread very quickly.

She particularly emphasized the importance of smart contract security. While traditional finance relies on the trust in intermediaries (banks), blockchain-based electronic finance makes the smart contract code itself perform a 'legal role,' so whether the code has vulnerabilities becomes the core of security. Heo stressed, "The private key of the smart contract that issues the stablecoin is effectively similar to currency issuance authority," and added, "If the issuing private key is hacked, unauthorized issuance causing inflation or unauthorized burning causing permanent loss of user assets are both possible, so security is especially important."

Domestically, some security regulations exist through the Special Act on Reporting and Use of Specified Financial Transaction Information, etc., but a concrete security system encompassing stablecoins has not yet been established. Heo listed necessary security requirements such as ensuring blockchain and smart contract stability; resolving ambiguity of management entities; security of interconnected networks such as blockchain and sidechains; and node access management. She also mentioned personal data protection, protection of transaction information, strengthened user identification, segregated storage of coins, establishment of abnormal transaction monitoring, and verification of overseas issuers' security systems as key tasks.

Heo emphasized the need to pay attention to stablecoin supervisory guidelines such as those from the Hong Kong Monetary Authority (HKMA). Those guidelines, as stablecoin-specific security measures, require applying the same level of security standards as traditional finance for token management, wallet and private key management, and user account management. In addition, the EU's MiCA subjects stablecoin operators to security requirements comparable to existing financial firms through DORA, and the United States is also pursuing the establishment of risk management standards under a higher-level 'Genius Law' framework.

Meanwhile, the Financial Security Institute plans to announce a digital ledger framework for the financial sector by the end of this year. This framework will indicate how digital ledgers and private keys, including stablecoins, can be safely utilized in financial services and is expected to be used by the industry as criteria for security review and verification going forward.