Rep. Park Sung-hoon introduces bill to mandate compensation for crypto exchange hacks and IT system incidents
공유하기
Summary
- A bill was introduced to strengthen user protections against hacking and IT system outages at cryptocurrency exchanges.
- The amendment stipulates that when users suffer losses from an IT incident, crypto-asset service providers are liable to compensate for the damages.
- It would mandate immediate reporting to the Financial Services Commission when a system security breach incident such as hacking occurs, to prevent cover-ups and delayed reporting.
A bill has been introduced to strengthen user protections against hacks and IT system outages at cryptocurrency exchanges. The core provision shifts the burden of proof for compensation to crypto-asset service providers, rather than users, when an incident occurs.
Rep. Park Sung-hoon of the People Power Party on the 21st introduced the “Virtual Asset User Protection Act,” which shifts the burden of proving liability for damages to crypto-asset service providers and requires immediate reporting to financial authorities in the event of hacking or IT system disruptions. The bill was drafted in response to concerns that, despite repeated hacks and system failures, the current framework makes it difficult for users to obtain relief.
Under current law, even if a hacking incident occurs at a crypto exchange, users can receive damages only if they directly prove the operator’s intent or negligence in line with general principles of the Civil Act. However, critics have long noted that, given the highly technical nature of crypto systems, it is effectively impossible for individual users to prove the cause of an incident and negligence.
The amendment proposed by Park stipulates that, in principle, crypto-asset service providers are liable to compensate users for losses stemming from IT incidents. To be exempted from liability, the provider must prove either that the user acted with intent or gross negligence, or that it duly implemented security procedures to prevent the incident. The aim is to improve the effectiveness of user protection by placing the burden of proof on operators that monopolize information and technology.
Incident-reporting requirements have also been tightened. A new clause requires crypto-asset service providers to immediately report to the Financial Services Commission when a security breach incident occurs that disrupts or paralyzes systems, including hacking. The measure is intended to prevent cover-ups or delayed reporting and to enable financial authorities to respond swiftly to curb the spread of damage.
