South korean court issues landmark decisions on crypto exchange hacking

Coinone,   a Korean crypto exchange, has been ordered to pay compensation for losses resulting from a hack of a customer account.
 
The court ruling from the Seoul Southern District Court on Sept. 27 found Coinone though only partly responsible and ordered an award far less than the damages the plaintiff had sought as this situation is seen as precedent-setting.

The customer which was identified only as Mr. A  joined the exchange in April 2017, according to an account of the case published in IT Chosun. 

His holdings were valued at around 58 million won ($48,300) as at November 2018.  The customer was then left with holdings valued at just 5,982 won as most of his holdings were stolen on Dec. 23rd of same year.

Transactions which led to the theft were conducted via an IP address in the Netherlands. The customer had to sue the exchange company for 58 million won in losses, stating that the exchange should have blocked transactions from overseas and as such should have also rejected any transfer request of more than 20 million won.

“The plaintiff also confirmed that the exchange has not set minimum safeguards,” according to the newspaper reports.

According to CoinMarketCap data, Coinone  is the world’s 70th largest exchange by reported volume, countered the customer's statement saying that it is not required to block foreign IP addresses. 

Secondly, in terms of the 20 million won limit, it said that the policy was only a government policy related to anti-money laundering and not a strict obligation to the customer.

Hence, Coinone is not  responsible for the hack itself as the court agreed with most of what the exchange argued and it didn't hold it against Coinone. They said that the exchange did not have to monitor  around all transactions by IP address. It would only have to block an address if it knew beforehand that it was being used for illegal access to an account.

The 20 million won cap was set not only to prevent money laundering but also to protect customers from exchange failures, so the court did say that the transfer limits also need to be followed.

 The plaintiff was awarded 25 million won since it’s good enough for customers to expecte that the limit should be in place and enforced, the court said.
“Therefore, it is a mistake for the exchange to fail to meet the daily withdrawal limit,” IT Chosun quoted the court as saying.

This award is the first and  the decision suggests that exchanges can now be held responsible for some losses as can been seen in this case. The customer was partially compensated according to Korean press reports.
 
Credits: Richard Meyer