The Digital Asset Exchange Joint Council (DAXA) recently published its “Best Practices and Guidebook for Virtual Asset Wallet Management” in line with the newly enacted “Act on the Protection of Virtual Asset Users.” This move is aimed at supporting Virtual Asset Service Providers (VASPs) to fulfill their legal obligations regarding asset storage and management as prescribed by the law. The guidelines provide a comprehensive framework for securing user assets and ensuring the integrity of virtual asset management within the industry.
Under Article 7 of the Virtual Asset User Protection Act, VASPs are required to segregate their proprietary assets from client assets and maintain a one-to-one ratio of the same type and quantity of virtual assets. Furthermore, the assets must be stored in cold wallets—wallets that are isolated from internet access to enhance security. In response, DAXA’s guidebook offers detailed instructions to help businesses adhere to these obligations while bolstering their internal security protocols.
The newly published best practices cover a range of critical areas, including personnel and physical security measures, wallet creation, ownership and management methods, and the withdrawal procedures for assets stored in cold wallets. For example, access to virtual asset wallets must be managed by at least three separate individuals to prevent abuse of authority. The guide also introduces the concept of the “wallet room,” a space designated for storing private keys that must be physically separated from general office areas and restricted from unauthorized access.
Additionally, VASPs are required to confirm daily that they hold an equivalent type and quantity of assets as those held by their users. If wallet management is outsourced to an external custodian, the VASP must ensure the custodian meets security standards. This includes conducting an annual security vulnerability assessment and confirming that 100% of the custodied virtual assets are stored in cold wallets.
The guidelines also provide a clear definition of cold wallets, emphasizing that they are hardware devices, such as USBs, which operate entirely offline. For a cold wallet to be recognized as such, all asset storage and electronic signature procedures must be conducted in isolation from the internet, ensuring maximum security against hacking attempts.
DAXA has been actively promoting self-regulation within the virtual asset industry both before and after the enactment of the Virtual Asset User Protection Act. In addition to this latest release, the council has introduced several other self-regulatory measures, including best practices for virtual asset trading, real-time monitoring for suspicious transactions, and standardized advertising regulations. These efforts aim to improve the regulatory capacity of the virtual asset sector and foster greater trust among users and businesses.
This new set of guidelines is expected to play a pivotal role in enhancing the security and reliability of virtual asset management practices, while supporting businesses in complying with legal standards.