South Korea’s top financial watchdog has begun formal sanctions proceedings against Dunamu, the company behind Upbit, the country’s dominant cryptocurrency exchange. The action stems from a 2025 hacking incident that resulted in losses of 44.5 billion won, roughly $32 million.
The Financial Supervisory Service (FSS), which operates under South Korea’s Financial Services Commission (FSC), spent seven months investigating the breach before issuing what’s known as an inspection opinion letter. A sanctions review committee will weigh in, followed by the Securities and Futures Commission (SFC), before any penalties are actually imposed.
South Korea’s Virtual Asset User Protection Act, which governs digital asset platforms, doesn’t include explicit sanctions provisions for hacking incidents or computer system breaches. That ambiguity leaves the scope of potential penalties wide open.
This isn’t the first time Dunamu has found itself in the crosshairs of South Korean regulators. The company was already facing a proposed fine of 35.2 billion won, approximately $25 million, related to anti-money laundering violations uncovered separately from the hacking investigation. As part of that earlier enforcement action, regulators imposed a suspension on new customer transfers in February 2025. A court later partially overturned that suspension in April 2026.
The FSS is now testing the boundaries of what the law allows. If regulators successfully impose meaningful sanctions for a hacking incident under a statute that doesn’t explicitly address hacking, it would signal that South Korean authorities intend to interpret their powers broadly. Conversely, if the legal ambiguity limits the FSS’s ability to act, it could expose a significant gap in South Korea’s crypto regulatory framework.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

10 hours ago
2
















English (US) ·