South Korea plans to apply bank‑level, no‑fault liability rules to crypto exchanges following a major breach at Upbit. The Financial Services Commission (FSC) is reviewing provisions that would require exchanges to compensate customers for losses from hacks or system failures even if the platform is not at fault, officials and market analysts told The Korea Times.
No‑fault compensation is already mandated for banks and electronic payment firms under the Electronic Financial Transactions Act. The move responds to a Nov. 27 incident at Dunamu‑operated Upbit, when more than 104 billion Solana‑based tokens — roughly 44.5 billion won (about $30.1 million) — were moved to external wallets in under an hour.
Regulators are also concerned about recurring outages. Financial Supervisory Service (FSS) data submitted to lawmakers show South Korea’s five major exchanges — Upbit, Bithumb, Coinone, Korbit and Gopax — reported 20 system failures since 2023, affecting over 900 users and causing more than 5 billion won in combined losses. Upbit alone logged six failures impacting some 600 customers.
The proposed legislative changes would tighten IT security requirements, raise operational standards and impose stiffer penalties. Lawmakers are considering a penalty framework that could impose fines up to 3% of annual revenue for hacking incidents, matching the threshold applied to banks; exchanges currently face a maximum fine of about $3.4 million.
The Upbit breach also drew scrutiny over delayed reporting. Although the hack was detected shortly after 5 a.m., Upbit did not notify the FSS until nearly 11 a.m., a delay some lawmakers allege was intentional and timed minutes after Dunamu finalized a merger with Naver Financial.
Separately, lawmakers are pressing regulators to produce a draft stablecoin bill by Dec. 10, warning they will advance legislation without the government if the deadline is missed. Officials hope to bring a bill to debate during the National Assembly’s extraordinary session in January 2026.
