South Korean Regulator Launches Sanctions Process for Dunamu: Report

Changelly
Coinbase


South Korea’s Financial Supervisory Service (FSS) has reportedly moved to formally examine whether crypto exchange operator Dunamu, the parent company behind Upbit, breached local rules after a $36 million hack last November. Yonhap News reported Sunday that the regulator recently sent Dunamu an inspection opinion letter—an early step that starts a sanctions process and gives the company a chance to respond to the FSS’s findings before any penalties are proposed.

At the center of the inquiry is a regulatory question about how existing South Korean law applies to cyber incidents. According to the same report, authorities are also looking at a potential legislative fix that would add clearer sanctions and compensation provisions for hacking and computer system failures.

Key takeaways

  • The FSS has sent an inspection opinion letter to Dunamu, the operator of Upbit, marking the start of a formal sanctions procedure, per Yonhap News.
  • Dunamu is expected to respond to the regulator’s inspection findings before any proposed sanctions are issued.
  • The probe is tied to a $36 million exploit reported by Upbit in connection with a breach that lasted about 54 minutes on November 27, 2025, though the announcement came later that day.
  • South Korean authorities are reviewing whether the incident violated the Virtual Asset User Protection Act, which currently lacks direct provisions for cyberattacks or computer hacks.
  • The report indicates plans to address that legal gap in a second phase of the Digital Asset Basic Act by adding sanctions and compensation related to system failures.

Regulator signals sanctions after the November Upbit exploit

Yonhap News said the FSS recently sent Dunamu an inspection opinion letter following the November 2025 hack tied to Upbit. The letter effectively initiates the regulator’s step-by-step sanctions process, starting with a formal assessment and allowing the exchange operator to reply before the FSS notifies the company of any proposed penalties.

The development matters for market participants because it frames the incident not just as a security lapse, but as a compliance issue under South Korea’s financial oversight. When regulators move from incident response to sanctions procedures, it typically signals heightened scrutiny over both operational controls and communications practices around material events.

Ledger

Timing of Upbit’s disclosure comes under scrutiny

Yonhap also highlighted criticism directed at Upbit regarding the timing of its public disclosure about the $36 million exploit. The report states that the breach began at 4:42 a.m. KST on November 27, 2025 and lasted roughly 54 minutes. However, Upbit did not announce the hack until the end of the day.

Yonhap attributed the delayed announcement to the conclusion of a merger-related event involving Naver Financial. That detail underscores the potential tension between corporate event calendars and the expectations regulators and users may have for timely disclosure after a major security incident.

Legal gap: current law lacks direct cyberattack sanctions

According to Yonhap, the FSS is reviewing whether the exchange violated the Virtual Asset User Protection Act. The report specifically notes that the act does not contain direct sanction provisions for cyberattacks or computer hacks.

This is a significant point for investors and compliance teams: if the law does not clearly address hacking events, regulators may have to rely on broader consumer protection obligations or other compliance standards to justify penalties. That can lead to uncertainty about outcomes—especially while case-specific interpretations develop.

Yonhap added that South Korean authorities intend to reduce this ambiguity by proposing additions for sanctions and compensation related to hacking and computer system failures in the second phase of the Digital Asset Basic Act. In practical terms, that suggests policymakers want future regulatory enforcement to be more direct and standardized when similar incidents occur.

Upbit’s response after the breach: reimbursement and wallet changes

Following the November exploit, Upbit said it froze approximately 2.3 billion won (about $1.5 million) worth of funds and would fully reimburse affected customers using its own balance sheet, according to a statement published on the exchange’s website. Upbit said it would reimburse impacted users rather than leaving them to absorb losses.

In addition to reimbursement, Upbit said it initiated an overhaul of its crypto wallet architecture to address potential vulnerabilities identified in the aftermath of the incident. The exchange also stated that it migrated all assets from wallets considered affected.

The operator’s efforts extended into onchain monitoring as well. In December 2025, Upbit said it developed an automatic onchain tracking service called Onchain AI Tracer System. The stated purpose was to follow the path of stolen funds and support potential recovery efforts.

For traders and users, these actions are relevant because they indicate how Upbit has approached both immediate risk containment and longer-term incident response. Yet regulators may still evaluate whether controls were sufficient before the breach, how the incident was managed during the window of compromise, and how promptly users were informed.

Separately, Upbit is described as ranking third in CoinMarketCap’s spot exchange rankings, based on a scoring system that includes factors such as traffic, liquidity, and trading volumes, according to CoinMarketCap’s exchange rankings page.

What to watch as the inspection and sanctions process unfolds

With the FSS inspection opinion letter now in place, the next key development will be how Dunamu responds to the regulator’s findings and what compliance arguments it presents around disclosure timing, incident handling, and the applicability of existing law. Observers should also watch the legislative track Yonhap described—if the second phase of the Digital Asset Basic Act adds cyber-focused sanctions and compensation provisions, it could materially change how future security incidents are regulated in South Korea.

Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure





Source link

Coinbase

Be the first to comment

Leave a Reply

Your email address will not be published.


*