Upbit hack prompts Korea to pursue stronger exchange liability rules

The South Korean government has announced plans to increase the liabilities of cryptocurrency exchanges after the recent attack that affected Upbit. The Korean government is seeking to impose bank-level, no-fault compensation rules on exchanges, noting that the development was prompted by the breach.

According to market watchers, the new development will also be a result of the lack of a regulatory framework in the country’s digital asset industry. With the move, crypto exchanges would be treated the same way traditional finance is treated, with the Korean government applying the same scrutiny to compliance, consumer protection standards, and the overall regulatory guidelines for the Korean crypto industry.

Korean government wants to improve oversight in the crypto industry

According to the reports, the Financial Services Commission (FSC) is looking into provisions that will require Korean virtual assets providers or exchanges to compensate users for losses caused by hacks or system failures. The new development is coming regardless of whether the exchange is at fault. This no-fault standard is currently applied to financial firms and electronic payments firms under the law governing financial transactions.

The new development, according to the report, was propelled by the November 27 hack incident involving Upbit. The incident saw more than 104 billion Solana-based tokens, which were roughly about 44.5 billion won ($30.1 million), moved to external wallets within minutes. The scammers stole several tokens, including Bonk, Solana, Pudgy Penguins, and the Official Trump token. However, despite the breach, the exchange has faced little to no penalties.

This is because regulators cannot order the exchange to compensate victims of the hack under the current law. With the new update, the FSC would have the power to make crypto exchanges liable for compensating victims, following the same obligations that financial entities face if they become victims of hacks or system failures. The move is also coming amid several system failures across the crypto sector.

Lawmakers set to release updated draft regulations

In data submitted by the Financial Supervisory Service (FSS) to lawmakers, the five major Korean crypto exchanges, Upbit, Bithumb, Coinone, Korbit, and Gopax, recorded a cumulative 20 system failures from 2023 through September 2025. The incidents affected more than 900 users, with a combined 5 billion won recorded as losses from the incidents. Upbit accounted for six of the incidents, with more than 600 victims affected in a combined 3 billion won worth of losses.

The draft legislation is expected to include requirements that will strengthen security, including mandatory IT security infrastructure plans, significantly stronger penalties, and upgraded standards for systems and personnel. Lawmakers are currently looking into a revision that would allow firms to pay fines of up to 3% of their annual revenues for hacking incidents at crypto exchanges, the same standards that traditional financial institutions follow.

Currently, the maximum fine for crypto exchanges is capped at 5 billion won. Meanwhile, the Upbit incident has also raised issues related to delayed reporting. According to reports, the hack was detected around 5 AM on November 27, but Upbit failed to report it to the FSS until 10:58 AM, a difference of six hours. As a result, some Korean lawmakers claimed that the exchange deliberately withheld the information until after a scheduled merger of Dunamu and Naver Financial was finalized.

As a result, the FSS is looking into the breach, but reports noted that the exchange may not be sanctioned heavily. FSS Governor Lee Chan-Jin noted the seriousness of the incidents and the limits of current oversight. “The hacking is not something we can overlook. However, regulatory oversight clearly has limits in imposing penalties,” he said.

Join Bybit now and claim a $50 bonus in minutes