South Korea Proposes Bank-Level Liability for Crypto Exchanges Following Upbit Hack

The South Korean government is advancing a major regulatory overhaul that would impose strict, bank-level liability standards on cryptocurrency exchanges. This initiative is a direct response to the November 27, 2025, hack of Upbit, where approximately 104 billion Solana-based tokens, worth 44.5 billion won ($36 million), were siphoned from the exchange's hot wallets in just 54 minutes.

The proposed rules, led by the Financial Services Commission (FSC) and the Financial Supervisory Service (FSS), would mandate that exchanges compensate users for losses from hacks or system failures regardless of fault—a "no-fault" liability model currently applied only to traditional banks and electronic payment firms. This shift aims to close a critical gap, as existing laws prevented regulators from ordering compensation after the Upbit incident.

The hack also exposed reporting failures. Upbit, operated by Dunamu Inc., waited over six hours to notify regulators after detecting the breach at 5 a.m., with lawmakers alleging the delay was tied to the conclusion of Dunamu's merger with Naver Financial later that morning. In response, draft legislation is expected to include fines of up to 3% of an exchange's annual revenue for security incidents, replacing the current 5 billion won cap, and require enhanced IT security infrastructure.

This regulatory push is part of a broader crackdown. The Financial Intelligence Unit (FIU) is preparing sanctions against major exchanges for compliance failures and has already disciplined Dunamu with a three-month suspension on new customer sign-ups and a 35.2 billion won fine. Authorities are also expanding the crypto travel rule to cover transactions under 1 million won to prevent money laundering.

The move comes amid systemic issues in South Korea's crypto sector. Data from the FSS shows that the five major exchanges—Upbit, Bithumb, Coinone, Korbit, and Gopax—recorded 20 system failures between 2023 and September 2025, affecting over 900 users and causing 5 billion won in losses. Legislative amendments are targeted for the first half of 2026, signaling a fundamental reshaping of accountability in the industry.