South Korea cracks down: Strict rules for crypto exchanges after hacks!

South Korea cracks down: Strict rules for crypto exchanges after hacks!

In South Korea, the Virtual Assets Committee (VAC) has suspended its activities and has not held meetings since May. This comes at a time when the government plans to introduce stricter liability rules for crypto exchanges to improve investor protection following a hacking incident at Upbit. These new regulations are intended to require exchanges to compensate users for losses caused by hacks or system failures without the users having to provide proof of fault. Such an approach is similar to laws in other risky industries in South Korea, as crypto.news reports.

The VAC's inactivity is seen by many as a consequence of the impeachment of President Yoon Suk-yeol. His successor, Lee Jae-myung, has a different crypto policy that places a greater focus on cooperation between lawmakers and the Financial Services Commission (FSC), while pushing the VAC into the background. A plan was originally developed to allow listed companies to invest in crypto by 2025, but this plan is now seen as unlikely.

New regulatory measures

The FSC has confirmed that strict liability measures will be included in upcoming virtual asset legislation. The principle of strict liability requires exchanges to compensate users even if no fault can be proven, similar to what applies to traditional financial institutions. Current regulations place crypto platforms outside the jurisdiction of the Electronic Financial Transactions Act, creating a regulatory gap.

Between 2023 and September 2025, five major exchanges reported a total of 20 cyber incidents affecting over 900 users. Upbit, in particular, recorded six incidents affecting 616 users; Bithumb had four incidents affecting 326 people and Coinone faced three incidents affecting 47 users. The attack on Upbit took place on November 27th and lasted 54 minutes, during which large amounts of Solana-based coins were transferred to external wallets.

Regulators could not find a legal basis to sanction the exchanges due to the current Virtual Asset User Protection Act. The new legislation will force crypto platforms to adhere to the same security standards as traditional financial institutions. Exchanges must have adequate staff, facilities and IT infrastructure and submit their technology plans to regulators annually. The proposed fines could be up to 3% of the companies' annual turnover.

Industry expectations

Industry watchers expect swift legislative approval, with the ruling party supporting measures to protect investors. Exchanges are preparing to adapt their compliance strategies to the upcoming regulatory changes to meet the new requirements. This proactive approach is considered necessary to restore investor confidence in the security-risky crypto market.