
Upbit parent Dunamu faces South Korean regulator sanctions process: Report
Korea’s Virtual Asset User Protection Act lacks explicit sanctions provisions for hacking and similar incidents, clouding the scope of penalties facing the Upbit operator Dunamu.

South Korea’s Financial Supervisory Service (FSS) has reportedly sent an inspection opinion letter to Dunamu, the operator of crypto exchange Upbit, concerning the $36 million hack from November 2025.
Local news outlet Yonhap News reported Sunday that the FSS had recently sent Dunamu an inspection opinion letter.
The letter marks the formal start of a sanctions procedure by the financial authorities. It provides Dunamu with an opportunity to respond to the inspection’s findings before the regulator notifies the company of its proposed sanctions.
Cointelegraph has approached Dunamu for comment on the matter.
Related: Kaspersky identifies malware framework targeting crypto investors
Upbit faced criticism for delaying its announcement of the $36 million exploit, according to Yonhap.
The breach lasted about 54 minutes, starting at 4:42 a.m. KST on Nov. 27, 2026, but Upbit only announced the hack at the end of the day, after a merger-related event involving internet giant Naver Financial concluded.
The financial regulator said it is reviewing whether the exchange violated the Virtual Asset User Protection Act, which provides no direct sanctions provisions related to cyberattacks or computer hacks.
The report said South Korean authorities plan to address the regulatory gap by adding sanctions and compensation provisions for hacking and computer system failures to the second phase of the Digital Asset Basic Act.
Upbit reimburses users, launches onchain tracing system for fund recovery
Following the November exploit, Upbit said it froze approximately 2.3 billion won ($1.5 million) worth of funds. The exchange’s statement at the time said it would fully reimburse affected customers using its own balance sheet assets.
Upbit said it initiated an overhaul of its crypto wallet architecture to address potential vulnerabilities after the exploit and migrated all assets from affected wallets.
In December 2025, Upbit said it developed an automatic onchain tracking service, Onchain AI Tracer System, to track the path of the stolen funds and aid potential recovery efforts.
Upbit ranks third in CoinMarketCap’s crypto spot exchange rankings, based on scores that include traffic, liquidity and trading volumes. Trading volume for the most-recent 24-hour period was $478.56 million.
Magazine: Does Botanix’s failure prove Bitcoiners don’t care about DeFi?


