South Korea Sanctions Upbit Operator Over $32 Million Hacking Incident
South Korea's financial regulator has initiated formal sanctions proceedings against Dunamu, the operator of Upbit, one of the country's largest cryptocurrency exchanges. The move comes after a seven-month investigation into a 2025 hacking incident that resulted in losses of approximately $32 million.
The Financial Supervisory Service (FSS), which operates under South Korea's Financial Services Commission (FSC), issued an inspection opinion letter, marking the start of the formal sanctions process. A review committee will weigh in before any penalties are imposed, and a court decision may ultimately determine the outcome.
This is not the first time Dunamu has faced regulatory scrutiny in South Korea. The company was already facing a proposed fine related to anti-money laundering violations, which was partially overturned by a court in April 2026. The FSS is now testing the boundaries of what the law allows and how it can be applied in this case.
The Virtual Asset User Protection Act does not explicitly address hacking incidents or computer system breaches, leaving the scope of potential penalties wide open. If regulators successfully impose meaningful sanctions for a hacking incident under this statute, it could signal that South Korean authorities intend to interpret their powers broadly.




