The South Korean government is strengthening cryptocurrency regulation, planning to require exchanges to assume the same "no-fault liability" as banks, compensating users for losses even if the failure was not due to the exchange's fault. This major reform stems from the hacking of Upbit last month, which resulted in losses exceeding 44.5 billion won, and the subsequent allegations of delayed reporting. Exchanges have also faced criticism from authorities for numerous system failures in recent years.
South Korea pushes for "bank-level" no-fault compensation system as exchange responsibilities are upgraded.
The Korea Times reports that South Korea's Financial Services Commission (FSC) is considering amending the law to require cryptocurrency exchanges to be responsible for user losses caused by hacking or system failures, regardless of whether the incident was caused by the exchange's negligence.
This "no-fault liability" model currently only applies to banks and electronic payment institutions. Once the bill is passed, exchanges will be officially subject to consumer protection and operational standards similar to those of financial institutions.
The catalyst for accelerated legislation: Upbit was hacked and the notification was delayed by 6 hours?
On November 27, Upbit experienced a major cybersecurity incident , with over 10.4 billion Solana ecosystem tokens, worth approximately 44.5 billion Korean won (about US$30.1 million), leaked within just 54 minutes. The company emphasized that it would fully compensate users for their losses, while outside observers speculate that the incident was perpetrated by the notorious North Korean hacking group Lazarus .
The Financial Supervisory Service (FSS) stated, "Since current regulations do not require no-fault compensation, the competent authority cannot force Upbit to compensate users."
Meanwhile, the institute also discovered that Upbit did not report the incident until 10:58 a.m., more than six hours after it occurred, which was exactly after the completion of the merger between its parent company Dunamu and Naver Financial, raising questions about whether the delay in reporting was intentional.
A system malfunction caused users to lose 5 billion won; South Korean regulators are considering legislation to impose heavy penalties.
According to data submitted to the National Assembly by the Financial Services Department (FSS), since 2023, the five major stock exchanges—Upbit, Bithumb, Coinone, Korbit, and Gopax—have experienced at least 20 system failures, affecting over 900 users and causing cumulative losses exceeding 5 billion won. Upbit alone experienced six of these failures, affecting more than 600 people.
The government is accelerating legislation in response. The draft law strengthens IT security requirements, mandates regular system and personnel upgrades, and considers adopting penalty standards consistent with those of banks, including a maximum penalty of 3% of annual revenue, instead of the current maximum fine of 500 million won.
Stablecoin legislation has been accelerated, with Congress issuing an ultimatum.
Meanwhile, the South Korean National Assembly has also demanded that financial regulators submit a draft stablecoin bill by December 10th, otherwise lawmakers will propose their own. Stablecoin regulation is considered another major gap in South Korea's crypto market, and official plans suggest it could be discussed as early as a special session of the National Assembly in 2026.
Today, the frequent Upbit incidents and system failures have made the South Korean government realize that the market size has exceeded the existing regulatory framework, forcing the legislative process to be accelerated across the board.
This article, "Upbit Hack Spreads! South Korea Calls for Legislation to Treat Exchanges Like Banks, Requiring Compensation to Users Even Without Fault," first appeared on ABMedia, a ABMedia .
