Key Takeaways
- Financial Supervisory Service issued a formal inspection opinion letter to Dunamu, initiating sanctions proceedings related to Upbit’s November 2025 security incident
- The security compromise targeted Solana-based digital assets totaling approximately $32 million and continued for roughly 54 minutes
- Existing regulatory framework lacks specific penalties for cyberattacks, creating uncertainty around potential enforcement measures
- Upbit compensated all impacted users with corporate reserves and implemented comprehensive wallet system upgrades
- Legislators intend to address regulatory shortcomings in upcoming digital asset legislation
South Korea’s Financial Supervisory Service has initiated formal sanctions proceedings against Dunamu, Upbit’s parent organization, following a cryptocurrency wallet breach that took place in November 2025.
The regulatory authority delivered an inspection opinion letter to Dunamu, marking the initial official stage in enforcement proceedings. This communication provides Dunamu an opportunity to submit a formal response prior to any determination regarding penalties.
Details of the Security Incident
The cyberattack commenced on November 27, 2025, beginning at 4:42 a.m. Korean Standard Time and continuing for approximately 54 minutes. The breach specifically targeted Solana blockchain-based digital assets stored by Upbit.
Initial assessments estimated damages around $36 million. South Korean regulatory agencies have since revised the total to 44.5 billion won, equivalent to roughly $32 million based on prevailing exchange rates.
Upbit faced substantial backlash regarding the delayed public notification of the security breach. The platform only made the incident public late that evening, following the completion of a corporate event involving Naver Financial.
Upon identifying the unauthorized asset transfers, Upbit immediately transferred digital assets to cold storage solutions and suspended all deposit and withdrawal operations. The exchange committed to compensating all affected users entirely from corporate capital.
In December 2025, Upbit introduced an automated blockchain monitoring solution called the Onchain AI Tracer System designed to track stolen cryptocurrency movements.
Regulatory Framework Challenges Create Uncertainty
The existing Virtual Asset User Protection Act contains no explicit penalties addressing cyberattacks or infrastructure failures. This legislative gap creates substantial uncertainty regarding the extent of enforcement actions available to the FSS.
Officials will evaluate Dunamu’s formal response before issuing preliminary sanction notices. Any ultimate enforcement decision requires examination by multiple oversight bodies, including the sanctions review committee, the Securities and Futures Commission, and the Financial Services Commission.
South Korean lawmakers have indicated plans to incorporate cybersecurity breach and user compensation requirements within the second phase of the Digital Asset Basic Act.
This represents not Dunamu’s first encounter with regulatory enforcement. The Financial Intelligence Unit previously assessed a 35.2 billion won fine concerning anti-money laundering protocols and customer identification deficiencies. Legal proceedings subsequently invalidated portions of that penalty due to insufficient statutory foundations.
Dunamu is currently pursuing a planned equity exchange with Naver Financial, though completion has been postponed until December 31 awaiting regulatory clearances. The ongoing sanctions proceedings do not necessarily prevent the transaction from proceeding.
The FSS has not disclosed any proposed sanction amounts, and Dunamu retains the ability to contest the inspection conclusions before any final determination is rendered.





