The head of South Korea's banking regulator issued a stern warning to Upbit on Monday, signaling that the crypto exchange could face strong measures after a major security lapse enabled hackers to steal roughly 45 billion won ($30.6 million) worth of virtual assets.
Financial Supervisory Service Gov. Lee Chan-jin said the scale and nature of the breach and Upbit’s inadequate response “cannot be treated lightly,” underscoring growing regulatory frustration with repeated cybersecurity failures across Korea’s financial and tech sectors.
Speaking at a press conference at FSS headquarters in Yeouido, western Seoul, Lee noted that regulatory sanctions on Upbit are currently limited because the first phase of the Virtual Asset User Protection Act, implemented in July 2024, does not provide sufficient legal grounds to hold service providers fully accountable for such incidents.
With policymakers preparing the second phase of the legislation, Lee said the new law will focus on establishing a stronger regulatory framework for virtual asset firms, including exchanges like Upbit, to prevent similar breaches.
“System security is the lifeline of virtual assets,” he said. “The fact that such a risk has materialized will be an opportunity to reassess vulnerabilities when drafting the second phase of the Virtual Asset Act.”
Lee also raised alarm over the recent series of cyberattacks that have hit major Korean companies, including Upbit, Lotte Card and Coupang.
“Korean companies' investments in security infrastructure are woefully inadequate,” he said. “There seems to be a lack of understanding that a breach could lead to the collapse of an entire company.”
He stressed that cybersecurity must be treated as a foundational investment rather than a discretionary cost, adding that the upcoming legislation will introduce a regulatory structure comparable to the Capital Markets Act.
Lee further voiced concern about the planned merger between Dunamu, Upbit's operator, and internet platform giant Naver, noting that big tech companies are expanding on a scale that the existing financial regulatory framework may struggle to handle.
Having sealed a share-swap agreement, Naver Financial, the fintech arm of Naver, is set to acquire full ownership of Dunamu.
“Big tech companies are making their way into the financial sector through virtual assets amid a regulatory vacuum, which could potentially lead to market shocks," Lee said.
"The entities are expected to submit a registration statement for the share swap in February or March next year, and they will be required to address these concerns specifically."
Lee pointed out that the Dunamu-Naver merger has triggered the need for a broader discussion on the boundaries of finance.
"The move requires not only regulatory oversight but also broader societal discussion," he said, adding, "Safeguard measures will be carefully incorporated in the second phase of the virtual asset legislation."
silverstar@heraldcorp.com
