TLDR
- Financial Supervisory Service in South Korea has initiated formal sanctions proceedings against Dunamu following the November 2025 Upbit security breach
- Approximately $32 million in Solana-based cryptocurrency was compromised during the 54-minute attack
- Existing regulations lack specific provisions for hacking incidents, creating uncertainty around potential penalties
- The exchange compensated all affected users from corporate reserves and implemented comprehensive security upgrades
- Lawmakers are working to address regulatory gaps in upcoming digital asset legislation
Dunamu, the parent organization operating the Upbit cryptocurrency platform, is now facing formal regulatory proceedings initiated by South Korea’s Financial Supervisory Service following a significant security incident that occurred in late 2025.
The regulatory body has delivered an official inspection opinion letter to Dunamu, marking the commencement of the sanctions procedure. This notification provides the company an opportunity to present its defense before any final determination on penalties is reached.
Details of the Security Breach
The unauthorized access occurred during the early morning hours of November 27, 2025, beginning at 4:42 a.m. Korea Standard Time. The intrusion continued for approximately 54 minutes, specifically targeting Solana blockchain-based digital assets.
Initial assessments estimated damages near $36 million. South Korean regulatory agencies have since revised this figure to 44.5 billion won, equivalent to roughly $32 million based on current currency valuations.
Upbit faced public backlash regarding the delayed disclosure timeline. The platform didn’t publicly acknowledge the security compromise until late that evening, after a scheduled corporate meeting involving Naver Financial had already taken place.
Upon identifying the suspicious transactions, Upbit immediately transferred digital assets to offline cold storage systems and suspended all deposit and withdrawal functions. The platform committed to fully reimbursing affected customers through internal corporate funds.
During December 2025, Upbit introduced an automated blockchain monitoring solution known as the Onchain AI Tracer System, designed to track the movement of compromised assets.
Regulatory Framework Presents Enforcement Challenges
South Korea’s existing Virtual Asset User Protection Act lacks explicit penalty provisions for cybersecurity breaches or technical system failures. This legislative gap creates ambiguity regarding the scope of potential enforcement actions by the FSS.
The regulatory agency will evaluate Dunamu’s official response before proceeding with any preliminary sanction notice. Any conclusive measures would require multiple levels of review, including assessment by the sanctions review committee, the Securities and Futures Commission, and the Financial Services Commission.
Government officials have indicated intentions to incorporate hacking-related provisions and compensation requirements into the forthcoming second phase of the Digital Asset Basic Act.
This represents the second instance of regulatory enforcement targeting Dunamu. The Financial Intelligence Unit previously imposed a 35.2 billion won fine related to deficiencies in anti-money laundering protocols and customer verification procedures. Portions of that penalty were subsequently overturned by judicial review due to insufficient legal foundations.
Dunamu is currently pursuing a share exchange arrangement with Naver Financial, though completion has been postponed to December 31 while awaiting necessary regulatory clearances. The ongoing sanctions proceedings do not inherently prevent this transaction from moving forward.
The FSS has not disclosed a specific sanction amount at this stage, and Dunamu retains the right to contest the inspection conclusions throughout the remaining review process.



