Key Takeaways
- Dunamu received a formal inspection opinion letter from South Korea’s Financial Supervisory Service, initiating sanctions proceedings related to the November 2025 Upbit security breach
- Approximately $32 million in Solana-based digital assets were compromised during a 54-minute security incident
- Existing regulatory frameworks lack specific provisions for hacking penalties, creating uncertainty about enforcement measures
- The exchange compensated all impacted users from corporate reserves and implemented comprehensive wallet security upgrades
- Lawmakers intend to address regulatory deficiencies in upcoming digital asset legislation
The Financial Supervisory Service of South Korea has initiated official sanctions proceedings against Dunamu, Upbit’s parent organization, following a significant security compromise that occurred in November 2025 at the cryptocurrency trading platform.
Regulators delivered an official inspection opinion letter to Dunamu, marking the commencement of formal enforcement proceedings. This document provides the company an opportunity to submit its defense before authorities determine appropriate penalties.
Details of the Security Breach
The security incident occurred at 4:42 a.m. Korean time on November 27, 2025, with unauthorized access continuing for approximately 54 minutes. The attack specifically compromised Solana blockchain-based digital assets managed by the platform.
Initial estimates suggested losses approaching $36 million. However, South Korean regulatory agencies have since established the confirmed amount at 44.5 billion won, equivalent to roughly $32 million based on current currency valuations.
Upbit faced substantial backlash regarding the delayed public notification timeline. The platform didn’t reveal the security compromise until late that same day, notably after a scheduled corporate event involving Naver Financial had already taken place.
Upon identifying the suspicious transactions, Upbit immediately transferred digital assets to cold storage solutions and suspended all deposit and withdrawal operations. The platform assured its user base that complete reimbursement would be provided using internal corporate resources.
By December 2025, Upbit had deployed an advanced blockchain monitoring solution called the Onchain AI Tracer System, designed to track the movement of compromised assets.
Regulatory Framework Challenges
South Korea’s existing Virtual Asset User Protection Act lacks explicit penalty provisions addressing security breaches or system compromises. This legislative gap creates substantial uncertainty regarding potential enforcement actions available to the FSS.
Financial authorities will assess Dunamu’s formal response before proceeding with any preliminary sanction notification. Ultimate enforcement decisions require sequential approval from the sanctions review committee, Securities and Futures Commission, and Financial Services Commission.
Government officials have indicated plans to incorporate security breach and restitution requirements into the forthcoming second phase of the Digital Asset Basic Act.
This represents a repeat regulatory challenge for Dunamu. The Financial Intelligence Unit previously imposed a 35.2 billion won fine concerning anti-money laundering deficiencies and customer verification shortcomings. Judicial review subsequently invalidated portions of that penalty due to inadequate legal foundations.
Dunamu currently has a proposed share exchange arrangement with Naver Financial underway, though completion has been postponed until December 31 while awaiting necessary regulatory clearances. The ongoing sanctions investigation does not inherently prevent this corporate transaction from proceeding.
The Financial Supervisory Service has not disclosed any specific sanction recommendations, and Dunamu retains the right to contest the inspection conclusions prior to any final determination.


