South Korea tightens sanctions for crypto platform hacks: fines up to 10% of losses

Wave of security incidents at major South Korean cryptocurrency exchanges has prompted financial regulators to reconsider their approach to punishing platform breaches. Over the past two and a half years, from January 2023 to September 2025, there have been 20 significant incidents affecting leading industry platforms, including Upbit and Bithumb.

New Penalty Proposals: from 10% of losses to 3% of revenue

South Korea’s Financial Services Commission (FSC) is preparing stricter legislation aimed at strengthening cybersecurity requirements for crypto trading platforms. The main proposal involves imposing fines of up to 10% of the amounts lost due to hacking. An alternative option is also being considered, where the fine could be up to 3% of the hacked exchange’s annual revenue.

For the market leader Upbit, which lost $36 million in a hack last November, the first option would mean a fine of $3.6 million — significantly exceeding the current limit of $456,000. The second scenario appears even more severe: based on Upbit’s annual revenue of $1.2 billion, the fine could reach $36 million.

The gap between two approaches: which path to choose?

These two proposals represent very different approaches to regulation. The first focuses on the specific amount of loss, while the second emphasizes the scale of the exchange’s operations. Such disparity creates uncertainty in the industry and could lead to conflicts in the final decision.

Regulators aim to align the cybersecurity standards of cryptocurrency exchanges with those required of traditional financial institutions. This means increasing accountability for protecting client assets and implementing stricter policies to prevent security incidents.