South Korean Regulator Targets Dunamu Following $36 Million Upbit Breach

South Korea’s Financial Supervisory Service (FSS) has officially launched a formal sanctions procedure against Dunamu, the operator of the prominent exchange Upbit, following a massive security failure. The move follows a $36 million exploit that exposed significant vulnerabilities in the exchange's reporting protocols.
Transparency Lapses and the $36 Million Exploit
The investigation focuses on the timing of the disclosure regarding the breach that occurred on November 27. Critical scrutiny is being directed at Upbit for delaying its announcement until after a merger-related event involving internet giant Naver Financial had concluded, raising questions about corporate interest over market transparency.
Regulatory Gaps in the Virtual Asset Framework
Regulators are navigating a significant legislative void, as the current Virtual Asset User Protection Act lacks explicit sanction provisions for hacking and computer system incidents. To address this, South Korean authorities are preparing to integrate the following into the second phase of the Digital Asset Basic Act:
Remediation and Infrastructure Overhaul
In the wake of the exploit, Upbit has moved to stabilize its position and reassure its user base through several tactical measures:
The delay in reporting the exploit suggests a prioritization of corporate interests over market transparency. While Upbit attempts to mitigate the fallout through balance sheet reimbursements and new AI tracking tools, the underlying issue remains: centralized exchanges are systemic risks. A $36 million breach is not just a technical failure; it is a failure of the fundamental trust required for institutional-grade liquidity.