TLDR
- South Korea’s FSS has sent Dunamu a formal inspection opinion letter, starting the sanctions process over Upbit’s November 2025 hack
- The breach affected Solana-based assets worth around $32 million and lasted about 54 minutes
- Current law has no direct penalties for hacking, leaving the extent of possible sanctions unclear
- Upbit reimbursed affected customers using company funds and overhauled its wallet systems
- South Korea plans to close the legal gap in the next phase of digital asset legislation
South Korea’s Financial Supervisory Service has started a formal sanctions process against Dunamu, the company behind crypto exchange Upbit, over a wallet hack that occurred in November 2025.
🚨SOUTH KOREA LAUNCHES SANCTIONS PROCEEDINGS AGAINST UPBIT OPERATOR DUNAMU!
South Korea’s Financial Supervisory Service has initiated sanctions procedures against Dunamu, the operator of Upbit, over a 44.5 billion won (~$32 million) hacking incident from last year.
The… pic.twitter.com/LRvG1yLBRU
— Crypto Banter (@crypto_banter) July 19, 2026
The FSS sent Dunamu an inspection opinion letter, which is the first formal step in the sanctions process. The letter gives Dunamu a chance to respond before regulators decide on any penalties.
The Hack
The attack happened on November 27, 2025, at 4:42 a.m. local time and lasted around 54 minutes. It targeted Solana-based assets held by Upbit.
Early reports put losses at around $36 million. South Korean authorities now place the figure at 44.5 billion won, worth approximately $32 million at current exchange rates.
Upbit drew criticism for how long it took to publicly announce the breach. The exchange only disclosed the hack at the end of that day, after a corporate event involving Naver Financial had already concluded.
After detecting the abnormal transfers, Upbit moved assets to cold wallets and halted deposits and withdrawals. The exchange told customers it would cover all losses using company funds.
In December 2025, Upbit launched an automatic onchain tracking tool called the Onchain AI Tracer System to follow the path of stolen funds.
Legal Gap Complicates Sanctions
The current Virtual Asset User Protection Act does not include direct penalties for hacking or computer system failures. That makes it unclear how far the FSS can go with this case.
Regulators will review Dunamu’s response before issuing any advance notice of a proposed sanction. Any final action would also require review by the sanctions review committee, the Securities and Futures Commission, and the Financial Services Commission.
South Korean authorities have said they plan to add hacking and compensation provisions in the second phase of the Digital Asset Basic Act.
This is not the first time Dunamu has faced regulatory action. The Financial Intelligence Unit previously fined the company 35.2 billion won over anti-money laundering and customer verification failures. A court later canceled part of that penalty after finding gaps in the legal basis used.
Dunamu is also in the middle of a planned share swap with Naver Financial, though that deal has been delayed to December 31 pending regulatory approvals. The current sanctions process does not automatically block the transaction.
The FSS has not yet announced a proposed sanction level, and Dunamu still has the opportunity to challenge the inspection findings before any final decision is made.







