BlockBeats News, December 7th. The South Korean government is pushing forward legislation to introduce a banking-style “no-fault compensation” rule for major cryptocurrency exchanges. Reportedly, the Financial Services Commission (FSC) of Korea is evaluating a requirement for virtual asset service providers to bear compensation responsibility even in cases of no fault when users suffer losses due to hacking attacks or system failures.
Currently, this type of mandatory compensation only applies to traditional financial institutions and electronic payment companies. This policy development stems from a security incident on the Upbit platform on November 27th, where about 44.5 billion Korean won (approximately $30.1 million) worth of assets were transferred to an external wallet within 54 minutes. However, under existing regulations, regulatory authorities could not compel the platform to compensate. The Korean financial regulatory agency also pointed out that system failures in the crypto trading industry have been frequent in recent years.
Data shows that from 2023 to September this year, the top five exchanges experienced a total of 20 system failures, affecting over 900 users with accumulated losses of around 5 billion Korean won. Among them, Upbit accounted for 6 incidents with losses of about 3 billion Korean won. The draft also proposes to raise technical security requirements and increase the fine limit for hack events to 3% of annual revenue, the same as traditional financial institutions, exceeding the current fixed limit of 5 billion Korean won.
Furthermore, the Upbit incident has sparked a controversy over “delayed reporting.” The platform noticed the anomaly at 5 a.m. but only reported it to the regulatory agency at 10:58, leading some lawmakers to question whether it intentionally waited to disclose the incident until after the completion of the merger process between its parent company Dunamu and Naver Financial. Regulatory authorities are investigating the matter, but severe penalties are expected to be challenging to implement under the current framework.
