South Korea’s Virtual Assets Committee (VAC), established a year ago to oversee the cryptocurrency sector, has ceased operations. The committee has not convened any meetings since May, indicating a significant shift in the country's approach to crypto regulation.
A recent report from South Korea's newspaper Kookmin Ilbo suggests that the government is now prioritizing the strengthening of the stock market over the deregulation of the crypto space. This change in focus coincides with the VAC's inactivity, which has been attributed to a political transition following President Yoon Suk-yeol’s impeachment. His successor, Lee Jae-myung, appears to be pursuing a different crypto policy, favoring a collaborative approach between lawmakers and the Financial Services Commission (FSC), thereby diminishing the VAC's role.
The original plan to permit stock market-listed companies to invest in cryptocurrencies by 2025 now seems increasingly improbable.
New Regulatory Framework for Crypto Exchanges
In parallel with the VAC's dormancy, South Korean regulators have announced intentions to implement strict liability rules for cryptocurrency exchanges. This initiative follows a notable hacking incident at Upbit, the nation's largest digital asset platform. The Financial Services Commission (FSC) has confirmed that these measures will be incorporated into upcoming virtual asset legislation designed to bolster investor protection.
The principle of strict liability mandates that companies must compensate victims for losses without the need to prove fault or negligence. This legal mechanism ensures that users receive compensation for damages, such as those incurred from hacks or system failures, irrespective of the company's culpability, unless the user themselves acted with gross negligence.
This regulatory approach is already applied in South Korea to other high-risk sectors, including automobile accidents and hazardous industrial activities. The proposed rules aim to align the cryptocurrency industry with these established standards.
Currently, cryptocurrency platforms operate outside the purview of the Electronic Financial Transactions Act, which governs traditional financial institutions in South Korea. This regulatory gap leaves investors vulnerable, as highlighted by the Upbit incident. Lee Chan-jin, governor of the Financial Supervisory Service (FSS), has recognized this issue, emphasizing that system security is "the lifeblood of virtual resource markets."
Data from regulators reveals the extent of cybersecurity challenges faced by major exchanges. Between 2023 and September 2025, five leading exchanges reported a total of 20 cyber incidents affecting over 900 users. Upbit experienced six incidents impacting 616 users, Bithumb reported four incidents affecting 326 users, and Coinone had three incidents involving 47 users, according to FSS data.
The Upbit attack, which occurred on November 27 and lasted for 54 minutes, saw significant amounts of Solana-based coins transferred to external wallets. Regulators found no existing legal basis under the current Virtual Asset User Protection Act to directly penalize exchanges for such incidents, as stated by the FSC.
The forthcoming legislation will require cryptocurrency platforms to adhere to the same rigorous security standards as traditional financial institutions. This includes maintaining adequate staffing, appropriate facilities, robust IT infrastructure, and submitting annual technology plans for regulatory review.
Penalties for non-compliance are expected to increase substantially under the proposed amendments, with potential fines reaching up to 3% of a company's annual turnover.
Industry observers anticipate a swift legislative process, given the ruling party's support for enhanced investor protection. Cryptocurrency exchanges are reportedly already beginning to adapt their compliance strategies in preparation for these anticipated regulatory changes.