South Korea Enforces Strict Liability Rules for Crypto Exchanges Amid Regulatory Shift

Source: CryptoNewsNet Original Title: South Korea crypto committee goes cold amid strict liability rules Original Link:

Background: VAC Goes Inactive

South Korea’s Virtual Assets Committee (VAC), launched a year ago to regulate the crypto space, has become inactive, with no meetings held since May. The committee’s dormancy follows a significant political shift after President Yoon Suk-yeol’s impeachment, with his successor adopting a different crypto policy. Lee’s administration now prioritizes collaboration between lawmakers and the Financial Services Commission (FSC), effectively sidelining the VAC.

According to South Korea’s newspaper Kookmin Ilbo, the government is focusing on boosting the stock market rather than crypto deregulation. The original roadmap for allowing stock market-listed companies to buy crypto by 2025 appears increasingly unlikely to be realized.

New Regulatory Framework: Strict Liability Rules

Meanwhile, South Korean regulators announced plans to impose strict liability rules on cryptocurrency exchanges, a move that follows a significant hacking incident at a major domestic digital asset platform. The Financial Services Commission (FSC) confirmed it will include the measures in forthcoming virtual asset legislation aimed at strengthening investor protection.

The strict liability principle requires companies to provide compensation without proof of negligence or wrongful conduct. This mechanism provides compensation to victims without requiring them to prove culpability. South Korea currently applies this approach to high-risk industries including automobile accidents and hazardous industrial activities.

Key Requirements Under Proposed Rules

Under the proposed rules, exchanges would be required to compensate users for losses resulting from hacking or system failures. Liability would be triggered regardless of the company’s fault, unless users acted with gross negligence, according to the draft legislation.

The regulatory framework mirrors regulations for traditional financial institutions in South Korea under the Electronic Financial Transactions Act. Cryptocurrency platforms currently operate outside the jurisdiction of that Act, creating a regulatory gap that leaves investors without legal protection.

Scope of Cyber Incidents

Data collected by regulators revealed the scope of the issue. Between 2023 and September 2025, five major exchanges reported 20 cyber incidents affecting more than 900 users. One major platform recorded six incidents affecting 616 users, another reported four incidents impacting 326 users, and a third experienced three incidents affecting 47 users, according to regulatory data.

One notable attack occurred on November 27 from 4:42 to 5:36 KST, lasting 54 minutes. Large amounts of Solana-based coins were transferred to external wallets during the breach.

Implementation Standards

The new legislation would require cryptocurrency platforms to meet the same security standards as traditional financial institutions. Exchanges would be required to maintain adequate staff, facilities and robust IT infrastructure, and submit annual technology plans to regulators, according to the proposed framework.

Fines would increase significantly under the proposed amendments, with penalties reaching up to 3% of companies’ annual turnover. Industry observers expect swift legislative approval, with the ruling party expressing support for investor protection measures. Exchanges are reportedly preparing to adjust compliance strategies for the anticipated changes.