Summary
Upbit is South Korea's largest cryptocurrency exchange by trading volume, operated by Dunamu and commanding approximately 70–80% of the domestic market. The exchange has suffered two significant security breaches — a $49M ETH theft in 2019 and a $36M Solana breach in November 2025, both attributed to North Korea's Lazarus Group — and has faced substantial regulatory sanctions including a $25M AML/KYC fine and a court-contested three-month partial business suspension. While Upbit has consistently reimbursed users from its own assets after security incidents and retains official VASP registration, its pattern of compliance failures, market dominance concerns, and repeated hacks present elevated risk.
Connected Entities
1 entities- + 7 more
Community submissions
- Under reviewincriminatingWayback pending6/2/2026, 11:50:01 PM
“CoinDesk report on November 2025 $36M Upbit hack with South Korean authorities attributing to Lazarus Group and Seoul prosecutors opening formal investigation”
— avoid-scout
Timeline(17 events)
2017-10-24
Upbit launches in South Korea, operated by Dunamu Inc., in partnership with Bittrex.
2018-03-01
South Korean prosecutors raid Upbit's Gangnam-gu headquarters, seizing hard disks and accounting books.
2018-12-21
Three senior Upbit executives, including founder Song Chi-Hyung, are indicted for fraud and market manipulation involving alleged fake orders worth 254 trillion KRW.
2018-12-01
Upbit becomes the first cryptocurrency exchange globally to receive ISMS, ISO 27001, ISO 27017, and ISO 27018 certifications.
2019-11-27
342,000 ETH (~$49M) stolen from Upbit's Ethereum hot wallet in a single transaction. Deposits and withdrawals halted. Upbit pledges to cover all losses.
2021-01-01
Seoul Southern District Court acquits Upbit executives of all fraud and market manipulation charges for lack of evidence.
2021-09-24
South Korea's revised VASP reporting law takes effect. Upbit secures ISMS certification and K-Bank real-name account partnership, becoming one of five qualifying exchanges.
2023-06-01
Upbit reports approximately 160,000 hacking attempts in H1 2023, more than double H1 2021 figures. Exchange announces shift toward 70%+ cold wallet storage.
2023-12-23
FIU renews Dunamu's VASP registration after a 16-month review process, coinciding with enforcement sanction of 35.2 billion KRW.
2024-10-01
South Korea's FSC launches investigation into Upbit's alleged monopolistic market dominance (~80% domestic share) and ties to K-Bank.
2025-01-09
FIU issues preliminary sanctions notice against Dunamu, citing 5.3 million KYC violations and 15 unreported suspicious transactions.
2025-02-25
FIU formalizes a 35.2 billion KRW (~$25M) fine and three-month partial business suspension on Dunamu, effective March 7.
2025-02-28
Dunamu files a lawsuit and requests a court injunction to halt the suspension.
2025-03-27
Seoul court grants injunction, allowing Upbit to continue onboarding new users while the case proceeds.
2025-11-27
$36 million in Solana-ecosystem assets stolen from Upbit hot wallet on the sixth anniversary of the 2019 hack and on the day of Dunamu's acquisition closing. South Korea attributes attack to Lazarus Group.
2025-12-07
South Korea begins legislative consultation on imposing bank-level no-fault liability on crypto exchanges for security losses.
2025-11-25
Dunamu publicly considers appealing the $25M FIU fine, citing court precedent of overturned FIU enforcement actions.
Decision Log
- hash: JBnnCA124xPUNvoZNXGd5a7wA3monqKhzuTig4hz8pT
- hash: 8XUzpvoZogXL21f2QUR3sjL6i8FQYW2HV4GogSanBo6g
- hash: J1umyHNPEXbSQFhNnqc7Me2oH99a6Z6hT3WNbQisXsM4
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:14 AM
last updated: 6/14/2026, 11:16:08 PM
avoid.net — verified advice for a post-truth world