South Korea is considering legislation requiring virtual asset operators to bear "no-fault liability" for hacker attacks, with fines potentially incre...

PANews reported on December 7th that, according to Yonhap News Agency, South Korea's Financial Services Commission is reviewing a plan to add a clause to the draft "Second Phase of Virtual Asset Legislation," stipulating that virtual asset operators will be liable for damages even if they are not at fault in the event of a hacker attack or computer accident. This plan aims to impose the same "no-fault liability" on operators of virtual asset exchanges as financial companies in response to hacker attacks or computer accidents. From 2023 to September 2025, the five major South Korean won exchanges (Upbit, Bithumb, Coinone, Korbit, and GOPAX) experienced a total of 20 computer system incidents.

Furthermore, a plan is currently under discussion to increase penalties for hacking incidents to the level stipulated in the Electronic Financial Transactions Act. The South Korean National Assembly is currently reviewing an amendment to the Electronic Financial Transactions Act, which proposes fines of up to 3% of a financial institution's sales revenue for hacking attacks. If this bill is passed, virtual asset operators could also face similar fines. Currently, the maximum fine for virtual asset operators is 5 billion won.