The first major hacker incident after the implementation of the User Protection Law has drawn attention to the sanctions imposed by the exchange.

Source: DigitalToday Original Title: The first major hacking incident after the implementation of the User Protection Act… Attention on the 'level of sanctions' against Upbit Original Link:

Event Overview

The exchange encountered a major hacking attack for the first time after the implementation of the user protection law in July. At 4:42 AM on the 27th, the exchange discovered that its Solana chain wallet had transferred approximately 44.5 billion Korean won worth of digital assets to an unauthorized external wallet. The leaked assets involved 24 cryptocurrencies, including Solana, across a total of 165 wallets. After detecting the abnormal transactions, the exchange suspended the deposit and withdrawal of Solana-related assets at 5:27 AM, and subsequently halted all digital asset deposit and withdrawal services at 8:55 AM.

Financial regulatory agencies, cybersecurity agencies, and police cybercrime departments immediately launched an investigation, focusing on examining the hacking process, the scale of losses, and the execution of internal controls and security obligations.

Delay in Information Disclosure Raises Questions

The key issue is that there is a significant time lag between when the exchange discovered signs of hacking and when it officially announced the facts. Initially, the exchange only released a notice citing “network maintenance” and “emergency server checks,” and it wasn't until 12:33 PM that it issued a formal statement that included the term “hacker.” It took about 8 hours from discovery to announcement.

It is worth noting that at 9 AM that day, a press conference was held for the equity swap between the exchange's operating company and a large internet company. The hacker incident was only made public after this important meeting, raising doubts about whether the incident was concealed prior to the merger announcement.

Regulatory Framework and Penalty Prospects

The industry believes that this incident may become the first case of fines and severe penalties since the implementation of user protection laws. This regulation requires digital asset operators to store over 80% of user assets in cold wallets and mandates insurance or the establishment of reserves to deal with risks from hackers and system failures. In particular, when deposits and withdrawals are suspended due to risks from hackers or system failures, operators must explain the reasons to users and report immediately to the Financial Committee.

Legal professionals point out that compared to the past when there was a lack of sanctions basis, there is now a clear legal basis for accountability. The head of the Blockchain Law Society stated: “This is the core content of user protection law - a failed case of user protection, and there is ample reason to discuss legal responsibility. The excessive concentration of domestic assets in specific exchanges remains a risk factor.”

However, the user protection law does not have direct provisions regarding the “immediate reporting and disclosure obligations” for hacks and system incidents, leaving room for interpretation. Relevant amendments were proposed in January of this year but have been shelved in the Congressional Finance and Economic Committee for more than a year. Financial regulatory authorities also acknowledge the limitations of existing regulations, stating that “there are regulations on the immediate reporting of reasons for suspending deposits and withdrawals, but whether this can be expanded to apply to the disclosure obligations for hacks and system incidents requires further clarification.”

Three-pronged Regulation

The timing of the incident is detrimental to the severity of the sanctions. In September, the Financial Committee imposed unfair trading fines for large-scale manipulation and false information dissemination cases for the first time based on the User Protection Act during its regular meeting, and referred the related personnel to the prosecution. This is the first penalty after the implementation of the law two months ago.

Last month, the financial intelligence department imposed a fine of 35.2 billion won on the operating company of the exchange for violating specific financial information laws, marking the largest fine in history. The fine involves violations of anti-money laundering obligations related to customer verification, trading restrictions, and suspicious transaction reporting.

The industry has noted that this incident will set a precedent for sanctions related to safety accidents. Relevant individuals have stated: “Manipulation, anti-money laundering, and security have all become real risks in the realm of digital asset ownership.”

Positive Factors

It is worth affirming that the exchange has maintained a cold wallet custody ratio of over 90%, higher than the legal standard of 80%. All leakage losses came from the hot wallet, and most user deposits are protected. The exchange has stated that it will compensate for all losses using company assets and reserves.