TL;DR
- Dunamu’s objection has temporarily paused enforcement of a 35.2 billion won ($25.1 million) Upbit penalty while a court review proceeds.
- FIU cited 5.3 million KYC failures and about 3.3 million transactions tied to incomplete verification, plus 15 alleged suspicious-reporting failures.
- FIU also scrutinized other exchanges, with Korbit fined 2.73 billion won on Dec. 31, 2025 and Bithumb facing a large AML fine not yet announced as of February 2026.
Dunamu, operator of South Korea’s Upbit crypto exchange, filed an objection to a 35.2 billion won ($25.1 million) penalty, temporarily pausing enforcement while a court review proceeds. The appeal turns a record AML penalty into a test of process, proportionality, and precedent. Financial authorities said Dunamu submitted the objection to the Financial Intelligence Unit under the Financial Services Commission. The FIU had decided the fine in November last year and also issued a separate business suspension order tied to alleged violations of the Specified Financial Information Act.
FIU cites 5.3M verification failures and broader industry enforcement
Regulators said the 35.2 billion won fine is the largest ever imposed for violations of the Specified Financial Information Act and alleged sweeping customer verification failures. Authorities are framing KYC breakdowns as systemic operational risk rather than isolated compliance misses. The FIU cited 5.3 million cases, including accepting scanned or printed IDs instead of originals, making names or resident registration numbers unidentifiable, and approving registrations when uploaded ID images were out of focus. It said about 3.3 million cases involved transactions for customers whose verification was not completed. The FIU also cited 15 instances where Dunamu allegedly failed to report suspicious activity despite reasonable grounds.
The regulator referenced cases where prosecutors sought search-and-seizure orders for transaction records of users suspected of criminal activity, saying Dunamu did not file required reports even when aware of those circumstances. Suspicious transaction reporting is being treated as a hard control, not a discretionary judgment call. At a hearing in December, Dunamu’s legal representative argued other exchanges had similar issues but only Dunamu faced preemptive action, raising fairness concerns. Dunamu also argued that Article 8 violations can trigger fines regardless of intent and questioned a business suspension based on a single Article 8 infraction alone.
The Upbit action sits within a wider FIU inspection cycle across major Korean exchanges. Regulators are signaling that AML and KYC enforcement is broadening beyond a single headline target. The FIU said it inspected four additional exchanges, including Bithumb, Coinone, Korbit, and GOPAX, to evaluate AML and other compliance. Bithumb was inspected in March 2025 and was later fined for AML violations, with industry reports suggesting a large fine that could match or exceed Upbit’s $25 million equivalent, though an amount had not been officially announced as of February 2026. The FIU also fined Korbit 2.73 billion won ($1.9 million) on Dec. 31, 2025 and issued an institutional warning.
Korbit’s penalties included discipline for top compliance staff, such as a CEO warning and an AML officer reprimand, after an on-site probe from Oct. 16 to Oct. 29, 2024. The enforcement pattern is moving toward accountability across systems, staff, and governance. The FIU said Korbit violated nearly 22,000 rules on transaction limits and customer due diligence and cited 19 improperly reported transactions involving three foreign VASPs, raising issues tied to unregistered foreign corporate management.
