General information only. CryptoRegHub provides summaries for informational purposes and does not constitute legal or compliance advice. Always verify with official sources and consult qualified legal counsel before making compliance decisions.
CryptoRegHub provides plain-English summaries of crypto regulations for informational purposes only. This does not constitute legal, compliance, or financial advice. Regulations change frequently — always verify information with official sources and consult qualified legal counsel before making any compliance decisions.
South Korea has developed a two-phase crypto regulatory framework. Phase 1 is the Virtual Asset User Protection Act (VAUPA), enacted July 2023 and in force from July 19, 2024. VAUPA focuses on protecting users' assets and combating market manipulation, requiring VASPs to: hold customer deposits in segregated bank accounts, keep 80% of customer crypto in cold wallets, carry insurance against hacking, maintain transaction surveillance, and ban insider trading and market manipulation. Phase 2 is the Digital Asset Basic Act (DABA), enacted June 2025, which builds a comprehensive framework covering stablecoin issuance, foreign VASP oversight, token issuance rules, and significantly expanded FSC enforcement powers. Together with earlier AML requirements under the Specified Financial Information Act (registration with KoFIU since 2021, Travel Rule since 2022), Korea now has one of Asia's most comprehensive crypto regulatory frameworks.
Who does it apply to?
Applies to Virtual Asset Service Providers (VASPs) — entities providing virtual asset exchange, custody, transfer, brokerage or intermediation services. Foreign VASPs serving Korean users are also in scope. The new DABA extends coverage to stablecoin issuers and sets a framework for cross-border activities. NFTs are generally excluded unless they have investment or payment functions.
Key requirements
Key requirements under VAUPA (Phase 1): (1) Customer deposits must be held in segregated bank accounts — customers earn interest on their deposits. (2) 80% of customer virtual assets must be kept in cold (offline) wallets. (3) VASPs must hold liability insurance or reserves of at least 5% of hot-wallet assets (minimum KRW 3 billion for KRW-market exchanges; KRW 500 million for others). (4) All suspicious transactions must be immediately reported to the FSS. (5) Prohibition on insider trading, market price manipulation and other unfair trading practices. (6) Prohibition on discretionary blocking of customer deposits or withdrawals. (7) Transaction records retained for 15 years. (8) Travel Rule: applies to transfers above KRW 1 million (approx. USD 800). (9) Real-name bank account requirement: all customer transactions via real-name verified bank accounts. (10) ISMS certification required from KISA.
Obligation types
Registration
Requirement to register with a regulator
KYC / AML
Know Your Customer and Anti-Money Laundering obligations
Custody / Segregation
Rules on how customer assets must be held
Travel Rule compliance
Sharing originator/beneficiary data on transfers
Capital requirements
Minimum capital or reserve requirements
Market conduct rules
Rules against manipulation, insider dealing etc.
Consumer protection
Rules protecting retail customers
Regulatory reporting
Ongoing reporting to regulators
Disclosure / Whitepaper
Mandatory disclosures to users or markets
Penalties & fines
Criminal — market manipulation
Insider trading, wash trading, price manipulation in virtual asset markets
Max: Minimum 1 year imprisonment; no maximum set; confiscation of profits
Applies to: All persons engaged in unfair trading
Criminal — unregistered VASP
Operating VASP without KoFIU registration or with unverified real-name bank accounts
Max: Imprisonment up to 5 years and/or fine
Applies to: Unregistered VASPs
Administrative fine
Breach of cold storage, segregation, insurance or reporting requirements
Max: Fine and/or business suspension order from FSC
Applies to: Licensed VASPs
Implementation timeline
Mar 2021
Specified Financial Information Act revised — VASP registration with KoFIU mandatory
All VASPs must register with the Korea Financial Intelligence Unit. AML/CFT obligations introduced.
Mar 2022DEADLINE
Travel Rule implemented
Applies to transactions above KRW 1 million. VASPs must share originator and beneficiary information.
Jul 2023
Virtual Asset User Protection Act (VAUPA) enacted
Phase 1 legislation enacted by National Assembly.
Jul 2024DEADLINE
VAUPA entered into force
80% cold storage requirement, segregated bank accounts, insurance, market manipulation ban all effective.
Always refer to official sources to confirm current requirements. CryptoRegHub summaries are for general guidance only.
Updates & news
18 December 2025
FSC signalled significantly expanded crypto enforcement in 2026
Reports indicate FSC plans to use DABA powers to investigate foreign VASPs serving Korean users and pursue misconduct occurring partly outside Korea.
1 June 2025
Digital Asset Basic Act (DABA) enacted — Phase 2 framework
DABA adds stablecoin licensing regime, foreign VASP oversight, expanded FSC enforcement powers, and cross-border activity rules. Implementing regulations expected in force January 2026.
19 July 2024
VAUPA entered into force
80% cold storage, segregated bank accounts, insurance/reserves, market manipulation ban all effective. Korea now has one of Asia's most robust consumer protection frameworks for crypto.
Frequently asked questions
At a glance
JurisdictionSouth Korea
RegulatorFSC
Official nameVirtual Asset User Protection Act (Act No. 19563, enacted July 18, 2023) + Digital Asset Basic Act (DABA, enacted June 2025)
StatusIn Force
Enacted18 Jul 2023
Effective from19 Jul 2024
Last verified14 Apr 2026
Penalty severity
● High risk
Large fines, licence revocation, or criminal referral risk
This summary is for general informational purposes only and does not constitute legal advice. Always verify with official sources and consult qualified legal counsel.