Blockchain & Crypto-Assets 2026

Last Updated June 11, 2026

South Korea

Law and Practice

Authors

Wooyoung Choi
Suhhee Han
Seonghwan Ju
Matt Younghoon Mok

Lee & Ko was established in 1977 and has evolved into a leading full-service law firm in South Korea, recognised for its excellence across various legal domains. Lee & Ko is known for delivering timely, practical solutions in complex legal matters. The firm’s in-house resources include attorneys, accountants, patent agents, former government officials, and other specialists, ensuring clients can access a wide range of services cost-effectively. Further, Lee & Ko maintains an extensive global network and collaborates with international law firms. This allows the firm to assist clients not only in Korean legal matters but also in cross-border transactions by connecting to legal advisors worldwide. This makes the firm a sought-after choice for clients requiring comprehensive and efficient legal assistance.

Use of Blockchain in Korea

Blockchain technology can broadly be categorised into the following.

  • Virtual assets: the most representative application of blockchain technology is virtual assets (cryptocurrencies). Recently, discussions regarding stablecoins have become particularly active.
  • Tokenised securities: these refer to securities under the Korean Capital Markets Act (CMA) that are digitised using distributed ledger technology (DLT). In the past, fractional investment services (such as investments in real estate or music copyrights) were provided through the regulatory sandbox framework as innovative financial services, although rights recorded on distributed ledgers were not legally presumed valid even in such cases. However, following amendments to the CMA and the Electronic Securities Act (ESA) in February 2026, a regulatory framework for the issuance and distribution of tokenised securities was established. In particular, records on distributed ledgers are now granted legal effect, including presumptive validity of rights under the ESA. The amendments are scheduled to take effect on 4 February 2027.
  • CBDCs/deposit tokens: discussions regarding the introduction of a CBDC (Central Bank Digital Currency) are actively underway, and deposit tokens capable of payment and transfer within CBDC systems have been issued through designation as innovative financial services. Deposit tokens refer to bank deposits tokenised into digital assets on distributed ledgers, which can be used for the purchase of goods and services.

The Bank of Korea conducted CBDC pilot projects from 2024 to 2025 to verify whether digital currency and deposit tokens could function smoothly throughout the entire lifecycle of manufacturing, issuance, distribution, redemption, and disposal (Project Hangang Phase 1), and also carried out real transaction testing. In March 2026, the Bank of Korea announced plans to proceed with Project Hangang Phase 2, which aims to establish the foundation for the formal adoption of digital currency systems and the commercialisation of deposit tokens.

  • Certification/authentication: blockchain and decentralised identity (DID) technologies are being considered for use in mobile identification cards, qualification certificates, electronic documents, and public service authentication. Korea’s three major mobile carriers ‒ SK Telecom, KT Corporation, and LG Uplus ‒ provide the PASS mobile driver’s licence verification service. Initially introduced through the Information and Communication Technology (ICT) regulatory sandbox framework, the service was later granted the same legal validity as physical driver’s licences following amendments to the Road Traffic Act.
  • Intellectual property: efforts to combine intellectual property with blockchain technology are actively expanding, particularly in the entertainment and IT industries. Major entertainment companies such as SM Entertainment and YG Entertainment have launched blockchain games and non-fungible tokens (NFTs) based on the IP of their artists, thereby expanding fan engagement experiences. Modhaus introduced an NFT-based voting system allowing fans to directly participate in group decision-making. In addition, KT Corporation and Gyeonggi Provincial Government implemented the “Gyeonggi Art On” project, through which performance videos were converted into NFTs and copyright revenues distributed.

Overall, the Korean blockchain industry is showing clear growth momentum. According to the “2025 Blockchain Industry Survey” published by the Korea Internet and Security Agency (KISA), the number of blockchain solution providers is expected to increase from 553 in 2024 to 621 in 2025, while the market size is projected to expand from KRW416.2 billion to KRW471.9 billion during the same period.

Issues Likely to Impact the Blockchain Industry

In the near future, the key issues expected to impact the blockchain industry will primarily relate to virtual assets (digital assets). Currently, Korean laws governing virtual assets mainly focus on user protection, unfair trading regulations, and AML requirements. However, the proposed Digital Asset Basic Act (DABA) is expected to comprehensively regulate the digital asset industry. The principal issues under discussion include the following.

Systematisation of entry regulations for digital asset businesses

Digital asset business categories are expected to be subdivided into trading/exchange, brokerage, custody/management, payment/transfer, discretionary management, advisory services, order transmission, and trading/exchange agency services. In addition, the current VASP reporting regime is expected to be replaced with an authorisation and registration system, under which different entry regulations would apply depending on the type of digital asset business.

Institutionalisation of stablecoins

Regulations are expected to be introduced requiring banks to hold at least 50% plus one share in stablecoin issuing entities (the so-called 51% Rule). Stablecoin issuers are also expected to become subject to various regulatory requirements, including entry regulations, reserve asset requirements, segregation of reserve assets, redemption guarantees, and disclosure obligations.

Business regulations for foreign stablecoin issuers

Regulations are expected to require foreign-issued stablecoins to satisfy certain conditions in order to be offered or sold in Korea or to Korean residents, such as establishing and registering a local branch in Korea and meeting reserve asset holding and custody standards.

Discussion on shareholding restrictions for major shareholders of virtual asset exchanges

The introduction of regulations imposing limits on the shareholding ratios of major shareholders in virtual asset exchanges is also under discussion.

In addition, in line with the government’s roadmap permitting corporate participation in the virtual asset market, professional investors, such as listed companies, are expected to increasingly participate in the virtual asset market.

Korea has operated regulatory sandbox programmes since 2019 across six sectors:

  • ICT convergence;
  • industrial convergence;
  • innovative finance;
  • regulation-free special zones;
  • smart cities; and
  • research and development special zones.

Specific examples relating to the blockchain sector include the following.

Innovative Finance

Services designated as innovative financial services include platforms that issue beneficiary certificates for real estate management and disposal trusts, aircraft engine tangible asset trusts, and monetary claims trusts through electronic registration methods and enable trading using blockchain-based DLT. In addition, brokerage platforms for trading unlisted shares using blockchain technology have also been designated and operated as innovative financial services. Furthermore, subordinate regulations under the Capital Markets Act have been amended to institutionalise services that had operated under the innovative financial services framework, such as unlisted share trading platforms and fractional investment trading platforms.

ICT Convergence

Around September 2019, the government designated the “PASS Mobile Driver’s License Verification Service” provided by Korea’s major telecommunications companies ‒ SK Telecom, KT Corporation, and LG Uplus ‒ as an ICT regulatory sandbox project, allowing it to have the same legal effect as a physical driver’s licence. By utilising blockchain technology, the PASS service is linked to the National Police Agency’s driver’s licence system, enabling actual licence photographs registered with the National Police Agency and the Korea Road Traffic Authority to be displayed within the application, thereby preventing attempts to forge or alter licence information or photographs.

Other Cases

A blockchain-based power trading system titled “VPP Blockchain Platform Service for Small-Scale Distributed Energy Resource Transactions”, which uses blockchain technology and smart contract systems to broker electricity transactions between power generation businesses producing less than 1,000kW and electricity users consuming less than 300kW, was designated as a demonstration project under the research and development special zone sandbox framework. In addition, a “Blockchain-Based Electronic Notarization System” was designated as a demonstration project under the ICT convergence sandbox framework.

Regulation of Blockchain

The Korean government recognises blockchain technology as a core infrastructure of the Fourth Industrial Revolution and the Web3.0 era, and generally focuses on promoting the industry as a whole, from the formation of the initial market to the development of the broader ecosystem. At the same time, in areas involving virtual assets, the government manages related risks by imposing regulations on virtual asset service providers (VASPs), including reporting obligations and AML requirements under the Act on Reporting and Using Specified Financial Transaction Information.

Currently, no law separately regulates blockchain technology that does not involve virtual assets; instead, relevant laws apply depending on the nature of the relevant service. In particular, where financial institutions outsource and utilise blockchain solutions, they must comply with regulations relating to network separation requirements under the Detailed Regulations on Supervision of Electronic Financial Transactions, as well as security measures and reporting obligations under regulations governing the outsourcing of information processing services by financial institutions.

Discussions Regarding Data Privacy on Blockchain

Under Korean law, personal information controllers and credit information providers/users are generally required to destroy personal (credit) information once it becomes unnecessary, such as when the purpose of processing has been achieved, unless a statutory exception applies. However, considering the technical characteristics of blockchain, under which information recorded on the blockchain is extremely difficult to delete, the Enforcement Decree of the Personal Information Protection Act (PIPA) was amended to recognise as a valid destruction method the processing of information into a form that can no longer identify an individual, even when combined with other information (“anonymous information”), provided that restoration is rendered impossible (Article 16(1)(i), proviso, of the Enforcement Decree of the PIPA).

Separately, in relation to the issuance and trading of tokenised securities, the ESA was amended to exempt personal credit information recorded on blockchain systems from the destruction obligation under Article 20-2 of the Credit Information Use and Protection Act, while requiring such information to be managed in accordance with prescribed standards (Article 23-3 of the ESA).

To the extent that data processing through blockchain is regarded as equivalent to the processing of personal (credit) information under existing laws, the principal obligations applicable to information processors include the following.

Collection, Use, and Provision of Personal (Credit) Information

In principle, any person collecting, using, or providing personal (credit) information must obtain the prior consent of the data subject unless a statutory exception applies.

Outsourcing of Personal (Credit) Information Processing

A party outsourcing the processing of personal (credit) information must disclose such outsourcing arrangements through its privacy policy or other public disclosures. In certain cases, a party outsourcing the processing of personal credit information is also required to report such outsourcing to the Financial Services Commission (FSC).

Exercise of Data Subject Rights

Personal information controllers and credit information providers/users must comply with requests from data subjects to exercise rights such as the right of access, withdrawal of consent, correction, and deletion, unless a statutory exception applies. However, there is currently no clear regulatory guidance or judicial precedent regarding how such rights can practically be exercised and implemented within a blockchain environment.

Destruction Obligations

Personal information controllers and credit information providers/users are generally required to destroy personal (credit) information once it becomes unnecessary for the relevant processing purpose, unless a statutory exception applies. However, because permanent deletion of certain information may be technically impossible in blockchain environments, the Enforcement Decree of the PIPA was amended to recognise the conversion of such information into irrecoverable anonymous information as a permissible method of destruction.

Protective Measures

Personal information controllers are required to implement technical, administrative, and physical safeguards necessary to prevent the loss, theft, leakage, forgery, alteration, or damage of personal information, including the establishment of internal management plans and the retention of access logs.

Currently, no separate law or regulation exists in Korea specifically governing “smart contracts,” and no court precedents have directly addressed them so far.

That said, whether a “smart contract” is enforceable in Korea is determined not by its form, but by whether the underlying legal relationship satisfies the requirements under the Korean Civil Act and other applicable laws. In other words, if there is an offer, acceptance, and mutual consent, a contract may be deemed validly formed even if it is in the form of a smart contract. Therefore, where there is a valid agreement between the parties on the substance embodied in the code structure of the smart contract, the contract would likely be considered validly formed.

In Korea, there are numerous blockchain-related associations and industry organisations, including the Digital Asset eXchange Alliance (DAXA), the Digital Asset Protection Foundation, the Korea Blockchain Association, the Korea Fintech Industry Association (KORFIN), the Open Blockchain and DID Association (OBDIA), the Korea Web3 Blockchain Association (KWBA), the Digital Convergence Industry Association (DCIA), and the Korea Blockchain Industry Promotion Association (KBIPA).

Korea has no law specifically governing the ownership and transfer of virtual assets. Korean courts generally take the position that virtual assets do not constitute “objects (or tangible property)” (mulgeon) under the Korean Civil Act that are capable of ownership. However, courts have recognised virtual assets as intangible interests with economic value and, in practice, have treated them similarly to claims for fungible goods.

More specifically, the Korean Supreme Court has held in criminal cases that virtual assets such as Bitcoin constitute merely electronic information without physical substance and therefore do not qualify as “property” under the Korean Criminal Act, which requires tangible objects or manageable forms of energy. Nevertheless, the Court recognised that virtual assets fall within the scope of “assets” subject to confiscation under the Act on Regulation and Punishment of Criminal Proceeds Concealment, thereby acknowledging them as intangible assets with economic value. This means that while virtual assets may be protected as proprietary interests, they are not recognised as “property” for purposes of crimes such as theft or embezzlement.

Lower civil courts have likewise generally denied the characterisation of virtual assets as objects under civil law. For example, in a case involving a claim for the return of Bitcoin, the Seoul High Court expressly held that Bitcoin constitutes merely digital information and therefore does not qualify as tangible property under the Korean Civil Act. Accordingly, the court denied the existence of a typical deposit contract under the Civil Act, while recognising the existence of an atypical contract analogous to a deposit arrangement. In this manner, although Korean courts formally reject the notion that virtual assets constitute civil-law “tangible property”, they have in practice treated them similarly to claims for fungible goods ‒ for example, by ordering parties to “deliver Bitcoin” or recognising substitute monetary claims where specific performance is impossible.

A VASP that does not engage in exchanges between virtual assets and fiat currency is not required to obtain a real-name verified deposit and withdrawal account. However, where a VASP engages in exchanges between virtual assets and fiat currency, it must obtain a real-name verified account from a bank pursuant to Article 7(3)(ii) of the Act on Reporting and Using Specified Financial Transaction Information. In practice, the industry currently follows the so-called one bank, one exchange principle, under which a single virtual asset exchange may obtain a real-name verified account arrangement from only one bank.

A bank intending to provide such real-name verified accounts must establish and operate procedures and internal guidelines for identifying, analysing, and evaluating the risks of money laundering and terrorist financing associated with financial transactions involving VASPs. In addition, the bank must maintain information technology systems capable of facilitating the provision of real-name verified accounts and monitoring and identifying money laundering and terrorist financing risks associated with such accounts.

In addition, Korean financial authorities had historically restricted the issuance of corporate real-name accounts for virtual asset transactions by financial institutions and corporations. Recently, however, the authorities announced that such participation would be gradually permitted to the extent that it does not undermine user protection or market stability in the virtual asset market. As a result, corporate accounts for cash-out purposes are currently permitted for law enforcement agencies, non-profit organisations, and virtual asset exchanges, and it is expected that corporate accounts for virtual asset transactions by professional investors (such as listed companies) and general corporations will also be permitted in the future. Moreover, while the financial authorities have, since 2017, implemented the so-called separation of finance and virtual assets policy in the form of administrative guidance, restricting financial institutions from making direct investments in virtual assets or holding equity interests in VASPs, there also have been signs of a possible relaxation of such restrictions.

Korea currently does not impose any separate ESG disclosure or reporting obligations specifically applicable to VASPs or virtual assets.

An amendment to the Korean Income Tax Act (ITA) and Corporate Tax Act (CTA), introducing taxation on income arising from the transfer or lending of virtual assets, is scheduled to take effect on 1 January 2027.

Accordingly, for resident taxpayers, virtual asset income is calculated as the consideration received from the transfer or lending of virtual assets minus the actual acquisition cost of the transferred assets and related expenses (Article 37(1)(iii) of the ITA). However, if the total virtual asset income for the taxable period does not exceed KRW2.5 million (the basic exemption threshold), no income tax is imposed (Article 84(iii) of the ITA).

For non-residents and foreign corporations, income generated from the transfer or lending of virtual assets in Korea is treated as Korea-source “other income” and is subject to taxation under Article 119(xii)(k) of the ITA and Article 93(x) of the CTA. If the non-resident or foreign corporation is a resident of a country that has concluded a tax treaty with Korea, it may apply for exemption or non-taxation by submitting a tax exemption application to the VASP, in accordance with Article 156-2 of the ITA and Article 98-4 of the CTA.

However, given the delay in the DABA legilsation and arguments from political circles for a further postponement of taxation on the grounds of fairness with the non-taxation of gains from stock investments, the possibility of another deferral of the taxation regime cannot be ruled out.

In Korea, there are no separate laws governing the liquidation or insolvency of VASPs. Accordingly, general corporate liquidation and bankruptcy procedures under the Commercial Act and the Debtor Rehabilitation and Bankruptcy Act apply equally to VASPs.

However, the Act on the Protection of Virtual Asset Users imposes specific requirements designed to protect users’ assets. In particular, VASPs must segregate fiat funds received from users in connection with virtual asset transactions (including sales, brokerage, and other business activities) from their own assets and deposit or entrust such funds to financial institutions such as banks for safekeeping. In the event that a VASP is declared bankrupt or resolves to dissolve, the Act provides that users are entitled to priority repayment of their deposited funds upon request (Article 6).

In addition, the FSC has issued guidelines on procedures that VASPs must follow when ceasing business operations, with the objective of ensuring adequate protection of users during an orderly business closure.

In Korea, the primary self-regulatory body for the virtual asset industry is the DAXA. DAXA was established by the five major Korean won-based virtual asset exchanges ‒ Upbit, Bithumb, Coinone, Korbit, and Gopax ‒ with the objective of promoting sound market order and protecting investors in the virtual asset sector. DAXA plays a key role in establishing industry standards, including the development of standard internal control guidelines for VASPs, listing support guidelines, real-time monitoring rules for abnormal transactions, best practice standards for advertising and promotional activities, and compliance manuals.

In addition, the Digital Asset Protection Foundation (DAPF), which was funded by DAXA and established with authorisation from the FSC, is engaged in safeguarding users’ virtual assets by receiving, securely storing, and returning such assets from or on behalf of VASPs that have ceased or are expected to cease operations, with the aim of establishing a sound trading order in the virtual asset market and protecting users’ rights and interests.

In relation to virtual assets, the FSC, the Korea Financial Intelligence Unit (KoFIU), and the Financial Supervisory Service (FSS) each perform distinct regulatory functions.

  • FSC: responsible for establishing national policies related to blockchain technology and virtual assets.
  • FSS: through its dedicated departments for virtual asset supervision and investigation, the FSS conducts inspections and supervisory activities of financial institutions and enforces sanctions against unfair trading practices involving virtual assets, thereby ensuring effective market oversight.
  • KoFIU: as an agency under the FSC, KoFIU operates the AML system and works to prevent money laundering and terrorist financing. It is also responsible for the registration and reporting of VASPs and plays a key role in preventing criminal activities involving blockchain and virtual assets.

To comply with the Financial Action Task Force (FATF) international standards on combating money laundering and the financing of terrorism and proliferation, Korea amended the Act on Reporting and Using Specified Financial Transaction Information, becoming the first jurisdiction to legally implement the “Travel Rule.” More recently, an enforcement decree has been proposed to extend the Travel Rule to transactions below KRW1 million.

In addition, in response to the International Organization of Securities Commissions (IOSCO) policy recommendations on crypto and digital asset markets, Korea enacted the Act on the Protection of Virtual Asset Users and its enforcement decree, introducing various investor protection and market integrity measures, including the segregation of customer deposits and virtual assets from the proprietary assets of VASPs.

Furthermore, in line with the Bank for International Settlements (BIS)’s emphasis on the need for stablecoin regulation, discussions on the legalisation and regulatory framework for stablecoins are currently ongoing in Korea.

Classification of Tokens and Related Regulation

Korean laws and regulations do not explicitly define a formal classification system for tokens. Under the current Act on the Protection of Virtual Asset Users, virtual assets are defined broadly, while central bank digital currencies (CBDCs), certain NFTs that meet specified criteria, and electronic payment instruments under the Electronic Financial Transactions Act (EFTA) are, in principle, excluded from the scope of virtual assets.

Meanwhile, financial authorities take the view that classification of virtual assets should be determined not only by their technical form but also by their economic substance, and that applicable regulations are applied accordingly.

Security tokens

Where a token qualifies as a “security” under the Financial Investment Services and Capital Markets Act (FSCMA) ‒ ie, where investors acquire certain rights ‒ the token is classified as a security token and becomes subject to existing capital markets regulations. Accordingly, licensing requirements (eg, investment brokerage business authorisation) and securities registration requirements apply. In this regard, amendments to the ESA introducing a tokenised securities framework based on DLT have been enacted and are scheduled to take effect in February 2027.

Payment instruments

Where a token is used as a means of payment, it may fall under electronic money or prepaid electronic payment instruments under the EFTA. However, financial authorities generally take the position that highly volatile virtual assets such as Bitcoin do not qualify as electronic payment instruments under the Act. Moreover, electronic payment instruments are explicitly excluded from the definition of virtual assets, reflecting a regulatory intent to distinguish virtual assets from payment instruments.

Discussion regarding stablecoins that may be used for payments and settlements have become increasingly active recently. It is expected that the forthcoming DABA will introduce a regulatory framework for stablecoins and may explicitly provide that they do not fall within the scope of electronic payment instruments under the EFTA. Overall, Korea adopts a dual-track regulatory approach, applying both the existing regulatory framework and a separate virtual asset-specific regulatory regime in parallel.

Regulation of Virtual Assets

Currently, virtual assets in Korea are primarily regulated under the Act on Reporting and Using Specified Financial Transaction Information and the Act on the Protection of Virtual Asset Users.

Under the former, VASPs are subject to registration obligations, compliance requirements, and AML duties. Specifically, any entity seeking to conduct virtual asset-related business such as trading, exchange, or custody must meet certain requirements (including information security management system certification) and register with the financial authorities as a VASP. In addition, VASPs are required to comply with AML obligations, including the Travel Rule, customer due diligence (KYC), and suspicious transaction reporting (STR). They must also segregate customers’ deposits and virtual assets from their own proprietary assets.

In this regard, legislative amendments and enforcement decrees currently under consideration would expand the scope of the Travel Rule by abolishing the current threshold of KRW1 million, thereby broadening its application. In addition, where transactions involve overseas VASPs or private wallets, VASPs would be required to assess and manage money laundering risks and take appropriate measures based on the level of risk.

Meanwhile, the Act on the Protection of Virtual Asset Users prohibits unfair trading practices involving virtual assets, including the use of undisclosed material information, market manipulation, and fraudulent trading.

Furthermore, under the amended Act on the Prevention of Telecommunications-based Financial Fraud and Refund of Damages (the “Telecom Fraud Refund Act”), which is scheduled to take effect on 1 October 2026, virtual asset exchanges will be subject to anti-scam and victim recovery obligations comparable to those imposed on traditional financial institutions. Accordingly, exchanges must continuously monitor for suspected fraudulent transactions, promptly suspend accounts when fraud is suspected, and support the recovery and refund of assets to victims.

In addition, as noted above, Korea is preparing to enact DABA, which is expected to:

  • further classify digital asset businesses into categories such as trading/exchange, brokerage, custody/management, payment/transfer, discretionary management, advisory, order transmission, and agency services;
  • introduce a regulatory framework for stablecoins; and
  • establish additional requirements related to the issuance of digital assets.

Korean financial authorities have taken the position that brokerage of Bitcoin futures exchange-traded funds (ETFs) may be permitted, whereas issuance and brokerage of Bitcoin spot ETFs may raise issues of violation under the FSCMA. This is because, under the FSCMA, ETFs are premised on having an eligible “underlying asset,” and virtual assets are generally not regarded as satisfying the requirements for such underlying assets.

However, under the FSCMA, “collective investment” does not necessarily require a traditional underlying asset, but instead defines the investable asset as any “asset with economic value.” Accordingly, investment vehicles that invest in virtual assets may, in principle, be structured as collective investment schemes under the FSCMA and become subject to its regulatory framework.

In practice, however, several legal uncertainties remain, particularly regarding whether a trust company responsible for custody and management of collective investment assets is permitted to hold virtual assets directly, or whether such custody may be delegated to a VASP. Due to these uncertainties, and given that corporate acquisition of virtual assets has historically not been permitted, there have been no domestic investment funds in Korea that directly invest in virtual assets.

For reference, a legislative amendment to the FSCMA has been proposed and is currently pending in the National Assembly. The Bill would explicitly include virtual assets as eligible “underlying assets” under the FSCMA and would also permit trust companies to hold virtual assets as part of their custodial asset pool.

Financial authorities in Korea have prohibited all forms of initial coin offerings (ICOs) since 2017.

However, under the forthcoming DABA, it is expected that a regulatory framework for the issuance of digital assets will be introduced. This is likely to include entry requirements for digital asset issuers, as well as obligations relating to the preparation and disclosure of digital asset white papers and other related disclosure requirements.

Article 10 of the Act on the Protection of Virtual Asset Users regulates unfair trading practices in virtual asset markets, which generally include the use of undisclosed material information, market manipulation, and fraudulent trading. These provisions are substantially similar to the prohibition on unfair trading practices under the FSCMA.

In addition, unlike traditional securities markets, the Act imposes certain additional obligations specific to virtual asset markets, including a prohibition on trading self-issued virtual assets, a prohibition on unjustified suspension or restriction of deposits and withdrawals, and an obligation to monitor and detect abnormal transactions.

Recently, the KoFIU has imposed severe administrative sanctions on virtual asset exchanges, including partial business suspension orders and substantial monetary penalties. These enforcement actions have been subject to legal challenges, with companies filing administrative lawsuits seeking revocation of the sanctions, and related disputes are currently ongoing.

Specifically, in 2025, KoFIU imposed a three-month partial business suspension order (prohibiting the transfer of virtual assets by new customers) and a fine of approximately KRW35.2 billion on Dunamu, the operator of the virtual asset exchange Upbit. The regulator found that Dunamu had violated several obligations, including the prohibition on transactions with unregistered VASPs, customer due diligence requirements (such as improper use of identification document copies, failure to properly verify addresses, and failure to verify the authenticity of drivers’ licences), transaction restriction obligations, and suspicious transaction reporting obligations. Dunamu has filed an administrative lawsuit seeking cancellation of the suspension order, and it reportedly prevailed at first instance, with the case currently pending on appeal. In addition, an objection has been filed against the fine, and related proceedings are ongoing.

Similarly, in March 2026, KoFIU imposed sanctions on Bithumb, including a fine of approximately KRW36.8 billion and a six-month partial business suspension (prohibiting the transfer of virtual assets by new customers), based on comparable violations. In April 2026, Coinone was also sanctioned with a fine of approximately KRW5.2 billion and a three-month partial business suspension (also restricting transfers for new customers). Both Bithumb and Coinone have also initiated administrative litigation seeking revocation of these sanctions.

Meanwhile, KoFIU has also taken enforcement measures against unregistered foreign VASPs operating in Korea. These measures include:

  • notifying the public of such unregistered providers to discourage transactions with them;
  • reporting such providers to investigative authorities; and
  • pursuing measures to block domestic access to their websites and mobile applications.

Korea operates a VASP registration regime, under which any person conducting the following activities as a business must register with the financial authorities:

  • buying and selling virtual assets;
  • exchanging virtual assets for other virtual assets;
  • transferring virtual assets, as specified by Presidential Decree;
  • custody or management of virtual assets; and
  • acting as an intermediary, broker, or agent for the above activities.

In addition, under the Act on the Protection of Virtual Asset Users and the Act on Reporting and Using Specified Financial Transaction Information, the VASP registration requirements apply on an extraterritorial basis. Accordingly, even if the relevant activities are conducted outside Korea, they may still be subject to the registration obligation if they have an effect within Korea. In this regard, the financial authorities have taken the position that foreign VASPs may be deemed to have a sufficient domestic nexus ‒ and therefore be subject to VASP registration ‒ where they, for example, provide Korean-language websites, run marketing events targeting Korean customers, or enable the purchase of virtual assets using credit cards.

Under the Act on Reporting and Using Specified Financial Transaction Information, a person who intends to operate a virtual asset-related business must file a VASP registration with the financial authorities and obtain acceptance of such filing.

However, the financial authorities may refuse to accept a VASP registration filing if certain statutory non-acceptance requirements are met. In this regard, the Act provides the following grounds for refusal. Notably, the requirements under items (iii) to (v) concerning major shareholders, as well as items (iv) and (v), were newly introduced through an amendment on 19 February 2026, and are scheduled to take effect on 20 August 2026:

  • (i) failure to obtain Information Security Management System (ISMS) certification;
  • (ii) (in cases involving exchange between fiat currency and virtual assets) failure to conduct financial transactions through real-name verified deposit and withdrawal accounts;
  • (iii) persons (including representatives, officers, and major shareholders) with a history of violating laws such as the Act on Regulation and Punishment of Criminal Proceeds Concealment or the Narcotics Control Act;
  • (iv) failure to maintain sound financial condition or adequate social credibility; and
  • (v) failure to maintain appropriate organisational structure, personnel, IT infrastructure, and internal control systems.

Among these, the “sound financial condition” requirement, scheduled to take effect on 20 August 2026, is part of prudential regulatory measures. According to the currently proposed amendments to the Enforcement Decree of the Act and related supervisory regulations, financial authorities seeking VASP registration are expected to be required to satisfy certain conditions, such as:

  • a debt-to-equity ratio of 200% or less;
  • no record of credit default or similar impairment of financial credibility over the past three years;
  • no designation as a distressed financial institution or revocation of licence/authorisation/registration within the past five years; and
  • the lapse of a certain period following prior administrative sanctions.

Under the Enforcement Decree and supervisory regulations of the Act on Reporting and Using Specified Financial Transaction Information, VASPs are required to report information regarding their major shareholders at the time of filing for VASP registration. In addition, where there is any change to such major shareholder information, a change report must be submitted within 14 days from the date of the change.

However, under the amended Act (amended on 19 February 2026, and scheduled to take effect on 20 August 2026), the scope of reportable major shareholder information has been expanded, and supervisory regulations are expected to be revised to require that change reports be submitted at least 30 days prior to the effective date of such changes.

At the same time, new screening and disqualification criteria for major shareholders have been introduced. As discussed in 3.2 Set-Up Requirements, according to the proposed amendments to the Enforcement Decree and supervisory regulations, a domestic corporate major shareholder of a VASP must satisfy certain prudential requirements, including:

  • a debt-to-equity ratio of 200% or less;
  • not being a major shareholder or related party of a distressed financial institution or a financial institution whose licence, authorisation, or registration has been revoked under financial regulatory laws;
  • no record of bank account transaction suspension within the past five years; and
  • not having been subject to bankruptcy or rehabilitation proceedings within the past five years.

For reference, if a major shareholder fails to meet these requirements at the time of a change report, the registration or change filing may be revoked ex officio by the authorities.

Under the Korean Act on Reporting and Use of Certain Financial Transaction Information, Korea’s VASP registration regime applies only to business activities conducted within the Korean market, and there is currently no separate framework for the mutual recognition of licences. However, as Korea was the first country in the world to implement the Travel Rule, it may be relatively easier to demonstrate a high level of AML compliance.

Regulations on Issuance and Sale of Virtual Assets

Under the Act on Reporting and Using Specified Financial Transaction Information, VASPs are subject to a registration requirement with the KoFIU. Accordingly, any person engaging in the business of trading, exchanging, or brokering virtual assets must obtain VASP registration.

However, where a virtual asset issuer merely sells its own issued virtual assets, such activity may not necessarily be regarded as a “business” requiring VASP registration, depending on factors such as whether the activity is conducted for profit and whether the sales are conducted repeatedly and continuously.

Meanwhile, even foreign VASPs are required to register with KoFIU if they are deemed to be “conducting business targeting Korean users,” in which case they must also comply with obligations under Korean AML laws. Korean financial authorities determine whether a foreign VASP targets Korean users by considering factors such as:

  • whether Korean-language services are provided;
  • whether marketing or promotional activities target Korean users; and
  • whether KRW-denominated transactions or payment methods are supported.

Under the current legal framework, there are no explicit statutory requirements governing white papers, offering documents, or disclosure obligations in connection with the issuance or sale of virtual assets. However, the proposed DABA currently under discussion is expected to introduce such requirements. Accordingly, the progress and contents of the proposed legislation should be closely monitored.

Regulations on Advertising of Virtual Assets

Current Korean virtual asset laws do not specifically regulate advertising relating to virtual assets. However, the proposed DABA reportedly includes provisions governing the subjects, content, methods, and procedures of virtual asset advertising.

In addition, VASPs remain subject to the general requirements of the Act on Fair Labelling and Advertising. Furthermore, as a form of industry self-regulation, the DAXA has issued the “Best Practice Guidelines for Advertising and Promotional Activities of VASPs”.

The key elements of these guidelines include:

  • disclosure of risks such as potential loss of principal, user responsibility for investment losses, and advertisement validity periods;
  • disclosure of fee rates charged to users;
  • prohibition on guaranteeing compensation for losses; and
  • prohibition on offering unfair economic benefits or incentives.

Under Korean law, the obligation to register as a VASP is determined based on the actual activities substantively carried out by the relevant business operator. Accordingly, merely partnering with or relying on an already licensed entity does not allow another party to conduct virtual asset business activities without its own registration.

Therefore, if external firms are deemed to be substantively engaging in activities such as virtual asset trading or related services, there is a risk that they may independently be subject to VASP registration requirements with the KoFIU, even where another entity’s licence structure is being used.

Conversely, where all virtual asset trading activities and related brokerage, intermediation, or agency functions are conducted solely by another properly licensed entity, and the external firms do not themselves substantively perform regulated activities, separate VASP registration by the external firms would generally not be required.

Korean financial authorities recognise that “fully decentralised DeFi services” present regulatory challenges because it is difficult to identify a responsible operating entity and determine the applicable legal jurisdiction. The authorities have indicated that they intend to continue developing an appropriate regulatory framework for such services. As of now, however, no relevant regulations exist in Korea expressly prohibiting fully decentralised DeFi services. That said, where a DeFi arrangement is not truly decentralised and a specific operator effectively retains control over the platform or service, such operator may be deemed to be conducting a virtual asset business and therefore become subject to the Act on Reporting and Using Specified Financial Transaction Information and the Act on the Protection of Virtual Asset Users.

Meanwhile, no such regulation expressly prohibits centralised finance (CeFi) companies from utilising DeFi protocols. However, in practice, there are significant compliance constraints. In particular, VASPs are required to:

  • comply with the Travel Rule by collecting, transmitting, and retaining sender and recipient information for virtual asset transfers exceeding KRW1 million;
  • maintain virtual assets of the same type and quantity as those entrusted by users; and
  • securely store at least 80% of users’ virtual assets in cold wallets segregated from internet-connected systems.

These obligations may create practical difficulties for VASPs seeking to utilise DeFi protocols.

In Korea, there are currently no specific laws or regulations governing organisational structures for operating DeFi services or decentralised autonomous organisations (DAOs). In this regard, Korean financial authorities have taken the position that, in the case of fully decentralised DeFi services, it is difficult to identify a responsible operating entity, making the applicable regulatory framework unclear. In addition, regulators appear to view DAOs as organisational structures whose legal form and governance rights are not currently reflected in Korea’s Civil Act or Commercial Act.

Meanwhile, quite a lot of corporations, including stock companies, have developed and operated DeFi-related services. In many such cases, however, the services would likely not be regarded as fully decentralised DeFi. Although certain operational functions may have been implemented through smart contracts, the relevant corporations generally remained responsible for development, commercialisation, incentive structures, branding, and overall project management.

Since there are currently no dedicated regulations specifically applicable to DeFi, the legal requirements applicable to a particular DeFi arrangement are generally determined based on the specific structure and characteristics of the relevant business model under existing legal and regulatory frameworks.

Although there have not been many publicly confirmed cases involving damage arising specifically from DeFi services in Korea, there is currently no dedicated legal framework governing DeFi. As a result, liability relating to DeFi services appears to be assessed under existing legal frameworks, with responsibility potentially imposed on the operators or developers of the relevant services.

Kronos DAO (2022)

Kronos DAO, a DeFi project operating on the Klaytn blockchain, withdrew funds from a DAO wallet without prior notice and exchanged them for its self-issued stablecoin. However, prosecutors declined to indict, reportedly on the grounds that there was no clearly established legal duty to provide prior notice and that intentional misconduct relating to the loss of funds could not be sufficiently proven.

KLAYswap Hack (2022)

In 2022, approximately KRW2.2 billion worth of virtual assets were stolen through a hacking incident involving KLAYswap, a DeFi service developed by Ozys. KLAYswap subsequently announced full compensation for affected users, and no separate regulatory sanctions or criminal prosecutions in connection with the incident have been identified.

Orbit Bridge Hack (2024)

In 2024, approximately USD82 million worth of virtual assets were stolen through a hacking incident involving Orbit Bridge, a cross-chain service developed by Ozys. In connection with the incident, Ozys filed a damages claim against its Chief Information Security Officer (CISO), who had been responsible for establishing and managing the company’s information security system. However, the court dismissed the claim, finding insufficient evidence that the CISO had engaged in unlawful conduct that lowered the level of security or caused the incident. Separately, in civil claims brought by users, the court reportedly recognised Ozys’s liability for damages to a certain extent.

In individual transactions, it would generally be permissible for the parties to agree on settlement using virtual assets as consideration on a case-by-case basis.

However, virtual assets are not typically eligible to be issued as electronic payment instruments or electronic money under the EFTA. The Act on the Protection of Virtual Asset Users excludes electronic payment instruments and electronic money from the definition of virtual assets, and in practice, the FSS has not approved licensing for issuance or management businesses that attempt to structure virtual assets as prepaid electronic payment instruments.

Meanwhile, even if a payment service involving virtual assets is operated, if the business involves activities such as trading, custody, management, brokerage, intermediation, or agency services on a commercial basis, a VASP registration may be required. In this context, where a company issues a virtual asset and enables users to use it for purchases at merchants through an affiliated settlement network, the affiliated company that circulates or facilitates the use of such virtual asset in settlement may also be required to register as a VASP.

In addition, where virtual assets are used for cross-border payments or settlement of import/export transactions, the Foreign Exchange Transactions Act applies, and unreported cross-border payments may constitute a violation of foreign exchange regulations. Notably, legislation amending the Foreign Exchange Transactions Act to require VASPs engaged in cross-border virtual asset transfers to register under the Act was passed by the National Assembly on 7 May 2026. Accordingly, future changes to reporting and registration obligations should be closely monitored.

There is currently no statutory definition of stablecoins or a classification framework for different types of stablecoins under Korean law, as dedicated regulations on stablecoins have not yet been fully established. However, certain case law has provided interpretative distinctions. In particular, a decision of the Seoul Central District Court (Seoul Central District Court Decision No 2023Gahap85022 dated 22 January 2025) classified:

  • fiat-collateralised stablecoins as those maintaining value by holding reserve assets such as legal currency, bank deposits, and traditional securities (eg, government bonds, corporate bonds, and commercial paper); and
  • algorithmic stablecoins as those maintaining price stability through programmed supply adjustment mechanisms.

At present, the institutionalisation of stablecoins in Korea is actively being discussed, and multiple legislative proposals have been submitted to the National Assembly’s Strategy and Finance Committee, including bills proposed by members of the National Assembly Min Byung-deok, Lee Kang-il, Kim Jae-seop, and Choi Bo-yoon.

A review of the definitions of stablecoins under each bill shows some variation. The Min Byung-deok Bill limits stablecoins to those pegged to fiat currency. The Lee Kang-il and Kim Jae-seop Bills define stablecoins more broadly as digital assets whose value is linked to “currency or assets”. The Choi Bo-yoon Bill also requires linkage to “fiat currency, real-world assets, or equivalent external value.” Overall, the stablecoins currently being discussed in Korea’s legislative process are predominantly those pegged to fiat currency or other identifiable underlying assets.

Under the current Korean legal framework, stablecoins are generally included within the definition of “virtual assets” and are therefore subject to the regulations applicable to virtual assets. Accordingly, where a person engages in the business of trading, custody, management, brokerage, intermediation, or agency services relating to stablecoins, such person may be regarded as a VASP and become subject to obligations including VASP registration and AML compliance requirements.

For reference, as discussed in 6.2.1 Fiat Currency and Algorithmic Stablecoins, several legislative bills aimed at establishing a regulatory framework for stablecoins have been submitted to the National Assembly. It is therefore expected that a dedicated regulatory regime for stablecoins will be introduced in the future. Most of these proposed bills include regulations concerning stablecoin issuers, such as entry requirements, redemption obligations, reserve asset requirements, and other business conduct regulations.

The bills currently submitted to the National Assembly’s Strategy and Finance Committee generally include common provisions requiring stablecoin issuers to maintain redemption reserves or reserve assets to ensure fulfilment of their redemption obligations.

For example, in the bills proposed by Choi Bo-yoon, Ahn Do-geol, and Kim Jae-seop, redemption reserves or reserve assets must consist of assets denominated in the same legal currency, including Bank of Korea-issued banknotes and coins, demand deposits held with financial institutions such as banks, and government securities (national bonds, local government bonds, and special bonds) with a maturity of one year or less, as well as other similarly safe assets. The value of such reserve assets must be at least equal to the outstanding amount of the issued stablecoins.

These reserve assets must be held in custody at financial institutions such as banks, segregated from the issuer’s proprietary assets. In addition, such reserve assets are subject to protection measures, including a prohibition on set-off and seizure.

By contrast, the bill proposed by Kim Hyun-jung differs in that it allows additional eligible reserve assets, including certain financial investment products such as collective investment schemes or other investment instruments that mature within three months of acquisition, as prescribed by Presidential Decree.

Since these bills delegate detailed requirements regarding reserve assets to Presidential Decrees, it will be necessary to closely monitor the subsequent implementing regulations following enactment.

The proposed DABA currently pending before the National Assembly includes provisions addressing the systemic risk of stablecoins (referred to as “value-stable digital assets”) as follows.

Park Sang-hyuk Bill

This proposal provides that, taking into account the impact on financial stability and user protection, certain “material value-stable digital assets” may be designated. Issuers of such designated assets would be required to satisfy additional requirements prescribed by Presidential Decree, such as enhanced capital requirements and other prudential measures.

Ahn Do-geol Bill

This proposal empowers the FSC to issue emergency corrective orders against issuers of value-stable digital assets where urgent action is deemed necessary to ensure user protection, sound market order, and financial stability.

Lee Kang-il Bill

This proposal allows the FSC to order suspension of issuance or trading of value-stable digital assets where it is deemed that normal trading cannot be conducted due to circumstances such as the issuer’s insolvency or major system failures affecting the operation of the stablecoin system.

Previously, there was insufficient institutional infrastructure for the issuance and distribution of tokenised assets, and fractional investment products were only introduced on a limited basis through regulatory sandboxes and other innovative financial service regimes. However, with the recent amendments to the FSCMA and the ESA, a regulatory framework for real-world assets (RWA) tokenisation has now been established. Accordingly, security tokens are now brought within the existing regulatory perimeter, including the FSCMA and the ESA.

First, since security tokens qualify as securities (financial investment instruments) under the FSCMA, they are subject to the same regulatory regime as other forms of securities. This includes issuance-related regulations such as the obligation to file securities registration statements, prohibitions on unfair trading practices, and business conduct regulations. Under the amended FSCMA, distribution-related rules applicable to securities are also fully extended to investment contract securities, including tokenised securities.

In addition, the FSCMA introduces an OTC brokerage system for equity securities and trust beneficiary securities, thereby establishing a legal framework for multilateral OTC trading. In this regard, the financial authorities have maintained the position that issuance and distribution markets should be separated in relation to emerging securities such as fractional investment products. Accordingly, authorisation procedures are currently underway for OTC brokerage platforms dealing with beneficiary interests (ie, fractional investment OTC exchanges). However, it remains under discussion whether such authorisation will extend to tokenised trust beneficiary securities.

Meanwhile, the amended ESA provides a legal basis for the use of DLT, thereby recognising the legal effect of securities issued in token form. Previously, full dematerialisation using DLT was not permitted, requiring issuance of electronic securities that were strictly matched on a 1:1 basis with tokens. Under the revised framework, electronic securities utilising distributed ledger systems are now recognised. Furthermore, the introduction of an “issuer account management institution” system provides an alternative to centralised electronic registration and custody. The amended ESA is scheduled to take effect on 4 February 2027.

Lee & Ko

Hanjin Building
63 Namdaemun-ro
Jung-gu
Seoul 04532
South Korea

+82 2 772 4000

+82 2 772 4001 2

mail@leeko.com www.leeko.com
Author Business Card

Trends and Developments


Authors

Ohoon Kwon
Yeon Seo

Cha & Kwon Law Offices is a Seoul-based boutique law firm specialising in Korean virtual asset, blockchain and fintech law. The firm advises domestic and international clients on the full lifecycle of digital asset matters, including token issuance and tokenised securities structuring, virtual asset service provider (VASP) licensing under the Specified Financial Information Act, compliance with the Virtual Asset User Protection Act (VAUPA), defence in market-abuse proceedings, and cross-border issues including foreign exchange controls, AML and CARF reporting. Cha & Kwon also represents foreign-affiliated corporates seeking access to Korea’s phased corporate crypto account regime, and advises on token-related M&A and regulatory due diligence. Recent work includes advisory mandates for foreign virtual asset service providers entering the Korean market and representation in cross-border digital asset disputes. The firm maintains active correspondent relationships in the United States, Hong Kong, Singapore, Taiwan, Japan and Australia, and advises in English on cross-border matters.

Korea’s 2026 Crossroads in Digital Asset Regulation

This article examines the five developments most likely to shape Korean market entry over the next 18 months:

  • the 2026 capital-markets amendments that will permit token security issuance from 2027;
  • the stalled Digital Asset Basic Act (DABA), on which centralised exchange and stablecoin regulation depends;
  • the first prosecutorial wave under the Virtual Asset User Protection Act (VAUPA) and the parallel expansion of regulatory surveillance over algorithmic trading;
  • the phased opening of won-denominated crypto accounts to Korean corporate and institutional holders; and
  • the personal income tax on virtual asset gains scheduled to take effect in 2027.

The throughline is that these developments are advancing on different timetables, and which one matters most depends on what the foreign business intends to do in the market.

A joint amendment package to the Financial Investment Services and Capital Markets Act (the “Capital Markets Act”) and the Act on Electronic Registration of Stocks and Bonds (the “Electronic Securities Act”), permitting token security issuance from 2027, passed the National Assembly on 15 January 2026. DABA, which would establish a framework for crypto-asset issuance and disclosure, the licensing of service providers and advisers, and a separate regime for won-pegged stablecoins, is still under committee review. Progress is not expected until the Bank of Korea (BOK) and the Financial Services Commission (FSC) resolve their dispute over stablecoin issuer eligibility.

This diverges from the approach taken in surrounding jurisdictions. Japan has brought security tokens within the Financial Instruments and Exchange Act and regulates fiat-pegged stablecoins under the Payment Services Act. Hong Kong has run its Securities and Futures Commission’s licensing of virtual asset trading platforms alongside a Hong Kong Monetary Authority licensing regime for fiat-referenced stablecoin issuers, which took effect on 1 August 2025. Korea has taken a different path, advancing the capital-markets amendments while leaving DABA under committee review.

The two legislative timetables also diverge. The capital-markets amendments are scheduled to take effect in early 2027, with subordinate regulations being finalised through 2026 in time for the statutory deadline. DABA, by contrast, is unlikely to clear committee before the local elections on 3 June 2026, and its subordinate regulations ‒ the rules that determine how authorisation and disclosure operate in practice ‒ are not expected to be in force before late 2027. For a foreign issuer or service provider, that gap matters: the same Korean compliance framework cannot be built around both timetables at once.

Token Security Issuance Becomes Possible

The 2026 “tokenised securities reform” consists of co-ordinated amendments to the Capital Markets Act and the Electronic Securities Act, both passed on 15 January 2026 and scheduled to take effect in early 2027. While the two amendments together make token security issuance possible from 2027, they operate on distinct legal tracks and should be read separately.

The Electronic Securities Act amendment is about the form in which a security is issued. Distributed ledger technology (DLT) now counts as a legally valid electronic registration ledger. Eligible issuers may record rights directly on a blockchain network, with the Korea Securities Depository (KSD) sitting as a node within that ledger. Until now, a Korean issuer wishing to use distributed ledger infrastructure had to do so within the regulatory sandbox, or through a centrally managed registry not recognised as a primary register of rights. From 2027, on-chain entries can themselves be the dispositive record of legal title. The amendment applies to all six existing security types. Market consensus, however, is that distributed ledger issuance will be deployed mainly for investment contract securities ‒ fractionalised asset-backed and revenue-share instruments, where the commercial case for tokenisation is strongest. Conventional electronic registration is expected to remain the default for debt and equity securities, beneficiary certificates, derivative-linked securities and depositary receipts.

The Capital Markets Act amendment is about the regulated subject. It permits secondary market intermediation for investment contract securities, the instruments used to fractionalise rights in art, livestock, real estate and intellectual property, and introduces a new licensed business category, an over-the-counter (OTC) brokerage, for that purpose. Until now, issuers of investment contract securities could only solicit retail investors directly, with no licensed intermediary involved. The amendment now permits broker-dealers to distribute them and act as intermediaries. Music copyrights, content IP and infrastructure interests are commonly cited as the asset classes most likely to benefit, although the scope will depend on subordinate regulations that are still being drafted.

The two legislative tracks do not depend on each other. An investment contract security can be issued and distributed through a conventional electronic registration ledger without using DLT at all, and the Electronic Securities Act amendment can be used for traditional debt or equity securities without ever invoking the new investment contract framework. “Token security” is the practical label that has emerged where issuers stack the two, but it is not a new statutory category. Substantively, a public offering of a token security still requires registration, ongoing disclosure obligations still apply, and unlicensed brokerage remains illegal.

Those subordinate regulations are still being developed. The FSC’s Token Securities Consultative Body, which brings together the FSC, the Financial Supervisory Service (FSS), the KSD and other market participants, is refining the technical and operational standards before the 2027 effective date. Several questions that will most affect commercial structuring remain open. The technical criteria for a qualifying distributed ledger have not been set, nor have the rules on when a non-KSD entity may run a node or how much settlement may happen off-chain. The capital, governance and record-keeping requirements that will attach to the new OTC brokerage licence are also still under development. Anyone structuring a token security transaction in 2026 should expect the rules to continue changing until close to the 2027 effective date.

DABA on Hold

DABA, by contrast, has been under committee review for almost a year, and is unlikely to be put to a vote until after the local elections in June 2026.

Representative Min Byung-deok of the Democratic Party of Korea introduced the DABA on 10 June 2025 as a single statute covering crypto-asset issuance and ongoing disclosure, the licensing of digital asset service providers, market-abuse prohibitions, and ‒ separately ‒ fiat-pegged stablecoins. It was designed as Phase 2 of the framework, building directly on the VAUPA).

The most persistent obstacle to passage has been the eligibility of stablecoin issuers, an issue that has dominated committee debate since late 2025.

Public policy commentary and media coverage indicate that the BOK has favoured a 51% bank-led-consortium ownership rule, citing monetary sovereignty, run risk and the integrity of payment settlement. The FSC resisted, arguing the threshold would suppress fintech participation and pointing to the EU’s Markets in Crypto-Assets Regulation (MiCAR), under which most licensed e-money token issuers are electronic money institutions rather than banks. The two positions have not converged, and the disagreement remains the principal reason DABA has not advanced.

The Democratic Party’s Digital Asset Task Force announced on 16 April 2026 that DABA had been placed on the Political Affairs Committee’s Legislative Review Subcommittee agenda for 27 April 2026, alongside three competing stablecoin-focused bills introduced separately by other Democratic Party and People Power Party legislators in 2025. The 27 April session was postponed and the subcommittee meeting was rescheduled for 12 May 2026. Whether DABA will be placed back on the agenda for the rescheduled session is uncertain, with disagreement on virtual asset exchange shareholding restrictions among the unresolved points within the ruling party. All four bills remain under committee review. Negotiations are expected to resume only after the local elections on 3 June 2026. The Task Force is also weighing a different strategy: pass the consensus parts of DABA first, defer the contentious ones, and treat stablecoin rules as candidates for standalone legislation rather than as part of DABA. That option is under review and has not been adopted. Practitioners are still working on the assumption that stablecoin regulation will proceed within DABA rather than ahead of it.

Even if the bill clears committee in the second half of 2026, passage within the year is far from guaranteed. The subordinate regulations and implementation guidance, the materials that decide how authorisation, white-paper disclosure and reserve rules actually work, will not be in force before 2027, and most likely later. Foreign businesses whose Korean entry depends on DABA-track authorisation should now plan on a 2027 horizon at the earliest. Where the product fits within VAUPA, the existing Specified Financial Information Act regime, or the capital-markets amendments framework, market entry can proceed without waiting for DABA.

For foreign stablecoin issuers in particular, two further questions matter. The first is whether eligibility criteria, once finalised, will require establishment of a Korean subsidiary ‒ neither a representative office nor cross-border registration is likely to suffice. The second is whether stablecoins will also be treated as means of payment under the Foreign Exchange Transactions Act, administered by the Ministry of Economy and Finance, in which case flows into and out of Korea would attract foreign exchange reporting and intermediary obligations on top of digital asset regulation. The current direction of committee discussions points to both outcomes, and corporate form and reserve custody decisions made in 2026 should be taken with these in mind. The bank-versus-fintech ownership question will be resolved through the legislative process and is not one on which foreign issuers can, at this stage, base their plans.

The First Enforcement Wave Under VAUPA

VAUPA came into force on 19 July 2024. It was the first Korean statute to make market manipulation, the use of undisclosed material information and other unfair trading conduct in virtual asset markets directly enforceable through both criminal and administrative channels. Prosecutorial output remained limited through 2025, with the first prosecutions reaching the courts in 2026.

The leading prosecution, designated by the Seoul Southern District Prosecutors’ Office as the “Number 1 Case”, began with a fast-track referral from the FSC and the FSS on 25 October 2024. The defendants were the chief executive of a virtual asset operating firm and an employee. Indicted on 3 January 2025, they were charged with manipulating the price of the listed token “ACE” between July and October 2024. The indictment alleged the use of an automated trading programme to generate wash-trade volume, combined with false buy orders that were cancelled once execution prices began to move. Cumulative gains were assessed at approximately KRW7.1 billion.

On 4 February 2026, the Seoul Southern District Court convicted the dependents, sentencing the chief executive to three years’ imprisonment, a fine of KRW500 million and forfeiture of approximately KRW845 million in criminal proceeds. The co-defendant received two years’ imprisonment, suspended for three years. The court declined to order forfeiture of the full KRW7.1 billion, finding that the precise amount of unfair gain could not be established to the requisite evidentiary standard. Both sides have appealed.

The Number 1 Case clarified several points for counsel advising virtual asset service providers (VASPs) and listed issuers in VAUPA matters. The fast-track referral channel among the FSC, the FSS and the Seoul Southern District Prosecutors’ Office is now operating as designed: the FSS compiles the referral package and sends it directly to a designated prosecution team, with no intermediate police investigation. The gap between assessed gains of KRW7.1 billion and the KRW845 million actually forfeited points to a recurring evidentiary problem. Establishing an unfair gain to the criminal evidentiary standard requires reconstructing each manipulative transaction’s market impact, and exchange-side trade data alone is rarely sufficient. The court convicted on the basis of automated trading log evidence, confirming that programmatic trading conduct can constitute market manipulation without separate proof of intent for each individual order.

Alongside the conviction, the FSS signalled a wider shift in its 2026 work plan. It identified API-driven abuse as a particular focus and set out four representative patterns:

  • repeated market-order buy and sell trades used to inflate volume;
  • the placement of large fictitious buy orders cancelled before execution to suggest demand;
  • matched-order trading among multiple accounts under common control; and
  • successive high-priced buy orders used to drive a directional price move.

The FSS is expanding its market analysis platform, VISTA (Virtual asset Intelligence System for Trading Analysis), adding AI functions to detect suspect account clusters automatically, with the 2026 budget allocating funds to server upgrades and detection algorithm enhancements. On a related front, the FSC is reviewing a payment-suspension mechanism for virtual asset manipulation cases, modelled on the equivalent tool in the Capital Markets Act.

Algorithmic and API-driven trading is now the FSS’s primary surveillance focus. The post-listing window is a particular concern, given how thin order books and concentrated holdings make price and volume easier to distort in the hours after a token first trades. Listed issuers should monitor early-stage trading activity around their tokens, and licensed exchanges have begun building internal monitoring against these patterns because the regulators expect them to. For foreign service providers operating in or supporting the Korean market, VAUPA enforcement is now an active prosecutorial risk, and compliance arrangements should be reviewed accordingly.

Enforcement against virtual asset misconduct does not run only through VAUPA. Unlicensed VASP operation remains prosecutable under the Specified Financial Information Act, with the Korea Financial Intelligence Unit (FIU) serving as the primary referral channel and suspicious transaction reports from licensed exchanges increasingly triggering early-stage VAUPA case-building. The five real-name-account-licensed exchanges and their banking partners hold most of the relevant transaction and identification records. Those records are routinely sought through prosecution-led requests during VAUPA investigations, and issuers whose tokens are listed on those venues often find themselves drawn into proceedings as third parties even where they are not the suspects.

On a related point, the FIU has consistently treated Foreign VASPs that have not filed under the Specified Financial Information Act as unreported VASPs for Korean regulatory purposes. Korean residents using such platforms for their own trading are not, on the FIU’s stated position, themselves the regulatory target; the targets are Korean intermediaries that facilitate the relationship. The position is most acute for referral operators, businesses that introduce Korean retail users to overseas trading venues, typically for a commission denominated in tokens or fiat. The FIU treats referral activity directed at an unfiled foreign VASP as itself facilitating an unreported VASP relationship, and the Specified Financial Information Act backs that position with both administrative penalties and criminal liability. Foreign-affiliated platforms that operate referral or affiliate channels into Korea should treat the Specified Financial Information Act filing question as a live risk to their business model rather than as a remote concern.

Corporate and Institutional Onramps: Opening Won-Denominated Crypto Accounts

Corporate access has been the most frequent question from foreign businesses evaluating Korean market entry over the past two years. The FSC has begun lifting the long-standing restriction on Korean corporate entities holding won-denominated virtual asset accounts at licensed exchanges. Its “Roadmap for Corporate Participation in the Virtual Asset Market” was published on 13 February 2025. As of April 2026, only the first phase has entered into force.

Phase one covers two categories of holder. Law-enforcement and revenue authorities, including the Prosecutors’ Office, the National Tax Service and the Korea Customs Service, have been able to open won-denominated accounts at licensed exchanges since November 2024, for the limited purposes of forfeiture enforcement, tax collection and the processing of seized digital assets. From the second quarter of 2025, certain non-profit entities and the licensed exchanges themselves may also open such accounts, for the purpose of liquidating virtual assets. The non-profit category is narrowly drawn, covering only designated public-interest donee organisations and non-profit entities subject to external audit with at least five years of operating history. Established universities, public foundations and comparable bodies are the typical recipients. Eligible entities must establish an internal Donation Review Committee, assess each donation’s propriety in advance, and verify the source of funds and the purpose of the proposed disposal. The intention is to let charitable and academic recipients convert digital donations to fiat in an orderly way, while keeping AML controls at the exchange level.

Phase two would extend access to listed companies and registered professional investors. As of April 2026, phase two has not been announced, let alone come into force. For corporates that are not listed, the practical route is professional-investor registration with the Korea Financial Investment Association: an applicant must hold at least KRW10 billion in financial investment instruments (KRW5 billion for an externally audited stock company), and the registration is typically processed by a securities firm acting on the corporate’s behalf. Media commentary has associated phase two with an indicative annual investment cap of around 5% of equity capital, although that figure does not appear in the FSC’s formal materials. Foreign-affiliated corporates planning entry now should plan against phase one and the professional-investor route only.

Qualifying on paper is not enough. The FSC has confirmed that the bank and the exchange together make the final case-by-case call on each real-name account, with the bank conducting an AML review of transaction purpose and source of funds. An entity that meets every published criterion can still be declined at onboarding.

The bank therefore holds the practical veto. If it declines, the application stops there, regardless of how thoroughly the eligibility evidence is documented. The same constraint will apply to listed companies and registered professional investors once phase two is introduced.

Personal Income Tax on Crypto Gains: 2027 Start Date, Open Questions on Execution

Korea’s personal income tax on virtual asset gains is currently scheduled to take effect on 1 January 2027. Gains from the transfer or lending of virtual assets are classified as miscellaneous income, with a KRW2.5 million annual deduction and a separate 20% tax rate (22% with local surtax). Annual gains and losses will be netted, and the first filings will be due in May 2028 as part of the comprehensive income tax return.

The regime has been deferred three times ‒ from 2022 to 2023, then to 2025, and finally to 2027 ‒ each time on the same ground that filing infrastructure is not ready. A bill to remove the regime altogether was introduced by opposition legislators in early 2026, but the ruling party has indicated that further deferral is not under consideration. Practitioners should plan for 2027 implementation and closely monitor the legislative position through the second half of 2026.

Even if the start date holds, execution remains the harder question. The tax applies on a worldwide basis to Korean residents, but trade data sitting on foreign exchanges, decentralised platforms or self-custody wallets is not systematically reported to the National Tax Service, and acquisition cost rules for assets moved between venues are not fully specified. Korean exchanges can produce trade histories for activity on their own platforms, but they do not see the rest of a user’s portfolio. The practical consequence is that the burden will fall on individual taxpayers to assemble cross-venue records, and tax-administration guidance through 2026 will be the most useful indicator of how strictly the regime is actually enforced.

Cha & Kwon Law Offices

5F, 526 Nonhyeon-ro
Gangnam-gu
Seoul
Korea

+82 2 6245 9090

+82 2 6245 9091

contact@chakwon.com www.chakwon.com
Author Business Card

Law and Practice

Authors

Wooyoung Choi
Suhhee Han
Seonghwan Ju
Matt Younghoon Mok

Lee & Ko was established in 1977 and has evolved into a leading full-service law firm in South Korea, recognised for its excellence across various legal domains. Lee & Ko is known for delivering timely, practical solutions in complex legal matters. The firm’s in-house resources include attorneys, accountants, patent agents, former government officials, and other specialists, ensuring clients can access a wide range of services cost-effectively. Further, Lee & Ko maintains an extensive global network and collaborates with international law firms. This allows the firm to assist clients not only in Korean legal matters but also in cross-border transactions by connecting to legal advisors worldwide. This makes the firm a sought-after choice for clients requiring comprehensive and efficient legal assistance.

Trends and Developments

Authors

Ohoon Kwon
Yeon Seo

Cha & Kwon Law Offices is a Seoul-based boutique law firm specialising in Korean virtual asset, blockchain and fintech law. The firm advises domestic and international clients on the full lifecycle of digital asset matters, including token issuance and tokenised securities structuring, virtual asset service provider (VASP) licensing under the Specified Financial Information Act, compliance with the Virtual Asset User Protection Act (VAUPA), defence in market-abuse proceedings, and cross-border issues including foreign exchange controls, AML and CARF reporting. Cha & Kwon also represents foreign-affiliated corporates seeking access to Korea’s phased corporate crypto account regime, and advises on token-related M&A and regulatory due diligence. Recent work includes advisory mandates for foreign virtual asset service providers entering the Korean market and representation in cross-border digital asset disputes. The firm maintains active correspondent relationships in the United States, Hong Kong, Singapore, Taiwan, Japan and Australia, and advises in English on cross-border matters.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.