Blockchain & Crypto-Assets 2026 Comparisons

Last Updated June 11, 2026

Contributed By Lee & Ko

Law and Practice

Authors

Wooyoung Choi
Suhhee Han
Seonghwan Ju
Matt Younghoon Mok

Lee & Ko was established in 1977 and has evolved into a leading full-service law firm in South Korea, recognised for its excellence across various legal domains. Lee & Ko is known for delivering timely, practical solutions in complex legal matters. The firm’s in-house resources include attorneys, accountants, patent agents, former government officials, and other specialists, ensuring clients can access a wide range of services cost-effectively. Further, Lee & Ko maintains an extensive global network and collaborates with international law firms. This allows the firm to assist clients not only in Korean legal matters but also in cross-border transactions by connecting to legal advisors worldwide. This makes the firm a sought-after choice for clients requiring comprehensive and efficient legal assistance.

Use of Blockchain in Korea

Blockchain technology can broadly be categorised into the following.

  • Virtual assets: the most representative application of blockchain technology is virtual assets (cryptocurrencies). Recently, discussions regarding stablecoins have become particularly active.
  • Tokenised securities: these refer to securities under the Korean Capital Markets Act (CMA) that are digitised using distributed ledger technology (DLT). In the past, fractional investment services (such as investments in real estate or music copyrights) were provided through the regulatory sandbox framework as innovative financial services, although rights recorded on distributed ledgers were not legally presumed valid even in such cases. However, following amendments to the CMA and the Electronic Securities Act (ESA) in February 2026, a regulatory framework for the issuance and distribution of tokenised securities was established. In particular, records on distributed ledgers are now granted legal effect, including presumptive validity of rights under the ESA. The amendments are scheduled to take effect on 4 February 2027.
  • CBDCs/deposit tokens: discussions regarding the introduction of a CBDC (Central Bank Digital Currency) are actively underway, and deposit tokens capable of payment and transfer within CBDC systems have been issued through designation as innovative financial services. Deposit tokens refer to bank deposits tokenised into digital assets on distributed ledgers, which can be used for the purchase of goods and services.

The Bank of Korea conducted CBDC pilot projects from 2024 to 2025 to verify whether digital currency and deposit tokens could function smoothly throughout the entire lifecycle of manufacturing, issuance, distribution, redemption, and disposal (Project Hangang Phase 1), and also carried out real transaction testing. In March 2026, the Bank of Korea announced plans to proceed with Project Hangang Phase 2, which aims to establish the foundation for the formal adoption of digital currency systems and the commercialisation of deposit tokens.

  • Certification/authentication: blockchain and decentralised identity (DID) technologies are being considered for use in mobile identification cards, qualification certificates, electronic documents, and public service authentication. Korea’s three major mobile carriers ‒ SK Telecom, KT Corporation, and LG Uplus ‒ provide the PASS mobile driver’s licence verification service. Initially introduced through the Information and Communication Technology (ICT) regulatory sandbox framework, the service was later granted the same legal validity as physical driver’s licences following amendments to the Road Traffic Act.
  • Intellectual property: efforts to combine intellectual property with blockchain technology are actively expanding, particularly in the entertainment and IT industries. Major entertainment companies such as SM Entertainment and YG Entertainment have launched blockchain games and non-fungible tokens (NFTs) based on the IP of their artists, thereby expanding fan engagement experiences. Modhaus introduced an NFT-based voting system allowing fans to directly participate in group decision-making. In addition, KT Corporation and Gyeonggi Provincial Government implemented the “Gyeonggi Art On” project, through which performance videos were converted into NFTs and copyright revenues distributed.

Overall, the Korean blockchain industry is showing clear growth momentum. According to the “2025 Blockchain Industry Survey” published by the Korea Internet and Security Agency (KISA), the number of blockchain solution providers is expected to increase from 553 in 2024 to 621 in 2025, while the market size is projected to expand from KRW416.2 billion to KRW471.9 billion during the same period.

Issues Likely to Impact the Blockchain Industry

In the near future, the key issues expected to impact the blockchain industry will primarily relate to virtual assets (digital assets). Currently, Korean laws governing virtual assets mainly focus on user protection, unfair trading regulations, and AML requirements. However, the proposed Digital Asset Basic Act (DABA) is expected to comprehensively regulate the digital asset industry. The principal issues under discussion include the following.

Systematisation of entry regulations for digital asset businesses

Digital asset business categories are expected to be subdivided into trading/exchange, brokerage, custody/management, payment/transfer, discretionary management, advisory services, order transmission, and trading/exchange agency services. In addition, the current VASP reporting regime is expected to be replaced with an authorisation and registration system, under which different entry regulations would apply depending on the type of digital asset business.

Institutionalisation of stablecoins

Regulations are expected to be introduced requiring banks to hold at least 50% plus one share in stablecoin issuing entities (the so-called 51% Rule). Stablecoin issuers are also expected to become subject to various regulatory requirements, including entry regulations, reserve asset requirements, segregation of reserve assets, redemption guarantees, and disclosure obligations.

Business regulations for foreign stablecoin issuers

Regulations are expected to require foreign-issued stablecoins to satisfy certain conditions in order to be offered or sold in Korea or to Korean residents, such as establishing and registering a local branch in Korea and meeting reserve asset holding and custody standards.

Discussion on shareholding restrictions for major shareholders of virtual asset exchanges

The introduction of regulations imposing limits on the shareholding ratios of major shareholders in virtual asset exchanges is also under discussion.

In addition, in line with the government’s roadmap permitting corporate participation in the virtual asset market, professional investors, such as listed companies, are expected to increasingly participate in the virtual asset market.

Korea has operated regulatory sandbox programmes since 2019 across six sectors:

  • ICT convergence;
  • industrial convergence;
  • innovative finance;
  • regulation-free special zones;
  • smart cities; and
  • research and development special zones.

Specific examples relating to the blockchain sector include the following.

Innovative Finance

Services designated as innovative financial services include platforms that issue beneficiary certificates for real estate management and disposal trusts, aircraft engine tangible asset trusts, and monetary claims trusts through electronic registration methods and enable trading using blockchain-based DLT. In addition, brokerage platforms for trading unlisted shares using blockchain technology have also been designated and operated as innovative financial services. Furthermore, subordinate regulations under the Capital Markets Act have been amended to institutionalise services that had operated under the innovative financial services framework, such as unlisted share trading platforms and fractional investment trading platforms.

ICT Convergence

Around September 2019, the government designated the “PASS Mobile Driver’s License Verification Service” provided by Korea’s major telecommunications companies ‒ SK Telecom, KT Corporation, and LG Uplus ‒ as an ICT regulatory sandbox project, allowing it to have the same legal effect as a physical driver’s licence. By utilising blockchain technology, the PASS service is linked to the National Police Agency’s driver’s licence system, enabling actual licence photographs registered with the National Police Agency and the Korea Road Traffic Authority to be displayed within the application, thereby preventing attempts to forge or alter licence information or photographs.

Other Cases

A blockchain-based power trading system titled “VPP Blockchain Platform Service for Small-Scale Distributed Energy Resource Transactions”, which uses blockchain technology and smart contract systems to broker electricity transactions between power generation businesses producing less than 1,000kW and electricity users consuming less than 300kW, was designated as a demonstration project under the research and development special zone sandbox framework. In addition, a “Blockchain-Based Electronic Notarization System” was designated as a demonstration project under the ICT convergence sandbox framework.

Regulation of Blockchain

The Korean government recognises blockchain technology as a core infrastructure of the Fourth Industrial Revolution and the Web3.0 era, and generally focuses on promoting the industry as a whole, from the formation of the initial market to the development of the broader ecosystem. At the same time, in areas involving virtual assets, the government manages related risks by imposing regulations on virtual asset service providers (VASPs), including reporting obligations and AML requirements under the Act on Reporting and Using Specified Financial Transaction Information.

Currently, no law separately regulates blockchain technology that does not involve virtual assets; instead, relevant laws apply depending on the nature of the relevant service. In particular, where financial institutions outsource and utilise blockchain solutions, they must comply with regulations relating to network separation requirements under the Detailed Regulations on Supervision of Electronic Financial Transactions, as well as security measures and reporting obligations under regulations governing the outsourcing of information processing services by financial institutions.

Discussions Regarding Data Privacy on Blockchain

Under Korean law, personal information controllers and credit information providers/users are generally required to destroy personal (credit) information once it becomes unnecessary, such as when the purpose of processing has been achieved, unless a statutory exception applies. However, considering the technical characteristics of blockchain, under which information recorded on the blockchain is extremely difficult to delete, the Enforcement Decree of the Personal Information Protection Act (PIPA) was amended to recognise as a valid destruction method the processing of information into a form that can no longer identify an individual, even when combined with other information (“anonymous information”), provided that restoration is rendered impossible (Article 16(1)(i), proviso, of the Enforcement Decree of the PIPA).

Separately, in relation to the issuance and trading of tokenised securities, the ESA was amended to exempt personal credit information recorded on blockchain systems from the destruction obligation under Article 20-2 of the Credit Information Use and Protection Act, while requiring such information to be managed in accordance with prescribed standards (Article 23-3 of the ESA).

To the extent that data processing through blockchain is regarded as equivalent to the processing of personal (credit) information under existing laws, the principal obligations applicable to information processors include the following.

Collection, Use, and Provision of Personal (Credit) Information

In principle, any person collecting, using, or providing personal (credit) information must obtain the prior consent of the data subject unless a statutory exception applies.

Outsourcing of Personal (Credit) Information Processing

A party outsourcing the processing of personal (credit) information must disclose such outsourcing arrangements through its privacy policy or other public disclosures. In certain cases, a party outsourcing the processing of personal credit information is also required to report such outsourcing to the Financial Services Commission (FSC).

Exercise of Data Subject Rights

Personal information controllers and credit information providers/users must comply with requests from data subjects to exercise rights such as the right of access, withdrawal of consent, correction, and deletion, unless a statutory exception applies. However, there is currently no clear regulatory guidance or judicial precedent regarding how such rights can practically be exercised and implemented within a blockchain environment.

Destruction Obligations

Personal information controllers and credit information providers/users are generally required to destroy personal (credit) information once it becomes unnecessary for the relevant processing purpose, unless a statutory exception applies. However, because permanent deletion of certain information may be technically impossible in blockchain environments, the Enforcement Decree of the PIPA was amended to recognise the conversion of such information into irrecoverable anonymous information as a permissible method of destruction.

Protective Measures

Personal information controllers are required to implement technical, administrative, and physical safeguards necessary to prevent the loss, theft, leakage, forgery, alteration, or damage of personal information, including the establishment of internal management plans and the retention of access logs.

Currently, no separate law or regulation exists in Korea specifically governing “smart contracts,” and no court precedents have directly addressed them so far.

That said, whether a “smart contract” is enforceable in Korea is determined not by its form, but by whether the underlying legal relationship satisfies the requirements under the Korean Civil Act and other applicable laws. In other words, if there is an offer, acceptance, and mutual consent, a contract may be deemed validly formed even if it is in the form of a smart contract. Therefore, where there is a valid agreement between the parties on the substance embodied in the code structure of the smart contract, the contract would likely be considered validly formed.

In Korea, there are numerous blockchain-related associations and industry organisations, including the Digital Asset eXchange Alliance (DAXA), the Digital Asset Protection Foundation, the Korea Blockchain Association, the Korea Fintech Industry Association (KORFIN), the Open Blockchain and DID Association (OBDIA), the Korea Web3 Blockchain Association (KWBA), the Digital Convergence Industry Association (DCIA), and the Korea Blockchain Industry Promotion Association (KBIPA).

Korea has no law specifically governing the ownership and transfer of virtual assets. Korean courts generally take the position that virtual assets do not constitute “objects (or tangible property)” (mulgeon) under the Korean Civil Act that are capable of ownership. However, courts have recognised virtual assets as intangible interests with economic value and, in practice, have treated them similarly to claims for fungible goods.

More specifically, the Korean Supreme Court has held in criminal cases that virtual assets such as Bitcoin constitute merely electronic information without physical substance and therefore do not qualify as “property” under the Korean Criminal Act, which requires tangible objects or manageable forms of energy. Nevertheless, the Court recognised that virtual assets fall within the scope of “assets” subject to confiscation under the Act on Regulation and Punishment of Criminal Proceeds Concealment, thereby acknowledging them as intangible assets with economic value. This means that while virtual assets may be protected as proprietary interests, they are not recognised as “property” for purposes of crimes such as theft or embezzlement.

Lower civil courts have likewise generally denied the characterisation of virtual assets as objects under civil law. For example, in a case involving a claim for the return of Bitcoin, the Seoul High Court expressly held that Bitcoin constitutes merely digital information and therefore does not qualify as tangible property under the Korean Civil Act. Accordingly, the court denied the existence of a typical deposit contract under the Civil Act, while recognising the existence of an atypical contract analogous to a deposit arrangement. In this manner, although Korean courts formally reject the notion that virtual assets constitute civil-law “tangible property”, they have in practice treated them similarly to claims for fungible goods ‒ for example, by ordering parties to “deliver Bitcoin” or recognising substitute monetary claims where specific performance is impossible.

A VASP that does not engage in exchanges between virtual assets and fiat currency is not required to obtain a real-name verified deposit and withdrawal account. However, where a VASP engages in exchanges between virtual assets and fiat currency, it must obtain a real-name verified account from a bank pursuant to Article 7(3)(ii) of the Act on Reporting and Using Specified Financial Transaction Information. In practice, the industry currently follows the so-called one bank, one exchange principle, under which a single virtual asset exchange may obtain a real-name verified account arrangement from only one bank.

A bank intending to provide such real-name verified accounts must establish and operate procedures and internal guidelines for identifying, analysing, and evaluating the risks of money laundering and terrorist financing associated with financial transactions involving VASPs. In addition, the bank must maintain information technology systems capable of facilitating the provision of real-name verified accounts and monitoring and identifying money laundering and terrorist financing risks associated with such accounts.

In addition, Korean financial authorities had historically restricted the issuance of corporate real-name accounts for virtual asset transactions by financial institutions and corporations. Recently, however, the authorities announced that such participation would be gradually permitted to the extent that it does not undermine user protection or market stability in the virtual asset market. As a result, corporate accounts for cash-out purposes are currently permitted for law enforcement agencies, non-profit organisations, and virtual asset exchanges, and it is expected that corporate accounts for virtual asset transactions by professional investors (such as listed companies) and general corporations will also be permitted in the future. Moreover, while the financial authorities have, since 2017, implemented the so-called separation of finance and virtual assets policy in the form of administrative guidance, restricting financial institutions from making direct investments in virtual assets or holding equity interests in VASPs, there also have been signs of a possible relaxation of such restrictions.

Korea currently does not impose any separate ESG disclosure or reporting obligations specifically applicable to VASPs or virtual assets.

An amendment to the Korean Income Tax Act (ITA) and Corporate Tax Act (CTA), introducing taxation on income arising from the transfer or lending of virtual assets, is scheduled to take effect on 1 January 2027.

Accordingly, for resident taxpayers, virtual asset income is calculated as the consideration received from the transfer or lending of virtual assets minus the actual acquisition cost of the transferred assets and related expenses (Article 37(1)(iii) of the ITA). However, if the total virtual asset income for the taxable period does not exceed KRW2.5 million (the basic exemption threshold), no income tax is imposed (Article 84(iii) of the ITA).

For non-residents and foreign corporations, income generated from the transfer or lending of virtual assets in Korea is treated as Korea-source “other income” and is subject to taxation under Article 119(xii)(k) of the ITA and Article 93(x) of the CTA. If the non-resident or foreign corporation is a resident of a country that has concluded a tax treaty with Korea, it may apply for exemption or non-taxation by submitting a tax exemption application to the VASP, in accordance with Article 156-2 of the ITA and Article 98-4 of the CTA.

However, given the delay in the DABA legilsation and arguments from political circles for a further postponement of taxation on the grounds of fairness with the non-taxation of gains from stock investments, the possibility of another deferral of the taxation regime cannot be ruled out.

In Korea, there are no separate laws governing the liquidation or insolvency of VASPs. Accordingly, general corporate liquidation and bankruptcy procedures under the Commercial Act and the Debtor Rehabilitation and Bankruptcy Act apply equally to VASPs.

However, the Act on the Protection of Virtual Asset Users imposes specific requirements designed to protect users’ assets. In particular, VASPs must segregate fiat funds received from users in connection with virtual asset transactions (including sales, brokerage, and other business activities) from their own assets and deposit or entrust such funds to financial institutions such as banks for safekeeping. In the event that a VASP is declared bankrupt or resolves to dissolve, the Act provides that users are entitled to priority repayment of their deposited funds upon request (Article 6).

In addition, the FSC has issued guidelines on procedures that VASPs must follow when ceasing business operations, with the objective of ensuring adequate protection of users during an orderly business closure.

In Korea, the primary self-regulatory body for the virtual asset industry is the DAXA. DAXA was established by the five major Korean won-based virtual asset exchanges ‒ Upbit, Bithumb, Coinone, Korbit, and Gopax ‒ with the objective of promoting sound market order and protecting investors in the virtual asset sector. DAXA plays a key role in establishing industry standards, including the development of standard internal control guidelines for VASPs, listing support guidelines, real-time monitoring rules for abnormal transactions, best practice standards for advertising and promotional activities, and compliance manuals.

In addition, the Digital Asset Protection Foundation (DAPF), which was funded by DAXA and established with authorisation from the FSC, is engaged in safeguarding users’ virtual assets by receiving, securely storing, and returning such assets from or on behalf of VASPs that have ceased or are expected to cease operations, with the aim of establishing a sound trading order in the virtual asset market and protecting users’ rights and interests.

In relation to virtual assets, the FSC, the Korea Financial Intelligence Unit (KoFIU), and the Financial Supervisory Service (FSS) each perform distinct regulatory functions.

  • FSC: responsible for establishing national policies related to blockchain technology and virtual assets.
  • FSS: through its dedicated departments for virtual asset supervision and investigation, the FSS conducts inspections and supervisory activities of financial institutions and enforces sanctions against unfair trading practices involving virtual assets, thereby ensuring effective market oversight.
  • KoFIU: as an agency under the FSC, KoFIU operates the AML system and works to prevent money laundering and terrorist financing. It is also responsible for the registration and reporting of VASPs and plays a key role in preventing criminal activities involving blockchain and virtual assets.

To comply with the Financial Action Task Force (FATF) international standards on combating money laundering and the financing of terrorism and proliferation, Korea amended the Act on Reporting and Using Specified Financial Transaction Information, becoming the first jurisdiction to legally implement the “Travel Rule.” More recently, an enforcement decree has been proposed to extend the Travel Rule to transactions below KRW1 million.

In addition, in response to the International Organization of Securities Commissions (IOSCO) policy recommendations on crypto and digital asset markets, Korea enacted the Act on the Protection of Virtual Asset Users and its enforcement decree, introducing various investor protection and market integrity measures, including the segregation of customer deposits and virtual assets from the proprietary assets of VASPs.

Furthermore, in line with the Bank for International Settlements (BIS)’s emphasis on the need for stablecoin regulation, discussions on the legalisation and regulatory framework for stablecoins are currently ongoing in Korea.

Classification of Tokens and Related Regulation

Korean laws and regulations do not explicitly define a formal classification system for tokens. Under the current Act on the Protection of Virtual Asset Users, virtual assets are defined broadly, while central bank digital currencies (CBDCs), certain NFTs that meet specified criteria, and electronic payment instruments under the Electronic Financial Transactions Act (EFTA) are, in principle, excluded from the scope of virtual assets.

Meanwhile, financial authorities take the view that classification of virtual assets should be determined not only by their technical form but also by their economic substance, and that applicable regulations are applied accordingly.

Security tokens

Where a token qualifies as a “security” under the Financial Investment Services and Capital Markets Act (FSCMA) ‒ ie, where investors acquire certain rights ‒ the token is classified as a security token and becomes subject to existing capital markets regulations. Accordingly, licensing requirements (eg, investment brokerage business authorisation) and securities registration requirements apply. In this regard, amendments to the ESA introducing a tokenised securities framework based on DLT have been enacted and are scheduled to take effect in February 2027.

Payment instruments

Where a token is used as a means of payment, it may fall under electronic money or prepaid electronic payment instruments under the EFTA. However, financial authorities generally take the position that highly volatile virtual assets such as Bitcoin do not qualify as electronic payment instruments under the Act. Moreover, electronic payment instruments are explicitly excluded from the definition of virtual assets, reflecting a regulatory intent to distinguish virtual assets from payment instruments.

Discussion regarding stablecoins that may be used for payments and settlements have become increasingly active recently. It is expected that the forthcoming DABA will introduce a regulatory framework for stablecoins and may explicitly provide that they do not fall within the scope of electronic payment instruments under the EFTA. Overall, Korea adopts a dual-track regulatory approach, applying both the existing regulatory framework and a separate virtual asset-specific regulatory regime in parallel.

Regulation of Virtual Assets

Currently, virtual assets in Korea are primarily regulated under the Act on Reporting and Using Specified Financial Transaction Information and the Act on the Protection of Virtual Asset Users.

Under the former, VASPs are subject to registration obligations, compliance requirements, and AML duties. Specifically, any entity seeking to conduct virtual asset-related business such as trading, exchange, or custody must meet certain requirements (including information security management system certification) and register with the financial authorities as a VASP. In addition, VASPs are required to comply with AML obligations, including the Travel Rule, customer due diligence (KYC), and suspicious transaction reporting (STR). They must also segregate customers’ deposits and virtual assets from their own proprietary assets.

In this regard, legislative amendments and enforcement decrees currently under consideration would expand the scope of the Travel Rule by abolishing the current threshold of KRW1 million, thereby broadening its application. In addition, where transactions involve overseas VASPs or private wallets, VASPs would be required to assess and manage money laundering risks and take appropriate measures based on the level of risk.

Meanwhile, the Act on the Protection of Virtual Asset Users prohibits unfair trading practices involving virtual assets, including the use of undisclosed material information, market manipulation, and fraudulent trading.

Furthermore, under the amended Act on the Prevention of Telecommunications-based Financial Fraud and Refund of Damages (the “Telecom Fraud Refund Act”), which is scheduled to take effect on 1 October 2026, virtual asset exchanges will be subject to anti-scam and victim recovery obligations comparable to those imposed on traditional financial institutions. Accordingly, exchanges must continuously monitor for suspected fraudulent transactions, promptly suspend accounts when fraud is suspected, and support the recovery and refund of assets to victims.

In addition, as noted above, Korea is preparing to enact DABA, which is expected to:

  • further classify digital asset businesses into categories such as trading/exchange, brokerage, custody/management, payment/transfer, discretionary management, advisory, order transmission, and agency services;
  • introduce a regulatory framework for stablecoins; and
  • establish additional requirements related to the issuance of digital assets.

Korean financial authorities have taken the position that brokerage of Bitcoin futures exchange-traded funds (ETFs) may be permitted, whereas issuance and brokerage of Bitcoin spot ETFs may raise issues of violation under the FSCMA. This is because, under the FSCMA, ETFs are premised on having an eligible “underlying asset,” and virtual assets are generally not regarded as satisfying the requirements for such underlying assets.

However, under the FSCMA, “collective investment” does not necessarily require a traditional underlying asset, but instead defines the investable asset as any “asset with economic value.” Accordingly, investment vehicles that invest in virtual assets may, in principle, be structured as collective investment schemes under the FSCMA and become subject to its regulatory framework.

In practice, however, several legal uncertainties remain, particularly regarding whether a trust company responsible for custody and management of collective investment assets is permitted to hold virtual assets directly, or whether such custody may be delegated to a VASP. Due to these uncertainties, and given that corporate acquisition of virtual assets has historically not been permitted, there have been no domestic investment funds in Korea that directly invest in virtual assets.

For reference, a legislative amendment to the FSCMA has been proposed and is currently pending in the National Assembly. The Bill would explicitly include virtual assets as eligible “underlying assets” under the FSCMA and would also permit trust companies to hold virtual assets as part of their custodial asset pool.

Financial authorities in Korea have prohibited all forms of initial coin offerings (ICOs) since 2017.

However, under the forthcoming DABA, it is expected that a regulatory framework for the issuance of digital assets will be introduced. This is likely to include entry requirements for digital asset issuers, as well as obligations relating to the preparation and disclosure of digital asset white papers and other related disclosure requirements.

Article 10 of the Act on the Protection of Virtual Asset Users regulates unfair trading practices in virtual asset markets, which generally include the use of undisclosed material information, market manipulation, and fraudulent trading. These provisions are substantially similar to the prohibition on unfair trading practices under the FSCMA.

In addition, unlike traditional securities markets, the Act imposes certain additional obligations specific to virtual asset markets, including a prohibition on trading self-issued virtual assets, a prohibition on unjustified suspension or restriction of deposits and withdrawals, and an obligation to monitor and detect abnormal transactions.

Recently, the KoFIU has imposed severe administrative sanctions on virtual asset exchanges, including partial business suspension orders and substantial monetary penalties. These enforcement actions have been subject to legal challenges, with companies filing administrative lawsuits seeking revocation of the sanctions, and related disputes are currently ongoing.

Specifically, in 2025, KoFIU imposed a three-month partial business suspension order (prohibiting the transfer of virtual assets by new customers) and a fine of approximately KRW35.2 billion on Dunamu, the operator of the virtual asset exchange Upbit. The regulator found that Dunamu had violated several obligations, including the prohibition on transactions with unregistered VASPs, customer due diligence requirements (such as improper use of identification document copies, failure to properly verify addresses, and failure to verify the authenticity of drivers’ licences), transaction restriction obligations, and suspicious transaction reporting obligations. Dunamu has filed an administrative lawsuit seeking cancellation of the suspension order, and it reportedly prevailed at first instance, with the case currently pending on appeal. In addition, an objection has been filed against the fine, and related proceedings are ongoing.

Similarly, in March 2026, KoFIU imposed sanctions on Bithumb, including a fine of approximately KRW36.8 billion and a six-month partial business suspension (prohibiting the transfer of virtual assets by new customers), based on comparable violations. In April 2026, Coinone was also sanctioned with a fine of approximately KRW5.2 billion and a three-month partial business suspension (also restricting transfers for new customers). Both Bithumb and Coinone have also initiated administrative litigation seeking revocation of these sanctions.

Meanwhile, KoFIU has also taken enforcement measures against unregistered foreign VASPs operating in Korea. These measures include:

  • notifying the public of such unregistered providers to discourage transactions with them;
  • reporting such providers to investigative authorities; and
  • pursuing measures to block domestic access to their websites and mobile applications.

Korea operates a VASP registration regime, under which any person conducting the following activities as a business must register with the financial authorities:

  • buying and selling virtual assets;
  • exchanging virtual assets for other virtual assets;
  • transferring virtual assets, as specified by Presidential Decree;
  • custody or management of virtual assets; and
  • acting as an intermediary, broker, or agent for the above activities.

In addition, under the Act on the Protection of Virtual Asset Users and the Act on Reporting and Using Specified Financial Transaction Information, the VASP registration requirements apply on an extraterritorial basis. Accordingly, even if the relevant activities are conducted outside Korea, they may still be subject to the registration obligation if they have an effect within Korea. In this regard, the financial authorities have taken the position that foreign VASPs may be deemed to have a sufficient domestic nexus ‒ and therefore be subject to VASP registration ‒ where they, for example, provide Korean-language websites, run marketing events targeting Korean customers, or enable the purchase of virtual assets using credit cards.

Under the Act on Reporting and Using Specified Financial Transaction Information, a person who intends to operate a virtual asset-related business must file a VASP registration with the financial authorities and obtain acceptance of such filing.

However, the financial authorities may refuse to accept a VASP registration filing if certain statutory non-acceptance requirements are met. In this regard, the Act provides the following grounds for refusal. Notably, the requirements under items (iii) to (v) concerning major shareholders, as well as items (iv) and (v), were newly introduced through an amendment on 19 February 2026, and are scheduled to take effect on 20 August 2026:

  • (i) failure to obtain Information Security Management System (ISMS) certification;
  • (ii) (in cases involving exchange between fiat currency and virtual assets) failure to conduct financial transactions through real-name verified deposit and withdrawal accounts;
  • (iii) persons (including representatives, officers, and major shareholders) with a history of violating laws such as the Act on Regulation and Punishment of Criminal Proceeds Concealment or the Narcotics Control Act;
  • (iv) failure to maintain sound financial condition or adequate social credibility; and
  • (v) failure to maintain appropriate organisational structure, personnel, IT infrastructure, and internal control systems.

Among these, the “sound financial condition” requirement, scheduled to take effect on 20 August 2026, is part of prudential regulatory measures. According to the currently proposed amendments to the Enforcement Decree of the Act and related supervisory regulations, financial authorities seeking VASP registration are expected to be required to satisfy certain conditions, such as:

  • a debt-to-equity ratio of 200% or less;
  • no record of credit default or similar impairment of financial credibility over the past three years;
  • no designation as a distressed financial institution or revocation of licence/authorisation/registration within the past five years; and
  • the lapse of a certain period following prior administrative sanctions.

Under the Enforcement Decree and supervisory regulations of the Act on Reporting and Using Specified Financial Transaction Information, VASPs are required to report information regarding their major shareholders at the time of filing for VASP registration. In addition, where there is any change to such major shareholder information, a change report must be submitted within 14 days from the date of the change.

However, under the amended Act (amended on 19 February 2026, and scheduled to take effect on 20 August 2026), the scope of reportable major shareholder information has been expanded, and supervisory regulations are expected to be revised to require that change reports be submitted at least 30 days prior to the effective date of such changes.

At the same time, new screening and disqualification criteria for major shareholders have been introduced. As discussed in 3.2 Set-Up Requirements, according to the proposed amendments to the Enforcement Decree and supervisory regulations, a domestic corporate major shareholder of a VASP must satisfy certain prudential requirements, including:

  • a debt-to-equity ratio of 200% or less;
  • not being a major shareholder or related party of a distressed financial institution or a financial institution whose licence, authorisation, or registration has been revoked under financial regulatory laws;
  • no record of bank account transaction suspension within the past five years; and
  • not having been subject to bankruptcy or rehabilitation proceedings within the past five years.

For reference, if a major shareholder fails to meet these requirements at the time of a change report, the registration or change filing may be revoked ex officio by the authorities.

Under the Korean Act on Reporting and Use of Certain Financial Transaction Information, Korea’s VASP registration regime applies only to business activities conducted within the Korean market, and there is currently no separate framework for the mutual recognition of licences. However, as Korea was the first country in the world to implement the Travel Rule, it may be relatively easier to demonstrate a high level of AML compliance.

Regulations on Issuance and Sale of Virtual Assets

Under the Act on Reporting and Using Specified Financial Transaction Information, VASPs are subject to a registration requirement with the KoFIU. Accordingly, any person engaging in the business of trading, exchanging, or brokering virtual assets must obtain VASP registration.

However, where a virtual asset issuer merely sells its own issued virtual assets, such activity may not necessarily be regarded as a “business” requiring VASP registration, depending on factors such as whether the activity is conducted for profit and whether the sales are conducted repeatedly and continuously.

Meanwhile, even foreign VASPs are required to register with KoFIU if they are deemed to be “conducting business targeting Korean users,” in which case they must also comply with obligations under Korean AML laws. Korean financial authorities determine whether a foreign VASP targets Korean users by considering factors such as:

  • whether Korean-language services are provided;
  • whether marketing or promotional activities target Korean users; and
  • whether KRW-denominated transactions or payment methods are supported.

Under the current legal framework, there are no explicit statutory requirements governing white papers, offering documents, or disclosure obligations in connection with the issuance or sale of virtual assets. However, the proposed DABA currently under discussion is expected to introduce such requirements. Accordingly, the progress and contents of the proposed legislation should be closely monitored.

Regulations on Advertising of Virtual Assets

Current Korean virtual asset laws do not specifically regulate advertising relating to virtual assets. However, the proposed DABA reportedly includes provisions governing the subjects, content, methods, and procedures of virtual asset advertising.

In addition, VASPs remain subject to the general requirements of the Act on Fair Labelling and Advertising. Furthermore, as a form of industry self-regulation, the DAXA has issued the “Best Practice Guidelines for Advertising and Promotional Activities of VASPs”.

The key elements of these guidelines include:

  • disclosure of risks such as potential loss of principal, user responsibility for investment losses, and advertisement validity periods;
  • disclosure of fee rates charged to users;
  • prohibition on guaranteeing compensation for losses; and
  • prohibition on offering unfair economic benefits or incentives.

Under Korean law, the obligation to register as a VASP is determined based on the actual activities substantively carried out by the relevant business operator. Accordingly, merely partnering with or relying on an already licensed entity does not allow another party to conduct virtual asset business activities without its own registration.

Therefore, if external firms are deemed to be substantively engaging in activities such as virtual asset trading or related services, there is a risk that they may independently be subject to VASP registration requirements with the KoFIU, even where another entity’s licence structure is being used.

Conversely, where all virtual asset trading activities and related brokerage, intermediation, or agency functions are conducted solely by another properly licensed entity, and the external firms do not themselves substantively perform regulated activities, separate VASP registration by the external firms would generally not be required.

Korean financial authorities recognise that “fully decentralised DeFi services” present regulatory challenges because it is difficult to identify a responsible operating entity and determine the applicable legal jurisdiction. The authorities have indicated that they intend to continue developing an appropriate regulatory framework for such services. As of now, however, no relevant regulations exist in Korea expressly prohibiting fully decentralised DeFi services. That said, where a DeFi arrangement is not truly decentralised and a specific operator effectively retains control over the platform or service, such operator may be deemed to be conducting a virtual asset business and therefore become subject to the Act on Reporting and Using Specified Financial Transaction Information and the Act on the Protection of Virtual Asset Users.

Meanwhile, no such regulation expressly prohibits centralised finance (CeFi) companies from utilising DeFi protocols. However, in practice, there are significant compliance constraints. In particular, VASPs are required to:

  • comply with the Travel Rule by collecting, transmitting, and retaining sender and recipient information for virtual asset transfers exceeding KRW1 million;
  • maintain virtual assets of the same type and quantity as those entrusted by users; and
  • securely store at least 80% of users’ virtual assets in cold wallets segregated from internet-connected systems.

These obligations may create practical difficulties for VASPs seeking to utilise DeFi protocols.

In Korea, there are currently no specific laws or regulations governing organisational structures for operating DeFi services or decentralised autonomous organisations (DAOs). In this regard, Korean financial authorities have taken the position that, in the case of fully decentralised DeFi services, it is difficult to identify a responsible operating entity, making the applicable regulatory framework unclear. In addition, regulators appear to view DAOs as organisational structures whose legal form and governance rights are not currently reflected in Korea’s Civil Act or Commercial Act.

Meanwhile, quite a lot of corporations, including stock companies, have developed and operated DeFi-related services. In many such cases, however, the services would likely not be regarded as fully decentralised DeFi. Although certain operational functions may have been implemented through smart contracts, the relevant corporations generally remained responsible for development, commercialisation, incentive structures, branding, and overall project management.

Since there are currently no dedicated regulations specifically applicable to DeFi, the legal requirements applicable to a particular DeFi arrangement are generally determined based on the specific structure and characteristics of the relevant business model under existing legal and regulatory frameworks.

Although there have not been many publicly confirmed cases involving damage arising specifically from DeFi services in Korea, there is currently no dedicated legal framework governing DeFi. As a result, liability relating to DeFi services appears to be assessed under existing legal frameworks, with responsibility potentially imposed on the operators or developers of the relevant services.

Kronos DAO (2022)

Kronos DAO, a DeFi project operating on the Klaytn blockchain, withdrew funds from a DAO wallet without prior notice and exchanged them for its self-issued stablecoin. However, prosecutors declined to indict, reportedly on the grounds that there was no clearly established legal duty to provide prior notice and that intentional misconduct relating to the loss of funds could not be sufficiently proven.

KLAYswap Hack (2022)

In 2022, approximately KRW2.2 billion worth of virtual assets were stolen through a hacking incident involving KLAYswap, a DeFi service developed by Ozys. KLAYswap subsequently announced full compensation for affected users, and no separate regulatory sanctions or criminal prosecutions in connection with the incident have been identified.

Orbit Bridge Hack (2024)

In 2024, approximately USD82 million worth of virtual assets were stolen through a hacking incident involving Orbit Bridge, a cross-chain service developed by Ozys. In connection with the incident, Ozys filed a damages claim against its Chief Information Security Officer (CISO), who had been responsible for establishing and managing the company’s information security system. However, the court dismissed the claim, finding insufficient evidence that the CISO had engaged in unlawful conduct that lowered the level of security or caused the incident. Separately, in civil claims brought by users, the court reportedly recognised Ozys’s liability for damages to a certain extent.

In individual transactions, it would generally be permissible for the parties to agree on settlement using virtual assets as consideration on a case-by-case basis.

However, virtual assets are not typically eligible to be issued as electronic payment instruments or electronic money under the EFTA. The Act on the Protection of Virtual Asset Users excludes electronic payment instruments and electronic money from the definition of virtual assets, and in practice, the FSS has not approved licensing for issuance or management businesses that attempt to structure virtual assets as prepaid electronic payment instruments.

Meanwhile, even if a payment service involving virtual assets is operated, if the business involves activities such as trading, custody, management, brokerage, intermediation, or agency services on a commercial basis, a VASP registration may be required. In this context, where a company issues a virtual asset and enables users to use it for purchases at merchants through an affiliated settlement network, the affiliated company that circulates or facilitates the use of such virtual asset in settlement may also be required to register as a VASP.

In addition, where virtual assets are used for cross-border payments or settlement of import/export transactions, the Foreign Exchange Transactions Act applies, and unreported cross-border payments may constitute a violation of foreign exchange regulations. Notably, legislation amending the Foreign Exchange Transactions Act to require VASPs engaged in cross-border virtual asset transfers to register under the Act was passed by the National Assembly on 7 May 2026. Accordingly, future changes to reporting and registration obligations should be closely monitored.

There is currently no statutory definition of stablecoins or a classification framework for different types of stablecoins under Korean law, as dedicated regulations on stablecoins have not yet been fully established. However, certain case law has provided interpretative distinctions. In particular, a decision of the Seoul Central District Court (Seoul Central District Court Decision No 2023Gahap85022 dated 22 January 2025) classified:

  • fiat-collateralised stablecoins as those maintaining value by holding reserve assets such as legal currency, bank deposits, and traditional securities (eg, government bonds, corporate bonds, and commercial paper); and
  • algorithmic stablecoins as those maintaining price stability through programmed supply adjustment mechanisms.

At present, the institutionalisation of stablecoins in Korea is actively being discussed, and multiple legislative proposals have been submitted to the National Assembly’s Strategy and Finance Committee, including bills proposed by members of the National Assembly Min Byung-deok, Lee Kang-il, Kim Jae-seop, and Choi Bo-yoon.

A review of the definitions of stablecoins under each bill shows some variation. The Min Byung-deok Bill limits stablecoins to those pegged to fiat currency. The Lee Kang-il and Kim Jae-seop Bills define stablecoins more broadly as digital assets whose value is linked to “currency or assets”. The Choi Bo-yoon Bill also requires linkage to “fiat currency, real-world assets, or equivalent external value.” Overall, the stablecoins currently being discussed in Korea’s legislative process are predominantly those pegged to fiat currency or other identifiable underlying assets.

Under the current Korean legal framework, stablecoins are generally included within the definition of “virtual assets” and are therefore subject to the regulations applicable to virtual assets. Accordingly, where a person engages in the business of trading, custody, management, brokerage, intermediation, or agency services relating to stablecoins, such person may be regarded as a VASP and become subject to obligations including VASP registration and AML compliance requirements.

For reference, as discussed in 6.2.1 Fiat Currency and Algorithmic Stablecoins, several legislative bills aimed at establishing a regulatory framework for stablecoins have been submitted to the National Assembly. It is therefore expected that a dedicated regulatory regime for stablecoins will be introduced in the future. Most of these proposed bills include regulations concerning stablecoin issuers, such as entry requirements, redemption obligations, reserve asset requirements, and other business conduct regulations.

The bills currently submitted to the National Assembly’s Strategy and Finance Committee generally include common provisions requiring stablecoin issuers to maintain redemption reserves or reserve assets to ensure fulfilment of their redemption obligations.

For example, in the bills proposed by Choi Bo-yoon, Ahn Do-geol, and Kim Jae-seop, redemption reserves or reserve assets must consist of assets denominated in the same legal currency, including Bank of Korea-issued banknotes and coins, demand deposits held with financial institutions such as banks, and government securities (national bonds, local government bonds, and special bonds) with a maturity of one year or less, as well as other similarly safe assets. The value of such reserve assets must be at least equal to the outstanding amount of the issued stablecoins.

These reserve assets must be held in custody at financial institutions such as banks, segregated from the issuer’s proprietary assets. In addition, such reserve assets are subject to protection measures, including a prohibition on set-off and seizure.

By contrast, the bill proposed by Kim Hyun-jung differs in that it allows additional eligible reserve assets, including certain financial investment products such as collective investment schemes or other investment instruments that mature within three months of acquisition, as prescribed by Presidential Decree.

Since these bills delegate detailed requirements regarding reserve assets to Presidential Decrees, it will be necessary to closely monitor the subsequent implementing regulations following enactment.

The proposed DABA currently pending before the National Assembly includes provisions addressing the systemic risk of stablecoins (referred to as “value-stable digital assets”) as follows.

Park Sang-hyuk Bill

This proposal provides that, taking into account the impact on financial stability and user protection, certain “material value-stable digital assets” may be designated. Issuers of such designated assets would be required to satisfy additional requirements prescribed by Presidential Decree, such as enhanced capital requirements and other prudential measures.

Ahn Do-geol Bill

This proposal empowers the FSC to issue emergency corrective orders against issuers of value-stable digital assets where urgent action is deemed necessary to ensure user protection, sound market order, and financial stability.

Lee Kang-il Bill

This proposal allows the FSC to order suspension of issuance or trading of value-stable digital assets where it is deemed that normal trading cannot be conducted due to circumstances such as the issuer’s insolvency or major system failures affecting the operation of the stablecoin system.

Previously, there was insufficient institutional infrastructure for the issuance and distribution of tokenised assets, and fractional investment products were only introduced on a limited basis through regulatory sandboxes and other innovative financial service regimes. However, with the recent amendments to the FSCMA and the ESA, a regulatory framework for real-world assets (RWA) tokenisation has now been established. Accordingly, security tokens are now brought within the existing regulatory perimeter, including the FSCMA and the ESA.

First, since security tokens qualify as securities (financial investment instruments) under the FSCMA, they are subject to the same regulatory regime as other forms of securities. This includes issuance-related regulations such as the obligation to file securities registration statements, prohibitions on unfair trading practices, and business conduct regulations. Under the amended FSCMA, distribution-related rules applicable to securities are also fully extended to investment contract securities, including tokenised securities.

In addition, the FSCMA introduces an OTC brokerage system for equity securities and trust beneficiary securities, thereby establishing a legal framework for multilateral OTC trading. In this regard, the financial authorities have maintained the position that issuance and distribution markets should be separated in relation to emerging securities such as fractional investment products. Accordingly, authorisation procedures are currently underway for OTC brokerage platforms dealing with beneficiary interests (ie, fractional investment OTC exchanges). However, it remains under discussion whether such authorisation will extend to tokenised trust beneficiary securities.

Meanwhile, the amended ESA provides a legal basis for the use of DLT, thereby recognising the legal effect of securities issued in token form. Previously, full dematerialisation using DLT was not permitted, requiring issuance of electronic securities that were strictly matched on a 1:1 basis with tokens. Under the revised framework, electronic securities utilising distributed ledger systems are now recognised. Furthermore, the introduction of an “issuer account management institution” system provides an alternative to centralised electronic registration and custody. The amended ESA is scheduled to take effect on 4 February 2027.

Lee & Ko

Hanjin Building
63 Namdaemun-ro
Jung-gu
Seoul 04532
South Korea

+82 2 772 4000

+82 2 772 4001 2

mail@leeko.com www.leeko.com
Author Business Card

Law and Practice in South Korea

Authors

Wooyoung Choi
Suhhee Han
Seonghwan Ju
Matt Younghoon Mok

Lee & Ko was established in 1977 and has evolved into a leading full-service law firm in South Korea, recognised for its excellence across various legal domains. Lee & Ko is known for delivering timely, practical solutions in complex legal matters. The firm’s in-house resources include attorneys, accountants, patent agents, former government officials, and other specialists, ensuring clients can access a wide range of services cost-effectively. Further, Lee & Ko maintains an extensive global network and collaborates with international law firms. This allows the firm to assist clients not only in Korean legal matters but also in cross-border transactions by connecting to legal advisors worldwide. This makes the firm a sought-after choice for clients requiring comprehensive and efficient legal assistance.