Upbit Parent Dunamu Faces ₩35.2 Billion Fine After Watchdog Finds Millions of Flawed Customer ID Checks

Upbit Operator Fined Over ₩35 Billion For Major Anti-Money Laundering Failures

Dunamu, the operator of South Korea’s largest cryptocurrency exchange, Upbit, is facing one of the heaviest penalties ever imposed on a domestic crypto firm after regulators uncovered millions of compliance breaches tied to anti-money laundering (AML) and customer verification rules.

The Korea Financial Intelligence Unit (KoFIU), under the Financial Services Commission, announced on Thursday that it would fine Dunamu ₩35.2 billion (US$24.3 million) following months of review into widespread lapses in meeting its legal obligations under the Specific Financial Information Act.

Millions Of Identification Failures Raise Red Flags

According to the KoFIU, the investigation revealed more than 8.6 million violations, with around 5.3 million involving customer identification failures.

In many cases, Dunamu accepted blurred photocopies or re-photographed identification documents that made it impossible to confirm users’ identities.

Some records showed blank or inaccurate address fields, while others were left incomplete or contained irrelevant details.

The watchdog added that Dunamu also failed to enforce mandatory re-verification cycles for users, allowing accounts to operate without proper identity checks.

A further 3.3 million breaches were linked to cases where users continued trading despite not completing the required verification process — a clear violation of South Korea’s AML framework, which mandates transaction restrictions until identity checks are finalised.

The KoFIU also cited 15 instances where suspicious transactions were not reported, despite clear grounds to suspect illicit activity.

Regulator Gives Dunamu Ten Days To Respond

The financial watchdog has issued an advance notice to Dunamu, allowing ten days for the company to submit its opinion before finalising the fine.

This comes after a series of enforcement actions earlier in the year, including a three-month partial business suspension and disciplinary measures against senior executives.

In February, the regulator restricted new user crypto deposits and withdrawals on Upbit, but the measure was temporarily suspended after a court granted a stay of execution the following month.

Dunamu Pushes Back But Promises Improvements

In response to the latest ruling, Dunamu said it accepted the regulator’s findings and pledged to strengthen its systems.

The company said in a statement,

“We have completed protective measures for investors and will make efforts to prevent a recurrence of such violations.”

However, Dunamu continues to contest earlier sanctions.

In March, it filed an administrative lawsuit to overturn the February suspension, arguing that it had complied with the “travel rule,” which requires crypto exchanges to share transaction details for transfers exceeding ₩1 million.

The company maintains that most of the cited cases involved smaller transactions below that threshold.

Dunamu also noted that it has adopted Chainalysis tools for enhanced monitoring and aligned its compliance policies with the Digital Asset Exchange Alliance framework.

Since February, it has applied the travel rule and whitelisting to all transactions, regardless of amount, while upgrading its know-your-customer and AML processes.

Tougher Oversight For Crypto Firms In South Korea

The KoFIU said it would continue reviewing the compliance systems of all virtual asset operators, warning that “if it discovered any violations, it would take strict measures in accordance with relevant laws.”

The move signals a stronger regulatory stance toward crypto exchanges, with industry observers saying the Dunamu case could prompt other local platforms, including Bithumb and Coinone, to conduct internal compliance reviews to avoid facing similar penalties.

As South Korea tightens enforcement, the country’s crypto sector faces growing pressure to prove its credibility in a market still grappling with regulatory scrutiny and investor trust.