South Korean regulators are considering fines of up to 10% of stolen assets for crypto exchanges that suffer security breaches.
The proposal was drafted by the Financial Services Commission, according to a report by local newspaper Seoul Kyungjae.
The regulator said existing cybersecurity and liability rules for crypto exchanges are insufficient.
The current maximum fine for a hacked exchange stands at about $456,000.
Under the new proposal, penalties could rise into the millions of dollars depending on losses.
The move follows a $36 million hack at market-leading exchange Upbit in late November last year.
Had the proposed rule been in place, Upbit could have faced a fine of up to $3.6 million.
Gina Kim, an independent IT security expert based in Seoul, said exchange security systems have improved but remain inadequate.
They still appear to fall short of industry gold standards.
Gina Kim said.
The Financial Services Commission said crypto platforms should meet IT security standards comparable to traditional financial institutions.
The proposal may conflict with a separate plan to fine hacked exchanges up to 3% of annual revenue.
Under that alternative approach, Upbit could have faced a $36 million penalty based on its 2024 revenue.
Financial Supervisory Service data showed 20 security incidents affecting customer funds between January 2023 and September 2025.
Losses across major exchanges including Upbit and Bithumb totalled several million dollars.
Neither Upbit nor Bithumb immediately commented on the regulator’s plans.