Audit log

Every state-changing event for Upbit: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-19 20:13:16Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 420,839,268

   sig

   4wGsPwT9KyrH…f5UQccnccopyexplorer ↗

   hash

   J1umyHNPEXbS…bQisXsM4copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (8176 B) ▸

   {"actor":"system:backfill","investigation_id":"552ad58d-8dcd-46d7-bc6f-bb9c4ddb1f4d","kind":"publish","page_slug":"upbit","published_at":"2026-05-19T20:13:16.394Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Upbit","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://en.wikipedia.org/wiki/Upbit"},{"credibility":3,"name":"","type":"other","url":"https://coinbureau.com/review/upbit-review"},{"credibility":3,"name":"","type":"other","url":"https://www.bitget.com/amp/academy/upbit-korea-vs-globa"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/markets/2019/11/27/upbit-is-the-seventh-major-crypto-exchange-hack-of-2019"},{"credibility":3,"name":"","type":"other","url":"https://www.bankinfosecurity.com/blogs/hackers-steal-49-million-in-ethereum-from-upbit-exchange-p-2825"},{"credibility":3,"name":"","type":"other","url":"https://bitquery.io/blog/upbit-hack-crypto-money-laundering"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/380743/lazarus-group-suspected-upbit-hack"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/markets/2025/11/28/south-korea-suspects-north-korea-linked-lazarus-behind-usd36m-upbit-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-upbit-hack-november-2025"},{"credibility":3,"name":"","type":"other","url":"https://www.ccn.com/education/crypto/upbit-2025-hack-36-million-solana-assets-stolen/"},{"credibility":3,"name":"","type":"other","url":"https://www.thecoinrepublic.com/2025/12/07/south-korea-to-impose-bank-level-liability-on-crypto-exchanges-after-upbit-hack/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/markets/2018/12/21/executives-at-korean-crypto-exchange-upbit-indicted-for-fraud"},{"credibility":3,"name":"","type":"other","url":"https://bitcoinist.com/upbit-exchange-execs-cleared-of-fraud-charges-in-south-korea/"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/policy/2025/11/25/upbit-considering-appeal-of-usd25m-fine-by-south-korea-regulator"},{"credibility":3,"name":"","type":"other","url":"https://cryptobriefing.com/upbit-sanctions-over-aml-kyc/"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/south-korea-court-cancels-dunamu-upbit-suspension-fiu"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/south-korean-crypto-exchange-upbit-faces-monopoly-investigation/"},{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/south-korea-investigates-upbit-over-market-dominance-concerns/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.nasdaq.com/articles/upbit-shifts-to-cold-wallets-after-160k-hacking-attempts-in-first-half-of-2023"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-upbit-hack-november-2025"},{"credibility":3,"name":"","type":"other","url":"https://www.cylynx.io/blog/tracing-the-trail-of-the-upbit-hack/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.welivesecurity.com/2019/11/27/upbit-cryptocurrency-exchange-hack/"},{"credibility":3,"name":"","type":"other","url":"https://finance.yahoo.com/news/south-korea-pushes-no-fault-045833985.html"},{"credibility":3,"name":"","type":"other","url":"https://www.thecoinrepublic.com/2025/12/07/south-korea-to-impose-bank-level-liability-on-crypto-exchanges-after-upbit-hack/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://finance.yahoo.com/news/south-koreas-upbit-exchange-faces-123601295.html"},{"credibility":3,"name":"","type":"other","url":"https://www.financemagnates.com/cryptocurrency/south-koreas-crypto-exchange-upbit-faces-suspension-over-kyc-violations/"},{"credibility":3,"name":"","type":"other","url":"https://www.koreatimes.co.kr/www/biz/2024/10/602_384310.html"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/upbit-solana-hack-2025-loss/"}]}],"sources_used":[],"summary":"Upbit is South Korea's largest cryptocurrency exchange by trading volume, operated by Dunamu and commanding approximately 70–80% of the domestic market. The exchange has suffered two significant security breaches — a $49M ETH theft in 2019 and a $36M Solana breach in November 2025, both attributed to North Korea's Lazarus Group — and has faced substantial regulatory sanctions including a $25M AML/KYC fine and a court-contested three-month partial business suspension. While Upbit has consistently reimbursed users from its own assets after security incidents and retains official VASP registration, its pattern of compliance failures, market dominance concerns, and repeated hacks present elevated risk.","timeline":[{"date":"2017-10-24","event":"Upbit launches in South Korea, operated by Dunamu Inc., in partnership with Bittrex.","source":""},{"date":"2018-03-01","event":"South Korean prosecutors raid Upbit's Gangnam-gu headquarters, seizing hard disks and accounting books.","source":""},{"date":"2018-12-21","event":"Three senior Upbit executives, including founder Song Chi-Hyung, are indicted for fraud and market manipulation involving alleged fake orders worth 254 trillion KRW.","source":""},{"date":"2018-12-01","event":"Upbit becomes the first cryptocurrency exchange globally to receive ISMS, ISO 27001, ISO 27017, and ISO 27018 certifications.","source":""},{"date":"2019-11-27","event":"342,000 ETH (~$49M) stolen from Upbit's Ethereum hot wallet in a single transaction. Deposits and withdrawals halted. Upbit pledges to cover all losses.","source":""},{"date":"2021-01-01","event":"Seoul Southern District Court acquits Upbit executives of all fraud and market manipulation charges for lack of evidence.","source":""},{"date":"2021-09-24","event":"South Korea's revised VASP reporting law takes effect. Upbit secures ISMS certification and K-Bank real-name account partnership, becoming one of five qualifying exchanges.","source":""},{"date":"2023-06-01","event":"Upbit reports approximately 160,000 hacking attempts in H1 2023, more than double H1 2021 figures. Exchange announces shift toward 70%+ cold wallet storage.","source":""},{"date":"2023-12-23","event":"FIU renews Dunamu's VASP registration after a 16-month review process, coinciding with enforcement sanction of 35.2 billion KRW.","source":""},{"date":"2024-10-01","event":"South Korea's FSC launches investigation into Upbit's alleged monopolistic market dominance (~80% domestic share) and ties to K-Bank.","source":""},{"date":"2025-01-09","event":"FIU issues preliminary sanctions notice against Dunamu, citing 5.3 million KYC violations and 15 unreported suspicious transactions.","source":""},{"date":"2025-02-25","event":"FIU formalizes a 35.2 billion KRW (~$25M) fine and three-month partial business suspension on Dunamu, effective March 7.","source":""},{"date":"2025-02-28","event":"Dunamu files a lawsuit and requests a court injunction to halt the suspension.","source":""},{"date":"2025-03-27","event":"Seoul court grants injunction, allowing Upbit to continue onboarding new users while the case proceeds.","source":""},{"date":"2025-11-27","event":"$36 million in Solana-ecosystem assets stolen from Upbit hot wallet on the sixth anniversary of the 2019 hack and on the day of Dunamu's acquisition closing. South Korea attributes attack to Lazarus Group.","source":""},{"date":"2025-12-07","event":"South Korea begins legislative consultation on imposing bank-level no-fault liability on crypto exchanges for security losses.","source":""},{"date":"2025-11-25","event":"Dunamu publicly considers appealing the $25M FIU fine, citing court precedent of overturned FIU enforcement actions.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 7222a29f-f22d-4f97-9833-fb58ae358e86copy
2. #2reviewby reviewerreviewer

   2026-06-14 23:16:08Z
   Score: 42 → 42 (no score change)
   Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Upbit is South Korea's dominant, licensed cryptocurrency exchange operated by Dunamu. All major loss events on the page — the 2019 $50M ETH hack and the 2025 $36M Solana hack — were externally inflicted, with one officially attributed to North Korea's state-sponsored Lazarus Group, and both were fully reimbursed by the exchange using corporate reserves. The 2018 executive fraud indictment ended in a 2021 court acquittal for lack of evidence. The 2025 FIU $25M fine and business suspension, the most recent regulatory negative, was overturned by the Seoul Administrative Court, which found the underlying compliance standards were insufficiently specified — further undermining its use as a persistent negative signal. The exchange continues to operate under full regulatory registration, holds ISMS and ISO certifications, commands 70-80% domestic market share, and as of mid-2026 has attracted an institutional Hana Bank stake of $670M. None of the scored incidents meet the definition of entity-originated fraud. The correct classification under the band policy is CAUTIONARY (50-69): legitimate operator with material caveats (repeated hot-wallet security failures, ongoing AML scrutiny, market concentration concerns). A score of 58 reflects the genuine security and compliance concerns without mislabeling a victim of state-sponsored hacking as a fraud risk.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,686

   sig

   ydy1ZmRniJRS…Ns7BuYhYcopyexplorer ↗

   hash

   8XUzpvoZogXL…gSanBo6gcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1850 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-14T23:16:08.885Z","decision":"review","investigation_id":"552ad58d-8dcd-46d7-bc6f-bb9c4ddb1f4d","new_score":42,"page_slug":"upbit","prev_score":42,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Upbit is South Korea's dominant, licensed cryptocurrency exchange operated by Dunamu. All major loss events on the page — the 2019 $50M ETH hack and the 2025 $36M Solana hack — were externally inflicted, with one officially attributed to North Korea's state-sponsored Lazarus Group, and both were fully reimbursed by the exchange using corporate reserves. The 2018 executive fraud indictment ended in a 2021 court acquittal for lack of evidence. The 2025 FIU $25M fine and business suspension, the most recent regulatory negative, was overturned by the Seoul Administrative Court, which found the underlying compliance standards were insufficiently specified — further undermining its use as a persistent negative signal. The exchange continues to operate under full regulatory registration, holds ISMS and ISO certifications, commands 70-80% domestic market share, and as of mid-2026 has attracted an institutional Hana Bank stake of $670M. None of the scored incidents meet the definition of entity-originated fraud. The correct classification under the band policy is CAUTIONARY (50-69): legitimate operator with material caveats (repeated hot-wallet security failures, ongoing AML scrutiny, market concentration concerns). A score of 58 reflects the genuine security and compliance concerns without mislabeling a victim of state-sponsored hacking as a fraud risk.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision ee7c2c2c-b216-4c96-b151-d3886c994bfacopy
3. #3review approveby judgejudge

   2026-06-14 23:16:09Z
   Score: 42 → 58 (+16)
   The blue-chip calibration review found zero disputed claims across all six findings (claim_findings[0]–[5]). Both major loss events — the 2019 $49M ETH hack and the 2025 $36M Solana hack — were externally inflicted by North Korea's Lazarus Group and fully reimbursed by the exchange from corporate reserves; they are suffered-by incidents, not entity-originated fraud. The 2018 executive fraud indictment ended in a 2021 acquittal for lack of evidence (claim_findings[2]), and the 2025 FIU $25M fine and suspension were overturned by the Seoul Administrative Court on the grounds that the compliance standards were insufficiently specified (claim_findings[3]), meaning neither resolved incident justifies a sustained WARNING band. Upbit remains fully VASP-registered, ISMS-certified, commands 70–80% domestic market share, and received a $670M institutional stake from Hana Bank in 2026 (claim_findings[4]). The current score of 42 (WARNING) mislabels a legitimate, state-hack victim as a fraud risk; moving to 58 (CAUTIONARY) correctly reflects genuine hot-wallet security concerns and ongoing AML scrutiny without overstating entity culpability. Page content is accurate and remains published.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,689

   sig

   3ARn7iU9kjfA…5jTCxbn8copyexplorer ↗

   hash

   JBnnCA124xPU…ig4hz8pTcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1542 B) ▸

   {"actor":"judge","decided_at":"2026-06-14T23:16:08.885Z","decision":"review_approve","investigation_id":"552ad58d-8dcd-46d7-bc6f-bb9c4ddb1f4d","new_score":58,"page_slug":"upbit","prev_score":42,"reason":"The blue-chip calibration review found zero disputed claims across all six findings (claim_findings[0]–[5]). Both major loss events — the 2019 $49M ETH hack and the 2025 $36M Solana hack — were externally inflicted by North Korea's Lazarus Group and fully reimbursed by the exchange from corporate reserves; they are suffered-by incidents, not entity-originated fraud. The 2018 executive fraud indictment ended in a 2021 acquittal for lack of evidence (claim_findings[2]), and the 2025 FIU $25M fine and suspension were overturned by the Seoul Administrative Court on the grounds that the compliance standards were insufficiently specified (claim_findings[3]), meaning neither resolved incident justifies a sustained WARNING band. Upbit remains fully VASP-registered, ISMS-certified, commands 70–80% domestic market share, and received a $670M institutional stake from Hana Bank in 2026 (claim_findings[4]). The current score of 42 (WARNING) mislabels a legitimate, state-hack victim as a fraud risk; moving to 58 (CAUTIONARY) correctly reflects genuine hot-wallet security concerns and ongoing AML scrutiny without overstating entity culpability. Page content is accurate and remains published.","score_delta":16,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 73769a0f-7974-4f2d-a933-641b479833aacopy