The Korea Financial Intelligence Unit (FIU), operating under the oversight of the Financial Services Commission, concluded its sanctions review committee meeting Monday and confirmed the penalty against Coinone, the country's third-largest crypto exchange by market share. The suspension restricts new users from transferring virtual assets to and from external wallets. Existing customers retain full trading and fund transfer capabilities. Coinone, which holds roughly 10 percent of the domestic spot trading market and serves an estimated 300,000 to 500,000 users, had received advance notice of the pending sanctions in late March.

The violations involve breaches of South Korea's Act on Reporting and Using Specified Financial Transaction Information, the primary anti-money laundering statute covering virtual asset service providers. Regulators identified shortfalls in know-your-customer (KYC) procedures, inadequate monitoring of suspicious transactions, and failures to block restricted transactions. The FIU conducted on-site inspections at Coinone in April 2025 before moving the case through its review process.

Coinone acknowledged the situation in early April but was careful to note the outcome was not yet settled. "The level of penalties, including any fines, has not been finalized," the exchange said at the time, adding that it was "actively presenting its case" to authorities. The finalization Monday closes that window, though a legal challenge remains possible.

Part of a Broader Sweep

The Coinone action is the fifth in a sequential enforcement campaign targeting all of South Korea's major licensed exchanges. GOPAX, which underwent FIU inspection in December 2024, has not yet received a final outcome, with its case still pending resolution. The FIU fined Upbit 35.2 billion KRW and ordered a three-month partial suspension, then fined Korbit 2.73 billion KRW and issued institutional warnings alongside that fine, before issuing a much larger 36.8 billion KRW ($24.6 million) fine and a six-month suspension against Bithumb in March 2026. Coinone's 5 billion KRW fine is notably smaller than Bithumb's, which suggests the FIU is calibrating penalties based on the scale and number of documented violations rather than applying a flat structure.

A significant legal complication emerged from the Upbit case. The Seoul Administrative Court overturned Upbit's fine, ruling that the FIU had not provided sufficiently clear guidance to the exchange on KYC procedures for transactions below 1 million KRW (roughly $675), and that the violations did not demonstrate intent or gross negligence. That ruling has created a potential legal pathway for other penalized exchanges. Coinone may pursue a similar challenge, which could extend uncertainty around the suspension's practical timeline.

Broader Regulatory Pressure

South Korea recorded 36,684 suspicious transaction reports between January and August 2025, a figure that surpassed the combined totals of the two previous years, according to data cited by Scorechain. The surge reflects both improved reporting infrastructure under the Virtual Asset User Protection Act (effective 2024) and heightened scrutiny of exchanges. That law requires platforms to segregate client assets, maintain insurance, and file suspicious transaction reports on a mandatory basis.

The enforcement campaign is landing against a backdrop of significant capital outflow. South Korean traders moved over 160 trillion KRW (roughly $110 billion) to offshore platforms including Binance and Bybit during 2025, largely because domestic exchanges are barred from offering derivatives and leveraged products. Compliance costs from ongoing AML enforcement add further pressure on smaller Korean operators already losing market share to international competitors.

What This Means Beyond Korea

Regulators and exchange operators across South Asia and Africa are closely watching South Korea's enforcement playbook. India's Financial Intelligence Unit has raised concerns about KYC compliance at domestic crypto platforms in terms that closely mirror what Korean inspectors found at Coinone. India blocked more than 47 offshore exchange domains in 2024 and is studying South Korea's mandatory real-name banking requirement for VASPs as a potential model.

In Nigeria and Kenya, where exchanges often operate under provisional registrations, the Coinone case reinforces a straightforward message: regulatory risk is no longer limited to fines. Partial suspensions that freeze new-user onboarding are an operational threat, not just a financial one, and they apply even to well-capitalized, long-established exchanges.

For developers building exchange or DeFi infrastructure in any of these markets, the Korean enforcement pattern signals that technical Travel Rule compliance (the FATF standard requiring exchanges to share sender and receiver information on transfers) is now the benchmark regulators are testing against, not just nominal registration.

Coinone has not issued a public statement on whether it intends to pursue a legal challenge. With South Korea also proposing comprehensive digital asset legislation that includes bank-style reserve rules for stablecoins, including a Bank of Korea requirement that at least 51 percent of any KRW-pegged stablecoin be owned by domestic banks, the regulatory environment in one of Asia's largest crypto markets is tightening on multiple fronts simultaneously.