South Korea Unifies Crypto Withdrawal Delay Rules to Close Phishing Loopholes

South Korea Unifies Crypto Withdrawal Delay Rules to Close Phishing Loopholes

N
News Editor 01
2026-07-08 15:14:12
South Korean regulators and industry bodies have imposed stricter, unified rules for crypto withdrawal-delay exemptions after finding fraudsters exploited inconsistent exchange standards to launder voice-phishing proceeds.
South Koreacrypto regulationwithdrawal delaysanti-money launderingvoice phishing

South Korea has introduced a tougher and standardized framework for crypto withdrawal delays after regulators concluded that inconsistent exemption policies across exchanges had become a major channel for laundering proceeds from voice phishing scams. The new measures were announced by the Financial Services Commission (FSC), the Financial Supervisory Service (FSS), and the Digital Asset Exchange Association (DAXA), which said the unified rules are designed to immediately close loopholes that criminals had learned to exploit.

The virtual asset withdrawal delay system was first launched in May 2025 to stop mule accounts and fraudulent users from rapidly moving stolen funds through crypto platforms. But a regulatory review later found that while the delay mechanism existed in principle, exchanges were still setting their own standards for exemption eligibility. That fragmented approach created uneven enforcement and opened the door to abuse, particularly by organized voice-phishing networks seeking to convert or move illicit proceeds before they could be detected.

Fraud Data Prompted Regulatory Action

The FSC cited data from June through September 2025 showing the scale of the problem. During that period, 1,490 out of 2,526 fraudulent accounts were exempted from withdrawal delays. In other words, roughly 59% of identified scam-related accounts were able to bypass a control that had been designed specifically to stop fast asset outflows. The financial damage linked to those exempted accounts reached about 170.5 billion won, or approximately $124 million. According to the regulator, that represented 75.5% of all voice-phishing losses involving cryptocurrencies during the period under review.

Those figures appear to have been central to the government’s decision to overhaul the exemption framework. Regulators said some exchanges had allowed users to qualify for immediate withdrawals based on relatively low-threshold criteria, such as maintaining an account for only a short time or carrying out a handful of small transactions that created the appearance of normal account activity. In practice, such standards were vulnerable to manipulation, allowing criminals to fabricate a trading history and gain access to exceptions that should have been tightly controlled.

Unified Standards Replace Exchange-by-Exchange Discretion

Under the new mandate, all exchanges must follow a single, stricter set of exemption standards. The revised framework requires platforms to closely assess factors including transaction frequency, the total duration of account activity, and cumulative deposit and withdrawal volumes. The FSC also established specific conditions under which an exemption cannot be granted at all, regardless of a customer’s trading record. That move is intended to remove discretion in high-risk cases and prevent exchanges from interpreting the rules too loosely.

The policy shift reflects a broader regulatory lesson: anti-fraud systems are only as effective as their weakest implementation point. Even when a safeguard exists across the market, criminal groups can exploit differences in internal controls from one venue to another. By standardizing the exemption process, South Korea is trying to ensure that the withdrawal-delay system operates as a market-wide defense rather than a fragmented set of platform-level policies.

Regulators Expect Exception Eligibility to Collapse

The FSC said its simulations suggest the new unified rules could reduce the number of users eligible for withdrawal-delay exemptions by more than 99% by the end of 2025. That projection highlights just how broadly the old exemption framework may have been interpreted across the sector. For the small number of users who still qualify, oversight will become significantly more intensive.

Going forward, customers approved for exemptions will be subject to stronger monitoring measures. These include an annual verification process focused on the source of funds for high-volume traders. Regulators also plan to establish a dedicated tracking mechanism to collect and analyze withdrawal data on an ongoing basis. The purpose is to identify suspicious patterns such as smurfing—the splitting of transactions into smaller amounts to avoid detection—or rapid asset conversion activity that may indicate criminal intent.

Immediate Withdrawals Still Allowed in Legitimate Cases

While the policy is significantly stricter, South Korean authorities said they will still allow immediate withdrawals in cases where the need is clearly unrelated to financial crime. This suggests that the government is trying to preserve operational flexibility for legitimate users while sharply narrowing the circumstances in which exchanges can waive standard delay controls.

At the same time, enforcement will not rely solely on written rules. The FSS and DAXA said they will conduct regular audits to ensure exchanges are not circumventing the new standards through vague procedures or weak internal controls. Firms found to be maintaining unclear compliance frameworks or bypassing the unified mandate may face immediate penalties.

A Broader Signal on South Korea’s Crypto Oversight

The withdrawal-delay reform also fits into a wider pattern of tightening crypto supervision in South Korea. Although this announcement is specifically aimed at tackling voice-phishing-related laundering risks, it reinforces the message that regulators are increasingly focused on closing practical enforcement gaps rather than relying on high-level policy statements alone.

By targeting exemption abuse, requiring common standards across exchanges, and pairing the rules with audits and source-of-funds reviews, authorities are moving toward a more data-driven compliance structure. The emphasis is no longer just on whether exchanges have formal anti-fraud systems in place, but on whether those systems can withstand deliberate manipulation by organized criminal actors.

In effect, South Korea’s latest move turns a previously uneven control into a much more centralized safeguard. For exchanges, that means less flexibility in handling withdrawal-delay exceptions. For users, it likely means stricter scrutiny, especially for higher-volume activity. And for regulators, it represents a concrete attempt to reduce one of the most significant channels through which crypto has been used in local voice-phishing schemes.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
400

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.