South Korea’s Financial Intelligence Unit (FIU) of the Financial Services Commission is investigating Upbit for what could be one of the largest KYC scandals in crypto history.

Authorities have reportedly uncovered between 500,000 and 600,000 suspected breaches of customer verification rules. These violations came to light during a detailed review of Upbit’s business license renewal.

Now, questions are piling up about whether the exchange might also have ties to money laundering activities.

Millions in potential fines as FIU tightens the noose

So the FIU’s on-site inspection started in late August and hasn’t let up since. Investigators found accounts opened with blurry or improperly submitted IDs. In some cases, critical information like names and registration numbers were too unclear to verify. This is a big deal.

South Korea’s laws require crypto users to go through strict KYC checks before trading, depositing, or withdrawing funds. Without it, these accounts could become easy tools for money laundering or criminal activity.

If these allegations stick, Upbit could face fines that will make anyone’s head spin. Under South Korea’s Special Financial Transaction Information Act, violations of KYC rules can carry penalties of up to 100 million won per case. Multiply that by 500,000 cases, and you’re looking at a potential fine in the tens of billions of won, which is tens of millions of dollars.

Upbit’s license renewal, which should be routine for virtual asset operators every three years, has turned into a nightmare. FIU’s review is taking so long because apparently, each flagged case is being scrutinized for illegality.

With so many suspicious accounts in question, the renewal process has actually been delayed indefinitely. An Upbit representative commented on the situation, saying, “According to the Specific Financial Transaction Information Act, sharing details of FIU investigations is prohibited. Even internally, this information isn’t shared within the company.”

That statement doesn’t do much to calm nerves about what’s really happening behind the scenes. South Korean regulations require every crypto exchange to follow strict KYC procedures as part of anti-money laundering (AML) and counter-terrorist financing (CTF) laws. These rules aren’t optional.

Exchanges have to ensure that customers submit valid identification and prove their identities before accessing the platform. But FIU’s findings suggest Upbit’s verification system wasn’t airtight. Accounts slipped through the cracks. Now, the financial watchdog is left to figure out how many of these accounts were genuine and how many might have been used for illegal activities.