South Korea's financial regulators have ordered all domestic crypto exchanges to adopt standardised withdrawal delays and eliminate individual exemption policies, a move designed to disrupt voice phishing scams that exploit the speed of crypto transactions.
South Korea's Financial Services Commission and Financial Supervisory Service have ordered every domestic crypto exchange to adopt a single, standardised withdrawal delay system — stripping platforms of the discretion they previously held to let favoured users bypass holding periods.
The directive, announced on Tuesday, replaces a patchwork of exchange-specific policies with uniform national rules. Under the old regime, platforms such as Upbit and Bithumb maintained their own cooling-off periods — ranging from minutes to hours for unregistered accounts — but frequently granted exceptions for verified users based on transaction volume and account history. That flexibility, regulators concluded, was being exploited by criminals running voice phishing operations.
Voice phishing has plagued South Korea's financial system for years, and crypto has made it worse. Scammers impersonate police officers, bank officials, or exchange support staff and pressure victims into converting savings to cryptocurrency, then wiring the funds out before anyone intervenes. The speed of crypto transactions makes this particularly effective; a wire transfer through a traditional bank might take hours and trigger compliance checks, but a crypto withdrawal can clear in minutes. FSS data recorded more than 1,000 reported voice phishing cases in the prior year, and the actual figure is almost certainly higher given the shame many victims feel about reporting.
The new rules attack the problem at the withdrawal gate. Exchanges must now apply uniform criteria when evaluating whether a user qualifies for expedited withdrawals, including account age, transaction history, and sudden changes in behaviour that might indicate coercion. Officials expect fewer than one per cent of users will qualify for instant withdrawals under the tightened standards — a dramatic reduction from the previous system, where verified high-volume traders routinely bypassed delays entirely.
Platforms must also strengthen identity verification checks and implement closer monitoring of fund flows. The FSC specifically flagged accounts where large deposits are followed by immediate withdrawal requests to unfamiliar addresses — a pattern that maps almost exactly onto the voice phishing playbook. Dormant accounts that suddenly show high-frequency activity will also face automatic scrutiny.
The crackdown follows a turbulent few months for South Korea's exchange sector. In February, Bithumb mistakenly distributed 620,000 bitcoin to 249 users during a promotional event — an error the exchange managed to recover 99.7 per cent of within the same day, covering the remaining 1,788 BTC with company reserves. That incident triggered an emergency inspection by the FSC, which discovered that three of the country's five major exchanges were reconciling their internal ledgers with actual asset holdings only once every 24 hours. The commission subsequently ordered all exchanges to implement automated ledger-to-wallet reconciliation on a five-minute cycle, with defined criteria for triggering automatic transaction halts when discrepancies are detected.
The withdrawal delay mandate is the second regulatory tightening to emerge from that inspection. Together, the two directives represent a fundamental shift in how South Korea oversees its crypto market — from an industry-led model where exchanges set their own operational standards to a prescriptive national framework with specific technical requirements.
Chainalysis analysts have noted that comparable regulatory regimes elsewhere have produced roughly a 30 per cent drop in phishing-related losses, though the effectiveness depends heavily on implementation and enforcement. A mandatory delay buys time — time for victims to recognise they are being manipulated, for automated alerts to flag suspicious activity, and for exchange compliance teams to intervene before funds leave the platform.
Most Western regulators have focused on anti-money laundering rules and exchange licensing; South Korea is going further. The FSC's willingness to dictate specific technical requirements — five-minute reconciliation cycles, standardised withdrawal criteria — reflects a regulatory philosophy that treats crypto exchanges more like banks than technology companies. Given that South Korea remains one of the world's most active crypto trading markets, with $110 billion in crypto leaving the country in 2025 alone, the regulators' urgency is understandable.
The exchanges themselves have offered no public objection. DAXA, the Digital Asset Exchange Alliance that represents the country's major platforms, participated in the meeting where the rules were announced. Compliance is not optional; the FSC has demonstrated its willingness to impose severe penalties, including a proposed six-month partial ban on Bithumb earlier this year for AML breaches. In South Korea's crypto market, the era of self-regulation is over.
