RiskQuant-Haun

English

한국어

English

한국어

Appearance

📚 Helpful?

❤️ Support

🚨 Naver-Dunamu Merger

Today Korean Economic News for Beginners | 2025.11.30

0️⃣ Regulatory Review and Upbit Hacking Create Uncertainty Together

📌 20 Trillion Won Merger Announced, but Financial Authority and Fair Trade Commission Reviews Plus North Korean Hacking Group Involvement Suspected

💬 Naver Financial and Dunamu officially announced a merger worth approximately 20 trillion won, but a hacking incident at Upbit stealing 44.5 billion won occurred on the same day as the merger announcement, shocking the market. This merger, which plans for Naver Financial to acquire Dunamu as a 100% subsidiary, must go through complex regulatory procedures including Financial Services Commission review under the Financial Holding Company Act, Fair Trade Commission review of corporate combination, and Virtual Asset Service Provider (VASP) change notification. Additionally, as the hacking culprit is identified as the North Korean hacking group Lazarus, security trust issues have emerged. Experts worry that "while technical synergy is significant, regulatory uncertainty and security issues could greatly slow down the merger speed."

1️⃣ Easy Understanding

Right after the Naver and Dunamu merger news was announced, several problems erupted at once. This is a merger worth the enormous amount of 20 trillion won, but with complex regulatory reviews and security incidents overlapping, the future has become unclear.

Let me explain what this merger is about in simple terms. Naver Financial is a company that operates financial services like Naver Pay and Naver Securities. Dunamu operates Upbit, Korea's largest virtual asset exchange. When these two combine, a huge fintech company will be born that provides both general financial services and virtual asset services.

To explain with an example, it works like this. Person A can buy coffee with Naver Pay, buy stocks through Naver Securities, and buy Bitcoin through Upbit, all from one app. Convenient, right? From the company's perspective, it also has big advantages because they can integrate customer data and create new financial products.

However, the problem is that this kind of merger is not easy. There are three main barriers.

The first is the financial authority's review. Naver Financial is likely to be subject to the Financial Holding Company Act. A financial holding company means a company that controls several financial subsidiaries like banks, securities firms, and insurance companies. Because such companies have a big impact on the financial system, the government manages them very strictly.

It is similar to how large trucks receive more rigorous safety inspections than regular cars. The bigger the company, the greater the damage if problems occur, so they check more thoroughly. Financial authorities will carefully examine Naver Financial's capital soundness, risk management ability, and governance transparency when it incorporates Dunamu as a subsidiary.

Especially, virtual assets have not yet been officially recognized as financial products. There is no clear standard for whether it is okay for a financial company to directly own a virtual asset exchange. This is similar to a situation where a new type of vehicle has appeared but the law has not determined what kind of license is needed to drive it.

The second is the Fair Trade Commission's corporate combination review. The Fair Trade Commission checks whether the combination of two companies harms market competition. Naver already has large market share in various fields like search, shopping, and finance, and Dunamu is the overwhelming number one in the virtual asset exchange market.

When these two combine, they become a "super platform," and the Fair Trade Commission may view this as potentially harming market competition. For example, if Naver only displays its own virtual asset exchange in search results, or only guides Naver Pay users to Upbit, other exchanges will find it difficult to compete.

When Kakao tried to combine Kakao Bank, Kakao Pay, and Kakao Mobility in the past, they also received rigorous Fair Trade Commission review. Eventually they received approval with some conditions attached, and the Naver-Dunamu merger is expected to go through a similar process.

The third is the Virtual Asset Service Provider (VASP) change notification. Upbit is registered with the Korea Financial Intelligence Unit (FIU) as a virtual asset exchange. When major shareholders or governance structure changes, they must report again, and authorities re-evaluate security capabilities, anti-money laundering (AML) systems, and internal control systems.

Especially in cases like this where ownership structure completely changes through large-scale merger, they may receive review at a level equivalent to new registration. It is similar to changing the name when selling a house, but sensitive areas like virtual assets need even more thorough verification.

On top of all this, as if adding insult to injury, a hacking incident broke out at Upbit on the merger announcement day. Virtual assets worth 44.5 billion won were stolen, and there was a time gap between when the hacking was detected and when the announcement was posted, causing a "communication failure" controversy.

What is more serious is that the hacking culprit is identified as the North Korean hacking group Lazarus. Lazarus is an organization notorious for the 2016 Bangladesh Central Bank hack and the 2017 WannaCry ransomware attack. If a North Korean organization is really involved, this could develop beyond a simple security incident into a national security issue.

Security incidents are fatal to virtual asset exchanges. Looking at past cases, this is not an exaggeration. Mt. Gox was the world's largest exchange in 2014, but after losing 850,000 Bitcoins (470 billion won at the time) to hacking, it went bankrupt. In 2018, Japan's Coincheck lost 580 billion won to hacking and was eventually acquired by financial company Monex at a low price. Users leave exchanges the moment they feel their money is not safe, and once trust is lost, it is very difficult to recover.

Upbit announced "we will compensate customer assets 100%," but it will take time for market confidence to recover. Moreover, having such an incident occur while needing to undergo merger review is the worst timing. Regulatory authorities cannot help but wonder "is this company really safe?"

Another point of contention is stablecoins. Naver and Dunamu announced they would pursue stablecoin business after the merger. A stablecoin is a coin issued with stable assets like dollars or deposits as collateral to reduce price fluctuations.

Simply put, it is a method where you put assets worth one dollar into storage and issue one coin corresponding to it. This way, the coin price stays close to one dollar and does not surge and fall like Bitcoin. It is useful for payments and remittances.

However, the problem is that it is difficult to confirm whether these collateral assets are really safely stored and whether there are actually assets corresponding to the coins issued. In the past, a stablecoin called Tether was suspected of "not having enough collateral assets" and was investigated by US authorities.

Korea does not yet have clear regulations on stablecoins. What assets should be used as collateral, who can issue them, how to supervise them, etc. have not been determined. In this situation, if Naver-Dunamu wants to issue stablecoins, they will need long consultations with authorities.

In the end, this merger is a situation where "synergy is large technically but there are many institutional obstacles." They must pass reviews from the Financial Services Commission, Fair Trade Commission, and FIU, recover security trust, and wait for stablecoin regulations. It is expected that the merger can be completed in 2026 at the earliest, or later than that.

2️⃣ Economic Terms

📕 Corporate Combination Review

Corporate combination review is a procedure where the Fair Trade Commission evaluates whether market competition is harmed when two companies merge or exchange shares.

  • Corporate combinations above a certain size must be reported to the Fair Trade Commission, and they comprehensively evaluate market concentration and possibility of competition restriction.
  • If there are monopoly concerns, conditional approval or approval denial may occur.
  • The Naver-Dunamu merger is likely to receive rigorous review because each has large market dominance.

📕 Stablecoin

A stablecoin is a virtual asset issued with stable assets like dollars or deposits as collateral to reduce price fluctuations.

  • With value fixed like 1 coin equals 1 dollar, it is more advantageous for payments and remittances than Bitcoin.
  • However, transparency about whether collateral assets are really sufficient and safely stored is key.
  • Korea does not yet have clear regulations on stablecoins, so there is great uncertainty in issuance and distribution.

📕 Virtual Asset Service Provider (VASP)

A virtual asset service provider means a business operator that provides virtual asset-related services like virtual asset exchanges and wallet businesses.

  • They must report to the Korea Financial Intelligence Unit (FIU) for anti-money laundering, and need to secure real-name accounts and obtain Information Security Management System (ISMS) certification.
  • When major governance structure changes, they must submit a change notification, and authorities re-evaluate security capabilities and internal control systems.
  • Because the Naver-Dunamu merger completely changes Upbit's ownership structure, they may receive review at the level of new registration.

📕 Lazarus Group

The Lazarus Group is a hacking organization known to be linked with North Korea, primarily attacking financial institutions and virtual asset exchanges.

  • They stole 81 million dollars from Bangladesh Central Bank in 2016 and caused worldwide damage with WannaCry ransomware in 2017.
  • Recently they are estimated to have stolen hundreds of billions of won by intensively attacking virtual asset exchanges.
  • As analysis emerges that this Upbit hacking is similar to Lazarus methods, concerns at the national security level are growing.

3️⃣ Principles and Economic Outlook

✅ Regulatory Uncertainty Structure That Blocks Innovation

  • When finance and virtual assets combine, the biggest obstacle is an unclear regulatory framework.

    • First, virtual assets still have ambiguous legal status. In Korea, virtual assets are recognized as "assets" but are not "financial products." They do not receive protection under the Capital Markets Act like stocks or bonds, and do not receive application of the Depositor Protection Act like bank deposits. In this situation, there is no clear standard for whether it is appropriate for a financial company to own a virtual asset exchange. From the financial authority's perspective, because it is "a case without precedent," they cannot help but approach carefully. This becomes a big burden for companies attempting innovation.

    • Second, jurisdiction between departments is complexly intertwined. The Financial Services Commission handles financial companies, the Fair Trade Commission handles market competition, the Korea Financial Intelligence Unit handles anti-money laundering, and the Ministry of Science and ICT handles information protection. Because the Naver-Dunamu merger crosses all these departments' jurisdictions, the review process is complex and inevitably takes a long time. Because each department's standards and priorities are different, sometimes satisfying one side creates problems on another side.

    • Third, stablecoin regulations are even more unclear. Stablecoin regulations globally are still in early stages. The US is discussing stablecoin bills in Congress, and Europe implemented MiCA (Markets in Crypto-Assets Regulation) but detailed standards continue to be adjusted. Korea is at a level where discussion has just begun. There are many things to decide, like what collateral assets will be, how to determine issuer qualifications, what reserve ratio to set, etc. Until these regulations are confirmed, it will be difficult for Naver-Dunamu to issue stablecoins in earnest.

  • Regulatory uncertainty is the biggest factor that delays companies' investment decisions and reduces innovation speed.

✅ Security Trust Is Core to Platform Competitiveness

  • For virtual asset exchanges, security is not simply a technical issue but an issue of business survival.

    • First, one hacking incident can collapse the entire business. Looking at past cases, this is not an exaggeration. Mt. Gox was the world's largest exchange in 2014, but after losing 850,000 Bitcoins (470 billion won at the time) to hacking, it went bankrupt. In 2018, Japan's Coincheck lost 580 billion won to hacking and was eventually acquired by financial company Monex. Users leave exchanges the moment they feel their money is at risk, and once trust is lost, it is very difficult to recover.

    • Second, balance between cold wallets and hot wallets is important. Virtual asset exchanges store user assets separately in cold wallets (offline wallets not connected to the internet) and hot wallets (online wallets connected to the internet). Cold wallets are safe but deposit and withdrawal speed is slow, while hot wallets are fast but have hacking risk. Upbit stated they store over 70% of customer assets in cold wallets, but what was hacked this time was hot wallet assets. They have no choice but to keep certain amounts in hot wallets for transaction convenience, and this part always becomes a vulnerability.

    • Third, threats from North Korean hacking organizations are becoming increasingly sophisticated. The Lazarus Group is not simply a hacker group but is estimated to be a state-sponsored organization. They use advanced hacking techniques and attack after reconnaissance of targets over long periods. In 2022, they stole 620 billion won from a game platform called Axie Infinity, and in 2023 they took hundreds of billions of won from several exchanges. Analysis suggests that funds stolen this way are used for North Korea's nuclear and missile development, making it a national security issue beyond simple crime.

  • Security incidents are technical problems and simultaneously trust and reputation problems, determining the success or failure of virtual asset businesses.

✅ Big Tech Financial Expansion and Market Dominance Concerns

  • When big tech companies like Naver expand into the financial domain, their impact on market competition must be carefully evaluated.

    • First, platform dominance can transfer to financial markets. Naver has overwhelming market share in search, shopping, news, maps, etc. Monthly active users exceed 30 million. When such platform power expands into finance, other financial companies find it very difficult to compete. For example, if Naver favors Naver Pay or Upbit in search results, other payment services or exchanges will have difficulty securing customers. This harms fair competition.

    • Second, there are also data monopoly concerns. Naver possesses vast data including users' search records, shopping history, location information, etc. If financial transaction information and virtual asset transaction information are added here, they will have almost all information about an individual. Using such data enables very precise marketing, but conversely, personal information infringement or data monopoly problems can arise. The Fair Trade Commission will examine whether such data concentration harms market competition.

    • Third, concerns about financial stability are also raised. If big tech occupies too large a proportion in financial markets, when problems occur, the entire system can shake. For example, if there are problems with Naver's servers, not only search and shopping but also payments and virtual asset transactions could all stop. This is called "concentration risk," which financial authorities are very wary of. Like when internet banking was paralyzed during the MS Windows worm virus incident in the early 2000s, when too many services are concentrated on one platform, it is dangerous.

  • Big tech financial expansion can bring innovation and convenience, but careful regulation is needed in terms of fair competition and financial stability.

4️⃣ In Conclusion

The Naver-Dunamu merger could be the biggest event in Korean fintech history, but it is also the most complex regulatory challenge.

Looking at it technically, this merger can create great synergy. If Naver's vast user base and platform power combine with Dunamu's virtual asset technology and transaction infrastructure, a digital financial platform spanning not just Korea but all of Asia could be born. By issuing stablecoins, borderless payments and remittances become possible, and customized financial services using AI can also be provided.

However, reality is not easy. Financial authorities will review whether the Financial Holding Company Act applies, the Fair Trade Commission will judge market concentration, and the FIU will re-evaluate security and anti-money laundering systems. Passing all these reviews is expected to take at least one to two years.

On top of this, the hacking incident that broke out on the merger announcement day was the worst timing. While Upbit said they would compensate for the 44.5 billion won damage, trust recovery is not easy. Especially as the possibility of North Korean hacking group involvement was raised, security concerns have grown even more. Regulatory authorities cannot help but ask the question "is this company really safe?" and this will make the review even more rigorous.

Stablecoin regulations are also a big variable. Korea does not yet have a legal framework for stablecoins. Collateral asset standards, issuer qualification requirements, reserve ratios, etc. have not been determined. Until these regulations are confirmed, full-scale business will be difficult. Because the US and Europe are also still organizing regulations, Korea is likely to approach slowly while referring to international standards.

So how should ordinary people view this situation? First, in the short term, Upbit users should pay more attention to security. You must set up two-factor authentication, and it is safe to move large amounts to personal wallets. While hacking is the exchange's responsibility, protecting your own assets is also an individual's duty.

In the medium to long term, we must watch the entire fintech ecosystem. If the Naver-Dunamu merger succeeds, other big tech companies like Kakao or Toss may show similar moves. Then a structure where a few giant platforms dominate the financial market could emerge. Whether this gives consumers convenience or limits their choices depends on regulatory authorities' judgment.

Policy authorities must find balance between innovation and stability, competition and concentration. Too strict regulations block innovation, while too loose regulations cause market monopoly and financial instability. Especially for new fields like virtual assets, regulations must be organized with speed while also preparing sufficient safeguards.

In the end, the Naver-Dunamu merger is a testing ground for measuring the future of Korean fintech. Through this event where technology and institutions, innovation and stability, opportunity and risk intersect, we can learn what shape the future of digital finance should take.


View Table of Contents

Made by haun with ❤️

2025-present