Korea's 5 major CEX regimes compared — Upbit / Bithumb / Coinone / Korbit / GOPAX
On this page
Overview of Korea’s regime
Korea established a virtual-asset service provider (VASP / VA-OP, 가상자산사업자) registration system under the Act on Reporting and Use of Specific Financial Transaction Information (특정금융정보법, enforced 2021-03-25). The 2 requirements for registration: (a) ISMS certification from KISA (Korea Internet & Security Agency) + (b) a real-name account contract with a domestic bank (실명확인 입출금 계정). Only exchanges that satisfy both requirements and have been able to register with the Financial Intelligence Unit (FIU, Korea’s version of FinCEN) can offer KRW trading pairs (KRW spot market). As of 2026 年, only the following 5 社 can trade in KRW. Coin-only exchanges (e.g. GDAC) do not support KRW pairs even if registered.
Profiles of the 5 leaders
| Exchange | Parent company | Established | Korea spot share | Features |
|---|---|---|---|---|
| Upbit | Dunamu (Kakao group) | 2017-10 | ~70% (overwhelming top) | Korea’s largest; in the global top 10 ; real-name account contract with Kakao Bank |
| Bithumb | Bithumb Korea | 2014-01 | ~25% (2 位) | Long-established largest; IPO plan 2026 in progress (KOSDAQ assumed); contract with NH Nonghyup Bank |
| Coinone | Coinone | 2014-08 | ~3% (mid-tier) | Established 2014 ; Carrot Banking-affiliated real-name account; independent |
| Korbit | NHN (Naver subsidiary) | 2013-07 | ~2% | Korea’s first CEX (2013); NHN Payco affiliate; contract with Shinhan Bank |
| GOPAX | Streami → Binance Korea | 2017-11 | ~1% (5 位) | Formerly Streami; **Binance acquired a majority stake 2023-02 ** → partial retreat amid Korean FIU objections (Binance voting rights diluted) |
Real-name account bank contracts (실명확인 입출금 계정)
The 1 -exchange 1 -bank principle with the 5 major Korean bank groups:
- KB Kookmin / Shinhan / NH Nonghyup / Hana / Woori are the 5 major domestic banks.
- Exchanges that cannot connect cannot handle KRW spot → a withdrawal factor (many small and mid-sized exchanges have been culled by this requirement in the past).
- Because banks bear AML/CFT responsibility, they are reluctant to conclude contracts → a high barrier to new entry.
ISMS-CASP certification
An information-security management-system certification audited by KISA.
- Basic ISMS: required of all VASPs.
- Enhanced ISMS-P (Personal info): required of operators with trading volume exceeding 100 億 won.
- There is an annual renewal audit, with the possibility of registration cancellation in case of deficiencies.
International comparison
| Item | Korea | Japan | US |
|---|---|---|---|
| Primary regulator | FSC/FIU single | FSA + [[exchanges/jvcea-self-regulatory-overview | JVCEA]] dual supervision |
| Registration system | [[exchanges/jp-vasp-regulatory-timeline | VASP 登録]] (2021-) | [[exchanges/fsa-vasp-registration-system |
| Certification | KISA ISMS | FSA inspection + JVCEA self-regulation | By state |
| Real-name account requirement | Mandatory 1:1 bank contract | Bank contract recommended but not required | Bank contracts free |
Korea, with a single regulator + mandatory real-name accounts, has institutionally created a 5 社 oligopoly, differing from both Japan’s Japan Financial Regulation — Legal Framework for Tokens, Crypto Assets, and Payments and the US multiple-license model.
Related
- global-cex-top10-comparison — Upbit’s entry into the global top 10
- fsa-vasp-registration-system — comparison with Japan’s regime
- jvcea-self-regulatory-overview — contrast with Japan’s self-regulation
- japan-financial-regulation — overall picture of Japan’s financial regulation
Source: FSC (금융위원회) / KISA announcements, major Korean media (KBS / Korea Herald / 코인데스크 코리아), official IR of each company.