South Korea’s Financial Services Commission (FSC) has proposed detailed rules for refunding virtual assets stolen through voice phishing, closing a gap that had left crypto outside the country’s victim-relief system.
Closing a Legal Blind Spot
The FSC announced that it had prepared an amendment to the enforcement decree of the Special Act on the Prevention of Damage from Telecommunications-Based Financial Fraud and the Refund of Damaged Funds and issued a legislative notice opening it for public comment.
The change follows the parent act, which was amended on March 31 to expand the scope of recoverable victim assets from money to virtual assets and is set to take effect on October 1. Until now, crypto sat outside the relief framework entirely: victims of telecommunications fraud could recover cash, but not digital assets, a gap regulators warned criminals could exploit.
The enforcement decree is the follow-up measure that spells out how the expanded law will actually work, setting the refund methods and valuation standards that the act delegated to secondary rules.
How the Refunds Will Work
The decree sets separate rules for crypto because, unlike cash, its value varies by token. If the refundable asset is money, victims are reimbursed in monetary units. If it is a virtual asset, they are reimbursed by token type and quantity.
Where the form of the stolen asset differs from what remains in a fraud-linked account, the refund is made in the form of the asset present in that account at the time the payment suspension is imposed. When both money and virtual assets are mixed, monetary assets are assessed at face value while virtual assets are valued at their market price at the moment of account suspension.
That valuation timing is designed to allow faster and fairer refunds even when the funds of multiple victims are commingled in a single fraudulent account, according to the FSC.
A State-Designated Agency to Sell Recovered Crypto
The most novel element is a mechanism for victims who have never traded crypto. The decree provides a legal basis for the FSC to designate a dedicated agency that will sell refundable virtual assets on a victim’s behalf and disburse the proceeds in cash.
The rationale is practical. When defrauded funds are converted into virtual assets during a criminal’s attempt to move money and then frozen, a victim would, in principle, receive the refund in crypto. But those with no trading experience or exchange accounts could struggle to preserve the value of assets returned to them in that form.
To qualify, an institution must meet the requirements the FSC deems necessary, including the organization and personnel needed to protect virtual-asset users and support damage recovery.
From Chasing Scammers to Paying Victims Back
The decree marks a shift from enforcement toward restitution in South Korea’s long campaign against voice phishing. Korean authorities have moved aggressively against the crypto rails that scams increasingly rely on, from targeting the unregistered “Tether Laundromat” exchange offices that convert defrauded won into USDT to arresting 56 people over a Cambodia-linked USDT laundering ring.
Those actions focused on disrupting the flow of criminal proceeds. The new rules address the other side of the ledger: returning value to victims once assets are frozen. Together, they reflect an attempt to build both a chase mechanism and a payback mechanism for crypto-enabled fraud.
The move also aligns with parallel work across South Korea’s institutions, including new Supreme Court procedures for seizing and liquidating cryptocurrency in civil enforcement, both targeted for October.
The Scam Method Behind the Rules
The vector driving the change is distinctly crypto-native. A common method, according to Korea Herald reporting, involves luring victims into installing fake apps that mimic overseas virtual asset exchanges, then demanding their wallet recovery phrase under the guise of “wallet recovery”—allowing scammers to drain an entire wallet at once.
That pattern mirrors a broader class of seed-phrase-based scams, in which the request for a recovery phrase is itself the attack. Security guidance is consistent on the point: a recovery phrase should never be shared with anyone under any framing.
What Happens Next
The legislative notice runs for 40 days, from July 15 through August 24. After that, the amendment must pass review by the Regulatory Reform Committee, a resolution by the Financial Services Commission, review by the Ministry of Government Legislation, and resolutions by the vice ministers’ and cabinet meetings.
The FSC said it plans to implement the enforcement decree on October 1, the same date the amended law takes effect. If the timeline holds, victims of crypto-linked voice phishing will have a formal route to recovery for the first time.
Also Read: South Korea Arrests 56 in USDT Laundering Ring Tied to Cambodia Scam Network
