GDAC was once a quiet player in South Korea’s crowded crypto market - not as big as Upbit or Bithumb, but known for one thing: low fees. For a while, it looked like a smart choice. Trading fees were just 0.20% for both makers and takers. Compare that to Coinbase’s 2%, and it’s easy to see why traders flocked in. But behind the numbers, something dangerous was happening. GDAC didn’t just fail - it vanished. And in the process, it took millions of dollars from real people with no way back.
How GDAC Got Started
GDAC launched in 2018 as a South Korean exchange, built on TradingView’s interface. That meant clean charts, fast order execution, and a layout that felt familiar to anyone who’d traded stocks or forex. It wasn’t flashy. No fancy marketing. Just a simple, functional platform. It supported 27 cryptocurrencies, including Bitcoin, Ethereum, and a few Korean-specific tokens. Its biggest advantage? It was one of the few exchanges that let you trade directly with Korean Won (KRW). For locals, that was huge. No need to convert USD or EUR first. Just deposit KRW, buy crypto, and go.Minimum deposit? Just $1. That opened the door to beginners. Staking was available too, with fees below average. It even had API access for advanced traders. And yes, it had iOS and Android apps. On paper, it checked all the boxes.
The Hidden Flaws
But appearances lied. GDAC’s biggest weakness wasn’t the number of coins - it was security. While competitors like Upbit and Coinone invested heavily in cold storage, multi-sig wallets, and employee training, GDAC cut corners. They kept 23% of all user funds in a hot wallet. That’s like leaving your house key under the mat while you’re on vacation. And they didn’t just leave it there - they made it easy to find.According to CoinDesk’s report after the hack, attackers used SIM swapping. That’s not some sci-fi attack. It’s old-school social engineering. Hackers called the mobile carrier, pretended to be an employee, and got a new SIM card issued. Once they had that, they bypassed two-factor authentication. They didn’t need to crack passwords. They just needed to trick one person.
And that’s not all. UEEx’s security review found that GDAC’s internal training was weak. Employees weren’t taught how to spot phishing emails. Password policies were lax. There were no regular audits. No penetration testing. No red team exercises. Just a platform that looked good, but had no real defense.
The Collapse
On April 7, 2023, everything changed. Hackers moved nearly $13 million in crypto out of GDAC’s hot wallet. Some reports said the total loss was as high as $25 million. The exchange didn’t freeze accounts. Didn’t alert users. Didn’t offer a recovery plan. They just went quiet. A week later, they shut down completely.Users woke up to empty wallets. Reddit threads filled with messages like: “I had $18,000 in ETH. Gone.” “My life savings. No one answers.” “I trusted them because they were Korean.” Trust wasn’t enough. Regulation didn’t help. GDAC was licensed in South Korea, but that didn’t mean they were safe. The Financial Services Commission had rules - but enforcement was thin. GDAC didn’t meet them.
Why It Wasn’t Just a Hack
This wasn’t a random attack. It was predictable. Security experts had been warning about exchanges like GDAC for years. The ones that focus only on low fees and user experience, but ignore fundamentals. The ones that assume “everyone else is doing it” is good enough.Compare GDAC to Coinbase. Coinbase has 136 coins. GDAC had 27. Coinbase charges 2% - GDAC charged 0.2%. But Coinbase uses cold storage for 98% of assets. GDAC kept nearly a quarter in hot wallets. Coinbase has a dedicated security team. GDAC? No public record of one. Coinbase audits annually. GDAC? Nothing.
Traders Union rated GDAC 2.33 out of 10. That’s not bad - that’s catastrophic. Even before the hack, users were frustrated. No referral program. Poor customer support. No transparency on reserves. The platform was stable, yes - but stability doesn’t mean safety.
What Happened to the Money?
No one got their money back. Not a cent. GDAC never announced a compensation plan. No insurance fund. No partnership with a recovery firm. The exchange just disappeared. CoinMarketCap now lists it as “Untracked.” CoinGecko removed it. No website. No social media. No contact info.Law enforcement in South Korea is still investigating. But as of 2025, no arrests have been made. The stolen crypto moved through mixers and cross-chain bridges. Tracing it is nearly impossible. The wallets are empty. The users are out of luck.
What You Can Learn
GDAC’s story isn’t just about one exchange. It’s a warning. Here’s what you need to remember:- Low fees don’t mean safe. If an exchange doesn’t talk about security, walk away.
- Hot wallets are risky. Anything over 5% in hot storage is a red flag.
- Don’t trust location. Just because it’s based in South Korea, Japan, or Singapore doesn’t mean it’s regulated properly.
- Use hardware wallets. If you’re holding more than $500, don’t leave it on an exchange - even the “good” ones.
- Check for audits. Look for public reports from firms like CertiK, SlowMist, or PeckShield.
GDAC’s collapse was avoidable. It wasn’t a black swan. It was a slow burn. And now, it’s a textbook case in every crypto security course.
What to Do If You Held GDAC
If you were one of the users who lost funds, there’s no magic fix. You can:- File a report with South Korea’s Financial Intelligence Unit (FIU).
- Join user groups on Telegram or Discord - some are pooling legal resources.
- Monitor blockchain explorers like Etherscan or Blockchain.com for movement from the stolen wallets.
- Never use the same exchange again without checking their security history.
But let’s be clear: the odds of recovering your funds are near zero. GDAC didn’t just fail - it disappeared. And that’s the scariest part.
Alternatives to GDAC (That Still Exist)
If you’re looking for a Korean-friendly exchange with real security, here are three that still operate:- Upbit - Largest in Korea. Uses cold storage. Audited. Supports KRW.
- Bithumb - Long-standing, regulated, with insurance fund.
- Korbit - Transparent, KYC-heavy, good customer support.
All of them charge more than GDAC did. But they’re still here. And that’s the difference.
Is GDAC still operating?
No. GDAC permanently shut down in April 2023 after a major hack that stole between $10 million and $25 million in cryptocurrency. The website is offline, and no recovery efforts have been announced. All user funds are inaccessible.
Why did GDAC fail?
GDAC failed because of poor security practices: it kept a large portion of user funds in a hot wallet, lacked employee training on phishing and social engineering, didn’t conduct regular audits, and had weak two-factor authentication enforcement. The April 2023 hack exploited these gaps using SIM swapping, leading to total collapse.
Did GDAC have insurance for user funds?
No. Unlike exchanges such as Binance or Coinbase, GDAC did not have any insurance fund or third-party coverage for stolen assets. After the hack, there was no compensation offered to users.
Could I have withdrawn my funds before the hack?
Yes - technically, users could withdraw until the platform went offline. However, many users didn’t suspect a problem because GDAC appeared stable. The hack happened suddenly, and the exchange shut down before warning users. Once the site went dark, withdrawals became impossible.
Was GDAC regulated?
GDAC was registered in South Korea and operated under local financial regulations. However, enforcement was inconsistent. The exchange failed to meet basic security standards required by the Financial Services Commission, which allowed the breach to occur despite existing rules.
Are there any legal actions against GDAC?
South Korean authorities are still investigating the hack, but as of 2025, no individuals have been charged. The exchange’s leadership vanished, and there is no corporate structure left to hold accountable. Legal recourse for users is extremely limited.
Can I still access my GDAC account?
No. The GDAC website and mobile apps are no longer accessible. All domain registrations have expired, and servers have been shut down. Even if you have login details, they no longer work.
What happened to GDAC’s customer support?
Customer support channels disappeared along with the website. Emails bounced back. Live chat vanished. Social media accounts were deleted. There is no official way to contact anyone from GDAC.