South Korea Flags Crypto MLM Schemes Using ‘Overseas’ Loophole Narrative

South Korea’s latest wave of crypto-linked multi-level marketing schemes is increasingly being sold under a familiar pitch: “It’s an overseas project, so it’s fine.” Promoters frame AI trading bots as mere ‘tech services,’ node packages as ‘infrastructure participation,’ DAO tier systems as ‘community contributions,’ and offshore exchange referrals as simple introductions—often insisting that taking funds in Tether (USDT) instead of Korean won keeps them outside domestic rules.

Regulators and legal experts say that argument is, at best, only half true. Once a network targets Korean residents, solicits money, facilitates crypto purchases, pays referral commissions with tiered rewards, and markets ‘principal recovery’ or high returns, the activity can intersect with multiple South Korean statutes—regardless of whether a foreign platform, a stablecoin settlement, or a Web3 label is used.

In practice, many of these sales networks are not operating in a lawless void. They are designed to move along the seams between laws, making enforcement slower and more fragmented even when legal risk is substantial. Potential issues can span the Act on Reporting and Using Specified Financial Transaction Information (often referred to as the ‘Specified Financial Information Act’), the Virtual Asset User Protection Act, the Act on the Regulation of Conducting Fund-Raising Business Without Permission, the Door-to-Door Sales Act, the Capital Markets Act, and criminal fraud provisions.

1) Unregistered ‘virtual asset business’ activity

The first threshold is whether the activity amounts to operating as a virtual asset service provider (VASP) under South Korea’s AML framework. Under the Specified Financial Information Act, the definition is broad: it can cover not only buying and selling, exchanging, transferring, or custody/management of virtual assets, but also brokering, arranging, or acting as an agent for such transactions as a business.

This is where many crypto referral networks run into trouble. A local recruiter may claim they are “just sharing information,” but the line can be crossed when they provide sign-up links, push referral codes, assist with wallet set-up, convert won to USDT on behalf of participants, or guide purchases of nodes, tokens, or deposit-style products on offshore platforms. If the recruiter is compensated through fees, referral rewards, team bonuses, or paybacks, the ‘business’ character becomes harder to deny.

South Korea’s Financial Intelligence Unit (FIU) has repeatedly warned that unlawful virtual asset handlers are proliferating across Telegram, open chatrooms, YouTube, and social media. The FIU has also signaled that servicing Korean residents without proper reporting can be deemed illegal—even if transactions involve stablecoins and even if the platform claims to be overseas. Indicators used to judge domestic ‘business solicitation’ have included Korean-language websites, won-payment support, and Korea-targeted customer acquisition events or marketing campaigns, while stressing that overall circumstances can still establish business activity even if some indicators are absent.

2) User protection law—strong safeguards, but only inside the perimeter

South Korea’s Virtual Asset User Protection Act took effect on July 19, 2024. It introduced guardrails such as rules for safeguarding customer deposits, segregating customer assets from a company’s own holdings, and requiring insurance or reserves against hacking and system failures—along with investigative and enforcement powers against unfair trading practices like market manipulation.

But the law’s protections are not universal. Authorities have cautioned that the framework does not guarantee the safety of any particular cryptoasset and that risk rises sharply when transactions are conducted via unverified entities or through person-to-person over-the-counter channels with limited market surveillance.

That gap matters because many crypto MLM-style networks operate largely outside regulated exchanges: they use KakaoTalk and Telegram groups, unofficial landing pages, personal wallets, USDT proxy purchases, and offshore platforms. Participants may feel they are engaging in “exchange-like” trading because they see app dashboards and wallet balances, yet the money may be moving outside domestic safeguards.

3) ‘Quasi-deposit’ fundraising red flags

Among the most legally sensitive sales claims are variations of ‘principal recovery,’ ‘principal guarantee,’ “daily payouts,” “monthly dividends,” or promises that losses can be “made whole” within a few months. These phrases can trigger scrutiny under South Korea’s rules against unauthorized fundraising from the public, which target arrangements that collect funds from unspecified persons while promising repayment of principal or more at a later date without approval, licensing, registration, or reporting.

Promoters often avoid explicit wording like “principal guaranteed” and instead rely on euphemisms—“recovery zone,” “pension-like income,” “recoup after listing,” “refund if not listed,” or “early entrants are safe.” Investigators and courts typically focus on substance over slogans: what participants were told, what return tables were distributed, what recruiters promised, and whether payouts came from genuine business revenue or from new participant inflows.

4) Multi-level marketing structure disguised as Web3

Multi-level marketing features can be central, regardless of whether the product is framed as AI, nodes, DAOs, memberships, or exchange referrals. Under the Door-to-Door Sales Act, an MLM structure generally involves participants recruiting lower-tier sellers and receiving support commissions based on downstream performance. Importantly, the scope can extend beyond physical goods to include rights to use facilities or receive services—meaning “it’s not a tangible product” is not necessarily a shield.

In crypto sales networks, the structure often appears as “first-line referrals,” “second-line referrals,” team sales targets, small-performance quotas, leader bonuses, platform dividends, community rewards, or referral rewards. The vocabulary can sound native to Web3, but the cash-flow logic can resemble traditional pyramid-like systems. The key question is whether rewards are driven by genuine service use or network contribution—or whether they are effectively funded by purchases and transaction volumes generated by lower-tier recruits.

5) Potential ‘investment contract security’ implications

Some crypto MLM-style offerings may also raise securities-law questions. When node allocations, DAO “dividends,” platform revenue sharing, token-linked income rights, or fractionalized rights are bundled into a sales pitch, the structure can resemble an ‘investment contract security’ under the Capital Markets Act.

Regulators have emphasized that substance matters more than form or technology. If investor returns depend heavily on an operator’s expertise and business activities—or if investors cannot realistically realize profits or avoid losses without the operator’s continued efforts—securities characterization becomes more plausible. Applied to crypto sales networks, the question becomes whether returns come from an investor’s own actual node operation or service usage, or whether profits hinge on an organizer’s listing push, market making, price support, and platform operation. A “node purchase” can look less like infrastructure participation and more like an investment contract if the node is effectively run by the project while the buyer simply waits for token distributions.

6) Fraud risk and organizer liability

At the far end of the spectrum lies criminal fraud exposure. If a scheme collected money while lacking the ability or intent to pay, or if it misrepresented business substance, listing certainty, official distributor status, or the feasibility of withdrawals and refunds, the legal stakes rise significantly. The presence of white papers, apps, and on-screen token balances can delay recognition of harm, but none of those elements prove that tokens are liquid, that nodes operate as advertised, that DAO governance is meaningful, or that an “exchange” site is legitimate and properly registered.

Liability can also become convoluted when recruitment relies on personal relationships. Some recruiters may claim they, too, are victims. Yet if they recruited others and received commissions or tiered rewards, authorities may view them as more than passive participants. This blurred boundary—victims who also function as sales agents—is one reason these networks can spread quickly and cause lasting damage.

How the ‘regulatory blind spot’ is engineered

These networks often avoid a single, obvious violation and instead split their operation into layers that appear separate on paper: a foreign “project” narrative, USDT-based payments that obscure fiat rails, product naming that avoids the word “investment,” return language that avoids explicit “guarantees,” and recruitment conducted through semi-private chatrooms rather than public advertising.

For participants, however, the experience is a single transaction: they are approached in Korea, told to send money, encouraged to expect returns, and urged to recruit others. The ‘blind spot’ is not an absence of law. It is the deliberate fragmentation of legal character to make accountability harder to pin down.

Fragmented oversight can buy time for bad actors

Enforcement can be slowed by divided jurisdictions. Unregistered virtual asset business activity sits in the FIU and financial authorities’ lane; ‘quasi-deposit’ fundraising and fraud are prosecuted by police and prosecutors; MLM violations can involve the Korea Fair Trade Commission, local governments, and investigative agencies; securities determinations require financial regulators and related bodies.

That fragmentation can create frustrating loops for victims—being told to report to one body, then another—while chatrooms shut down, domains change, wallets are drained, and key recruiters migrate to the next project. The FIU has advised that suspected illegal virtual asset handling can be reported to the FIU, DAXA, or law enforcement, warning that unregulated operators may lack AML controls and user protections and may be linked to broader crimes including fraud, tax evasion, or foreign-exchange violations.

Evidence, not memory, determines outcomes

Because these networks can disappear quickly—closing rooms, changing links, and moving assets—victims and tipsters are often urged to preserve evidence. Core materials can include promotional return tables and rank/reward charts; chat logs from KakaoTalk, Telegram, and direct messages; recordings or videos from briefings; transaction proof such as won deposits, USDT purchase records, TXIDs, recipient wallet addresses, and exchange deposit/withdrawal histories; referral code and upline/downline structure; and screenshots showing withdrawal delays or failed refund attempts.

Why naming projects is less useful than analyzing structure

In reporting on such cases, simply listing project names can be risky and, at times, misleading—some “projects” may be impersonated or represented through unofficial marketing materials. A more durable approach is to document repeatable patterns: AI-trading pitches, node-allocation sales, DAO tiering systems, and exchange referral pipelines—then test how money moves and where promised rewards are sourced.

The real gap is ‘speed’

The crypto market’s core enforcement challenge is often tempo. Sales networks can pivot overnight—from AI to nodes, nodes to DAOs, DAOs to referral exchanges, then to memberships and point systems—while regulators and investigators must build cases, define jurisdictions, and apply multi-layered legal tests. That speed mismatch can expand harm: when one program becomes controversial, the same recruiters may simply rebrand and sell a new “opportunity” to fresh entrants.

Bottom line

AI, nodes, DAOs, offshore exchanges, and memberships may look different on the surface, but the repeated on-the-ground formula is consistent: solicit funds, cultivate return expectations, pay referral and tiered rewards, and deflect responsibility to “overseas platforms” or “system issues” when withdrawals or promises break down. These are not merely aggressive Web3 marketing campaigns; they are high-risk distribution networks that can simultaneously raise AML reporting issues, unauthorized fundraising concerns, illegal MLM questions, securities-law implications, and fraud exposure.

The critical questions for participants are basic: Who is a properly reported operator? Who receives the funds? Are returns generated by verifiable business activity—or by lower-tier inflows? Who bears losses, and who can be held accountable in Korea if things go wrong? In a market where labels change faster than legal processes, structure—and evidence of that structure—often matters more than any brand name.