GDAC Crypto Exchange Review: What Happened and Why It Failed

If you're looking for a reliable crypto exchange to trade on, you need to know about GDAC-not because it's a good option, but because it's a textbook example of what happens when security gets ignored. GDAC was once a rising player in South Korea’s crypto scene, offering low fees and a clean interface. But by April 2023, it vanished. No warnings. No refunds. Just silence. And thousands of users lost everything.

What Was GDAC?

GDAC was a centralized cryptocurrency exchange founded in 2018 in South Korea. Unlike big names like Binance or Coinbase, it didn’t aim for global dominance. It focused on one thing: serving Korean traders with low fees and a simple platform built on TradingView’s infrastructure. Its interface was smooth, easy to use, and fast. For traders in South Korea, it felt like a local favorite-reliable, efficient, and cheap.

It supported around 27 cryptocurrencies, including Bitcoin, Ethereum, and a few lesser-known tokens. The trading fees were a major draw: just 0.20% for both makers and takers. Compare that to Coinbase’s 2.00%, and you can see why it attracted users. Even better, the minimum deposit was only $1. That made it accessible for beginners. It also offered staking, with fees lower than most competitors, letting users earn passive income on holdings like ETH or DOT.

Why It Looked Like a Good Choice

Before its collapse, GDAC had several advantages that made it stand out in a crowded market.

  • Low trading fees - At 0.20%, it was one of the cheapest exchanges in Asia.
  • KRW-only focus - If you lived in South Korea, you could deposit and withdraw Korean Won directly via Kakao Pay. No currency conversion headaches.
  • Mobile apps - Available on both iOS and Android, with real-time charts and order tracking.
  • API access - Allowed advanced traders to automate strategies using tools like Python or TradingView scripts.
  • Integration with third-party tools - It connected with Koinly, TaxBit, and Bitwave for tax reporting and wallet tracking.

It even had 24/7 customer support and a transparent company address listed on its website. For a while, it seemed like GDAC was doing everything right.

The Fatal Flaw: Security Was an Afterthought

Here’s the brutal truth: GDAC didn’t take security seriously. Not really.

While other Korean exchanges like Upbit and Bithumb were upgrading to cold storage, multi-signature wallets, and employee training programs, GDAC kept 23% of its users’ funds in a hot wallet. That’s a wallet connected to the internet-easy to access, easy to hack. Security experts call this a massive red flag. The industry standard? Keep 95%+ offline.

Then came April 2023.

Hackers used SIM swapping and social engineering to take over employee accounts. They called customer service, impersonated staff, and reset passwords. Once inside, they moved quickly. Within hours, they drained nearly $13 million from GDAC’s hot wallet. Some reports say the total loss was as high as $25 million. The exact number? No one knows. GDAC never released a full audit.

What happened after? Nothing. No compensation. No recovery plan. No communication. The website went dark. The mobile apps stopped working. The social media accounts vanished. Users woke up to a ghost.

A hacker unlocking a hot wallet as digital coins vanish, while users watch in despair.

What Users Lost

People lost everything.

Reddit threads from before the shutdown show users with $500, $10,000, even $50,000 in GDAC accounts. One user posted: “I had my life savings in GDAC. I trusted them. Now it’s gone. No one answers.”

Trustpilot reviews from 2022 already showed complaints: slow withdrawals, unresponsive support, lack of transparency. But most users shrugged it off. They thought the low fees made up for it. They didn’t realize that when security fails, no fee structure matters.

Even before the hack, Traders Union gave GDAC a score of 2.33 out of 10. They said: “Most clients are not satisfied.” That wasn’t just about customer service. It was about trust. And trust, once broken, can’t be rebuilt.

Why GDAC Failed When Others Survived

South Korea’s crypto market is one of the most regulated in the world. After the 2018 Coinrail hack, the Financial Services Commission tightened rules: mandatory audits, cold storage requirements, KYC checks.

But GDAC cut corners.

Upbit, Bithumb, and Coinone all passed those audits. They hired security teams. They ran penetration tests. They trained employees. GDAC? They used basic password policies. No multi-factor authentication for internal systems. No employee phishing drills. No incident response plan.

When the attack came, they had no backup. No insurance. No way to recover.

And here’s the worst part: they weren’t alone. Smaller exchanges in emerging markets often make the same mistake. They focus on growth, not resilience. They think low fees = loyal users. But users don’t stay loyal when their money disappears.

A lonely user holding a broken phone beside a tombstone for GDAC, with other secure exchanges glowing in the distance.

What You Can Learn From GDAC

GDAC’s collapse isn’t just history. It’s a warning.

  • Never trust an exchange that keeps large amounts in hot wallets. Check if they disclose their cold storage ratio.
  • Don’t assume low fees mean safety. Coinbase charges more, but it’s insured, audited, and regulated.
  • Use exchanges with clear, public security practices. Look for third-party audits, bug bounty programs, and transparent incident reports.
  • Don’t keep large sums on any exchange. If you’re not actively trading, move your coins to a hardware wallet.
  • Check if your exchange is still active. If CoinMarketCap says “Untracked,” or if the website is slow or down, that’s a red flag.

The phrase “not your keys, not your coins” exists for a reason. GDAC proved it.

The Aftermath: Is GDAC Coming Back?

No.

As of February 2026, GDAC is permanently shut down. Its domain redirects to nothing. Its apps are gone from app stores. CoinMarketCap and CoinGecko removed it entirely. Law enforcement in South Korea is still investigating, but there’s been no recovery of funds.

There’s no lawsuit. No settlement. No hope.

GDAC is now a case study in crypto exchange failure. Universities and security firms use it to teach how not to run a platform. It’s taught in courses on cybersecurity, risk management, and blockchain compliance.

And for the users who lost everything? There’s no justice. Just silence.

What to Use Instead

If you’re looking for a reliable exchange today, avoid anything that doesn’t meet these basic standards:

  • At least 95% of funds in cold storage
  • Publicly available security audits
  • Two-factor authentication (2FA) required for all accounts
  • Insurance coverage for user funds
  • Active presence on CoinMarketCap or CoinGecko

For users in South Korea, Upbit and Bithumb are solid choices. For global traders, Binance, Kraken, and Coinbase offer better security, more coins, and stronger support.

GDAC’s story isn’t about a bad product. It’s about a company that forgot one rule: trust is earned by protecting what matters most. And when you fail that, you don’t just lose users-you lose everything.

Is GDAC still operational?

No, GDAC permanently shut down in April 2023 after a major hack that stole between $10 million and $25 million in cryptocurrency. Its website, apps, and customer support channels are no longer active. All user funds were lost, and there has been no compensation or recovery effort.

Why did GDAC fail when other exchanges survived?

GDAC failed because it ignored basic security practices. While competitors like Upbit and Bithumb used cold storage, multi-factor authentication, and employee training, GDAC kept 23% of funds in a hot wallet, had weak internal controls, and didn’t train staff to recognize phishing or SIM swap attacks. When hackers exploited these gaps, GDAC had no defense-and no backup plan.

Did GDAC have any security audits?

There is no public record of GDAC undergoing third-party security audits. Unlike major exchanges that publish audit reports from firms like CertiK or Hacken, GDAC never released any proof of security checks. This lack of transparency was a major red flag even before the hack.

Can I recover my funds from GDAC?

No. GDAC never announced a recovery plan, insurance policy, or compensation fund. After the hack, all user accounts were frozen and eventually deleted. There are no official channels to reclaim lost assets, and law enforcement has not recovered any significant portion of the stolen funds as of 2026.

Was GDAC regulated?

Yes, GDAC operated under South Korea’s Financial Services Commission regulations, which required exchanges to follow KYC and AML rules. However, regulation doesn’t guarantee security. GDAC met the minimum legal requirements but failed to implement industry-standard protections, making it legally compliant but operationally unsafe.

What cryptocurrencies did GDAC support?

GDAC supported around 27 cryptocurrencies, including Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Ripple (XRP), and several Korean-focused tokens like Klaytn (KLAY) and Solana (SOL). However, it did not list major coins like Chainlink (LINK) or Polkadot (DOT) until late 2021, and its selection was far smaller than global exchanges like Binance or Coinbase.

Could users withdraw Korean Won (KRW) from GDAC?

Yes. GDAC was one of the few exchanges that allowed direct deposits and withdrawals in Korean Won (KRW) through Kakao Pay. This made it popular among South Korean users. However, this also limited its appeal internationally and tied its entire user base to one country’s financial system, increasing its vulnerability to local regulatory and economic shifts.

Tags: