The Seoul Southern District Prosecutor’s Office announced the arrest and indictment of five suspects in South Korea’s first such criminal case involving a carpet pull conducted via a decentralized exchange (DEX). The charges, filed under the Virtual Asset User Protection Law that took effect in July 2024, cover crimes of market manipulation and fraud, with 256 investors losing a total of 900 million won (about $600,000) after withdrawing cash from the CATFI token liquidity pool.
This is the first time South Korean authorities have applied the law’s unfair trading provisions to a decentralized exchange-based system, and it is officially described as “the first prosecution for a crypto crime conducted via a DEX.” The arrests took place on May 11, 2026 and the official indictments were issued by the prosecution on May 27, 2026.
The main defendant, identified by the nickname “Park,” conducted his online activities using a fake influencer persona called “Eth Father,” a synthetic identity designed to generate seemingly organic community interest in the CATFI code. Park and four of his partners launched the meme on a decentralized platform based on the Solana network, secretly loading their wallets with huge token positions before the public promotion began.
Using a circular trading method and coordinated wash trades across multiple wallets, the group was able to increase the price of CATFI by 1,001 times in just 26 hours, attracting retail buyers before withdrawing all liquidity. Organizers reaped illegal profits of around 400 million won ($260,000), leaving 256 investors holding worthless tokens. Two were arrested and detained for market manipulation, a third was charged without detention, while two others were accused of helping the main defendant escape, with one allegedly spending three months in hiding to avoid arrest.
Solana News: CATFI Arrests and Regulation of the DeFi Sector in Korea
Decentralized exchanges (DEXs) have historically operated in a regulatory gray area in most jurisdictions, due to the lack of centralized listings, lack of mandatory disclosures from issuers, and anonymous wallet structures that have historically hampered enforcement. Prior to the CATFI case, South Korea’s Virtual Asset User Protection Act applied exclusively to cases of market abuse on centralized exchanges, including manipulation of the Bithumb platform and the ACE token system. The suit against CATFI is the first time that unfair trade clauses have been tested against behavior that takes place entirely on-chain.
Prosecutors did not charge the group under unregistered exchange laws or token listing regulations, instead relying on the traditional fraud and market manipulation provisions of the User Protection Act. They argued that circular trading, promotion via fake influencers, and intentionally misleading representations of internal control of tokens constitute “fraudulent means, schemes, or techniques” in digital asset trading. The importance of this legal theory is that it means that prosecutors do not need a registered entity or a central platform to file charges, since the behavior committed on the network is enough to prove the crime.
Prosecutors in Seoul’s Southern District were clear on the enforcement mandate, emphasizing that the office “will firmly address actions that destabilize the digital asset market and undermine public trust.”
The CATFI issue is not isolated from a broader context, as South Korea introduced five-minute settlement requirements and kill switches for crypto platforms in early 2026, as well as a new digital assets law imposing 100% reserve requirements for stablecoins. Authorities also indicated in January that the long-standing ban on Spot Bitcoin ETFs could be reconsidered. With $110 billion in crypto flows through 2025, regulators are systematically working to close the gap between DeFi activities and official oversight, placing South Korea at the forefront of countries setting the pace in the pursuit of DeFi cybercrimes.
How were the perpetrators found?
Investigators constructed the CATFI case using a “wallet clustering” technique to map the concentration of tokens among insiders and analyze circular trading patterns to determine the coordination of ghost trades between linked addresses. They also relied on KYC at the exit level, the point where currencies are transferred from anonymous wallets to fiat currencies through a central exchange that requires identity verification. This exposure point represents the structural vulnerability of each Rug Pull operation; Operators can hide their identity on the network, but converting profits into cash requires going through a regulated portal.
Online sleuths initially identified suspicious wallets and filed complaints, but authorities temporarily closed the case after the group claimed it had been hacked. The case was subsequently referred by the Financial Services Commission (FSC), triggering further criminal investigations which engaged financial and tax authorities to complete the chain of evidence. Additional details on the timeline of the investigation confirm that the Commission’s new referral was the turning point that allowed the forensic evidence to be fully reconstructed.
Analysts view the case as signaling the end of the era of decentralized platforms as a law enforcement blind spot, noting that authorities now incorporate online behavior, social promotion and market manipulation into traditional prosecution theories. Pseudonyms and multiple wallet settings no longer block access to perpetrators when advanced blockchain forensics is combined with exit point tracking. DeFi regulation in South Korea has now shifted from censoring exchanges to censoring direct behavior on the network, which meme operators on Solana are now reading very carefully.
The article South Korea sues Solana Rug Pull perpetrators appeared first on Cryptonews Arabic.