GDAC Crypto Exchange Review: Fees, Security Breach, and Why It Shut Down
GDAC Fee Comparison Calculator
Calculate Your Fee Savings
Compare GDAC's ultra-low fees against other exchanges. Input your trade size and see how much you could have saved.
Quick Takeaways
- GDAC offered ultra‑low 0.20% maker/taker fees, far below most global rivals.
- It supported only 27 cryptocurrencies and accepted KRW as the sole fiat.
- The April 2023 SIM‑swap hack stole roughly $13 million, leading to permanent closure.
- Security flaws included a large hot‑wallet balance and weak employee phishing defenses.
- Today the platform is listed as “untracked” on CoinMarketCap and no compensation program exists.
When it comes to South Korean crypto platforms, GDAC Crypto Exchange is a centralized exchange founded in 2018 that offered low‑fee trading of about 27 cryptocurrencies before its abrupt shutdown in 2023. If you typed GDAC crypto exchange review into Google, you’re probably wondering whether the low fees ever outweighed the massive security disaster that erased users’ funds. Below you’ll find a deep dive into the exchange’s fee model, market coverage, user experience, and, most importantly, the hack that sealed its fate.
Background and Market Position
GDAC entered a crowded South Korean market dominated by Upbit, Bithumb, and Coinone. Its official website listed a registered address, company registration number, and the name of the representative, which helped it pass basic legitimacy checks. According to Cryptowisser, GDAC was regarded as a “legitimate exchange” in 2021 and briefly ranked among the leaders in the region.
The platform targeted Korean retail traders by supporting only Korean Won (KRW) as a fiat gateway. A $1 minimum deposit made it easy for beginners to start, while the integration with popular Korean payment apps such as Kakao Pay added a familiar checkout experience.
Fee Structure - The Low‑Cost Edge
GDAC’s headline selling point was its 0.20% flat maker and taker fee. By comparison, Coinbase charged around 2.00% for the same trade size, making GDAC appear exceptionally cheap for high‑frequency traders.
The exchange also levied a withdrawal fee of 0.001 BTC (or the equivalent in the withdrawn coin), which was higher than Coinbase’s 0.000079 BTC but still competitive for KRW‑based users who primarily moved funds to local banks.
Low fees drew attention, especially during the 2021 bull run when GDAC’s daily trading volume spiked to $84.8 million. However, the fee advantage was offset by a narrow asset roster and a lack of global fiat options.
Asset Coverage - Quantity vs. Quality
GDAC listed roughly 27 cryptocurrencies, including major assets like Bitcoin (BTC), Ethereum (ETH), and Ripple (XRP). In contrast, Coinbase offered over 130 coins by 2025. The limited selection meant that traders looking for niche altcoins had to turn to other platforms.
Staking was available for a handful of assets, and the staking fees were described as “below average” by Traders Union. For users whose primary goal was low‑cost spot trading rather than extensive DeFi exposure, GDAC’s offering was sufficient.
Platform Features and API
The user interface was built on TradingView, delivering an intuitive charting experience that many novices praised as “stable and high‑speed.” Mobile apps for iOS and Android mirrored the web layout, allowing on‑the‑go trading.
GDAC also provided a public API, enabling algorithmic traders to connect third‑party services such as BitGo, Kakao Pay, and tax‑automation tools like TaxBit. These integrations made it easier for professional traders to manage positions and reconcile tax obligations.
Customer Support and Service Quality
GDAC advertised 24/7 live chat and email support, but user forums from 2021-2022 hinted at mixed satisfaction. Some traders praised the quick response times, while others complained about delayed ticket resolutions and a lack of a referral program.
Even before the hack, UEEx noted that “most clients are not satisfied with the broker,” citing inconsistent service and limited educational resources.
Security Overview - What Went Wrong?
The turning point arrived in April 2023 when hackers executed a SIM‑swap attack combined with social engineering. By hijacking employee phone numbers, they gained access to admin consoles and user accounts, ultimately draining about $13 million-roughly 23 % of GDAC’s custodial assets-from the hot wallet to an unknown address.
Key security failures identified by post‑mortem analyses:
- Excessive funds kept in a single hot wallet (≈23 % of total assets).
- Insufficient two‑factor authentication on privileged accounts.
- Lack of regular phishing simulations and employee training.
- Inadequate monitoring of large outbound transfers.
While the exchange did conduct an internal investigation with law enforcement, it announced a permanent shutdown shortly after, citing the inability to restore user confidence.
Why GDAC Never Recovered
Beyond the $13 million loss, the breach exposed systemic flaws:
- Regulatory pressure in South Korea intensified after the 2022‑2023 market dip, demanding stricter AML/KYC and security measures-requirements GDAC struggled to meet.
- The platform’s regional focus limited its ability to raise emergency capital from a global investor base.
- Without a compensation fund or insurance, users had no recourse, eroding trust permanently.
Today, CoinMarketCap lists GDAC as an “Untracked” exchange, and both CoinGecko and major aggregators have removed it from their active databases.
Fee vs. Feature Comparison: GDAC vs. Coinbase
| Metric | GDAC | Coinbase |
|---|---|---|
| Maker fee | 0.20% | 0.50%‑2.00% (tiered) |
| Taker fee | 0.20% | 0.50%‑2.00% (tiered) |
| Withdrawal fee (BTC) | 0.001 BTC | 0.000079 BTC |
| Supported fiat | KRW only | USD, EUR, GBP, and many others |
| Number of assets | 27 | 136+ |
The table makes it clear: GDAC excelled at low trading fees but lagged dramatically in asset diversity, fiat options, and withdrawal costs for Bitcoin.
Lessons for Traders and Exchange Operators
GDAC’s story underscores three universal takeaways:
- Never keep too much capital in a hot wallet. A layered cold‑storage strategy can limit exposure during a breach.
- Robust employee security training is non‑negotiable. Phishing simulations and strict password policies can stop SIM‑swap attacks before they reach critical systems.
- Transparency about insurance, compensation, and risk management builds resilience. Users need to know what’s at stake when something goes wrong.
For individual traders, the safest route remains “not your keys, not your coins.” Using hardware wallets and limiting exchange balances can protect assets even if an exchange collapses.
Current Status and Outlook
As of October 2025, GDAC remains defunct. Law enforcement in South Korea continues to investigate the perpetrators, but no significant fund recovery has been reported. The exchange’s website was taken offline, and its brand has faded from public listings.
Investors eyeing the South Korean market now gravitate toward Upbit, Bithumb, and Coinone, all of which have stronger security frameworks and broader asset lists.
Bottom Line
If you were chasing low fees and a Korean‑only trading experience, GDAC looked attractive pre‑2023. The catastrophic security breach, limited asset coverage, and lack of a recovery plan turned it into a cautionary tale. When evaluating any exchange, weigh fee savings against security depth, regulatory compliance, and the platform’s ability to survive a major incident.
Is GDAC still operating?
No. GDAC permanently shut down after the April 2023 hack that resulted in a multi‑million‑dollar loss. The platform’s website is offline and it is listed as an “untracked” exchange on CoinMarketCap.
What were GDAD’s trading fees?
GDAC charged a flat 0.20% maker and taker fee on all spot trades, which was significantly lower than most global competitors.
How many cryptocurrencies could I trade on GDAC?
The exchange listed around 27 cryptocurrencies, including major coins like BTC, ETH, and XRP.
Did GDAC offer any insurance for user funds?
No public statement about insurance or compensation was ever made. After the hack, users were left without a recovery plan.
What security measures did GDAC lack?
Key gaps included an oversized hot‑wallet balance, weak two‑factor authentication on admin accounts, and insufficient employee phishing training-all factors that enabled the SIM‑swap attack.
Devi Jaga
April 29, 2025 AT 05:53Oh sure, low fees are the holy grail when your hot wallet looks like a fireworks show.
Ikenna Okonkwo
April 29, 2025 AT 19:46Looking back, the GDAC saga reminds us that ultra‑cheap trading isn’t a free lunch.
When you trade on a platform that can’t afford robust security, the fee savings evaporate faster than a flash crash.
It’s a classic case of risk‑adjusted return: penny‑pinching on fees, paying dearly in custody risk.
Future traders should balance cost with the depth of insurance, cold‑storage protocols, and compliance posture.
In the end, peace of mind often outweighs a few basis points saved per trade.
Shikhar Shukla
April 30, 2025 AT 09:39From a regulatory perspective, GDAD’s operational footprint demonstrated a conspicuous lack of proportional governance.
Its singular hot‑wallet allocation, exceeding twenty‑three percent of custodial assets, contravenes best‑practice segregation standards.
The absence of multi‑factor authentication on privileged accounts further exacerbated exposure to credential‑stuffing vectors.
Moreover, the entity’s limited fiat accessibility constrained liquidity buffers that could have mitigated capital flight during the breach.
Consequently, the institution failed to satisfy the prudential oversight criteria mandated by the Korean Financial Services Commission.
Such infractions inevitably erode stakeholder confidence and precipitate an untenable operational posture.
Jason Zila
April 30, 2025 AT 20:46The post outlines the facts well, but let’s stress that low fees are only attractive if the underlying infrastructure can survive a breach.
Security should be a baseline requirement, not an afterthought.
Traders need to audit exchange insurance, cold‑storage ratios, and employee security training before committing capital.
Otherwise, the fee advantage becomes a hollow promise.
Cecilia Cecilia
May 1, 2025 AT 13:26I feel for anyone who lost funds on GDAC.
Their story is a stark reminder that we must keep personal holdings in hardware wallets whenever possible.
Exchanges are convenient, but convenience should never replace security.
lida norman
May 1, 2025 AT 21:46It’s heartbreaking 😢 when a platform that seemed so cheap turns into a nightmare.
Stay safe, keep your keys, and never rely on a single exchange for everything! 😊
Vinoth Raja
May 2, 2025 AT 11:39GDAC’s downfall is a textbook illustration of how fee‑centric strategies can undermine systemic resilience.
First, the exchange’s hot‑wallet exposure was alarmingly high; allocating over twenty‑three percent of total assets to a liquid pool created a single point of failure that attackers were eager to exploit.
Second, the lack of granular two‑factor authentication on privileged accounts meant that once a SIM‑swap compromised an employee’s phone, the adversary could traverse administrative portals unimpeded.
Third, employee phishing training was evidently insufficient, as social engineering chained together the SIM‑swap and internal access, culminating in a $13 million exfiltration.
Fourth, the platform’s limited fiat gateway-KRW only-constrained its ability to diversify liquidity sources, leaving it vulnerable to market shocks and regulatory pressure.
Fifth, regulatory oversight in South Korea tightened post‑2022, demanding stricter AML/KYC practices that GDAC struggled to meet, further eroding trust.
Sixth, the absence of a compensation fund or insurance policy left users with no recourse, amplifying the reputational damage.
Seventh, while the fee structure was attractive, it attracted high‑frequency traders who tend to keep larger balances on‑exchange, inadvertently increasing exposure.
Eighth, the exchange’s API, though functional, lacked rate‑limiting safeguards that could have flagged anomalous withdrawal patterns sooner.
Ninth, post‑incident communications were sparse, fueling speculation and panic among the community.
Tenth, the decision to shut down permanently rather than pursue a restructuring plan may have been pragmatic, yet it also signaled a failure to uphold fiduciary responsibilities.
Eleventh, this episode underscores the importance of cold‑storage diversification; a layered storage architecture could have limited the hot‑wallet’s share to a fraction of a percent.
Twelfth, robust internal monitoring for large outbound transfers would have generated alerts, potentially halting the exfiltration in its tracks.
Thirteenth, regular external audits of security posture could have identified the SIM‑swap vulnerability before exploitation.
Fourteenth, the broader crypto ecosystem can learn from GDAC by mandating minimum security standards for exchanges operating in high‑risk jurisdictions.
Fifteenth, ultimately, traders must practice the “not your keys, not your coins” principle, keeping only what they need for active trading and storing the rest offline.
Kaitlyn Zimmerman
May 2, 2025 AT 17:13Great breakdown!
Security hygiene and cold‑storage layering are indeed the pillars of a resilient exchange.
Hope newer platforms internalize these lessons.
Chris Morano
May 3, 2025 AT 05:43Despite the tragic outcome, GDAC showed that a focused niche market can thrive with the right user experience.
Its TradingView UI and Korean payment integration were praised by many novices.
The lesson here is that convenience must walk hand‑in‑hand with rigorous security.
Future Korean exchanges can emulate the UI strengths while avoiding the security pitfalls.
Bobby Lind
May 3, 2025 AT 15:26Exactly! UI matters, but safety matters more.
Let’s hope the next platform gets both right.
Jessica Cadis
May 4, 2025 AT 05:19GDAC tried to be the discount store of crypto, but you can’t skimp on vaults.
Security is non‑negotiable, period.
Katharine Sipio
May 4, 2025 AT 12:16Indeed, the trade‑off between cost and protection must be transparent to users.
Exchanges should disclose their hot‑wallet ratios and insurance coverage in plain language.
This empowers traders to make informed decisions rather than being blindsided by hidden risks.
Regulators might also consider mandating such disclosures for consumer protection.
Deepak Kumar
May 5, 2025 AT 02:09Let’s use GDAC’s story as a rallying cry for better security standards across the board.
Developers, auditors, and exchange operators should collaborate on open‑source security modules.
Education is key-traders need to understand the difference between a hot and cold wallet.
Stakeholders must push for mandatory multi‑factor authentication on all privileged accounts.
Only then can we prevent another $13 million loss.
Matthew Theuma
May 5, 2025 AT 10:29Well said! 👍
Security can’t be an afterthought, especially with SIM‑swap attacks on the rise.
Carolyn Pritchett
May 5, 2025 AT 21:36Honestly, GDAC was a dumpster fire from day one-cheap fees, terrible security.
Anyone who ignored the red flags deserved the loss.