There are 2 related laws for such cases: The Electronic Financial Transactions Act, Articles 9 and 10; and The Act on the Development of Cloud Computing And Protection of Its Users, Article 29.

The Blockchain platform is responsible for damages/losses (with exceptions, where a financial company or an electronic financial business entity may require a user/party using the smart contract, to fully or partially bear the liability for loss).

According to The Electronic Financial Transactions Act, Article 9 (Liability of Financial Companies or Electronic Financial Business Entities): “ (1) When a user suffers any loss due to any of the following incidents, the relevant financial company or electronic financial business entity shall be liable for indemnifying him/her for the loss: <Amended by Act No. 11814, May 22, 2013>

1. An incident caused by the forgery or alteration of the means of access;

2. An incident caused in the course of electronically transmitting or processing the conclusion of a contract or a transaction request;

3. An incident caused by the use of a means of access acquired by fraudulent or other illegal means by invading electronic apparatus for electronic financial transactions or an information and communication network defined in Article 2 (1) 1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.

(2) Notwithstanding paragraph (1), a financial company or an electronic financial business entity may require a user to fully or partially bear the liability for any loss in any of the following cases: <Amended by Act No. 11814, May 22, 2013>

1. Where, with respect to any incident caused by the intention or gross negligence of the user, a prior agreement is made with the user to the effect that all or part of the loss may be borne by the user;

2. Where a corporate user (excluding any small enterprise defined in Article 2 (2) of the Framework Act on Small and Medium Enterprises) suffers any loss although the financial company or electronic financial business entity fulfills the duty of due care reasonably required to prevent incidents, such as the establishment and strict observance of security procedures.

(3) The intention or gross negligence of the user referred to in paragraph (2) 1 shall be limited to that stipulated in the terms and conditions of electronic financial transactions (hereinafter referred to as “terms and conditions”) within the limits prescribed by Presidential Decree.

(4) Every financial company or electronic financial business entity shall take measures necessary to discharge the liability provided for in paragraph (1), such as purchasing insurance, joining a mutual aid society or accumulating reserves, pursuant to the standards determined by the Financial Services Commission. <Amended by Act No. 8863, Feb. 29, 2008; Act No. 11814, May 22, 2013>”

Also, the related Electronic Financial Transactions Act, Article 10 (Liability for Loss or Theft of Means of Access):

“(1) Upon receipt of a user’s notification of the loss or theft of the means of access, the relevant financial company or electronic financial business entity shall be liable for compensating the user for any loss he/she might suffer due to the use of such means of access by a third party from the time such notification is received: Provided, That the same shall not apply to cases prescribed by Presidential Decree where any damage is caused by the loss, theft, etc. of electronic prepayment means or electronic currency. <Amended by Act No. 11814, May 22, 2013>

(2) Notwithstanding paragraph (1) of this Article and Article 9, if any provision of other Acts and subordinate statutes applicable favorably to the user exists, such provision shall prevail.”

Also,

According to the Act on the Development of Cloud Computing And Protection of Its Users, Article 29 [Enforcement Date 26. Jul, 2017.] [ No.14839, 26. Jul, 2017., Amendment by Other Act], the blockchain platform/ cloud computing service provider is responsible for the losses:

“Where a user sustains an injury or loss caused by a cloud computing service provider’s violation of any provision of this Act, he/she may claim damages for such injury or loss against the cloud computing service provider. In such cases, the cloud computing service provider shall not be exempted from liability, unless it proves that such injury or loss has not been caused by its intentional conduct or negligence.”

“Obligations of a cloud computing service provider under the Cloud Computing Act include: … To compensate for any damages resulting from a violation of the Cloud Computing Act”

Sources

• The Electronic Financial Transactions Act

• The Act on the Development of Cloud Computing And Protection of Its Users