Finst

South Korea Fines Bithumb for Illegal Data Transfers

The PIPC says Bithumb shared customer data without proper consent with foreign exchanges, including data tied to USDT and BingX. At the same time, South Korea is tightening privacy rules for blockchain companies.

By Zenz van der Wielen
• 2 min read
South Korea Fines Bithumb for Illegal Data Transfers

Key Takeaways

  • South Korea fined Bithumb 210 million won for sharing user data with foreign parties without proper consent.
  • The PIPC found that Bithumb shared data like names, wallet addresses, and birth dates with 13 foreign crypto exchanges.
  • South Korea has introduced new privacy guidelines that push blockchain companies not to record personal information on public ledgers.

South Korea has fined the crypto exchange Bithumb 210 million won, about $136,000 (€119,900), for sharing user data with foreign parties without proper consent. The penalty follows a months-long investigation by the Personal Information Protection Commission (PIPC) and is one of the toughest privacy enforcement actions in South Korea's crypto sector so far.

Violations in Cross-Border Data Transfers

The main issue was the transfer of personal data across borders, a process that under South Korean law comes with strict consent rules. Between September and November 2025, Bithumb broke these rules during transactions involving Tether's USDT market data. The commission found that Bithumb told users their data would go to the Stellar platform, but it actually ended up at a BingX platform. That does not match the required accuracy about the destination under privacy law.

In addition, Bithumb was found to have shared data such as names, wallet addresses, and birth dates of customers with 13 different foreign crypto exchanges without full consent. These findings led to an order to change internal procedures for cross-border data transfers and make sure the law is followed more strictly.

New Privacy Guidelines for Blockchain Companies

Along with the fine, South Korea introduced new privacy guidelines that encourage blockchain companies not to record personal information on public ledgers. Names and national ID numbers should stay off-chain whenever possible to protect privacy. The guidelines also stress that companies must verify the actual destination of personal data before transferring it internationally, instead of relying on intermediaries.

These developments fit into a broader trend of South Korea expanding regulation of crypto companies, not just on the financial side but also when it comes to privacy protection. For Bithumb, the fine is both a financial hit and a reputational one, but it also signals stricter enforcement across the entire Korean crypto market. Incomplete user consent will now face tougher action, which is an important message for all crypto exchanges operating in South Korea.

Why This Matters for European Crypto Users

Even though this penalty targets a Korean exchange, it highlights the growing global focus on privacy and data management in the crypto market. European crypto investors and platforms can take away that compliance with privacy laws, especially for cross-border data transfers, is becoming more and more important. This could also lead to tighter checks and requirements for crypto exchanges and blockchain companies in Europe.

Disclaimer: This content is for informational purposes only and does not constitute financial, investment, legal, or tax advice. The information provided may be incomplete, inaccurate, or outdated and should not be relied upon as such. Nothing on this website should be considered a recommendation to buy, sell, or hold any cryptocurrency. Investing in crypto-assets involves risk of loss.