- South Korea fined Bithumb $136,000 for unauthorized overseas user data transfers.
- Regulators found user information was shared abroad without proper consent procedures.
- New blockchain privacy guidelines increase compliance obligations for crypto firms.
South Korean regulators have fined cryptocurrency exchange Bithumb for transferring user information overseas without obtaining proper consent. The penalty reflects growing regulatory scrutiny of data privacy practices within the digital asset industry as authorities strengthen compliance requirements for crypto platforms.
Regulator Finds Unauthorized Overseas Data Transfers
South Korea’s Personal Information Protection Commission (PIPC) imposed a fine of 210 million won, equivalent to approximately $136,000, on Bithumb. The regulator also issued a corrective order requiring the exchange to comply with legal requirements governing cross-border personal data transfers.
The investigation began after concerns emerged during a 2025 parliamentary audit regarding Bithumb’s order book sharing arrangements. Authorities examined whether user information was transferred overseas in accordance with the country’s Personal Information Protection Act.
Bithumb has been fined approximately $136,$000 by South Korean regulators for sharing user data internationally without consent. This highlights increasing scrutiny of crypto exchanges regarding data privacy and compliance #SouthKorea pic.twitter.com/CIPTAzqRgW
— John Morgan (@johnmorganFL) June 25, 2026
According to the PIPC, Bithumb shared order book data related to its Tether (USDT) trading market with overseas exchanges between September and November 2025. During that period, users consented to transfers involving one exchange.
However, regulators found that member identification numbers and order information were transferred to a system operated by another exchange, BingX.
The commission concluded that the transfer occurred without obtaining separate consent from affected users. As a result, it determined that Bithumb failed to satisfy legal requirements for overseas data transfers.
Regulators also reviewed virtual asset transfers involving 13 foreign exchanges. During those transactions, Bithumb reportedly provided personal information, including names, wallet addresses, and, in one case, dates of birth, for anti-money laundering purposes.
New Privacy Rules Increase Compliance Pressure
The PIPC acknowledged that personal information may be required to support anti-money laundering procedures. However, the commission stated that overseas transfers remain closely connected to users’ rights over their personal data.
Consequently, authorities emphasized that crypto exchanges must follow strict consent and disclosure requirements before transmitting information across borders. The regulator ordered Bithumb to improve its transfer procedures and clearly disclose relevant practices within its privacy policy.
Alongside the enforcement action, the commission released new Blockchain Service Privacy Protection Guidelines. The framework addresses privacy risks associated with blockchain technology, including transparency, decentralization, and the difficulty of modifying recorded data.
The guidelines encourage companies to consider privacy protections during product development and to minimize exposure of identifiable information on blockchain networks. They also recommend stronger controls for information sharing and data management.
The latest action highlights South Korea’s expanding oversight of cryptocurrency businesses. As regulatory expectations increase, exchanges operating internationally may face greater scrutiny regarding both financial compliance and personal data protection.
Leave a Reply
You must be logged in to post a comment.