- South Korea’s Personal Information Protection Commission (PIPC) fined Bithumb 210 million won ($136,000) for violating cross-border personal data transfer rules.
- The violations occurred between September and November 2025 during USDT ($1.00 · Live) order book sharing and crypto withdrawal processes involving overseas exchanges.
- The regulator also issued corrective orders and published new blockchain privacy guidelines to strengthen data protection across the digital asset industry.
South Korea’s Personal Information Protection Commission (PIPC) has imposed a 210 million won (approximately $136,000) penalty on cryptocurrency exchange Bithumb after determining that the company transferred users’ personal information to overseas platforms without fully complying with the country’s Personal Information Protection Act.
The enforcement action, announced on June 24, follows a regulatory investigation into Bithumb’s cross-border data handling practices. Alongside the financial penalty, the commission ordered the exchange to improve its procedures for overseas transfers of personal information and ensure compliance with legal disclosure and consent requirements.
PIPC Finds Two Separate Data Transfer Violations
The investigation found that between September and November 2025, Bithumb transferred user information while sharing order book data for the Tether (USDT) market with an overseas trading platform.
According to the PIPC, users were informed that their personal information would be transferred to Stellar Exchange and provided separate consent based on that disclosure. However, the regulator found that member identification numbers and order information were instead transmitted to infrastructure operated by BingX, resulting in a violation of South Korea’s cross-border data transfer requirements. The commission imposed a 120 million won penalty for the order book sharing violation.
Separately, investigators found that Bithumb provided users’ names, wallet addresses and other required information to 13 overseas cryptocurrency exchanges while processing crypto withdrawals for anti-money laundering (AML) purposes. Although the regulator acknowledged the necessity of sharing certain information to meet AML obligations, it concluded that Bithumb failed to obtain the separate user consent required for overseas transfers under the Personal Information Protection Act. This second violation resulted in an additional 90 million won penalty.
Investigation Originated From 2025 Parliamentary Review
The PIPC said the investigation began after concerns were raised during South Korea’s 2025 National Assembly audit regarding the overseas transfer of personal information through Bithumb’s order book sharing service.
Following its findings, the regulator ordered Bithumb to ensure future overseas data transfers comply with legal requirements and to clearly disclose relevant details in its privacy policy.
In its announcement, the commission stated that cross-border transfers of personal information are closely related to individuals’ rights to control their own data and therefore require strict compliance with the procedures established under the Personal Information Protection Act.
Privacy Guidelines Released for Blockchain Services
Alongside the enforcement action, the PIPC released new Personal Information Protection Guidelines for Blockchain Services, reflecting issues identified during the investigation.
The guidance addresses privacy risks created by blockchain’s transparency, decentralization and immutability. Among its recommendations, the regulator advised blockchain service providers to avoid recording personally identifiable information directly on-chain and outlined measures to reduce data exposure, manage information sharing among network participants and address personal data handling within immutable blockchain systems.
The latest action comes as South Korean authorities continue increasing regulatory oversight of the country’s cryptocurrency sector. Earlier this year, Bithumb also faced significant sanctions from the Financial Intelligence Unit over anti-money laundering compliance failures, reflecting broader efforts by regulators to strengthen supervision of digital asset platforms across both financial crime prevention and personal data protection requirements.
Recently, Bithumb CEO Lee Jae-won was named a bribery suspect in South Korea’s investigation into alleged job hiring irregularities, adding to the exchange’s regulatory challenges. The latest privacy penalty comes as Bithumb faces broader scrutiny over hiring practices, AML compliance, and personal data protection.