Crypto news

25.06.2026
09:10

Bithumb has been fined $136,000 for illegally transferring customer data to foreign exchanges.

South Korea cryptocurrency

South Korea's Personal Information Protection Commission (PIPC) has fined the cryptocurrency exchange Bithumb 210 million won (approximately $136,000). The reason was the transfer of users' personal information to foreign companies without proper consent. This is a serious signal for the entire industry: even major players cannot ignore privacy laws.

How the leak occurred

From September to November 2025, Bithumb transferred data from the order book for USDT pairs. The regulator determined that the exchange obtained permission from clients to transfer information to the Stellar platform but actually sent it to a platform operated by BingX. This is a direct violation of user trust and the law.

Additionally, the PIPC identified violations in data transfers to 13 other foreign exchanges. Bithumb transferred clients' names, dates of birth, and wallet addresses without obtaining full and explicit consent for such actions. The commission demanded that the exchange immediately rectify its data transfer protocols and emphasized that the cross-border movement of personal information requires strict compliance with the law.

New guidelines for blockchain companies

Simultaneously with the fine, the PIPC issued special guidelines for blockchain companies. The document takes into account key features of the technology: transparency and the impossibility of deleting records. The regulator recommended not to include on-chain data that could identify individuals, such as names or social security numbers. This is an important step toward balancing innovation and protecting citizens' rights.

Recall that on June 11, the PIPC already imposed a record fine of 624.6 billion won on the technology giant Coupang following a massive data leak. It is evident that the South Korean regulator intends to consistently tighten control over the processing of personal data, and the crypto industry will be no exception.

Analytical commentary: This case is a stark reminder that in the era of DeFi and global data exchanges, even decentralized platforms must comply with traditional privacy norms. Ignoring data protection laws can lead not only to financial losses but also to a erosion of user trust, which in the long term is far more dangerous than any fine.