South Korean regulator imposes fine on Bithumb for illegal transfer of customer data

South Korea's Personal Information Protection Commission (PIPC) has decided to impose a fine of 210 million won (approximately $136,000) on the cryptocurrency exchange Bithumb. The reason was a violation of legal requirements in processing user data — the platform transferred confidential information to foreign companies without proper client consent.
According to investigation materials, the incidents occurred between September and November 2025. Bithumb transferred order book data for trading pairs with USDT to foreign counterparties. The most notable finding was that the exchange obtained user consent to transfer data to the Stellar platform, but actually sent it to servers managed by BingX, which is a direct violation of client trust.
Additionally, the regulator recorded violations in transfers to 13 other foreign cryptocurrency exchanges. During these operations, Bithumb transferred users' names, dates of birth, and wallet addresses without obtaining full and explicit consent for each specific transfer. This practice contradicts both South Korea's Personal Information Protection Act and international standards.
The PIPC demanded that Bithumb immediately review and correct its data transfer protocols. The agency emphasized that the cross-border movement of personal information in the cryptocurrency industry requires particularly strict compliance with the law and protection of data subjects' rights.
Alongside the fine, the PIPC issued specialized guidance for blockchain companies. The document takes into account a key feature of the technology: transparency and irreversibility of records. The regulator recommended that developers and platform operators avoid including personally identifiable information, such as names or social security numbers, in on-chain data.
Cryptalist Analytical Commentary: This case demonstrates that the South Korean regulator does not intend to make exceptions for cryptocurrency exchanges in data protection matters. The $136,000 fine is just the tip of the iceberg: the real risks for Bithumb include loss of client trust and potential class-action lawsuits. For the entire industry, this is a signal: blockchain transparency should not become an excuse for violating user rights. Investors should pay attention to exchanges' compliance policies before entrusting them with their data and funds.