Privacy Breach: South Korea Imposes Record Fine on Bithumb for Leaking User Data Abroad
Regulatory pressure in South Korea continues to tighten around cryptocurrency exchanges. This time, one of the oldest market players, Bithumb, has been hit. The Personal Information Protection Commission (PIPC) fined the platform 210 million won (approximately $136,000) for illegally transferring users' personal information to foreign partners. This decision is not just a financial penalty but a clear signal to the entire industry: the era of uncontrolled handling of customer data is coming to an end.
Two Gross Violations in One Case
As the PIPC investigation revealed, Bithumb committed two critical violations. First, the exchange obtained user consent to transfer their data to the Stellar exchange, but in reality, the information was sent to a platform operated by BingX. The actual recipient of the data did not match the one for which clients had given permission. Second, when conducting transfers with 13 foreign exchanges, Bithumb transmitted users' names, wallet addresses, and dates of birth without their full and explicit consent.
The leak occurred between September and November 2025, when Bithumb was transferring order books from its Tether (USDT) market. The regulator emphasized that the cross-border transfer of personal data is directly linked to the human right to self-determination and requires strict compliance with the law.
New Rules for Blockchain Companies
Simultaneously with the decision on Bithumb, the PIPC published separate information protection guidelines for blockchain companies. The regulator took into account the specifics of the technology—its transparency, distributed structure, and immutability of records. According to the document, data that can identify a person (e.g., names and social security numbers) should not be recorded on the blockchain.
This decision demonstrates that South Korean authorities intend to strictly control how platforms transmit user information abroad. For Bithumb, this fine is just the beginning. The exchange is obligated not only to pay the amount but also to rectify its data transfer protocols.
Expert opinion: A fine of $136,000 is a drop in the ocean for Bithumb, but the precedent itself is extremely important. The regulator is effectively creating a new standard: now every exchange working with South Korean users must not only obtain consent but also guarantee that data will not be passed to third parties without the client's knowledge. This increases operational costs for all market participants but, in the long term, strengthens trust in the industry.