Crypto news

25.06.2026
10:07

South Korean regulator penalizes Bithumb for data leak: $136,000 fine and new rules for the blockchain industry

South Korea's Personal Information Protection Commission (PIPC) has imposed a fine of 210 million won (approximately $136,000) on the Bithumb exchange. The reason is the transfer of users' personal data to foreign platforms without their proper consent.

This precedent is important not only for the size of the penalty but also because it has exposed systemic problems in the procedures of cryptocurrency exchanges handling confidential information. During the investigation, the PIPC identified two key violations by Bithumb.

Double Violation: From Stellar to BingX

The first violation is related to the transfer of data for the Tether (USDT) trading pair. Between September and November 2025, Bithumb transferred order books to a foreign counterparty. However, as the regulator determined, the actual recipient of the data was a platform operated by BingX, not Stellar, for which users had given their consent. This is a direct violation of the principle of purpose limitation for data use.

The second incident concerns the mass transfer of personal data — names, wallet addresses, and dates of birth — to thirteen different foreign exchanges. In this case, Bithumb did not obtain full and explicit consent from users for the cross-border transfer. The regulator emphasized that such actions directly affect the fundamental human right to self-determination in the information sphere.

New Regulations for Blockchain Companies

Simultaneously with the decision on Bithumb, the PIPC issued separate information protection guidelines for blockchain companies. The regulator took into account the technological features of the industry — transparency, distribution, and immutability of records.

The key requirement of the document: information that can identify an individual (e.g., names and social security numbers) must not be recorded on the blockchain. This means that any public ledger used by exchanges must be designed to exclude the storage of Personally Identifiable Information (PII) in immutable chains.

Analyst's Opinion. This case is a clear signal to the market. The South Korean regulator is demonstrating that the era of "gray" areas in handling user data is coming to an end. For global exchanges seeking to work with South Korean clients, it will now be mandatory not just to obtain consent, but to ensure full technical and legal transparency of cross-border data flows. Bithumb, for its part, will have to not only pay the fine but also fundamentally revise its protocols.