Crypto news

25.06.2026
10:22

Bithumb paid the price: a record fine of $136,000 for leaking customer data abroad

South Korea's Personal Information Protection Commission (PIPC) has issued a strict ruling against the cryptocurrency exchange Bithumb. The platform is required to pay a fine of 210 million won, equivalent to approximately $136,000. The reason is the illegal transfer of users' personal information to foreign platforms without their proper consent.

This is not just a technical violation but a serious failure in the compliance system. According to the investigation, the incident occurred between September and November 2025, when Bithumb transferred order books for the Tether (USDT) pair to third-party platforms. The PIPC determined that the exchange violated cross-border data transfer procedures, directly infringing on users' right to self-determination in the digital environment.

Double Violation: Consent and Actual Transfer

The key issue was a mismatch between what users consented to and what actually happened. Bithumb obtained client permission to transfer their data to the Stellar exchange, but in reality, the information was sent to a platform operated by BingX. Thus, the actual recipient did not match the stated one, which constitutes a direct breach of trust.

But that's not all. The second violation involved the transfer of personal data during transactions with 13 foreign exchanges. Bithumb sent users' names, wallet addresses, and dates of birth without obtaining full and explicit consent for each such operation. The PIPC emphasizes that cross-border data transfer is closely tied to the human right to self-determination and requires strict compliance with the law.

New Rules for the Blockchain Industry

Alongside the Bithumb ruling, the commission published separate information protection guidelines for blockchain companies. The regulator took into account the technology's specific features—its transparency, distributed structure, and immutability of records. According to the document, data that can identify a person, such as names and social security numbers, should not be recorded on the blockchain.

This is a signal to the entire industry: South Korea is tightening its approach to how cryptocurrency exchanges handle personal data. The ruling demonstrates that the regulator intends to closely monitor how platforms transfer user information abroad.

Expert Opinion: This precedent is a clear signal to the market. Bithumb was punished not for a data leak in the classic sense, but for violating data processing procedures. Amid tightening regulations in Asia, exchanges will have to fundamentally rethink their KYC and AML protocols, especially regarding work with international partners. Ignoring these requirements could cost significantly more than $136,000.