Crypto news

25.06.2026
10:56

South Korean regulator penalized Bithumb exchange for data leak: fine and new rules for blockchain companies

South Korea's Personal Information Protection Commission (PIPC) has imposed a fine of 210 million won (approximately $136,000) on the cryptocurrency exchange Bithumb. The reason is the illegal transfer of users' personal data to foreign platforms without their proper consent. This decision serves as a serious signal for the entire industry, emphasizing that regulators are beginning to prioritize data privacy even in such a technologically advanced field as blockchain.

Two Violations at the Core of the Case

The PIPC investigation revealed two key incidents. First, Bithumb transferred order books for the Tether (USDT) trading pair from September to November 2025. Although the exchange obtained user consent to transfer data to the Stellar platform, the actual recipient turned out to be the exchange BingX. Thus, the real recipient of the information did not match the one for which users had given permission.

Second, Bithumb sent clients' names, wallet addresses, and dates of birth to 13 foreign exchanges during transactions without obtaining full and explicit consent. The PIPC emphasized that the cross-border transfer of personal information is closely related to the human right to self-determination and requires strict compliance with data protection laws.

New Rules for Blockchain Companies

Simultaneously with the decision on Bithumb, the PIPC published separate information protection guidelines for blockchain companies. The regulator took into account the technology's characteristics—its transparency, distributed structure, and immutability of records.

According to the document, information that can identify a person (e.g., names and social security numbers) should not be recorded on the blockchain. This is a direct indication of the need to separate data: public, immutable ledgers should not contain confidential personal information.

Thus, South Korean authorities have outlined a stricter approach to how cryptocurrency exchanges handle personal data. The decision demonstrates that the regulator intends to monitor how platforms transfer user information abroad. This is a precedent that will force all market players to reconsider their KYC protocols and data processing practices.

Expert Opinion: This case is not just a fine but a clear signal to the market: the era of uncontrolled data handling in the crypto industry is ending. Investors should pay attention to how seriously exchanges approach compliance, as regulatory risks are becoming one of the key factors affecting the long-term stability of platforms.