Bithumb has been fined $136,000 for illegally transferring customer data to foreign exchanges.

South Korea's Personal Information Protection Commission (PIPC) has fined cryptocurrency exchange Bithumb 210 million won (approximately $136,000). The reason is the transfer of users' personal data to foreign companies without proper consent. This is a serious signal for the entire industry: even major players are not immune to close regulatory scrutiny.
Details of the Violation
According to the investigation, violations were recorded from September to November 2025. Bithumb transmitted order book information for USDT pairs to foreign platforms. The key point: the exchange obtained client consent for data transfer only to the Stellar platform, but actually sent it to a platform operated by BingX. This is a direct violation of trust and the law.
Additionally, the PIPC identified violations in transfers to 13 other foreign exchanges. Bithumb transmitted users' names, dates of birth, and wallet addresses without obtaining full and explicit consent for such actions. The regulator demanded immediate correction of data transfer protocols and emphasized that the cross-border movement of personal information requires strict compliance with the law.
New Recommendations for Blockchain Companies
At the same time, the PIPC issued guidance for blockchain companies, taking into account the specifics of the technology: transparency and the impossibility of deleting records. The regulator recommended not to include on-chain data that could identify individuals, such as names or social security numbers. This is a logical step — in the world of DeFi and public blockchains, privacy becomes a critical factor.
Context and Conclusions
Recall that on June 11, the PIPC fined technology giant Coupang a record 624.6 billion won after a massive data leak. The fine for Bithumb, though smaller, is no less indicative. The cryptocurrency market in South Korea is one of the most regulated in the world, and this case confirms that negligence in handling customer data will be costly. Investors should consider that such incidents can undermine trust in exchanges and create additional risks for capital.