Crypto news

26.06.2026
08:11

Bithumb fined $136,000: a privacy lesson for the entire South Korean crypto industry

South Korea's Personal Information Protection Commission (PIPC) has imposed a fine of 210 million South Korean won (approximately $136,000) on the cryptocurrency exchange Bithumb. This decision marks the culmination of a lengthy investigation that revealed serious violations in the handling of clients' confidential information. The incident serves as a powerful signal for the entire market: the era of neglect towards privacy in South Korea's crypto sphere is coming to an end.

Root of the Problem: Deception and Overseas Data Transfer

The PIPC investigation established that Bithumb violated the law when processing cross-border transactions in late 2025. The essence of the complaints is not merely a technical error, but a deliberate misleading of users. The exchange claimed it was sending client data to the Stellar platform, but in reality, confidential files were being sent to the BingX platform. This is a direct violation of the requirement to specify the exact recipient when transferring information.

The scale of the problem proved significant. Without proper user consent, data was transferred to 13 foreign cryptocurrency exchanges. The leaked files contained:

  • Client first and last names
  • Cryptocurrency wallet addresses
  • Exact user dates of birth

Furthermore, the PIPC found that data was transferred to multiple foreign jurisdictions simultaneously without proper notification and obtaining client consent. The regulator has ordered Bithumb's management to completely revise its internal regulations and clearly inform users about the final destination of their data processing.

New Regulatory Direction: Privacy as a Priority

This decision is not an isolated case. It coincides with the publication of new privacy recommendations for blockchain companies. South Korea is striving to find a balance between the transparency of the distributed ledger and the protection of private life. The key rule is now strict: blockchain projects are not permitted to publish information in open chains that allows for the identification of an individual. Names and document numbers must be stored exclusively off-chain.

Special emphasis is placed on controlling the transfer of data abroad. The regulator recommends implementing additional protective measures when sending client information to foreign platforms. Exchanges are obligated to independently verify where personal data actually ends up, rather than relying on the assurances of intermediaries.

Cryptalist Analysis: The fine for Bithumb is merely a prelude. South Korea is consistently tightening control over the crypto industry, and privacy issues are becoming a central element of regulatory policy. I expect that the practice of incompletely informing users and obtaining their consent will be strictly suppressed, and similar sanctions could follow against other major market players in the coming quarters. Ignoring these requirements poses a direct threat to business.