South Korea Fines Bithumb for Overseas User Data Transfers
| |

South Korea Fines Bithumb for Overseas User Data Transfers

ByBradley Swift Last Update on Markets & Finance, News, Regulation

South Korea Fines Bithumb 210 Million Won for Unauthorized Overseas Data Transfers – Privacy Enforcement Tightens for Crypto Exchanges

Key Takeaways

  • South Korea fined Bithumb 210 million won, about 136,000 US dollars, for transferring user data overseas without proper consent.
  • The Personal Information Protection Commission found violations between September and November 2025 linked to USDT market activity.
  • Bithumb informed users data would be sent to the Stellar exchange, but investigators found it was transferred to a platform operated by BingX.
  • The regulator also identified data transfers to 13 overseas exchanges without full legally required consent.
  • The commission issued a corrective order requiring Bithumb to revise its cross border data transfer procedures.

Regulator Imposes Fine After Multi Month Investigation

South Korea has imposed a 210 million won fine on crypto exchange Bithumb following an investigation by the Personal Information Protection Commission, or PIPC. The penalty equals approximately 136,000 US dollars.

According to the commission, Bithumb violated the Personal Information Protection Act during cryptocurrency transactions conducted between September and November 2025. The case focused on how the exchange handled cross border transfers of customer information, particularly in connection with activity in Tether USDT markets.

Cross border data transfer refers to the movement of personal information from one jurisdiction to another. Under South Korean law, companies must meet strict consent requirements before sending such data abroad. The PIPC concluded that Bithumb did not comply with these obligations.

In its official statement, the commission confirmed both the financial penalty and a corrective order. The order requires Bithumb to align its processes with legal standards governing overseas transfers of personal information.

Consent Mismatch and Incorrect Destination Disclosure

A central finding of the investigation involved a mismatch between what users were told and what actually occurred.

Bithumb informed customers that their personal data would be transferred to the Stellar exchange. However, investigators determined that the information was in fact sent to a platform operated by BingX. Under South Korean privacy law, companies must clearly specify the destination of personal data when obtaining consent. The commission found that this requirement was not met.

The regulator treated the inaccurate disclosure as a breach of the legal obligation to provide precise information about overseas data recipients. For users, this distinction is relevant because consent must be tied to a clearly identified entity and jurisdiction.

Additional Transfers to 13 Overseas Exchanges

The investigation also uncovered a broader compliance failure. According to the PIPC, Bithumb transferred customer data to 13 separate overseas crypto exchanges without securing the complete consent required under national regulations.

The transferred information included customer names, wallet addresses, and dates of birth. These data points qualify as personal information under the Personal Information Protection Act and are therefore subject to strict handling and disclosure rules.

The commission concluded that Bithumb did not fulfill all statutory requirements before sharing this information internationally. As a result, the fine reflects not only a single incident but multiple instances of non compliant cross border transfers.

New Privacy Guidance for Blockchain Companies

The enforcement action coincides with new privacy guidance issued for blockchain and digital asset businesses operating in South Korea.

The framework addresses the structural tension between public blockchain transparency and personal data protection obligations. The commission emphasized that companies should avoid recording personally identifiable information on public ledgers wherever possible.

Under the guidance, sensitive data such as names and national identification numbers should remain off chain when the technology allows. The regulator also placed particular focus on cross border transfers, urging companies to implement stronger safeguards before sending customer information to international platforms.

Another key requirement is verification. Exchanges must confirm the actual destination of personal data rather than relying solely on third party intermediaries. This element directly reflects the findings in the Bithumb case, where the declared and actual recipients did not match.

Implications for Crypto Exchanges and International Users

The decision represents one of the most direct privacy enforcement actions against a crypto exchange in South Korea to date. It signals that data protection compliance now stands alongside financial and operational oversight in the regulatory framework for digital asset service providers.

For international users and market participants, the case highlights how cross border operations can trigger regulatory consequences when consent procedures are incomplete or inaccurately documented. Exchanges that facilitate global trading pairs, including stablecoin markets such as USDT, often interact with multiple overseas platforms. According to the commission, each transfer requires clear disclosure and legally valid consent.

Bithumb has been ordered to revise its internal procedures to ensure compliance with cross border data transfer rules. The corrective order indicates that the regulator expects structural changes rather than a one time adjustment.

Our Assessment

The 210 million won fine against Bithumb is based on confirmed violations of South Korea’s Personal Information Protection Act related to overseas data transfers between September and November 2025. The regulator identified inaccurate destination disclosure and insufficient consent for transfers to 13 foreign exchanges. Alongside the penalty, the commission issued updated privacy guidance for blockchain companies, emphasizing off chain storage of personal data and stricter verification of international data recipients. Together, these measures demonstrate increased regulatory focus on personal data handling in the country’s crypto sector.

Similar Posts

PancakeSwap V4 Launch: Big Boost for DeFi Efficiency

PancakeSwap V4 Launch: Big Boost for DeFi Efficiency

ByAbby Richards

In A Nutshell: PancakeSwap v4 Brings Innovations and Enhancements Decentralized exchange PancakeSwap has officially announced the upcoming launch of its version four (v4) codebase, a significant upgrade aimed at enhancing user experience and efficiency on both BNB and Ethereum networks, slated for release in the third quarter of 2024. With over $2.3 billion in assets…

Audius Leads Music’s Web3 Revolution

Audius Leads Music’s Web3 Revolution

ByIsabella Brown

In A Nutshell The future of music intertwines with decentralized technologies, artificial intelligence (AI), and community-driven platforms, as evidenced by the strides made by the blockchain-based music streaming service, Audius. Since its inception in 2018, Audius has leveraged blockchain technology, NFTs, and AI to redefine music streaming and artist-fan interactions. This innovative approach not only…

Bitcoin ETFs Surge, Eyeing $88K Price Amid Record Inflows

Bitcoin ETFs Surge, Eyeing $88K Price Amid Record Inflows

ByIsabella Brown

In A Nutshell BlackRock’s iShares Bitcoin Trust ETF has seen significant inflows, surpassing investments in top performing stocks, known as the “magnificent seven”. This surge places Bitcoin as the second largest asset class by inflow in 2024, with projections suggesting a potential rise in price to $88,000 by September. This trend is bolstered by the…

NFT Sales Drop 44%; Logan Paul Sues; Japan Innovates

NFT Sales Drop 44%; Logan Paul Sues; Japan Innovates

ByGregor Ziegler

In A Nutshell This week’s edition of the Nifty Newsletter highlights significant movements in the NFT (non-fungible token) market, including a notable 44% decline in sales. Amidst this market fluctuation, social media influencer Logan Paul has initiated a defamation lawsuit against YouTuber Stephen Findeisen, known as Coffeezilla, over allegations made against Paul’s NFT project, CryptoZoo….

Celebrity Crypto Tokens Stir Web3 Debate

Celebrity Crypto Tokens Stir Web3 Debate

ByAbby Richards

In A Nutshell The emergence of celebrity-backed tokens in the cryptocurrency market has sparked a debate among Web3 executives and professionals. These tokens, often referred to as celebrity memecoins, have divided opinions on their potential impact on the crypto ecosystem. Proponents argue that they serve as an accessible on-ramp for new users into the world…

Leave a Reply

Your email address will not be published. Required fields are marked *