South Korea's Personal Information Protection Commission (PIPC) fined cryptocurrency exchange Bithumb 210 million Korean won (approximately $136,000) after the company improperly shared users' personal information with overseas platforms without obtaining required consent. The violations occurred between September and November of 2025 when Bithumb transmitted user data to BingX instead of the consented Stellar exchange while providing Tether (USDT) market order book services. The enforcement action reflects South Korea's strict enforcement of its Personal Information Protection Act, which requires explicit user consent for cross-border data transfers and protects users' rights to control their own data.
PIPC Identifies Unauthorized Data Sharing Across 13 Exchanges
According to the regulator, Bithumb shared user information between September and November of 2025 while providing Tether (USDT) market order book services. Although users consented to the transfer of their data to the Stellar exchange, the information was instead transmitted to a platform operated by BingX.
The PIPC also found that Bithumb failed to secure adequate user consent when sharing personal information, including names, wallet addresses, and dates of birth, while facilitating transfers with 13 overseas cryptocurrency exchanges. The commission explained that cross-border transfers of personal information are closely tied to users' rights to control their own data and therefore require strict adherence to the legal requirements governing consent and data protection.
Regulator Orders Compliance Improvements and Issues Blockchain Privacy Guidelines
In addition to the financial penalty, the regulator ordered Bithumb to strengthen its procedures for transmitting personal information across borders to ensure compliance with South Korea's Personal Information Protection Act.
Alongside the enforcement action, the PIPC released new privacy guidelines that are specifically designed for blockchain businesses. The guidance recognizes the unique characteristics of blockchain technology, including its transparency, decentralization, and immutability, and advises companies not to store personally identifiable information, like names or social security numbers, directly on-chain.
FAQ
What did South Korea's PIPC fine Bithumb for?
The Personal Information Protection Commission fined Bithumb 210 million Korean won (approximately $136,000) for improperly sharing users' personal information with overseas platforms without obtaining the required consent.
When did Bithumb's data sharing violations occur?
The violations occurred between September and November of 2025 when Bithumb shared user information while providing Tether (USDT) market order book services.
What new guidelines did the PIPC issue for blockchain companies?
The PIPC released privacy guidelines advising blockchain firms not to store personally identifiable information, like names or social security numbers, directly on-chain, recognizing blockchain's transparency, decentralization, and immutability.
