Altcoins Crypto News Exchanges Regulation & Policy Tether

South Korea Fines Bithumb $136K for Overseas User Data Sharing

South Korea Fines Bithumb $136k For Overseas User Data Sharing
South Korea Fines Bithumb $136k For Overseas User Data Sharing

South Korea’s Personal Information Protection Commission (PIPC) has ordered cryptocurrency exchange operator Bithumb to pay a $136,000 fine for violating personal information protection rules tied to cross-border data transfers. The decision underscores the legal expectations for consent and handling of personal data when crypto trading activities involve overseas counterparties.

In a notice issued on Thursday, the PIPC said its investigation found Bithumb transferred personal information overseas without separate consent from data subjects during processes related to “order book sharing” and “virtual asset transfer” with foreign exchanges. The regulator linked the conduct to Bithumb’s arrangements involving Tether (USDT) trading data and user information sharing with multiple overseas platforms.

Key takeaways

  • PIPC imposed a $136,000 fine on Bithumb for breaches of South Korea’s personal data protection requirements involving overseas transfers.
  • The regulator found Bithumb shared personal information with 13 overseas exchanges and also used overseas counterparties to facilitate order book sharing and virtual asset transfers.
  • PIPC acknowledged an anti-money laundering rationale for providing certain information, but emphasized strict compliance for cross-border transfer and data-subject self-determination.
  • The case highlights how crypto compliance programs must address privacy and consent alongside AML/KYC obligations.

PIPC’s findings: cross-border transfers and the consent requirement

According to the PIPC notice, the regulator’s review focused on how Bithumb conducted certain operational integrations with foreign trading venues. The PIPC stated that Bithumb transferred personal information overseas without obtaining separate consent from the data subjects in the context of order book sharing and virtual asset transfer workflows.

The decision cites order book sharing for USDT between September and November 2025, when Bithumb worked with BingX. The PIPC further noted that while Bithumb obtained consent to share data with Stellar, it still carried out overseas data sharing through additional channels.

The PIPC’s framing is important for compliance teams: even where an exchange can justify the need to share information for anti-money laundering purposes, regulators may still require that cross-border personal-data transfers meet the procedural and consent standards under South Korea’s Protection Act.

Why the decision matters for exchanges and compliance programs

For crypto firms operating internationally—or coordinating with overseas counterparties—this case illustrates a practical enforcement boundary between AML-related information sharing and privacy law obligations. The PIPC explicitly recognized the necessity of providing personal information for AML when transferring virtual assets to other exchanges. However, it concluded that, with respect to overseas transfer of personal information, exchanges must treat the issue as closely connected to individuals’ rights.

In practice, the compliance implication is that exchanges may need more granular consent management and documented procedures around cross-border data flows. That includes assessing whether existing consents cover each specific foreign transfer pathway, whether the scope aligns with the intended processing and recipients, and whether data-sharing arrangements reflect the “data subject’s right to self-determination” described in the notice.

This also raises operational questions for regulated market participants: privacy controls cannot be treated as a one-time onboarding step. Instead, they must be maintained as exchanges expand routing, liquidity sharing, or transfer mechanisms across borders.

Enforcement context: Bithumb under regulatory scrutiny

Bithumb is one of South Korea’s largest cryptocurrency exchanges and has faced intense regulatory attention. The exchange has previously been subject to actions by financial authorities over alleged violations of South Korea’s Financial Information Act. In March, the country’s financial regulator imposed a six-month suspension, but a court later reversed that decision in April.

More recently, reporting indicated that police conducted raids at Bithumb’s offices as part of an investigation related to alleged nepotism involving a South Korean lawmaker, adding to the broader compliance and governance scrutiny surrounding the firm.

While these matters span different regulatory regimes—personal data protection versus financial supervision and other enforcement areas—they collectively signal a risk that institutional stakeholders cannot separate privacy, market conduct, and governance issues in crypto oversight. For banks, payment firms, and institutional investors with exposure to crypto ecosystems, such enforcement patterns can affect counterparties’ compliance posture and the perceived robustness of their control environments.

Broader policy backdrop: tax changes and law enforcement coordination

South Korea’s crypto regulatory environment is also evolving through fiscal and public-safety measures. The Ministry of Finance confirmed in May that a 22% tax on cryptocurrency gains is scheduled to take effect beginning January 2027, after previous postponements. The change is likely to affect a large base of retail investors holding digital assets in the country.

In parallel, blockchain analytics and law enforcement coordination has moved forward. Chainalysis reported a memorandum of understanding with the Korean National Police Agency (KNPA) intended to enhance investigative capability within South Korea. The stated focus includes improving responses to crypto crime, including attacks linked to North Korea.

Taken together, these policy directions show that South Korean authorities are simultaneously strengthening compliance expectations for regulated entities and expanding domestic enforcement capacity. The Bithumb privacy fine fits within this wider trend: regulators are treating data protection and cross-border information handling as part of the overall integrity framework for crypto markets.

Closing perspective

The PIPC’s order against Bithumb highlights that exchanges must align their AML-driven information-sharing processes with privacy consent and cross-border transfer requirements. Compliance leaders should watch for how similar cases are handled in South Korea—particularly around data transfer scopes tied to liquidity/order book sharing—since enforcement could shape how crypto firms structure cross-border operational integrations.

Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure

The Crypto Breaking News editorial team curates the latest news, updates, and insights from the global cryptocurrency and blockchain industry.

Related Posts