South Korean authorities have levied a significant penalty against the cryptocurrency exchange Bithumb, ordering the company to pay 210 million Korean won (approximately $136,000 USD) for violations related to the protection of personal user information. The enforcement action stems from allegations that Bithumb improperly shared user data with overseas platforms without obtaining explicit and comprehensive consent from its clientele.
Key Takeaways
- Bithumb has been fined 210 million won ($136,000 USD) by South Korea’s Personal Information Protection Commission (PIPC).
- The penalty is for violating personal information protection rules, specifically regarding the sharing of user data with overseas platforms.
- Bithumb shared user information, including wallet addresses and dates of birth, with 13 overseas exchanges without adequate consent.
- The PIPC emphasized the critical importance of user consent for cross-border data transfers.
- New guidelines have been issued for blockchain firms, advising against on-chain recording of personally identifiable information.
The alleged breaches occurred between September and November 2025, when Bithumb reportedly shared its Tether USDT market order books. While Bithumb claimed user consent was obtained for data transfer to the Stellar exchange, the Personal Information Protection Commission (PIPC) determined that the information was, in fact, transmitted to a platform operated by BingX. Further scrutiny revealed that Bithumb also failed to secure full user consent when transferring sensitive personal details such as names, wallet addresses, and dates of birth in connection with facilitating transfers with thirteen other international exchanges.
In response to these findings, the PIPC has mandated that Bithumb revise its protocols for the transmission of user information across borders. The commission stressed that “cross-border transfer of personal information is a matter closely related to the data subject’s right to self-determination, and therefore requires meticulous compliance with the requirements and procedures stipulated in the Personal Information Protection Act.” This statement underscores the stringent legal framework governing data privacy and the serious implications of non-compliance for financial technology firms.
Regulatory Precedent and Future Compliance
This enforcement action against Bithumb sets a notable precedent for the regulation of cryptocurrency exchanges operating within and connecting to South Korean markets. The PIPC’s detailed findings and the substantial penalty highlight a growing regulatory focus on data privacy within the digital asset industry, a sector often characterized by rapid innovation and complex data flows. The commission’s issuance of specific information protection guidelines tailored for blockchain firms further signals a proactive approach to establishing clear compliance standards.
These new guidelines, which advise against the on-chain recording of personally identifiable information due to the inherent transparency and immutability of blockchain technology, are crucial. They aim to balance the technological characteristics of distributed ledgers with the imperative to protect individual privacy rights, as mandated by the Personal Information Protection Act. Companies in the blockchain space, particularly exchanges facilitating cross-border transactions, must now ensure their operational frameworks align with these directives to avoid similar penalties and maintain user trust. This development is indicative of a global trend where regulators are increasingly scrutinizing how digital asset platforms handle sensitive user data, especially in the context of international operations, aligning with frameworks such as Europe’s MiCA (Markets in Crypto-Assets) regulation which also places emphasis on consumer protection and data integrity.
Source: : www.theblock.co