The Personal Information Protection Commission of South Korea (PIPC) has ordered Bithumb to pay 210 million won (approximately $136,000). The cryptocurrency exchange was fined for transferring user data to foreign companies without their consent.
According to the agency, the violations occurred between September and November 2025. Bithumb shared information from its order book for pairs with USDT.
It was revealed that while the exchange obtained client permission to share data with the Stellar platform, it actually sent the information to a platform managed by BingX.
The regulator also identified violations involving transfers to 13 other foreign exchanges. Bithumb transmitted users' names, birth dates, and wallet addresses without obtaining full consent.
The commission has demanded that Bithumb rectify its data transfer protocols. The agency emphasized that cross-border transfers of personal information require strict adherence to the law and protection of data subjects' rights.
Simultaneously, the PIPC released guidelines for blockchain companies. The document takes into account the specifics of the technology: transparency and the impossibility of deleting records. The regulator recommended not to include on-chain data that could identify individuals, such as names or social security numbers.
It is worth noting that on June 11, the Personal Information Protection Commission of South Korea imposed a record fine of 624.6 billion won on tech giant Coupang following a massive data breach.