South Korea Fines Bithumb $136K for Overseas User Data Sharing

South Korea’s Personal Information Protection Commission (PIPC) has ordered cryptocurrency exchange Bithumb to pay a $136,000 fine after finding that the platform violated the country’s personal data protection rules by transferring user information overseas without obtaining separate consent.

In a notice published Thursday, the regulator said the breach occurred during Bithumb’s processes for sharing order books and transferring virtual assets with overseas exchanges. The PIPC’s findings place additional compliance pressure on major South Korean trading venues as authorities tighten both privacy and financial-crime controls.

Key takeaways

• The PIPC fined Bithumb $136,000 for transferring personal data abroad without separate consent during certain exchange-to-exchange operations.


• The regulator linked the violation to order book sharing and virtual asset transfers tied to overseas platforms.


• PIPC acknowledged that anti-money laundering (AML) needs can justify data provision, but said overseas personal data transfers still require strict adherence to legal procedures and the data subjects’ self-determination rights.


• Bithumb’s case comes amid heightened scrutiny from South Korean regulators and law enforcement, following past enforcement actions and reported raids.

PIPC’s rationale: AML use is not a blanket permission

According to the PIPC, Bithumb transferred personal information overseas in connection with order book sharing and virtual asset transfers involving foreign exchanges. The regulator concluded that the exchange handled personal data in a way that did not satisfy the consent and procedural requirements set out under South Korea’s Protection Act.

The notice also explained the logic of its decision. The PIPC said there is a necessity to provide personal information for AML purposes when transferring virtual assets to other exchanges. However, when it comes to overseas transfers of personal data, the PIPC emphasized that the data subject’s right to control their information must be respected through strict compliance with required procedures.

“As this is a closely related matter, it is necessary to strictly comply with the requirements and procedures stipulated in the Protection Act,” the PIPC said in its notice (translation).

The PIPC’s published decision is available on the regulator’s website.

Tether order-book sharing and overseas exchange data handling

While privacy regulators rarely disclose every operational detail in enforcement notices, the PIPC’s account connected Bithumb’s breach to specific activities. The regulator said the incident was related to Bithumb sharing Tether (USDT) order books with BingX between September and November 2025.

The PIPC noted that Bithumb had obtained consent to share data with Stellar, but the order-book sharing described in the notice involved an overseas exchange partner—where the regulator determined separate consent for the overseas personal data transfer was not obtained.

In addition to the order book-sharing matter, the PIPC said the violation also involved Bithumb sharing user information with 13 overseas exchanges. Taken together, the regulator’s framing suggests the problem was not limited to a single counterpart; rather, it reflected how personal data was handled across multiple foreign relationships during exchange operations.

Why this matters for South Korea’s crypto compliance landscape

South Korea has been one of the most actively regulated crypto markets in Asia, and enforcement actions have increasingly targeted more than just anti-money laundering. The PIPC’s decision underscores that exchanges operating locally must manage privacy obligations with the same rigor they apply to financial compliance.

For investors and market participants, the practical effect is straightforward: compliance failures can lead to fines and reputational damage, and repeated regulatory scrutiny can influence how quickly exchanges adapt their systems for data handling, third-party information sharing, and cross-border workflows.

Just as importantly, the PIPC’s reasoning draws a line between AML-related data sharing needs and what it described as the separate right of data subjects regarding self-determination. In other words, AML necessity does not automatically override consent and procedural safeguards when personal data crosses borders.

Bithumb under pressure amid broader enforcement and public attention

Bithumb is among the largest crypto exchanges in South Korea, and the PIPC fine adds to an already difficult regulatory environment for the platform.

Earlier, South Korea’s financial watchdog imposed a six-month suspension on Bithumb’s activities in March over alleged violations of the country’s Financial Information Act. A court later reversed that decision in April, but the history shows that Bithumb’s compliance challenges have been a recurring theme.

More recently, police reportedly raided Bithumb’s offices as part of an investigation into alleged nepotism involving South Korean lawmaker Kim Byung-gi. While that matter is separate from the PIPC’s personal data ruling, it contributes to the perception that the exchange remains at the center of multiple, overlapping investigations.

Related coverage in earlier reporting noted: Cointelegraph previously reported on the financial watchdog’s suspension decision (link).

South Korea crypto regulation isn’t slowing: taxes and law-enforcement upgrades

The fine arrives as other policy and enforcement developments continue to shape the South Korean crypto market. The country’s Finance Ministry confirmed in May that a 22% tax on cryptocurrency gains will be imposed starting in January 2027, after earlier timelines shifted away from an expected 2025 start. According to the Yonhap news agency, about 16 million South Koreans were invested in digital assets as of March 2025.

Separately, Chainalysis said it signed a memorandum of understanding with the Korean National Police Agency (KNPA) aimed at building investigative capability within South Korea’s law enforcement. Earlier coverage tied the pact to efforts to combat North Korea-linked crypto attacks, with police “at the forefront” of tackling these threats.

Earlier coverage mentioned: Cointelegraph reported on the Chainalysis and KNPA memorandum of understanding (link).

For traders, developers, and users, the combined picture is clear: compliance requirements in South Korea are broadening across privacy, taxation, and investigative capability—meaning operational choices like cross-border data sharing during exchange partnerships are now likely to be scrutinized more closely.

Going forward, market watchers should focus on how major exchanges revise consent management and cross-border data-transfer processes, and whether South Korean regulators publish additional guidance or enforcement actions that clarify how AML-driven data provision should be implemented alongside privacy protections.

https://www.cryptobreaking.com/south-korea-fines-bithumb-136k/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=South%20Korea%20Fines%20Bithumb%20$136K%20for%20Overseas%20User%20Data%20Sharing%20