South Korea’s push to manage crypto person information simply bought sharper enamel. Bithumb, one of many nation’s largest cryptocurrency exchanges, has been ordered to pay 210 million gained (roughly $136,000) by the Private Data Safety Fee after regulators discovered it had transferred person information abroad with out assembly all the necessities beneath the Private Data Safety Act. The tremendous comes with a corrective order — which means Bithumb should overhaul the way it handles cross-border information transfers earlier than transferring person data overseas once more.
Key takeaways
- Bithumb was fined 210 million gained ($136,000) for breaching South Korea’s abroad private data switch guidelines.
- The trade shared its Tether USDT market order e-book with abroad exchanges between September and November 2025 with out full person consent, sending information to BingX slightly than the permitted Stellar trade.
- Bithumb additionally transferred private information — together with names, pockets addresses, and dates of beginning — to 13 abroad exchanges for AML compliance checks.
- South Korean regulators had beforehand fined Bithumb 36.8 billion gained for AML-related violations, making this the newest in a sample of escalating enforcement.
- The Private Data Safety Fee concurrently launched new blockchain privateness tips urging companies to restrict identifiable on-chain information from the outset of product design.
Bithumb Penalized for Violating Private Information Switch Guidelines
The choice adopted the fee’s twelfth plenary assembly on June 24. Regulators decided that Bithumb had moved private data abroad on two separate fronts — via order-book sharing preparations and thru digital asset transfers — with out satisfying the consent and see obligations mandated by South Korean legislation.
Past the monetary penalty, the corrective order carries actual operational weight. Bithumb should repair its abroad switch procedures and make these processes clearly seen in its private data processing coverage. It’s not only a tremendous for previous conduct; it’s a directive to restructure compliance going ahead.
What the Breach Really Concerned
The case traces again to questions raised throughout a 2025 parliamentary audit about how Bithumb was sharing order-book information with abroad platforms. Order-book sharing is a standard liquidity mechanism — it lets exchanges pool purchase and promote orders so trades can match throughout completely different platforms. However when person identifiers and order information cross borders within the course of, privateness legislation follows.
Regulators discovered that Bithumb shared its Tether USDT market order e-book with abroad exchanges from September to November 2025. The issue went deeper than the switch itself: customers had consented to information being despatched to Stellar trade, however the information was really routed to a system operated by bingx.com. The recipient didn’t match what customers had permitted.
That distinction issues. South Korean privateness legislation ties abroad information transfers intently to a person’s proper to self-determination over their private data. Consent given for one platform doesn’t cowl one other, even when the said function is equivalent.
Transfers to 13 Exchanges Added a Second Layer of Violations
Regulators additionally scrutinized Bithumb’s digital asset switch practices, uncovering a second class of breach. The trade had offered sender and recipient information — together with names, pockets addresses, and in no less than one occasion dates of beginning — to 13 abroad exchanges as a part of anti-money laundering checks.
The fee acknowledged that AML obligations throughout digital asset transfers can legitimately require sharing sure private data. However that necessity doesn’t waive the procedural necessities. Companies nonetheless have to observe consent and see procedures beneath the Private Data Safety Act earlier than sending information overseas, whatever the compliance rationale behind the switch.
The regulator’s framing was pointed: “The cross-border switch of private data is a matter intently associated to the information topic’s proper to self-determination.” That language alerts that regulators are treating privateness rights and AML obligations as parallel obligations, not competing ones the place AML takes priority.
Why This Positive Issues Extra Than the Greenback Quantity Suggests
At $136,000, the penalty is modest in comparison with Bithumb’s earlier regulatory troubles. South Korean authorities had beforehand fined the trade 36.8 billion gained — a a lot heavier blow — tied to AML failures involving buyer checks, transaction monitoring, and transfers involving unregistered abroad digital asset service suppliers.
However the significance of this newest motion is much less concerning the sum and extra about what it alerts. South Korea is now weaving information privateness enforcement instantly into its crypto oversight framework, alongside AML and tax reporting obligations. Korean exchanges should concurrently observe person funds, display screen abroad platforms for AML compliance, and shield private data throughout each cross-border interplay. The regulatory floor space is increasing quick.
There may be additionally a structural implication for a way liquidity partnerships work in apply. The Bithumb case demonstrates that even routine order-book sharing preparations can change into privateness violations if person identifiers transfer throughout borders to a platform completely different from the one customers consented to. Exchanges that depend on abroad liquidity companions now have a concrete precedent displaying what that publicity appears like beneath South Korean legislation.
New Blockchain Privateness Tips Elevate the Stakes Trade-Large
The fee didn’t restrict its June 24 session to the Bithumb penalty. Alongside the sanction, it launched new tips for private data safety in blockchain companies — a transfer that extends the regulatory sign properly past one trade.
The rules handle what regulators referred to as the particular privateness challenges of blockchain methods: transaction information which can be clear, distributed, and troublesome or unimaginable to delete. Among the many particular areas lined are controls over on-chain disclosures, dangers from transaction monitoring, information sharing amongst members, and the destruction of private data.
The fee’s central advice is that privateness safety ought to be in-built from the starting stage — not retrofitted after deployment. That precept, typically referred to as privateness by design, locations the compliance burden on builders and operators earlier than a blockchain product goes stay slightly than after a regulator comes knocking.
The watchdog added that it’s going to proceed responding strictly to violations of the Private Data Safety Act whereas working to set requirements that stability information safety with the accountable improvement of latest applied sciences. For an business that has traditionally handled on-chain transparency as a function slightly than a legal responsibility, that framing represents a significant shift in regulatory expectations.
South Korea can also be transferring on a broader worldwide entrance. Plans to share crypto transaction information with 48 international locations beneath the OECD Crypto-Asset Reporting Framework present that Korean authorities are constructing a coordinated, multi-layered oversight system — one the place AML checks, tax reporting, and private information safety more and more function as a single compliance problem for any trade with abroad connections.
FAQ
Why was Bithumb fined by South Korean regulators?
Bithumb was fined for breaching South Korea’s guidelines on abroad private data switch. The trade shared person information — together with order-book data and private particulars — with abroad exchanges with out acquiring correct person consent, violating the Private Data Safety Act.
What information did Bithumb share abroad with out full consent?
Bithumb shared its Tether USDT market order e-book with abroad exchanges between September and November 2025, and individually transferred private person data — together with names, pockets addresses, and dates of beginning — to 13 abroad exchanges as a part of AML compliance checks.
What corrective actions did the regulator require from Bithumb?
Bithumb was ordered to appropriate its abroad information switch processes to fulfill the authorized requirements required earlier than sending person information overseas. It should additionally clearly clarify these switch preparations inside its private data processing coverage.
What new tips did South Korea’s Private Data Safety Fee launch?
The fee launched blockchain privateness tips emphasizing controls over on-chain data disclosures, dangers from transaction monitoring, information sharing amongst members, and the challenges of deleting information on distributed ledgers. The rules name on companies to include privateness safety from the earliest phases of blockchain service design — a privacy-by-design method — slightly than addressing it reactively after launch.
Article produced with the help of synthetic intelligence and reviewed by the editorial workforce.