South Korea’s Personal Information Protection Commission (PIPC) has imposed a 210 million Korean won (approximately $136,000) penalty on the cryptocurrency exchange Bithumb for transferring user personal information to overseas platforms without proper consent.
The violation involved Bithumb’s sharing of its Tether (USDT) market order books between September and November 2025. While users had granted permission for data transfer to the Stellar exchange, the PIPC found that member numbers and order information were actually sent to a system operated by BingX. The regulator also determined that Bithumb failed to obtain full consent when sharing user names, wallet addresses, and dates of birth during transfers with 13 overseas exchanges for anti-money laundering purposes.
The PIPC issued a corrective order requiring Bithumb to overhaul its overseas data transfer procedures and stressed that cross-border personal information handling is deeply tied to a user’s right to self-determination. Alongside the fine, new blockchain-specific privacy guidelines were released, urging firms to avoid recording identifiable details such as names and social security numbers directly on public ledgers.
