Bithumb Fined $136K by South Korean Regulator for Illicit User Data Sharing
South Korea's PIPC fined Bithumb $136K for sharing user data overseas without consent during order book and asset transfers with BingX and 13 other exchanges, highlighting tightening privacy enforcement.
Quick Take
Bithumb shared USDT order books with BingX despite consent for Stellar
Data transferred to 13 overseas exchanges without user approval
Fine signals stricter personal information enforcement in Korea
Market Impact Analysis
NeutralThe fine is specific to one exchange and does not directly affect crypto prices or market structure.
Speculation Analysis
Key Takeaways
- Bithumb fined $136K for sharing user data with 13 exchanges without user consent.
- Data transfers occurred during USDT order book sharing with BingX from September to November 2025.
- PIPC emphasizes strict compliance with personal information protection amidst anti-money laundering requirements.
- The fine signals intensified privacy enforcement for Korean crypto exchanges.
What Happened
South Korea’s Personal Information Protection Commission (PIPC) fined cryptocurrency exchange Bithumb $136,000 for sending user data to overseas exchanges without proper consent. The violation stemmed from Bithumb sharing its Tether (USDT) order books with BingX and 12 other platforms between September and November 2025.
Users had only agreed to data transfers with Stellar, but Bithumb expanded the sharing without notifying them or obtaining separate approval. The PIPC found this breached personal information protection rules, ordering the fine and demanding tighter compliance.
The Numbers
The $136,000 penalty, while modest, underscores a serious privacy lapse. Bithumb transmitted user data to at least 13 overseas exchanges, with BingX playing a central role in the USDT order book sharing. The unauthorized transfers occurred over three months from September to November 2025. The exchange had collected consent solely for Stellar-related data exchanges, making the BingX transfers a clear violation. PIPC emphasized that even when anti-money laundering measures necessitate some data sharing, separate user consent is legally required for overseas transfers.
Why It Happened
Bithumb likely prioritized operational efficiency over data privacy as it sought to maintain competitive order book depth and asset transfer capabilities. The exchange may have assumed broad consent covered partner platforms, but PIPC’s ruling makes clear that consent must be explicit and specific. The incident highlights a cultural tension within crypto: rapid expansion and integration with global markets can outpace compliance frameworks. With regulators now cracking down, exchanges must balance innovation with strict adherence to data protection laws.
Broader Impact
This fine could herald tougher enforcement of South Korea’s Personal Information Protection Act across the crypto sector. Other exchanges may face audits or penalties for similar data sharing practices. For Bithumb, already navigating a six-month suspension attempt and a nepotism probe, the fine adds to a growing list of regulatory headaches. It may also damage user trust at a time when Korea’s 22% crypto tax, set for 2027, puts exchanges under heightened scrutiny.
What to Watch Next
- Will PIPC expand investigations to other Korean exchanges like Upbit or Korbit?
- How Bithumb adjusts its data consent workflows to prevent future breaches.
- Whether this fine influences Bithumb’s ongoing legal battles and its market share in South Korea.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
