Bithumb Fined $136,000 Over User Data Transfers to BingX

In addition to the administrative fine, the regulator ordered Bithumb to urgently improve its overseas data-transfer procedures. The PIPC also introduced the country’s first data-protection guidelines specifically for blockchain companies.

According to the PIPC’s June 26 announcement, the investigation was launched after South Korea’s National Assembly raised questions about how Bithumb shared order-book data with foreign exchanges during its 2025 oversight review.

An order book displays all buy and sell orders on an exchange. Some platforms share this information to allow users to match orders against liquidity from multiple venues, helping transactions execute faster and more smoothly.

The investigation found that between September and November 2025, Bithumb shared order-book data for USDT trading markets, including user identifiers and information related to trading orders, with an overseas partner.

However, when obtaining user consent, Bithumb stated that the data would be transferred to Stellar Exchange. The information was instead sent to the bingx.com system operated by the BingX exchange.

The PIPC also found that when helping users transfer assets to 13 foreign exchanges, Bithumb shared additional personal data, including names, wallet addresses, and dates of birth, with overseas partners without completing all legally required consent procedures.

Bithumb stated that the data sharing was intended to comply with anti-money laundering requirements. However, the PIPC stressed that even where AML purposes are valid, companies must comply with all legal procedures for transferring personal information abroad, including obtaining separate user consent under the Personal Information Protection Act.

The regulator emphasised that overseas transfers of personal data directly concern an individual’s right to control their own information. Companies must therefore strictly comply with all legal conditions and procedures.

South Korea Introduces First Blockchain Data-Protection Guidelines

Alongside its decision to fine Bithumb, the PIPC released its “Personal Information Protection Guidelines for Blockchain Services,” the first framework designed specifically for businesses using blockchain technology in South Korea.

The new guidelines require companies to limit the direct recording of personally identifiable information on blockchains, such as names or identification numbers. They also set principles for data management between network participants, reducing the traceability of on-chain information, and developing data-handling procedures compatible with blockchain’s immutable nature.

The PIPC said it will continue to take strict action against violations involving overseas transfers of personal data and will further develop the necessary legal standards.