1 hour ago
16
South Korea’s Personal Information Protection Commission (PIPC) slapped Bithumb with a 210 million won fine, roughly $164,000, for violations related to the transfer of user data. The penalty, issued on May 1, lands on an exchange already buried under regulatory trouble.
This isn’t even Bithumb’s biggest fine this year. In March 2026, South Korea’s Financial Intelligence Unit (FIU) hit the exchange with a staggering 36.8 billion won penalty, approximately $24.6 million, for anti-money laundering and know-your-customer violations. The FIU identified roughly 6.65 million individual breaches in Bithumb’s AML/KYC compliance during that investigation.
And this isn’t a new story for Bithumb. Back in 2017, the exchange was fined 58.5 million won following a customer data breach. Nearly a decade later, the same exchange is still drawing penalties for how it handles user information.
The PIPC fine specifically targets user data transfer practices. The commission has been reviewing how Bithumb and other exchanges share data, including order book and trading information, with international platforms. Under South Korea’s Personal Information Protection Act (PIPA), this kind of cross-border data sharing falls squarely under the umbrella of regulated user data handling.
Amendments to PIPA, set to take effect in September 2026, dramatically raise the stakes for data protection violations. Under the new rules, companies could face fines amounting to 10% of total revenue for serious infractions. The amendments also introduce personal accountability for CEOs, meaning executives could face consequences directly tied to their company’s data handling failures.
For a major exchange like Bithumb, 10% of revenue would dwarf the current 210 million won penalty by orders of magnitude. The September deadline gives exchanges a few months to get their data practices in order before the regulatory hammer gets considerably heavier.
The PIPC’s investigation into order book data sharing with overseas platforms is particularly notable. It suggests regulators are looking beyond identity verification and into the operational mechanics of how exchanges interact with the global crypto ecosystem. Sharing trading data internationally is standard practice across the industry, but Korean regulators are signaling that this practice needs to comply with domestic data protection law.
For anyone holding assets on Bithumb or considering it, the exchange is facing regulatory pressure from multiple directions simultaneously: data protection fines from PIPC, a $24.6 million AML penalty from the FIU, ongoing investigations into cross-border data sharing, and a significantly stricter penalty regime arriving in September.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
English (US) ·