South Korea’s second-largest crypto exchange, Bithumb, has ended its relationship with Heleket, a global cryptocurrency payment processor. The decision was driven by concerns over anti-money laundering and terrorism financing risks. This move comes as Bithumb tries to improve its compliance record. Earlier this year, South Korean regulators dropped a 36.8 billion won ($24.6 million) fine against the exchange for processing thousands of transactions through unregistered foreign platforms.
Why Bithumb severed ties with Heleket
The decision was not random. Blockchain intelligence firm TRM Labs published research last month. It assessed, with high confidence, that Heleket and Cryptomus, a Russia-linked payment processor, are operationally connected. TRM found shared infrastructure, personnel, branding, and on-chain activity between the two.
TRM’s analysis also discovered that Heleket was established in January 2025. This was just after Cryptomus introduced mandatory know-your-customer (KYC) controls. Those new rules drove Cryptomus’s on-chain volume down from $153 million in January 2025 to $86 million by March. The timing suggests Heleket was built to attract users fleeing Cryptomus’s new KYC requirements.
Illegal activity and regulatory violations
In October 2025, Cryptomus was hit with a record-breaking fine of around CAD 177 million by Canada’s Financial Transactions and Reports Analysis Centre (FINTRAC). The penalty was for violating money laundering and terrorist financing laws.
TRM also observed that between 2022 and 2025, Cryptomus became a major hub for illegal activities. It processed hundreds of millions of dollars for child pornography vendors, terrorist financing networks, and others trying to bypass international sanctions through the now-blacklisted Russian exchange Garantex.
According to TRM Labs’ data, Heleket’s own illegal exposure was about five times the average recorded across payment service providers. The first major liquidity that flowed into Heleket came directly from Garantex. This is an unusual pattern for any service claiming to operate within European Union regulations.
Contradictions in Heleket’s compliance claims
Heleket’s AML/KYC policy on its website states it will not cooperate with individuals on designated sanctions lists. It also claims that it verifies customer identities. TRM, however, noted that users can complete transactions on the platform without providing any identity documentation. This is a direct contradiction of their public procedures.
Bithumb’s broader compliance challenges
Bithumb’s decision to cut off Heleket is part of a broader trend of forced compliance upgrades at the exchange. According to Cryptopolitan, South Korea’s Financial Intelligence Unit (FIU) caught approximately 6.65 million violations of the Specific Financial Information Act on Bithumb. These included processing 45,772 transactions with unregistered foreign crypto platforms without properly verifying customer identities.
The FIU also imposed a six-month partial business suspension alongside the fine back in March. However, Bithumb immediately fought back in court. On April 30, the Seoul Administrative Court’s 2nd Division granted an injunction that paused the suspension while the legal dispute continues.
To make things worse for Bithumb, the Financial Services Commission (FSC) found “deficiencies in Bithumb’s internal control system” during a separate investigation. This probe was into an earlier incident in February where a staffer accidentally sent out 620,000 Bitcoins instead of 620,000 won during a promotional payout. This error was worth roughly $40 billion, according to Cryptopolitan.
As a result, the FSC has tightened regulations for all major South Korean exchanges. They now require exchanges to perform reconciliation checks every five minutes, implement automatic trading halts for major mismatches, and conduct monthly audits.
