South Korea’s second-largest crypto exchange, Bithumb, has severed ties with Heleket, a global cryptocurrency payment processor, due to anti-money laundering and terrorism financing risks. The news arrives as Bithumb works to improve its compliance record after South Korean regulators dropped a 36.8 billion won ($24.6 million) fine against the exchange earlier this year for processing tens of thousands of transactions through unregistered foreign platforms. Why did Bithumb cut ties with Heleket? The decision to drop Heleket was not random. Blockchain intelligence firm TRM Labs published research last month assessing “with high confidence” that Heleket and Cryptomus, a Russia-linked payment processor, are operationally connected through shared infrastructure, personnel, branding, and on-chain activity. TRM Labs reported that the initial liquidity into Heleket’s wallets came from Garantex. Source: TRM Labs. TRM’s analysis also discovered that Heleket was established in January 2025, just after Cryptomus introduced mandatory know-your-customer (KYC) controls that drove its on-chain volume down from $153 million in January 2025 to $86 million by March. The timing suggests Heleket was built to attract the users fleeing Cryptomus’s new KYC requirements. In October 2025, Cryptomus was hit with a record-breaking fine of around CAD 177 million by Canada’s Financial Transactions and Reports Analysis Centre (FINTRAC) for violating money laundering and terrorist financing laws. TRM also observed that between 2022 and 2025, Cryptomus had become a major hub for illegal activities, processing hundreds of millions of dollars for child pornography vendors, terrorist financing networks, and others trying to bypass international sanctions through the now-blacklisted Russian exchange Garantex. Cryptomus was fined in Canada for violating money laundering and terrorist financing laws. Source: TRM Labs. According to TRM Labs’ data, Heleket’s own illegal exposure was about five times the average recorded across payment service providers. The first major liquidity that flowed into Heleket came directly from Garantex, which is an unusual pattern for any service claiming to operate within European Union regulations. Heleket’s AML/KYC policy on its website states it will not cooperate with individuals on designated sanctions lists while claiming that it verifies customer identities. TRM, however, noted that users can complete transactions on the platform without providing any identity documentation, which is a direct contradiction of their public procedures. Bithumb has its own compliance problems Bithumb’s decision to cut off Heleket is part of a broader trend of forced compliance upgrades at the exchange. According to Cryptopolitan , South Korea’s Financial Intelligence Unit (FIU) caught approximately 6.65 million violations of the Specific Financial Information Act on Bithumb, including processing 45,772 transactions with unregistered foreign crypto platforms without properly verifying customer identities. The FIU also imposed a six-month partial business suspension alongside the fine back in March. However, Bithumb immediately fought back in court, and on April 30, the Seoul Administrative Court’s 2nd Division granted an injunction that paused the suspension while the legal dispute continues. To make things worse for Bithumb, the Financial Services Commission (FSC) in a separate investigation found “deficiencies in Bithumb’s internal control system” during an investigation into an earlier incident in February where a staffer accidentally sent out 620,000 Bitcoins instead of 620,000 won during a promotional payout. This error was worth roughly $40 billion, according to Cryptopolitan . As a result, the FSC has tightened regulations for all major South Korean exchanges, requiring them to perform reconciliation checks every five minutes, implement automatic trading halts for major mismatches, and conduct monthly audits. If you're reading this, you’re already ahead. Stay there with our newsletter .