An unprecedented error at cryptocurrency exchange Bithumb led to the mistaken payout of 620,000 Bitcoins, exposing serious structural flaws in the exchange’s internal controls that were triggered by an employee’s erroneous input. On Friday, Bithumb mistakenly gave out 620,000 Bitcoins to 249 users, instead of the 620,000 won ($420) that was originally meant to be handed out. Based on prices at the time, the erroneous transfer amounted to about 60.76 trillion won ($41.39 billion) as an average of about 2,490 Bitcoins appeared in each recipient’s account on the exchange’s internal ledger. One winner received 50,000 Bitcoins, instantly boosting the account’s displayed assets to nearly 4.9 trillion won.
Bithumb’s internal circulating supply surged from about 46,000 Bitcoins to roughly 665,000 at the time of the incident. The case has drawn comparisons to Samsung Securities’ so-called “ghost shares” incident in 2018. The core problem, critics say, lies in Bithumb’s failure to properly embed internal control procedures into its IT systems. The system should have blocked any payout exceeding the exchange’s actual holdings at the input stage.
Bithumb said it became aware of the error at 7:20 p.m. and suspended trading and withdrawals about 15 minutes later. “We will fix missing processes to ensure that at least two levels of approval are required,” said Bithumb. The structure of centralized exchanges, or CEXs, has also been cited as a background factor. Exchanges like Bithumb store customers’ cryptocurrencies in exchange-controlled wallets and record trades internally rather than writing each transaction directly to the blockchain, an off-chain ledger system adopted globally to improve speed and reduce fees.
That structure, however, carries inherent vulnerabilities. Unlike stock markets, where functions are split among exchanges, brokerages and depositories to provide mutual checks, cryptocurrency exchanges combine trading, brokerage and custody into a single ledger system. As a result, a single error can cascade across trading and settlement. The government is aware of these structural risks.
During the first phase of legislation on the Act on the Protection of Virtual Asset Users, discussions addressed the dangers of ledger-based trading and asset custody. “Introducing third-party custodians was considered but ultimately not institutionalized because such entities were seen as less trustworthy than exchanges,” said Lee Jung-soo, a professor at Seoul National University School of Law. Financial authorities are inspecting Bithumb through an emergency task force led by the Financial Services Commission, with the Financial Supervisory Service, the Financial Intelligence Unit and the Digital Asset eXchange Alliance. The review is expected to expand to other exchanges.
The government is weighing stricter ledger management standards, mandatory systems to detect and block abnormal transactions and external verification of held assets as part of discussions on the proposed Digital Asset Basic Act (tentative). Experts point out that while off-chain ledger trading may be unavoidable, failing to systemically block payouts exceeding actual holdings reflects a grave lapse in internal controls. “Exchanges typically build safeguards to ensure that only assets actually held can be transferred,” said an industry insider.
Upbit, for example, has designed its system since 2017 to allow payouts only of stored virtual assets and manages them through automated monitoring. “Checks must ensure that actual holdings and ledger balances always match and that payouts exceeding holdings are impossible from the input stage,” Lee said. “Restoring market trust would be difficult without fail-safe mechanisms that use technology to prevent human error,” Park Jae-hyun, chief executive of AI and blockchain startup Noone21 said.
Leave a Reply