South Korean lawmakers are intensifying their scrutiny of the country's financial regulators after Bithumb, one of the nation's largest crypto exchanges, accidentally distributed approximately $43 billion worth of Bitcoin to 695 users in early February 2026. As of February 20, the Financial Supervisory Service (FSS) has extended its formal investigation through month-end, and the probe is now widening to cover two previously unreported minor distribution errors at the exchange.
2,000 BTC Instead of $1.38: How the Error Happened
The incident originated from a "Random Box" giveaway, a promotional event where 96% of participants were supposed to receive the lowest-value prize of 2,000 Korean won, roughly $1.38. Instead, Bithumb's system credited 2,000 BTC per account, a sum worth approximately $62 million per user at prevailing prices.
In total, 620,000 BTC appeared on 695 users' internal balances. The transfers were recorded only on Bithumb's internal ledger, not on-chain, meaning the Bitcoin never actually moved on the blockchain. But that distinction did not matter to the users who saw life-changing sums flash across their screens.
Bithumb detected the error within five minutes and began reversing the credits. But in that narrow window, users managed to sell over $2 billion worth of the phantom Bitcoin on the exchange's order books, crashing Bithumb's internal BTC price to roughly $55,000, far below the price on every other exchange globally.
Three Audits, Zero Catches
The political fallout is now eclipsing the technical incident itself. At a parliamentary hearing on February 20, Rep. Kang Min-guk accused the Financial Services Commission and the FSS of "complacent supervision," pointing out that both agencies conducted at least three reviews of Bithumb since 2022 without identifying the structural input vulnerability that caused the error.
"This incident reveals deeper structural weaknesses that our regulators had every opportunity to catch," Kang stated. Another unnamed representative was more direct, accusing regulators of "shifting blame to the exchange, despite their supervisory role."
The regulators themselves acknowledged what they called "fundamental weaknesses" and "regulatory blind spots" in their oversight of crypto exchange infrastructure. It is a remarkable admission from agencies that have positioned South Korea as one of Asia's most regulated crypto markets since the Virtual Asset Users Protection Act took effect.
$123 Million Still Missing
Bithumb recovered 99.7% of the erroneously credited Bitcoin. The remaining 0.3%, approximately $123 million, could not be clawed back because users had already sold and withdrawn the proceeds. CEO Lee Jae-won announced on February 8 that Bithumb would cover the $123 million shortfall from company assets.
The exchange also announced a compensation plan for affected parties. All users who were logged into Bithumb's app or website during the incident will receive 20,000 won (approximately $13.73). Users who sold Bitcoin at the artificially depressed $55,000 price during the five-minute chaos will receive reimbursement with a 10% premium on their losses.
The FSS investigation is no longer limited to this single event. Regulators confirmed they will also examine two previous minor coin distribution errors at Bithumb that had not been publicly disclosed. The extended deadline through month-end suggests investigators are treating this as a systemic issue rather than an isolated software bug.
What This Means for Korean Crypto Users
South Korea's crypto market is the fourth-largest globally by trading volume, and Bithumb is one of only five exchanges licensed under the country's strict Virtual Asset Service Provider (VASP) framework. The fact that a licensed, audited exchange could suffer an error of this magnitude raises uncomfortable questions about what "regulation" actually guarantees.
For users of crypto cards and exchange-linked spending products, the Bithumb incident is a case study in counterparty risk. Any system where a centralized entity controls your balance, whether for trading, spending, or earning yield, carries the risk that software errors, hacks, or insolvency could temporarily or permanently affect your funds. Self-custody card options eliminate this specific vector because funds remain in your wallet until the moment of transaction.
The five-minute window also highlights how fast cascading liquidations can occur on isolated exchange order books. Users with stop-loss orders on Bithumb saw their Bitcoin sold at $55,000, a price that never existed on any other venue. By the time corrections arrived, the damage was done.
Broader Implications: Regulation Theater vs. Real Oversight
The Bithumb blunder is becoming a political proxy for a larger debate in South Korea about whether crypto regulation is substantive or performative. The country requires exchanges to partner with real-name banking institutions, maintain cold wallet reserves, and submit to periodic audits. Yet three audits missed a flaw that allowed a $1.38 airdrop to become a $43 billion distribution.
This mirrors a pattern seen globally. Regulators focus heavily on KYC/AML compliance and customer onboarding friction while paying less attention to the internal systems, risk controls, and software architecture that actually determine whether user funds are safe. The FTX collapse in 2022 exposed similar blind spots in the Bahamas. The Wirecard scandal in Germany showed that even publicly traded, audited companies can have fundamental accounting holes.
For the crypto industry, the lesson is familiar: regulatory approval is not a safety guarantee. Users who rely on exchange custody should understand that "licensed and regulated" means the entity has met minimum compliance thresholds, not that its software is bug-free or its risk management is airtight.
Japan's approach after the 2018 Coincheck hack, which included mandatory hot wallet limits, real-time monitoring requirements, and surprise technical audits, offers one model for how South Korea might respond. Whether Seoul adopts similar measures or settles for fines and public hearings will signal how seriously the country takes exchange infrastructure risk going forward.
FAQ
How much Bitcoin did Bithumb accidentally distribute? Bithumb credited approximately 620,000 BTC, worth roughly $43 billion at the time, to 695 user accounts. The credits appeared on Bithumb's internal ledger but were not actual on-chain transfers.
Has Bithumb recovered the funds? Yes, 99.7% of the erroneous credits were reversed. The remaining 0.3%, approximately $123 million, was covered by Bithumb from its own assets.
What caused the error? A "structural input issue" in Bithumb's Random Box giveaway system. Instead of distributing 2,000 Korean won (about $1.38) per user, the system credited 2,000 BTC per account.
Are South Korean regulators taking action? The Financial Supervisory Service has launched a formal investigation with an extended deadline through February's end. Lawmakers have publicly criticized regulators for missing the vulnerability during three previous audits since 2022.
Did anyone profit from the error? Users sold over $2 billion worth of phantom Bitcoin in the five minutes before the error was corrected, crashing Bithumb's BTC price to approximately $55,000. Bithumb is reimbursing affected sellers with a 10% premium.
Overview
Bithumb's $43 billion Bitcoin blunder has escalated from an exchange-level software error into a full-blown regulatory crisis in South Korea. The incident, which saw 695 users accidentally credited with 2,000 BTC each instead of $1.38, was caught within five minutes but not before $2 billion in phantom Bitcoin was sold and the exchange's internal price crashed. With 99.7% of funds recovered and Bithumb covering the $123 million gap, the financial damage is contained. The political damage is not. Lawmakers are using the incident to expose what they call "complacent supervision" by regulators who audited Bithumb three times without catching the vulnerability. The FSS investigation is widening to cover two prior unreported errors. For crypto users everywhere, the takeaway is clear: regulatory licensing is a floor, not a ceiling, and exchange custody always carries risks that self-custody eliminates.
Recommended Reading
- Gemini Stock Has Lost 86 Percent Since Its IPO as the Exchange Fires Its COO, CFO, and Chief Legal Officer in a Single Day
- A Single Misconfigured Oracle Valued cbETH at $1.12 Instead of $2,200, Draining $1.78 Million From Moonwell in Four Minutes
- Brevan Howard's Crypto Fund Lost 29.5 Percent in 2025 as Illiquid VC Bets Dragged a $40 Billion Hedge Fund Below a Simple Bitcoin Hold
