At the cryptocurrency exchange Bithumb, an incident occurred in which 620,000 bitcoins were paid out instead of 620,000 won to be given as part of an event. That is more than 12 times the roughly 40,000 bitcoins Bithumb holds itself. A weak ledger system is being blamed as the systemic loophole that made this possible.
According to financial authorities and the industry on Feb. 8, the incident occurred during the airdrop process for a random box event. The random box event has been run as a promotion since 2024, in which users open a box to receive a reward worth at least 2,000 won and up to 50,000 won.
On the evening of the 6th, Bithumb was set to pay a total of 620,000 won to 249 event participants. But due to an employee's mistake, the unit "won" was incorrectly entered as "bitcoin," and 620,000 bitcoins were mispaid. Of these, bitcoins worth 13.3 billion won were cashed out and have not been recovered.
As of the end of the third quarter last year, Bithumb held 175 bitcoins, and customer-deposited bitcoins totaled 42,619. Far more than its own holdings were paid out and even cashed out.
The industry points to the exchange's weak ledger system as the reason this incident was possible. Because cryptocurrency transactions occur around the clock by the second, it is difficult to match the actual amount of assets stored in the exchange's cold wallet (offline) each time a transaction occurs. So when a transaction happens, only the number is first recorded in the internal system, that is, the ledger, and later assets are withdrawn from the wallet to match the amount.
Because of this system, 620,000 bitcoins that existed only as numbers on the ledger were mispaid and even cashed out. An industry official said, "Only the numbers that are possible according to the amount of cryptocurrency in the cold wallet should be entered into the ledger, but it is presumed that such a system was not in place."
As a follow-up to the incident, the Financial Services Commission formed an emergency response team by bringing together the Financial Intelligence Unit (FIU), the Financial Supervisory Service (FSS), and the Digital Asset Exchange Alliance (DAXA). After inspecting Bithumb, the emergency response team decided to also examine other exchanges for their cryptocurrency holdings and operations and their internal control systems.