On 6 February 2026, South Korean cryptocurrency exchange Bithumb experienced one of the most striking incidents in the history of digital asset trading — not due to a hack, but because of an internal operational error. During a routine promotion, users were mistakenly credited with approximately 620,000 BTC, worth around 40 billion USD at the time, instead of small fiat-denominated bonuses.
How Bithumb Accidentally Credited 620,000 BTC to Users
The incident began during a standard marketing campaign that was supposed to reward users with about 2,000 South Korean won (roughly 1.4 USD) per account. According to Bithumb, the malfunction occurred at the level of internal system configuration: the system applied the promotional amount not in fiat currency, but in bitcoin.
As a result, hundreds of customers received 2,000 BTC each instead of 2,000 KRW. In total, 695 accounts were affected, with an aggregate erroneous credit of around 620,000 BTC. Faced with what appeared to be a massive windfall, many users immediately attempted to realize profit by selling the mistakenly credited coins.
Some customers began aggressively selling BTC on Bithumb itself, creating a sharp local price dislocation. The BTC price on Bithumb temporarily dropped by about 17% below prices on other major exchanges. Such gaps are typical signs of severe internal imbalance or structural error in a single marketplace, and arbitrageurs would normally rush to exploit them if withdrawals remained open.
Exchange Response: Freezing Accounts and Reversing Funds
Approximately 35 minutes after the incident started, Bithumb froze trading and withdrawals for the affected accounts. This type of emergency lockdown is a standard containment measure designed to prevent the exit of misallocated assets from the platform and to limit financial damage.
Following internal recovery procedures, the exchange reported that it was able to restore about 99.7% of the erroneously distributed 620,000 BTC. This implies that only a small fraction of the coins was sold or withdrawn before the freeze — yet even a tiny percentage of such a volume represents substantial monetary loss.
Bithumb stressed that the event did not stem from a cyber intrusion:
“The incident is not related to hacking or security breaches and does not pose a threat to the protection of systems or the management of customer assets. User funds remain safely protected, and trading, deposits, and withdrawals are operating normally.”
Operational Risk and Configuration Errors on Crypto Exchanges
The Bithumb case underscores that major losses on cryptocurrency exchanges can result not only from external attacks, but also from configuration errors, human factors, and weak change management. International security frameworks such as ISO/IEC 27001 and NIST SP 800-53 treat change control and segregation of duties as core safeguards precisely because misconfigurations can be as damaging as a successful hack.
Change management, segregation of environments, and access control
For critical financial functions, including bonus distribution mechanisms, exchanges should implement:
Segregated environments. All promotions and automated payouts must be tested in isolated, non-production environments where any misconfiguration cannot affect live balances. Mature financial institutions routinely maintain strict separation between development, testing, and production systems.
Robust change management with “four-eyes” control. Any change affecting payout logic, currency selection, or transaction flows should require multi-level approval by independent stakeholders. The so-called “four-eyes principle” reduces the risk that a single administrator’s mistake can cascade into a systemic incident.
Limits, anomaly detection, and real-time monitoring
Hard limits on payouts and mass transactions. Exchanges should enforce strict upper thresholds for both individual and bulk credits. Attempts to allocate amounts beyond typical promotional values (for example, thousands of BTC during a low-value campaign) should be automatically blocked or escalated for manual review at a senior level.
Real-time anomaly detection. Security and risk monitoring systems must be able to flag unusual behaviors, such as sudden mass credits in a high-value asset or rapid price divergence from the global market. Traditional banks and payment companies deploy similar tools for fraud detection, and leading crypto platforms are increasingly adopting analogous controls.
Regulatory Reaction in South Korea and Market Implications
South Korean financial regulators responded firmly to the Bithumb incident. Emergency meetings were convened, during which authorities expressed concern about vulnerabilities in crypto trading infrastructure and signaled the possibility of unscheduled inspections if further deficiencies were uncovered.
Bithumb has been on regulators’ radar in the past, including as a target of cyberattacks, which heightens supervisory expectations regarding its risk management and cybersecurity posture. Events of this scale typically accelerate regulatory trends toward stricter requirements: mandatory security audits, clearer documentation of internal controls, and more comprehensive operational risk frameworks for digital asset service providers.
For both retail users and institutional investors, the incident serves as a reminder that exchange selection should be driven not only by liquidity and fees, but also by transparency, security maturity, and incident response capabilities. Independent security audits, stress tests, and public reporting on internal controls are increasingly important components of due diligence when choosing a cryptocurrency platform.
The Bithumb 620,000 BTC miscredit demonstrates that crypto exchange cybersecurity is not limited to defending against hackers; it also depends on disciplined internal processes, automation of checks, strict limits, and continuous anomaly monitoring. Exchanges handling digital assets should invest in rigorous change management, segregated environments, and real-time risk analytics, while users should bolster their own security by enabling 2FA, using hardware wallets for long-term storage, and diversifying across platforms. As expectations from regulators and customers rise, the overall resilience and trustworthiness of the digital asset ecosystem will grow accordingly.
