🚨 Book Reconciliation

Today Korean Social News for Beginners | 2026.02.12

0️⃣ Bithumb's "Ghost Coin" ₩60 Trillion Overpayment and Crypto Internal Controls

📌 ₩60 Trillion "Ghost Coin" Incident — Will Crypto Exchanges Move to Real-Time Reconciliation?

💬 Bithumb accidentally credited approximately 620,000 Bitcoin — worth about ₩60 trillion at the time — to customer accounts during an event reward payout. A staff member entered Bitcoin quantities instead of Korean won. Bithumb actually held only 175 Bitcoin, creating a massive gap between real holdings and ledger figures. The system recorded the ledger numbers first without checking actual holdings, so the error spread quickly. Bithumb halted trading and attempted to recover the coins, but some users had already sold them for cash, leaving unrecoverable losses. Experts point out that the current system reconciles actual coin holdings with ledger records only the following day — this delay allowed the error to grow out of control. Financial regulators are now reviewing whether to require real-time reconciliation for all crypto exchanges.

💡 Summary

• Book reconciliation is an internal control process that compares recorded transactions against actual asset holdings to catch errors.
• In the Bithumb incident, the failure to detect the mismatch between ledger records and actual holdings right away made the damage much worse.
• Financial regulators are reviewing whether to make real-time balance verification and book reconciliation legally mandatory for crypto exchanges.

1️⃣ Definition

Book reconciliation means an internal control process in which a company or institution compares the transactions recorded in its accounting or digital ledger against actual asset holdings to confirm that the two match. In accounting, it is also called "account reconciliation" or "balance matching."

In simple terms, it is like checking whether the balance shown in your bank passbook matches the amount the bank actually holds for you. For a crypto exchange, the key question is whether the number of coins shown in a customer's account matches the coins the exchange actually holds. How often and how precisely this check is done was at the heart of this incident.

💡 Why does this matter?

• If a mismatch between ledger and actual assets is not caught quickly, overpayments, fraud, and errors can snowball.
• Unlike stocks, crypto assets have no separate central depository institution, so exchanges must manage everything themselves.
• Without real-time reconciliation, user assets are at risk of not being properly protected.
• This incident has triggered debate about legally requiring crypto exchanges to maintain a minimum standard of internal controls.

2️⃣ What Happened and Why It Was a Problem

📕 How the Incident Unfolded

• A large-scale error occurred during an event reward payout. Key details are as follows.

  • Bithumb was supposed to pay Korean won as an event reward, but a staff member mistakenly entered a Bitcoin quantity instead.
  • As a result, approximately 620,000 Bitcoin were recorded in customer ledgers — worth about ₩60 trillion at the time.
  • Bithumb actually held only 175 Bitcoin, creating an enormous gap between the ledger and real holdings.
  • The system reflected the ledger figures first without checking actual holdings, so the error spread rapidly.

• Some of the losses could not be recovered. Key developments are as follows.

  • As soon as Bithumb noticed the problem, it suspended related transactions and began recovering the overpaid coins.
  • However, some users had already sold the coins for cash, making immediate recovery impossible for those amounts.
  • Bithumb is pursuing legal recovery through unjust enrichment claims and other civil proceedings.
  • The incident seriously damaged the exchange's reputation and raised anxiety among other users.

📕 Structural Problems

• The next-day reconciliation system allowed the damage to grow. Key causes are as follows.

  • Under the current structure, actual coin holdings and ledger records are matched the following day, so errors cannot be detected immediately.
  • A real-time system would have triggered an alert the moment 620,000 Bitcoin were entered.
  • A dual-verification process (the "two-man rule"), which requires two people to confirm large transactions, also did not function properly.
  • Unlike banks or securities firms, crypto exchanges do not face real-time monitoring by external regulators.

• Crypto markets have fewer safety nets than traditional finance. Key differences are as follows.

  • In the stock market, the Korea Securities Depository (KSD) holds investor assets separately from brokers, so investor funds remain protected even if a brokerage fails.
  • No equivalent separate custody institution exists for crypto assets, meaning exchanges manage customer coins directly within their own systems.
  • Internal control standards for crypto exchanges are not legally mandated, so the quality of asset management varies widely between platforms.
  • Because coin prices can change very fast, the financial damage from an overpayment can balloon in an instant.

💡 Key Issues in This Incident

1. Delayed reconciliation: Next-day matching instead of real-time checking slowed error detection
2. Weak internal controls: No dual-verification process meant a large input error went straight through
3. Cash-out losses: Some users sold the coins before recovery, creating unrecoverable losses
4. Regulatory gap: No legal requirement for real-time balance verification at crypto exchanges
5. Unjust enrichment recovery: Legal uncertainty around recovering funds from users who cashed out

3️⃣ How the System Should Be Improved

✅ Making Real-Time Reconciliation Mandatory

• Financial regulators are reviewing real-time balance verification requirements. Key directions are as follows.
  • Regulators are considering legally requiring crypto exchanges to continuously match customer account balances against actual coin holdings in real time.
  • Exchanges could be required to build automated systems that check actual holdings before processing payouts above a certain amount.
  • Fraud Detection Systems (FDS) — already used by banks — could be made mandatory for crypto exchanges to immediately block abnormally large payouts.
  • Specific internal control standards could be written into digital asset legislation.

✅ Strengthening Internal Control Standards

• Crypto exchanges need legally enforceable asset management rules. Key tasks are as follows.
  • Exchanges must be required to hold customer assets separately from their own assets to eliminate the risk of mixing the two.
  • A two-man rule — requiring at least two staff members to approve large transactions — should be institutionalized.
  • Regular external audits should verify each exchange's actual asset holdings.
  • Exchanges that violate internal control standards should face meaningful penalties, such as business suspension or large fines.

4️⃣ Key Terms Explained

🔎 Internal Controls

• Internal controls are systems a company uses to protect assets and ensure accurate accounting.
  • Internal controls are the procedures and systems an organization sets up to prevent errors, fraud, and losses. Korean law (the Commercial Act and the Act on External Audit of Corporations) requires companies of a certain size to maintain internal control systems that ensure reliable financial reporting.
  • Key tools include, first, separation of duties: the person who approves a payment is different from the person who processes it, making it harder for one individual to cause an error or commit fraud undetected. Second, dual-verification: transactions above a certain amount require sign-off from two or more people. Third, regular reconciliation and audits: ledger records and actual assets are compared on a regular schedule to catch errors early.
  • The Bithumb incident is a clear example of internal controls failing to work properly. If a robust verification process and real-time reconciliation system had been in place, the damage could have been dramatically reduced.

🔎 Securities Depository System

• The securities depository system keeps investor assets separate from brokers as a safety net.
  • In the Korean stock market, investors' shares are not held directly by their brokerage — they are held by the Korea Securities Depository (KSD), a separate institution. This means that even if a brokerage goes bankrupt, investors' stocks remain protected.
  • The key principle is separating asset custody from trade execution. Brokerages handle trades, but KSD holds the actual shares, so a brokerage's financial trouble does not directly put investor assets at risk.
  • No equivalent institution exists for crypto assets. Customer coins are held directly by the exchange, so any problem at the exchange can immediately put customer assets at risk too. Experts argue that a similar separate-custody system should be introduced for the crypto market.

🔎 Unjust Enrichment Claims

• Under civil law, gains received without a legal basis must be returned.
  • Unjust enrichment is a principle in Article 741 of the Korean Civil Act: if someone benefits from another person's assets or labor without a lawful basis, and this causes a loss to that person, the beneficiary must return the gain. It is commonly applied in cases of mistaken wire transfers and overpayments like this one.
  • Users who sold the overpaid coins can be considered to have received a benefit without any lawful basis. Bithumb can file an unjust enrichment claim against them.
  • However, if a user claims they did not know the coins were overpaid, or if price fluctuations make it hard to pin down the exact amount of gain, legal proceedings could be lengthy. There is still limited case law on the legal nature of crypto assets and the scope of repayment obligations, leaving significant legal uncertainty.

🔎 Digital Asset Regulation

• Digital asset regulation is the legal framework governing crypto exchanges and related companies.
  • Digital asset regulation refers to the system of laws and rules that govern companies involved in issuing, trading, and holding cryptocurrencies and other digital assets. In Korea, the Virtual Asset User Protection Act took effect in 2023, requiring exchanges to keep customer assets separate from their own, monitor for abnormal transactions, and meet other standards.
  • The main requirements under current regulation are, first, separate custody of customer assets and exchange assets. Second, prohibition of market manipulation and use of non-public information. Third, mandatory operation of a fraud detection system (FDS).
  • However, this incident showed that real-time balance verification and internal control standards are still not strong enough. Regulators are now considering amending digital asset legislation to add real-time reconciliation requirements and mandatory error-detection systems.

5️⃣ Frequently Asked Questions (FAQ)

Q: Is my crypto at risk because of this incident?

A: There is no direct risk to you, but weak exchange internal controls are a potential risk for all users.

• This overpayment was an error that sent coins to specific accounts — other users' holdings were not directly reduced or lost. Bithumb suspended the relevant transactions and recovered most of the coins.
• That said, this incident shows that if an exchange's internal controls are weak, all customer assets can be exposed to risk. Because there is no external safety net for crypto like the KSD for stocks, the reliability of the exchange's own systems is critically important. As a user, it is worth checking an exchange's internal control standards, whether it holds customer assets separately, and how it responds to abnormal transactions before choosing where to trade.

Q: If I sold the overpaid coins without knowing, do I have to pay it back?

A: It may qualify as unjust enrichment under civil law, and a repayment obligation can arise even if you did not know.

• Civil law requires the return of benefits received without a lawful basis. Even if you did not know the coins were overpaid, you are generally not free from the obligation to return them. If you acted in good faith (did not know), you typically only need to return whatever gain you still have. If you acted in bad faith (knew about the error but sold anyway), you may owe the gain plus interest.
• In practice, because case law on the legal nature of crypto assets and the scope of repayment is still limited, outcomes in actual lawsuits can vary. If you find yourself in a similar situation, do not make assumptions on your own — follow the exchange's guidance and consult a legal professional.

Q: How will crypto exchanges change going forward?

A: Discussion is underway to legally require real-time balance verification and stronger internal controls.

• Following this incident, financial regulators are reviewing a requirement for crypto exchanges to reconcile ledger records and actual holdings in real time. Specifically, the direction being discussed is to require exchanges to build systems that automatically check actual holdings before processing payouts above a certain size, and to make this a legal obligation.
• Other measures under discussion include stronger fraud detection systems, tighter checks on separate custody of customer assets, and a mandatory public disclosure requirement when an internal error occurs. Stronger regulation is a positive development for users because it raises the level of asset protection. However, it takes time for new rules to be put in place, so for now the best way to protect yourself is to use large, well-established exchanges and avoid leaving more coins on an exchange than you actually need for trading.

View Table of Contents

• Go to Guide