Bithumb’s erroneous Bitcoin payouts trigger tougher regulations, speeding up second-phase crypto law [Crypto Briefing]

\r\n
[Financial News] The financial authorities are launching a comprehensive inspection of internal control systems at all domestic virtual asset exchanges, following Bithumb’s erroneous Bitcoin (BTC) payouts. The authorities have defined the incident as a grave case that exposed structural flaws in virtual asset information systems, and they are signaling tough regulatory design in the second-phase legislation of the General Act on Digital Assets. However, regarding the “book-entry” transaction method at the center of the controversy, industry officials argue that the core issue is verifying system integrity, drawing a line against attempts to link it to governance reforms such as “major shareholder ownership caps.”
According to the National Assembly and the authorities on the 9th, the Financial Services Commission (FSC), the Financial Supervisory Service (FSS), and the National Policy Committee, which oversees them, are all moving quickly to tighten regulation of the virtual asset market in response to the Bithumb incident. Concerns are mounting over key systems at KRW Market exchanges, including book-entry transactions. On the evening of the 6th, around 7 p.m., Bithumb mistakenly paid 2,000 BTC (about 197 billion won at the time) to each of 695 event participants, instead of 2,000 won per person (up to 50,000 won). The total amount wrongly credited was about 620,000 BTC, worth more than 60 trillion won at the time of the incident.
The FSS immediately moved to assess the situation once the incident was reported and is now closely reviewing the adequacy of Bithumb’s customer asset protection and internal control design. The FSC and FSS plan to switch to on-site inspections right away if any potential legal violations are found during their field reviews. To prevent similar incidents, they are also checking the status of customer asset holdings and internal control systems at all other exchanges.
As the Bithumb case spread to a sector-wide full inspection, the book-entry transaction systems used in the KRW Market quickly came under scrutiny. In response, Upbit stated, "Book-entry transactions are a common method used in traditional finance, including banks and securities firms, to process large-volume trades quickly," adding, "The core of trading is the ‘consistency check’ that verifies whether the figures in the system match the actual assets held." As an example, Upbit explained that, to prevent accidents, it has put in place several safeguards: 24/7 real-time balance reconciliation through a proof-of-reserves system; using a "pre-secured asset transfer" method for event payouts instead of generating new numbers; and a mutual check-and-balance structure by separating its digital asset management, operations, and monitoring teams into three distinct departments. These are described as technical barriers designed to prevent a simple input error from leading to large-scale asset transfers.
However, some within the authorities and the political sphere argue that, to prevent a recurrence of incidents such as the Upbit hacking and Bithumb’s erroneous payouts, public infrastructure rules should be strengthened, including measures like major shareholder ownership caps and dispersed ownership. In contrast, legal and industry experts counter that mis-crediting incidents have no causal link to the equity stakes of major shareholders. They argue that swift judgment and decision-making by responsible management is the key to both preventing and responding to such accidents.
Attorney A, who requested anonymity, also pointed out, "Ownership dispersion is a governance issue between shareholders and the company, whereas the erroneous payout incident is a system operation issue between the company and its customers." He advised that the second-phase General Act on Digital Assets should focus less on major shareholder regulations and more on establishing concrete internal control guidelines, such as mandating systems that verify total holdings at the time of order placement.
Attorney B highlighted a legal vacuum regarding mistaken transfers of virtual assets. He noted, "Under current case law, mistaken transfers of virtual assets are not considered to constitute the criminal offense of breach of trust under the Criminal Act." He added, "Since this stems from treating virtual assets differently from legal tender in legal characterization, lawmakers should consider ways to strike a balance between the two going forward."
elikim@fnnews.com Kim Mi-hee Reporter