Key conclusions

• A elementary data entry error allowed 620,000 non-existent BTC to appear in users’ accounts for 20 minutes, as transactions first update the private database and onchain settlement occurs later.

• Before the exchange blocked everything, approximately 1,788 BTC worth of transactions were completed. What could have been dismissed as a harmless error became a major operational and regulatory event.

• Regulatory filings showed that Bithumb held only 175 BTC in the third quarter of 2025, while it held over 42,000 BTC for customers. This shows how much the system depends on true internal accounting.

• South Korea’s Financial Supervisory Service has focused on why incorrect internal data can result in executable transactions. It raised fundamental questions about security and transferability control.

Bithumb, one of the largest cryptocurrency exchanges in South Korea, ran a regular promotional campaign in early February 2026. However, it has become a sedate regulatory problem. What started as a elementary internal data entry error briefly displayed hundreds of thousands of “Bitcoin ghosts” on users’ desktops. Some account holders actually traded these balances, prompting regulators to take a closer look at the inner workings of centralized crypto platforms.

This article examines how the Bitcoin ghost incident became a key example of stock accounting vulnerabilities. It also discusses the reasons for South Korea’s accelerated move toward more stringent banking-style supervision of virtual asset services.

From a modest promotion to a sedate mistake

Bithumb intended to offer a compact rewards program, awarding users a modest amount of Korean won, typically 2,000 won ($1.37) per person. Rewards programs are a standard tactic to enhance user activity.

Instead, an input error caused the system to award Bitcoin (BTC) rather than fiat. For about 20 minutes, the exchange’s internal ledger reflected approximately 620,000 BTC across hundreds of accounts. The value of phantom BTC was estimated at billions of dollars, significantly exceeding the exchange’s own resources and total customer reserves.

Staff quickly detected the problem, froze affected accounts and reversed credits. However, during this tiny period, some users sold the ghost of Bitcoin in their accounts, transacting approximately 1,788 BTC before the total ban.

Although withdrawals have been processed, it appears that no tokens have left the exchange. Later, the platform successfully recovered 93% of the lost value in a mix of Korean won and other cryptocurrencies.

How can there be a “Bitcoin ghost”.

Centralized exchanges work differently than decentralized ones. They do not settle every transaction on the chain in real time. Instead, they update user balances in an internal ledger, a private database, allowing for quick fulfillment. Onchain movements are grouped and processed later, often during deposits or withdrawals.

This architecture facilitates swift trading, high liquidity, and competitive fees, but relies entirely on the accuracy of the exchange’s internal records. Users generally trust that these records reflect actual asset holdings.

In this case, the ledger temporarily showed unsecured Bitcoin balances. According to regulatory filings, Bithumb’s own Bitcoin reserves were surprisingly compact in the third quarter of 2025, holding only 175 BTC compared to the 42,619 BTC it manages for its clients.

Did you know? South Korea was one of the first countries to make real-name bank accounts mandatory for cryptocurrency trading, a rule introduced in 2018 to curb anonymous speculation and reduce the risk of money laundering in digital asset markets.

Why regulators deemed it a systematic failure

South Korea’s Financial Supervisory Service (FSS) took immediate action and concluded that the problem was not just a spelling error, but that transactions were based on incorrect internal data.

This raised fundamental questions: How can an exchange enable trading in assets it does not own? What safeguards could prevent erroneous balances from becoming tradable? And who is responsible when users benefit from such errors?

The FSS carried out on-site inspections at Bithumb and indicated that a formal investigation could be initiated to see if any regulations had been breached. They cited the event as evidence that existing cryptocurrency rules may not sufficiently address internal system oversight.

The Ripple Effects of Bitcoin’s Promotion Failure on the Industry

The impact of the incident extended far beyond Bithumb, sparking a wave of scrutiny across the industry. Digital Asset eXchange Alliance, South Korea’s main crypto alliance, responded by launching a thorough audit of internal controls across all member platforms.

Meanwhile, legislators pointed to this event as evidence of systemic weaknesses in centralized exchanges. They noticed that operational security had not kept pace with the rapid development of the market.

Ultimately, the crisis highlighted a harsh reality: the failure of a single exchange can threaten the stability of the entire ecosystem.

Did you know? In classic finance, similar big-finger errors have caused billions of dollars in stock market disruptions, including a transient halt to trading on major exchanges, showing that operational risk is not unique to cryptocurrencies.

Responsibility and consumer protection

A key debate arose over liability for transactions concluded on erroneous loans. Some users quickly sold BTC before the account freeze went into effect. Bithumb announced that it had recovered most of the value and covered the shortfall with its own funds. Regulators noted that under current regulations, users who benefited from erroneous credits could potentially be subject to claims for refund or refund.

This incident exposed ambiguities in centralized crypto platforms. Balances displayed appear final to users, but remain reversible if the system makes an error. The case has forced regulators to address how safeguards are applied when technical failures have real financial consequences.

Transition to “phase two” regulation.

Regulators said the incident exposed regulatory blind spots in previous digital asset regulations. As they pointed out, the regulations emphasized child welfare, anti-money laundering (AML) and anti-manipulation, but largely ignored the management of internal books.

The event is currently fueling discussions about increased oversight of the cryptocurrency ecosystem, including:

• Multi-level approvals required for promotions and credits

• More stringent and more constant audits of accounts and actual reserves

• Defined procedures for incorrect transactions and their reversal

• Audit and disclosure standards comparable to classic finance.

This change goes beyond token issuance and promotions and includes control of the underlying operational infrastructure.

Did you know? Cryptocurrency trading volumes in South Korea often spike during night market hours in the U.S., reflecting how global time zones can amplify the impact of exchange incidents beyond domestic users.

Test of trust in centralized exchanges

Although Bithumb quickly took steps to limit the damage, the impact on its reputation is likely to linger. The incident taught users that a balance displayed on a centralized exchange indicates a claim on the platform’s internal systems. This does not indicate direct ownership of onchain resources.

To regulators, the Bitcoin promotion misstep was indicative of a broader problem. As digital asset markets develop, public trust relies on internal mechanisms that operate entirely behind closed doors. If these protocols break down even briefly, the consequences could be sedate. South Korea’s response showed that regulators now view the integrity of cryptocurrency exchanges’ books as a systemic risk, not just an operational detail.

The “Bitcoin ghost” episode will remain in public memory not primarily because of its size, but also because of the critical security vulnerability it revealed. In crypto transactions, the imperceptible accounting systems running behind the scenes are just as critical as the blockchains running beneath them.