Just days after mistakenly crediting users with billions of dollars worth of Bitcoin during a promotional event, South Korean crypto exchange Bithumb is weighing its options to recover the remaining funds.
The incident stems from a promotional compensation event in which reward amounts were mistakenly entered in Bitcoin rather than Korean won, resulting in the distribution of roughly $43 billion in BTC on December 6.
While the development raises questions over fairness and the often industry-touted mantra that "code is law," legal observers say the exchange’s strongest path forward may lie in civil recovery, with criminal liability remaining more complex.
“From an asset‑recovery perspective, Bithumb is on solid ground: there was never a contract promising hundreds of Bitcoin, the promo clearly envisaged small KRW rewards, and unjust enrichment law is designed for cases where people receive value with no lawful basis to keep it,” Joshua Chu, lawyer, lecturer, and co-chair of the Hong Kong Web3 Association, told Decrypt.
In such cases, recipients may attempt to invoke what Chu explained as a “change of position” defense, wherein it would be argued that “they relied on the apparent credit in good faith and irreversibly spent or moved the funds.”
But since Bithumb was able to resolve and recover the funds, publicly flagged the error and froze many accounts, “the real battleground will be whether each recipient was effectively on notice of the mistake before they acted on any of the windfall,” Chu said.
Criminal liability, however, would face a higher bar.
“In practice, prosecutors will be very cautious, because unlike a hack this started as Bithumb’s own mistake, and any viable charge would have to turn on clear evidence that particular recipients knew or ought to have known they were exploiting an obvious glitch,” Chu explained.
For some users, the episode raises an uneasy question: who benefits from finality when mistakes occur on centralized platforms?
This means prosecutors could “try to frame certain withdrawals as misappropriation, but they would need to prove the user knew it was an obvious mistake,” Chu said.
Patchwork policiesLocal observers say the incident has exposed deeper gaps in oversight and internal controls across Korean crypto exchanges.
What happened could be viewed as “having caused a considerable level of damage to trust in internal control systems,” Siwon Huh, researcher at South Korean crypto analytics firm Four Pillars, told Decrypt.
Korean exchanges are “not under the direct oversight of financial regulators due to ambiguities in regulatory jurisdiction,” Huh explained, adding that this meant systems such as payment obligation verification have not been mandated.
“Real-time asset verification frameworks are also not standardized; each exchange applies different standards, yet most retail investors are unaware of this,” he said.
Policymakers are already moving to tighten the frameworks governing exchanges, with discussions underway to “cap major shareholders' stakes in crypto exchanges at 15 to 20 percent, citing inadequate internal control systems,” Huh noted.
What happened at Bithumb would likely speed up efforts to pursue those provisions, Huh explained.
The "aggressive" moves signal “a willingness to intervene in exchanges' internal ownership structures even at the cost of industry contraction” and are creating “considerable repercussions,” he added.
Bithumb did not immediately return Decrypt's request for comment.
