South Korea’s Financial Services Commission has ordered all virtual currency exchanges to conduct near-real-time asset reconciliation and submit to monthly external audits.
Singapore Summit: Meet the biggest Asia-Pacific brokers you know (and the ones you don’t!)..
The directive follows Bithumb’s February operational failure, which at one point transferred $56 billion worth of Bitcoin to hundreds of retail users.
Bitham incident
On February 6, 2026, Bithumb accidentally deposited approximately 620,000 BTC (worth approximately $56 billion at the time) to several hundred users during a promotional event.
The planned payment was 620,000 Korean won, or about $450. Some recipients quickly sold their Bitcoins, causing local prices to drop by 10-17% on exchanges.
Bithumb froze the affected accounts and recovered most of the funds, but the FSC concluded that the incident exposed “structural weaknesses” in the industry’s internal controls.
new requirements
The FSC has set a deadline of the end of May for all Korean exchanges to comply with the new operating framework.
Main requirements:
- Reconciliation every 5 minutes: Exchanges must reconcile client ledgers with on-chain holdings every 5 minutes, compared to the 24-hour cycle most used today.
- Settlement results will be published daily.
- Monthly independent audit by an external accounting firm.
- Upgraded trading suspension system that can instantly respond to large asset discrepancies.
What this means for the industry
This rule marks one of the first times that a major regulator has directly applied high-frequency internal audit requirements (of the kind typically associated with stock exchanges and clearinghouses) to crypto platforms.
The focus is on operational risk, or internal failures that occur even in the absence of an external breach, which the industry has traditionally treated as secondary to cybersecurity.
This requirement is expected to be codified under South Korea’s upcoming Digital Asset Basic Law. It remains to be seen whether other jurisdictions will follow a similar model, but Bithumb’s mistake has given regulators a concrete example of failure to point to.
