I never understood this mentality. "This was simply a bug" is acceptable for noneconomic trivial situations, but as soon as money changes hands the issues become serious. Contracts were signed, and its possible (I haven't seen the FB contracts) that terms were violate. And I'm pretty sure the courts won't care if it was "simply a bug" if FB doesn't refund the money.
Don't know what jurisdiction you're in, but fraudulent transactions[1] == "theft" in the colloquial/moral sense where I'm from. Malice is not requisite to defraud.
[1] I charge you for services but do not provide them.
Where I'm from, theft requires intent. Fraud requires intent. If money is lost through unintentional error, there may be legal repercussions, but it will almost assuredly be a civil suit. I don't see how it would be untenable to charge anyone at Facebook with an actual crime for this.
It's not entirely simple, because when they realise the mistake, they have to correct it. I don't know how to unpack the question of whether Facebook has realised the mistake, and I don't know what Facebook's internal state is.
I never understood this mentality. "This was simply a bug" is acceptable for noneconomic trivial situations, but as soon as money changes hands the issues become serious. Contracts were signed, and its possible (I haven't seen the FB contracts) that terms were violate. And I'm pretty sure the courts won't care if it was "simply a bug" if FB doesn't refund the money.