The Gambling Commission has fined National Lottery operator Camelot £3m for poor controls which led to a "deliberately damaged ticket" winning.
Camelot told the BBC the suspect payout was £2.5m, and was paid in 2009, but only came to light last year.
The commission said it was not 100% certain a fraud had been committed, but it was satisfied it was highly likely.
Camelot apologised, saying it was a one-off and had nothing to do with the National Lottery's integrity.
It said no other winner had missed out on any payment and stressed this could not happen now as it had improved its systems.
The Gambling Commission also stressed this was a one-off and there was no evidence of similar happenings.
Sarah Harrison, from the Commission, told the BBC: "Our investigation was wide-ranging. We are confident this is an isolated incident."
But the poor controls meant that Camelot had breached the terms of its licence and committed "serious" failures, it said.
The money the company must pay will be ploughed back into good causes, the commission said.
However, the commission estimated that about £2.5m of lottery funding would have gone to good causes had the prize not been paid.
Hertfordshire police said they had investigated an allegation of fraud connected to a 2009 lottery win.
"As part of the investigation a man was arrested on suspicion of fraud by false representation. Following a thorough investigation the man was released with no further action to be taken against him," the statement said. He was 50 and from Kings Langley.
The police said would be taking no further action but the chief executive of Camelot, Andy Duncan, told the BBC they may choose to reopen the case.
Commission chief executive Sarah Harrison said "The Gambling Commission's chief concern is to ensure the National Lottery is run with integrity and that player interests are protected.
"Camelot's failures in this case are serious and the penalty package reflects this. Importantly, the package also ensures that good causes will not lose out as a result of Camelot's licence breach.
"Lottery players can feel reassured that our investigations have found no evidence of similar events happening and that controls are in place today to mitigate against future prize payout failings of this type," Ms Harrison said.
The commission found that Camelot had breached the terms of its operating licence in three key aspects:
- its controls relating to databases and other information sources
- the way it investigated a prize claim
- its processes around the decision to pay a prize
The commission said in a statement that its "investigation has established that the circumstances of this case were specific and did not uncover systemic failings of the kind that would call into question other prize payouts".
Mr Duncan, said: "It's really important that people understand that this allegation relates to a unique, one-off incident dating back to 2009 and involves a potentially fraudulent claim on a deliberately damaged ticket. It has nothing to do with The National Lottery draws themselves.
"We accept that, at the time, there were some weaknesses in some of the specific controls relevant to this incident and we're very sorry for that."
Since its launch in 1994, the National Lottery has raised more than £36bn for good causes including sports, community and heritage projects across Britain.
During the financial year 2015-2016, more than £4bn in prizes was successfully paid out to players of the lottery.