Behind the 2000 BTC Incident: The Fundamental Problem of CEX Ledgers

Odaily星球日报Published on 2026-02-10Last updated on 2026-02-10

Abstract

A critical incident at South Korean exchange Bithumb on February 6 revealed a fundamental vulnerability in centralized exchange (CEX) accounting systems. During a small promotional event intended to distribute around $1.4 per user, a configuration error caused the system to credit 695 users with 2,000 BTC each—totaling 1.24 million BTC, worth approximately $41.5–44 billion—instead of the intended 2,000 KRW. Although these assets were not on-chain, they were tradable on the platform, causing Bithumb’s BTC/KRW pair to drop nearly 17% and triggering brief global market turbulence. Bithumb responded within 35 minutes, freezing accounts and recovering over 99% of the erroneously credited funds. The remaining 1,788 BTC sold by users were covered by the exchange’s own capital. The event underscores a systemic risk in CEXes: user balances are often merely entries in an internal database, decoupled from actual on-chain reserves. This “accounting illusion” allows exchanges to modify balances without corresponding blockchain movement, creating a trust asymmetry where users rely on the platform’s promise rather than direct asset ownership. Historical precedents like Mt. Gox and FTX further highlight how such internal ledger systems can mask insolvency, enable fraud, or—as in Bithumb’s case—allow catastrophic errors. While Bithumb contained this incident due to its limited scale and rapid response, the episode has drawn regulatory scrutiny in South Korea, emphasizing the need for stron...

Original | Odaily Planet Daily (@OdailyChina)

Author | Ding Dang (@XiaMiPP)

On the evening of February 6, during a routine marketing event, the Korean cryptocurrency exchange Bithumb created an incident significant enough to be recorded in the crypto industry's annals.

This was originally just a small-scale "random treasure chest" event. According to the official design, the platform planned to distribute cash rewards totaling approximately 620,000 KRW to 695 participating users. Among them, 249 users actually opened the chests and claimed the rewards, meaning the individual amount was about 2,000 KRW, equivalent to only about $1.4 USD. However, due to a backend unit configuration error, the reward unit was mistakenly set to BTC (Bitcoin) instead of KRW (Korean Won). This instantly "airdropped" 2,000 BTC to each user who opened a chest, totaling 620,000 bitcoins. The displayed assets of a single account exceeded $160 million USD.

At the then prevailing price of about 98 million KRW per BTC (approx. $67,000 USD), the账面 value of these "out-of-thin-air" bitcoins was about $41.5–44 billion USD. While these assets did not exist on-chain, they were "tradable" within the exchange's internal system. The result was almost instantaneous: the BTC/KRW trading pair on the Bithumb platform plummeted from the global average price to 81.11 million KRW (approx. $55,000 USD) within a dozen minutes, a drop of nearly 17%; the global BTC market also briefly fell by about 3%, and over $400 million was liquidated in the derivatives market.

Bithumb's "Swift Recovery," Is It Really Something to Celebrate?

In a subsequent incident disclosure announcement, Bithumb stated that within 35 minutes of the erroneous payment, it had restricted transactions and withdrawals for the 695 affected customers. Over 99% of the erroneously paid amount has been recovered, and the remaining 0.3% (1,788 BTC) that had been sold was covered by the company's own assets, ensuring no impact on user assets. Simultaneously, the platform launched a series of compensation measures. Starting February 8, user compensation was rolled out in batches, including distributing 20,000 KRW to users online during the incident, refunding the price difference to users who sold at a low price plus an additional 10% consolation payment, and offering a 0% trading fee promotion on all trading pairs for 7 days starting February 9.

At this point, the entire incident seemed to have been brought under control.

But another question still lingers in our minds: Why could Bithumb generate 620,000 non-existent BTC in its backend all at once?

To answer this question, we must return to the core, yet least understood by average users, layer of centralized exchanges: the accounting method.

Unlike decentralized exchanges where every transaction occurs directly on the blockchain and balances are determined in real-time by the on-chain state, centralized exchanges, in pursuit of extreme trading speed, low latency, and minimal cost, almost universally adopt a hybrid model of "internal ledger + delayed settlement."

The balances, transaction records, and profit/loss curves users see are essentially just numerical changes in the exchange's database. When you deposit, trade, or withdraw, only the parts that truly involve on-chain asset movements (like withdrawing to an external wallet, cross-exchange transfers, large internal settlements) trigger actual blockchain transfer operations. In the vast majority of daily scenarios, the exchange only needs to modify a line in a database field to complete "one asset change"—this is the fundamental reason why Bithumb could instantly "generate out of thin air" 620,000 BTC in displayed balances.

This model brings enormous convenience: millisecond-order matching, zero Gas fees, support for complex financial products like leverage, contracts, and lending. But the flip side of this convenience is a fatal asymmetry of trust: users believe "my balance is my asset," while in reality, users only possess an IOU (I Owe You) from the platform. As long as the backend permissions are sufficiently broad and the validation mechanisms are lax enough, a simple parameter error or malicious operation can cause the numbers in the database to severely diverge from the real on-chain holdings.

According to data disclosed by Bithumb for Q3 2025, the platform's actual Bitcoin holdings were approximately 42,600 BTC, of which only 175 BTC were company-owned assets, and the rest were user custodial assets. Yet, in this incident, the system was able to credit user accounts with an amount of BTC more than ten times the size of its real holdings.

More importantly, these "phantom balances" were not just displayed in the backend; they could participate in real matching within the platform, affect prices, and create a false sense of liquidity. This is no longer just a single-point technical bug, but a systemic risk inherent in the architecture of centralized exchanges: the severe disconnect between the internal ledger and real on-chain assets.

The Bithumb incident is merely a moment when this risk was amplified enough for everyone to see.

Mt.Gox: How Ledger Illusion Once Destroyed an Era

History has repeatedly confirmed this with painful lessons. For example, the Mt.Gox collapse in 2014. Even though over a decade has passed, we can still remember the market panic caused every time large transfers moved for exchange reimbursements.

Mt.Gox, as the world's largest Bitcoin exchange at the time, once accounted for over 70% of Bitcoin trading volume. But in February 2014, it suddenly suspended withdrawals and declared bankruptcy, claiming to have "lost" approximately 850,000 BTC (worth about $460 million at the time, later adjusted in some reports to around 744,000 BTC). On the surface, this was due to hackers exploiting the "transaction malleability" vulnerability in the Bitcoin protocol, altering transaction IDs causing the exchange to mistakenly believe withdrawals hadn't occurred, thus resending funds. But deeper investigations (including reports by security teams like WizSec in 2015) revealed a harsher truth: the vast majority of the lost Bitcoins had been gradually stolen between 2011 and 2013, yet Mt.Gox failed to detect it for years because its internal accounting system never performed regular, comprehensive reconciliations with the on-chain state.

Mt.Gox's internal ledger allowed "magic transactions": employees or intruders could arbitrarily add or subtract user balances without corresponding on-chain transfers. The hot wallet was repeatedly compromised, funds were slowly transferred to unknown addresses, but the platform continued to show "normal balances." It was even rumored that after a major theft in 2011, management chose to conceal it rather than declare bankruptcy, leading to subsequent operations continuing on a "fractional reserve" basis. This ledger illusion was maintained for years until the hole became too large to cover in 2014, using the "transaction malleability bug" as an excuse for public disclosure. Ultimately, Mt.Gox's bankruptcy not only destroyed user trust but also caused Bitcoin's price to crash over 20%, becoming the most famous case of "trust collapse" in crypto history.

FTX: When the Ledger Becomes a "Cover-up Tool" Instead of a "Recording Tool"

Recently, due to the popularity of Openclaw, a topic has resurfaced: the intersection of crypto and AI, which peaked during the FTX era. Before its collapse, FTX had heavily invested in the AI field, its most famous case being leading a hundreds-of-millions-of-dollars investment round in AI startup Anthropic. Had FTX not collapsed, its Anthropic stake could be worth tens of billions of dollars today, but bankruptcy liquidation turned this "AI lottery ticket" to dust. The reason for its collapse was that FTX's internal ledger was long and deliberately mismatched with real assets. Through commingling of funds and covert operations, customer deposits became a "back garden" that could be随意挪用 (misappropriated at will).

FTX was highly intertwined with its quantitative trading sister company, Alameda Research, both controlled by Sam Bankman-Fried (SBF). Alameda's balance sheet was filled with FTT, a native token issued by FTX itself. This asset had almost no external market anchor, its value primarily relying on internal liquidity and artificially maintained prices. More critically, the FTX platform granted Alameda a nearly unlimited line of credit (disclosed at one point as high as $65 billion), and the real "collateral" for this credit was the deposits of FTX users.

These client funds were secretly transferred to Alameda for use in high-leverage trading, venture investments, and even SBF's personal luxury spending, real estate purchases, and political donations. The internal ledger played a "covering" role here.

According to court documents, FTX's database could easily record client deposits as "normal balances," while simultaneously using custom code in the backend to keep Alameda's account in a negative balance without triggering any automatic liquidation or risk alerts. The balances users saw in the app seemed safe and reliable, but the actual on-chain assets had long been挪走 (moved away) to fill Alameda's loss holes or prop up the FTT price.

FTX creditor repayments are still not fully resolved, and the bankruptcy liquidation process is still ongoing.

Bithumb's 35 Minutes is Just a Narrow Window

Returning to Bithumb, the fact that this incident was contained within 35 minutes does not掩盖 (mask) the severity of this risk. On the contrary, it precisely illustrates the limits of emergency response: the disaster was only contained within a range where "the hole could be plugged out of pocket" because the number of affected users was limited (only 695), the erroneous assets had not yet moved on-chain on a large scale, and the platform had extremely strong account control capabilities (the ability to freeze trading/withdrawal/login permissions in bulk with one click). Had this blunder occurred at the level of the entire user base, or if some users had withdrawn the "phantom coins" to other exchanges or even on-chain, Bithumb could likely have triggered a larger systemic shock.

Even regulators have noticed this. On February 9, the Korean Financial Supervisory Service (FSS) stated that the erroneous Bitcoin distribution incident at Bithumb highlights the systemic fragility existing in the crypto asset field, necessitating further strengthening of regulatory rules. FSS Governor Lee Chan-jin pointed out at a press conference that the incident reflects structural problems in the electronic systems of virtual assets. Regulatory authorities are conducting a focused review on this matter and will incorporate related risks into subsequent legislative considerations to promote the inclusion of digital assets into a more完善的 (complete/robust) regulatory framework. An emergency on-site inspection has been launched and explicitly stated to be expanded to other local exchanges like Upbit and Coinone. This likely means regulators have understood this signal.

Conclusion

Bithumb's $40 billion phantom airdrop, seemingly absurd on the surface, is actually insightful. It laid bare a long-standing problem in the most直观的 (intuitive) way. The convenience of centralized exchanges is essentially built on a highly asymmetric trust relationship: users believe the "balance" in their account is equivalent to real assets, while in reality, it is merely a unilateral promise from the platform to the user. Once internal controls fail or are maliciously exploited, 'your balance' can instantly vanish into thin air.

Therefore, even if the Bithumb incident ended "under control," it should not be interpreted as a successful crisis management case, but rather as an alarm bell that must be heard. The speed, low cost, and high liquidity pursued by exchanges are always obtained at the cost of users relinquishing direct control over their assets. As long as this premise is not正视 (acknowledged/faced squarely), similar risks cannot truly disappear.

Related Questions

QWhat was the core issue that allowed Bithumb to mistakenly generate 620,000 BTC in user accounts?

AThe core issue was the fundamental accounting model used by centralized exchanges (CEXs). CEXs operate on an 'internal ledger + delayed settlement' hybrid model. User balances, trade records, and profit/loss are essentially just changes in the exchange's database. Real blockchain transfers only occur for on-chain asset movements like withdrawals. This allows the exchange to modify database fields to reflect asset changes instantly, which is why a simple parameter error (setting the reward unit to BTC instead of KRW) could generate such a massive, non-existent balance in the internal system.

QHow does the Bithumb incident highlight the 'trust asymmetry' inherent in centralized exchanges?

AThe trust asymmetry is that users believe the 'balance' in their account is their actual asset, but in reality, it is merely an IOU (I Owe You) – a promise from the platform. The Bithumb incident demonstrated this because the platform was able to instantly create and display 620,000 BTC (worth ~$415B) in user accounts, an amount over ten times its actual held Bitcoin reserves (~42.6K BTC). These 'phantom balances' were even tradable within the platform, affecting prices, before being revoked, showing users do not have direct control over the assets their balance represents.

QWhat historical example is given to show the catastrophic consequences of an exchange's ledger being disconnected from real assets?

AThe historical example given is the collapse of Mt. Gox in 2014. Investigations revealed that most of the 850,000 (later adjusted to ~744,000) lost BTC had been stolen over several years without detection because Mt. Gox's internal accounting system never performed regular, comprehensive reconciliations with the actual blockchain state. Its internal ledger allowed 'magic transactions' where user balances could be arbitrarily changed without corresponding on-chain transfers, creating a dangerous illusion that ultimately led to a massive loss of user funds and a collapse of trust.

QAccording to the article, how did FTX's internal ledger function as a 'cover-up tool'?

AAt FTX, the internal ledger was used as a cover-up tool to hide the misappropriation of user funds. FTX secretly transferred customer deposits to its sister trading firm, Alameda Research, for high-risk investments, trading, and even personal expenses. The internal database showed customers their 'normal balances,' while custom code allowed Alameda's account to maintain a massive negative balance without triggering automatic risk alerts. This created a facade of solvency for users while the actual on-chain assets had been siphoned away.

QWhy does the article argue that Bithumb's successful recovery of the funds does not eliminate the underlying risk?

AThe article argues that the successful recovery was only possible due to the specific, limited scope of the incident (affecting only 695 users) and the exchange's powerful account control features (ability to instantly freeze trades and withdrawals). It highlights the extreme limits of emergency response. If the error had occurred on a platform-wide scale or if users had been able to withdraw the 'phantom coins' to other exchanges or on-chain, it would have caused a much larger, potentially uncontrollable systemic crisis, revealing the inherent fragility of the CEX accounting model.

Related Reads

Trading

Spot
Futures

Hot Articles

What is $BITCOIN

DIGITAL GOLD ($BITCOIN): A Comprehensive Analysis Introduction to DIGITAL GOLD ($BITCOIN) DIGITAL GOLD ($BITCOIN) is a blockchain-based project operating on the Solana network, which aims to combine the characteristics of traditional precious metals with the innovation of decentralized technologies. While it shares a name with Bitcoin, often referred to as “digital gold” due to its perception as a store of value, DIGITAL GOLD is a separate token designed to create a unique ecosystem within the Web3 landscape. Its goal is to position itself as a viable alternative digital asset, although specifics regarding its applications and functionalities are still developing. What is DIGITAL GOLD ($BITCOIN)? DIGITAL GOLD ($BITCOIN) is a cryptocurrency token explicitly designed for use on the Solana blockchain. In contrast to Bitcoin, which provides a widely recognized value storage role, this token appears to focus on broader applications and characteristics. Notable aspects include: Blockchain Infrastructure: The token is built on the Solana blockchain, known for its capacity to handle high-speed and low-cost transactions. Supply Dynamics: DIGITAL GOLD has a maximum supply capped at 100 quadrillion tokens (100P $BITCOIN), although details regarding its circulating supply are currently undisclosed. Utility: While precise functionalities are not explicitly outlined, there are indications that the token could be utilized for various applications, potentially involving decentralized applications (dApps) or asset tokenization strategies. Who is the Creator of DIGITAL GOLD ($BITCOIN)? At present, the identity of the creators and development team behind DIGITAL GOLD ($BITCOIN) remains unknown. This situation is typical among many innovative projects within the blockchain space, particularly those aligning with decentralized finance and meme coin phenomena. While such anonymity may foster a community-driven culture, it intensifies concerns about governance and accountability. Who are the Investors of DIGITAL GOLD ($BITCOIN)? The available information indicates that DIGITAL GOLD ($BITCOIN) does not have any known institutional backers or prominent venture capital investments. The project seems to operate on a peer-to-peer model focused on community support and adoption rather than traditional funding routes. Its activity and liquidity are primarily situated on decentralized exchanges (DEXs), such as PumpSwap, rather than established centralized trading platforms, further highlighting its grassroots approach. How DIGITAL GOLD ($BITCOIN) Works The operational mechanics of DIGITAL GOLD ($BITCOIN) can be elaborated on based on its blockchain design and network attributes: Consensus Mechanism: By leveraging Solana’s unique proof-of-history (PoH) combined with a proof-of-stake (PoS) model, the project ensures efficient transaction validation contributing to the network's high performance. Tokenomics: While specific deflationary mechanisms have not been extensively detailed, the vast maximum token supply implies that it may cater to microtransactions or niche use cases that are still to be defined. Interoperability: There exists the potential for integration with Solana’s broader ecosystem, including various decentralized finance (DeFi) platforms. However, the details regarding specific integrations remain unspecified. Timeline of Key Events Here is a timeline that highlights significant milestones concerning DIGITAL GOLD ($BITCOIN): 2023: The initial deployment of the token occurs on the Solana blockchain, marked by its contract address. 2024: DIGITAL GOLD gains visibility as it becomes available for trading on decentralized exchanges like PumpSwap, allowing users to trade it against SOL. 2025: The project witnesses sporadic trading activity and potential interest in community-led engagements, although no noteworthy partnerships or technical advancements have been documented as of yet. Critical Analysis Strengths Scalability: The underlying Solana infrastructure supports high transaction volumes, which could enhance the utility of $BITCOIN in various transaction scenarios. Accessibility: The potential low trading price per token could attract retail investors, facilitating wider participation due to fractional ownership opportunities. Risks Lack of Transparency: The absence of publicly known backers, developers, or an audit process may yield skepticism regarding the project's sustainability and trustworthiness. Market Volatility: The trading activity is heavily reliant on speculative behavior, which can result in significant price volatility and uncertainty for investors. Conclusion DIGITAL GOLD ($BITCOIN) emerges as an intriguing yet ambiguous project within the rapidly evolving Solana ecosystem. While it attempts to leverage the “digital gold” narrative, its departure from Bitcoin's established role as a store of value underscores the need for a clearer differentiation of its intended utility and governance structure. Future acceptance and adoption will likely depend on addressing the current opacity and defining its operational and economic strategies more explicitly. Note: This report encompasses synthesised information available as of October 2023, and developments may have transpired beyond the research period.

363 Total ViewsPublished 2025.05.13Updated 2025.05.13

What is $BITCOIN

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of BTC (BTC) are presented below.

活动图片

Top Questions