Behind the 2000 BTC Incident: The Fundamental Problem of CEX Ledgers

Original | Odaily Planet Daily (@OdailyChina)

Author | Ding Dang (@XiaMiPP)

On the evening of February 6, during a routine marketing event, the Korean cryptocurrency exchange Bithumb created an incident significant enough to be recorded in the crypto industry's annals.

This was originally just a small-scale "random treasure chest" event. According to the official design, the platform planned to distribute cash rewards totaling approximately 620,000 KRW to 695 participating users. Among them, 249 users actually opened the chests and claimed the rewards, meaning the individual amount was about 2,000 KRW, equivalent to only about $1.4 USD. However, due to a backend unit configuration error, the reward unit was mistakenly set to BTC (Bitcoin) instead of KRW (Korean Won). This instantly "airdropped" 2,000 BTC to each user who opened a chest, totaling 620,000 bitcoins. The displayed assets of a single account exceeded $160 million USD.

At the then prevailing price of about 98 million KRW per BTC (approx. $67,000 USD), the账面 value of these "out-of-thin-air" bitcoins was about $41.5–44 billion USD. While these assets did not exist on-chain, they were "tradable" within the exchange's internal system. The result was almost instantaneous: the BTC/KRW trading pair on the Bithumb platform plummeted from the global average price to 81.11 million KRW (approx. $55,000 USD) within a dozen minutes, a drop of nearly 17%; the global BTC market also briefly fell by about 3%, and over $400 million was liquidated in the derivatives market.

Bithumb's "Swift Recovery," Is It Really Something to Celebrate?

In a subsequent incident disclosure announcement, Bithumb stated that within 35 minutes of the erroneous payment, it had restricted transactions and withdrawals for the 695 affected customers. Over 99% of the erroneously paid amount has been recovered, and the remaining 0.3% (1,788 BTC) that had been sold was covered by the company's own assets, ensuring no impact on user assets. Simultaneously, the platform launched a series of compensation measures. Starting February 8, user compensation was rolled out in batches, including distributing 20,000 KRW to users online during the incident, refunding the price difference to users who sold at a low price plus an additional 10% consolation payment, and offering a 0% trading fee promotion on all trading pairs for 7 days starting February 9.

At this point, the entire incident seemed to have been brought under control.

But another question still lingers in our minds: Why could Bithumb generate 620,000 non-existent BTC in its backend all at once?

To answer this question, we must return to the core, yet least understood by average users, layer of centralized exchanges: the accounting method.

Unlike decentralized exchanges where every transaction occurs directly on the blockchain and balances are determined in real-time by the on-chain state, centralized exchanges, in pursuit of extreme trading speed, low latency, and minimal cost, almost universally adopt a hybrid model of "internal ledger + delayed settlement."

The balances, transaction records, and profit/loss curves users see are essentially just numerical changes in the exchange's database. When you deposit, trade, or withdraw, only the parts that truly involve on-chain asset movements (like withdrawing to an external wallet, cross-exchange transfers, large internal settlements) trigger actual blockchain transfer operations. In the vast majority of daily scenarios, the exchange only needs to modify a line in a database field to complete "one asset change"—this is the fundamental reason why Bithumb could instantly "generate out of thin air" 620,000 BTC in displayed balances.

This model brings enormous convenience: millisecond-order matching, zero Gas fees, support for complex financial products like leverage, contracts, and lending. But the flip side of this convenience is a fatal asymmetry of trust: users believe "my balance is my asset," while in reality, users only possess an IOU (I Owe You) from the platform. As long as the backend permissions are sufficiently broad and the validation mechanisms are lax enough, a simple parameter error or malicious operation can cause the numbers in the database to severely diverge from the real on-chain holdings.

According to data disclosed by Bithumb for Q3 2025, the platform's actual Bitcoin holdings were approximately 42,600 BTC, of which only 175 BTC were company-owned assets, and the rest were user custodial assets. Yet, in this incident, the system was able to credit user accounts with an amount of BTC more than ten times the size of its real holdings.

More importantly, these "phantom balances" were not just displayed in the backend; they could participate in real matching within the platform, affect prices, and create a false sense of liquidity. This is no longer just a single-point technical bug, but a systemic risk inherent in the architecture of centralized exchanges: the severe disconnect between the internal ledger and real on-chain assets.

The Bithumb incident is merely a moment when this risk was amplified enough for everyone to see.

Mt.Gox: How Ledger Illusion Once Destroyed an Era

History has repeatedly confirmed this with painful lessons. For example, the Mt.Gox collapse in 2014. Even though over a decade has passed, we can still remember the market panic caused every time large transfers moved for exchange reimbursements.

Mt.Gox, as the world's largest Bitcoin exchange at the time, once accounted for over 70% of Bitcoin trading volume. But in February 2014, it suddenly suspended withdrawals and declared bankruptcy, claiming to have "lost" approximately 850,000 BTC (worth about $460 million at the time, later adjusted in some reports to around 744,000 BTC). On the surface, this was due to hackers exploiting the "transaction malleability" vulnerability in the Bitcoin protocol, altering transaction IDs causing the exchange to mistakenly believe withdrawals hadn't occurred, thus resending funds. But deeper investigations (including reports by security teams like WizSec in 2015) revealed a harsher truth: the vast majority of the lost Bitcoins had been gradually stolen between 2011 and 2013, yet Mt.Gox failed to detect it for years because its internal accounting system never performed regular, comprehensive reconciliations with the on-chain state.

Mt.Gox's internal ledger allowed "magic transactions": employees or intruders could arbitrarily add or subtract user balances without corresponding on-chain transfers. The hot wallet was repeatedly compromised, funds were slowly transferred to unknown addresses, but the platform continued to show "normal balances." It was even rumored that after a major theft in 2011, management chose to conceal it rather than declare bankruptcy, leading to subsequent operations continuing on a "fractional reserve" basis. This ledger illusion was maintained for years until the hole became too large to cover in 2014, using the "transaction malleability bug" as an excuse for public disclosure. Ultimately, Mt.Gox's bankruptcy not only destroyed user trust but also caused Bitcoin's price to crash over 20%, becoming the most famous case of "trust collapse" in crypto history.

FTX: When the Ledger Becomes a "Cover-up Tool" Instead of a "Recording Tool"

Recently, due to the popularity of Openclaw, a topic has resurfaced: the intersection of crypto and AI, which peaked during the FTX era. Before its collapse, FTX had heavily invested in the AI field, its most famous case being leading a hundreds-of-millions-of-dollars investment round in AI startup Anthropic. Had FTX not collapsed, its Anthropic stake could be worth tens of billions of dollars today, but bankruptcy liquidation turned this "AI lottery ticket" to dust. The reason for its collapse was that FTX's internal ledger was long and deliberately mismatched with real assets. Through commingling of funds and covert operations, customer deposits became a "back garden" that could be随意挪用 (misappropriated at will).

FTX was highly intertwined with its quantitative trading sister company, Alameda Research, both controlled by Sam Bankman-Fried (SBF). Alameda's balance sheet was filled with FTT, a native token issued by FTX itself. This asset had almost no external market anchor, its value primarily relying on internal liquidity and artificially maintained prices. More critically, the FTX platform granted Alameda a nearly unlimited line of credit (disclosed at one point as high as $65 billion), and the real "collateral" for this credit was the deposits of FTX users.

These client funds were secretly transferred to Alameda for use in high-leverage trading, venture investments, and even SBF's personal luxury spending, real estate purchases, and political donations. The internal ledger played a "covering" role here.

According to court documents, FTX's database could easily record client deposits as "normal balances," while simultaneously using custom code in the backend to keep Alameda's account in a negative balance without triggering any automatic liquidation or risk alerts. The balances users saw in the app seemed safe and reliable, but the actual on-chain assets had long been挪走 (moved away) to fill Alameda's loss holes or prop up the FTT price.

FTX creditor repayments are still not fully resolved, and the bankruptcy liquidation process is still ongoing.

Bithumb's 35 Minutes is Just a Narrow Window

Returning to Bithumb, the fact that this incident was contained within 35 minutes does not掩盖 (mask) the severity of this risk. On the contrary, it precisely illustrates the limits of emergency response: the disaster was only contained within a range where "the hole could be plugged out of pocket" because the number of affected users was limited (only 695), the erroneous assets had not yet moved on-chain on a large scale, and the platform had extremely strong account control capabilities (the ability to freeze trading/withdrawal/login permissions in bulk with one click). Had this blunder occurred at the level of the entire user base, or if some users had withdrawn the "phantom coins" to other exchanges or even on-chain, Bithumb could likely have triggered a larger systemic shock.

Even regulators have noticed this. On February 9, the Korean Financial Supervisory Service (FSS) stated that the erroneous Bitcoin distribution incident at Bithumb highlights the systemic fragility existing in the crypto asset field, necessitating further strengthening of regulatory rules. FSS Governor Lee Chan-jin pointed out at a press conference that the incident reflects structural problems in the electronic systems of virtual assets. Regulatory authorities are conducting a focused review on this matter and will incorporate related risks into subsequent legislative considerations to promote the inclusion of digital assets into a more完善的 (complete/robust) regulatory framework. An emergency on-site inspection has been launched and explicitly stated to be expanded to other local exchanges like Upbit and Coinone. This likely means regulators have understood this signal.

Conclusion

Bithumb's $40 billion phantom airdrop, seemingly absurd on the surface, is actually insightful. It laid bare a long-standing problem in the most直观的 (intuitive) way. The convenience of centralized exchanges is essentially built on a highly asymmetric trust relationship: users believe the "balance" in their account is equivalent to real assets, while in reality, it is merely a unilateral promise from the platform to the user. Once internal controls fail or are maliciously exploited, 'your balance' can instantly vanish into thin air.

Therefore, even if the Bithumb incident ended "under control," it should not be interpreted as a successful crisis management case, but rather as an alarm bell that must be heard. The speed, low cost, and high liquidity pursued by exchanges are always obtained at the cost of users relinquishing direct control over their assets. As long as this premise is not正视 (acknowledged/faced squarely), similar risks cannot truly disappear.