Behind the 2000 BTC Incident: The Fundamental Problem of CEX Ledgers

Original | Odaily Planet Daily (@OdailyChina)

Author | Ding Dang (@XiaMiPP)

On the evening of February 6, during a routine marketing event, the Korean cryptocurrency exchange Bithumb created an incident significant enough to be recorded in the annals of the crypto industry.

This was originally just a very small-scale "random treasure chest" event. According to the official design, the platform planned to distribute cash rewards totaling approximately 620,000 KRW to 695 participating users. Among them, 249 users actually opened the treasure chests and claimed the rewards, which amounted to about 2000 KRW per person, equivalent to just $1.4 USD. However, due to a backend unit configuration error, the reward unit was mistakenly set to BTC (Bitcoin) instead of KRW (Korean Won). This instantly resulted in an "airdrop" of 2000 BTC to each user who opened a chest, totaling 620,000 BTC. The displayed assets in a single account exceeded $160 million USD.

At the then price of about 98 million KRW per BTC (approximately $67,000 USD), the book value of these "out-of-thin-air" bitcoins was about $41.5–44 billion USD. Although these assets did not exist on-chain, they were "tradable" within the exchange's internal system. The consequences were almost immediate: the BTC/KRW trading pair on the Bithumb platform plummeted from the global average price to 81.11 million KRW (about $55,000 USD) within just over ten minutes, a drop of nearly 17%; the global BTC market also briefly fell by about 3%, and over $400 million was liquidated in the derivatives market.

Bithumb's "Swift Recovery": Is It Really Something to Celebrate?

In a subsequent incident disclosure announcement, Bithumb stated that within 35 minutes of the erroneous payment, it had restricted transactions and withdrawals for the 695 affected customers. Over 99% of the erroneously paid amount has been recovered, and the remaining 0.3% (1788 BTC) that had been sold was covered by the company's own assets, ensuring no impact on user assets. Simultaneously, the platform launched a series of compensation measures. Starting February 8, user compensation was rolled out in batches, including distributing 20,000 KRW compensation to users online during the incident, refunding the price difference to users who sold at a low price plus an additional 10% consolation payment, and offering a 0% trading fee promotion on all products for 7 days starting February 9.

At this point, the entire incident seemed to have been brought under "control."

But another question still lingers in our minds: Why could Bithumb's backend, in one go, generate 620,000 BTC that simply did not exist?

To answer this question, we must return to the core, yet least understood by average users, layer of centralized exchanges: the accounting method.

Unlike decentralized exchanges where every transaction occurs directly on the blockchain and balances are determined in real-time by the on-chain state, centralized exchanges, in pursuit of extreme trading speed, low latency, and minimal cost, almost universally adopt a hybrid model of "internal ledger + delayed settlement."

The balances, transaction records, and profit/loss charts users see are essentially just numerical changes in the exchange's database. When you deposit, trade, or withdraw, only the parts that truly involve on-chain asset movements (like withdrawing to an external wallet, cross-exchange transfers, large internal settlements) trigger actual blockchain transfer operations. In the vast majority of everyday scenarios, the exchange only needs to modify a single database field internally to complete "one asset change"—this is the fundamental reason why Bithumb was able to instantly "generate out of thin air" 620,000 BTC in displayed balances.

This model offers tremendous convenience: millisecond-order matching, zero Gas fees, support for complex financial products like leverage, contracts, and lending. But the flip side of this convenience is a fatal asymmetry of trust: users believe "my balance is my asset," but in reality, users only possess an IOU (I Owe You) from the platform. As long as the backend permissions are sufficiently broad and the validation mechanisms lax enough, a simple parameter error or malicious operation can cause the numbers in the database to severely disconnect from the real on-chain holdings.

According to data disclosed by Bithumb for the third quarter of 2025, the platform's actual Bitcoin holdings were approximately 42,600 BTC, of which only 175 BTC were company-owned assets, and the rest were user custodial assets. Yet, in this incident, the system was able to credit user accounts with a BTC amount more than ten times the size of its real holdings in one go.

More importantly, these "phantom balances" were not just displayed in the backend; they could participate in real matching within the platform, affect prices, and create a false sense of liquidity. This is no longer just a single-point technical bug, but a systemic risk inherent in the architecture of centralized exchanges: the severe disconnect between the internal ledger and real on-chain assets.

The Bithumb incident is merely a moment when this risk was amplified enough for everyone to see.

Mt.Gox: How Ledger Illusion Once Destroyed an Era

History has repeatedly confirmed this with painful lessons. For example, the collapse of Mt.Gox in 2014. Even though over a decade has passed, we can still remember the market panic caused every time large transfers were made for exchange reimbursements.

Mt.Gox, as the world's largest Bitcoin exchange at the time, once accounted for over 70% of Bitcoin trading volume. However, in February 2014, it suddenly suspended withdrawals and declared bankruptcy, claiming to have "lost" approximately 850,000 BTC (valued at about $460 million at the time, later adjusted in some reports to around 744,000 BTC). On the surface, this was due to hackers exploiting a "transaction malleability" vulnerability in the Bitcoin protocol, altering transaction IDs causing the exchange to mistakenly believe withdrawals hadn't occurred, thus resending funds. But deeper investigations (including reports by security teams like WizSec in 2015) revealed a harsher truth: the vast majority of the lost Bitcoins had been gradually stolen between 2011 and 2013, yet Mt.Gox failed to detect it for years because its internal accounting system never performed regular, comprehensive reconciliations with the on-chain state.

Mt.Gox's internal ledger allowed for "magic transactions": employees or intruders could arbitrarily add or delete user balances without corresponding on-chain transfers. The hot wallet was repeatedly compromised, funds were slowly transferred to unknown addresses, but the platform continued to show "normal balances." It was even rumored that after a major theft in 2011, management chose to conceal it rather than declare bankruptcy, leading to subsequent operations continuing on a "fractional reserve" basis. This ledger illusion was maintained for years until the hole became too large to cover in 2014, using the "transaction malleability bug" as an excuse for the public announcement. Ultimately, Mt.Gox's bankruptcy not only destroyed user trust but also caused Bitcoin's price to plummet over 20%, becoming the most famous case of "trust collapse" in crypto history.

FTX: When the Ledger Becomes a "Cover-Up Tool" Instead of a "Recording Tool"

Recently, due to the popularity of Openclaw, another topic has emerged: the intersection of crypto and AI, which peaked during the FTX era. Before its collapse, FTX had heavily invested in the AI field, its most famous case being leading a hundreds-of-millions-of-dollars funding round for AI startup Anthropic. Had FTX not fallen, its Anthropic stake could be worth tens of billions of dollars today, but bankruptcy liquidation turned this "AI lottery ticket" to dust. The reason for its collapse was that FTX's internal ledger was long and deliberately mismatched with real assets. Through commingling of funds and covert operations, client deposits became a "back garden" that could be freely misappropriated.

FTX was highly intertwined with its quantitative trading sister company, Alameda Research, both controlled by Sam Bankman-Fried (SBF). Alameda's balance sheet was filled with FTT, a native token issued by FTX itself. This asset had little external market anchoring; its value primarily relied on internal liquidity and artificially maintained prices. More critically, the FTX platform granted Alameda nearly unlimited credit lines (disclosed once as high as $65 billion), and the real "collateral" for this line was FTX users' deposits.

These client funds were secretly transferred to Alameda for use in high-leverage trading, venture investments, and even SBF's personal luxury spending, real estate purchases, and political donations. The internal ledger played a "cover-up" role here.

According to court documents, FTX's database could easily record client deposits as "normal balances," while simultaneously using custom code to keep Alameda's accounts in negative balance without triggering any automatic liquidation or risk alerts. The balances users saw in the app seemed safe and reliable, but the actual on-chain assets had long been挪走 (moved away) to fill Alameda's loss holes or prop up the FTT price.

FTX creditor repayments are still not fully resolved, and the bankruptcy liquidation process is still ongoing.

Bithumb's 35 Minutes is Just a Narrow Window

Returning to Bithumb, the fact that this incident was contained within 35 minutes does not掩盖 (mask) the severity of this risk. On the contrary, it precisely illustrates the limits of emergency response: the disaster was only contained within a "can cover the hole out of pocket" scope because the number of affected users was limited (only 695), the erroneous assets had not yet been大规模上链 (moved on-chain on a large scale), and the platform had extremely strong account control capabilities (the ability to freeze trading/withdrawal/login permissions in bulk with one click). Had this blunder occurred at the full platform user level, or if some users had already withdrawn the "phantom coins" to other exchanges or even on-chain, Bithumb could likely triggered a larger-scale systemic shock.

Even regulators have noticed this. On February 9, the Korean Financial Supervisory Service (FSS) stated that the erroneous Bitcoin distribution incident at Bithumb highlights the systemic vulnerabilities existing in the crypto asset field, necessitating further strengthening of regulatory rules. FSS Governor Lee Chan-jin pointed out at a press conference that the incident reflects structural problems in the electronic systems of virtual assets. Regulatory authorities are conducting a key review on this matter and will incorporate related risks into subsequent legislative considerations to promote the inclusion of digital assets into a more完善的 (complete/sound) regulatory framework. An emergency on-site inspection has been launched and explicitly stated it will be expanded to other local exchanges like Upbit and Coinone. This likely means regulators have understood this signal.

Conclusion

Bithumb's $40 billion phantom airdrop, seemingly absurd on the surface, is actually insightful. It laid out a long-standing problem in the most直观的 (intuitive) way. The convenience of centralized exchanges is essentially built on a highly asymmetric trust relationship: users believe the "balance" in their account is equivalent to real assets, but in reality, it is only a unilateral commitment from the platform to the user. Once internal controls fail or are maliciously exploited, 'your balance' can instantly vanish into thin air.

Therefore, even if the Bithumb incident ended "under control," it should not be interpreted as a successful crisis management case, but rather as an alarm bell that must be heard. The speed, low cost, and high liquidity pursued by exchanges are always obtained at the cost of users relinquishing direct control over their assets. As long as this premise is not正视 (acknowledged/faced squarely), similar risks cannot truly disappear.