Behind the 2000 BTC Crisis: The Fundamental Issue with CEX Ledgers

Original | Odaily (@OdailyChina)

Author | Ding Dang (@XiaMiPP)

On the evening of February 6th, South Korean cryptocurrency exchange Bithumb created an incident significant enough to be recorded in the crypto industry's annals during a routine marketing campaign.

This was originally just a very small-scale "Random Treasure Chest" event. According to the official design, the platform planned to distribute a total cash reward of approximately 620,000 KRW to 695 participating users. Among them, 249 users actually opened the chests and claimed the rewards, meaning the individual amount was about 2,000 KRW, equivalent to only around $1.4 USD. However, due to a backend unit configuration error, the reward unit was mistakenly set to BTC (Bitcoin) instead of KRW (Korean Won). This instantly resulted in an "airdrop" of 2,000 BTC to each user who opened a chest, totaling 620,000 Bitcoin. The displayed assets in a single account exceeded $160 million.

Calculated at the then price of about 98 million KRW per BTC (approximately $67,000 USD), the book value of these "out-of-thin-air" bitcoins was about $415–440 billion. Although these assets did not exist on-chain, they were "tradable" within the exchange's internal system. The consequences were almost instantaneous: within a dozen minutes, the BTC/KRW trading pair on Bithumb plummeted from the global average price to 81.11 million KRW (about $55,000 USD), a drop of nearly 17%. The global BTC market also briefly fell by about 3%, and over $400 million was liquidated in the derivatives market.

Bithumb's "Lightning-Fast Recovery": Is It Really Something to Celebrate?

In a subsequent incident disclosure announcement, Bithumb stated that within 35 minutes of the erroneous payment, it had restricted trading and withdrawals for the 695 affected customers. Over 99% of the erroneously paid amount has been recovered. The remaining 0.3% (1,788 BTC) that had been sold has been covered by the company's own assets, ensuring user assets are unaffected. Simultaneously, the platform launched a series of compensation measures. Starting February 8th, user compensation measures were rolled out in batches, including distributing 20,000 KRW compensation to users online during the incident, refunding the price difference to users who sold at low prices plus an additional 10% consolation payment, and offering a 0% trading fee promotion for all trading pairs for 7 days starting February 9th.

At this point, the entire incident seems to have been brought under "control."

But another question still lingers in our minds: How could Bithumb generate 620,000 non-existent BTC in its backend all at once?

To answer this, we must return to the most core, yet least understood by ordinary users, layer of centralized exchanges: accounting methods.

Unlike decentralized exchanges where every transaction occurs directly on the blockchain and balances are determined by real-time on-chain state, centralized exchanges, in pursuit of extreme trading speed, low latency, and minimal cost, almost universally adopt a hybrid model of "internal ledger + delayed settlement."

The balances, transaction records, and profit/loss curves users see are essentially just numerical changes in the exchange's database. When you deposit, trade, or withdraw, only the parts that truly involve on-chain asset movement (like withdrawing to an external wallet, cross-exchange transfers, large internal settlements) trigger actual blockchain transfer operations. In the vast majority of daily scenarios, the exchange only needs to modify a single database field to complete "an asset change"—this is precisely the fundamental reason Bithumb could instantly "generate out of thin air" a displayed balance of 620,000 BTC.

This model brings immense convenience: millisecond-order matching, zero Gas fees, support for complex financial products like leverage, contracts, and lending. But the flip side of this convenience is a fatal trust asymmetry: users believe "my balance is my asset," while in reality, users only possess an IOU (I Owe You) from the platform. As long as the backend permissions are sufficiently broad and validation mechanisms are lax enough, a simple parameter error or malicious operation can cause a severe disconnect between the numbers in the database and the real on-chain holdings.

According to data disclosed by Bithumb for Q3 2025, the platform's actual Bitcoin holdings were approximately 42,600 BTC, of which only 175 BTC were company-owned assets, with the rest being user custodial assets. Yet, in this incident, the system was able to credit user accounts with a BTC amount over ten times the size of its real holdings in one go.

More importantly, these "phantom balances" were not just displayed in the backend; they could participate in real matching within the platform, affect prices, and create a false sense of liquidity. This is no longer just a single-point technical bug, but a systemic risk inherent in the centralized exchange architecture: the severe disconnect between the internal ledger and real on-chain assets.

The Bithumb incident is merely the moment this risk was amplified enough for everyone to see.

Mt.Gox: How Ledger Illusion Once Destroyed an Era

History has repeatedly confirmed this with painful lessons. For example, the Mt.Gox collapse in 2014. Even though over a decade has passed, we still remember the market panic caused each time large transfers were made for exchange reimbursements.

Mt.Gox, as the world's largest Bitcoin exchange at the time, once accounted for over 70% of Bitcoin trading volume. Yet, in February 2014, it suddenly suspended withdrawals and declared bankruptcy, claiming it had "lost" approximately 850,000 BTC (worth about $460 million at the time, later adjusted to around 744,000 BTC in some reports). On the surface, this was due to hackers exploiting the "transaction malleability" vulnerability in the Bitcoin protocol, altering transaction IDs causing the exchange to mistakenly think withdrawals hadn't occurred, thus resending funds. But deeper investigations (including reports by security teams like WizSec in 2015) revealed a harsher truth: the vast majority of the lost Bitcoin had been gradually stolen between 2011 and 2013, yet Mt.Gox remained unaware for years because its internal accounting system never performed regular, comprehensive reconciliations with the actual on-chain state.

Mt.Gox's internal ledger allowed "magic transactions": employees or intruders could arbitrarily add or subtract user balances without corresponding on-chain transfers. Hot wallets were repeatedly compromised, funds were slowly transferred to unknown addresses, but the platform continued to display "normal balances." It was even rumored that after a major theft in 2011, management chose concealment over bankruptcy, leading to subsequent operations continuing on a "fractional reserve" basis. This ledger illusion was maintained for years until the hole became too large to cover in 2014, using the "transaction malleability bug" as an excuse for public disclosure. Ultimately, Mt.Gox's bankruptcy not only destroyed user trust but also triggered a Bitcoin price crash of over 20%, becoming the most famous "trust collapse" case in crypto history.

FTX: When the Ledger Transformed from a "Recording Tool" to a "Cover-Up Tool"

Recently, due to the popularity of Openclaw, another topic has resurfaced: the intersection of crypto and AI, which peaked during the FTX era. Before its collapse, FTX heavily invested in the AI field, its most famous case being leading a several-hundred-million-dollar funding round for AI startup Anthropic. If FTX hadn't collapsed, its Anthropic equity could now be worth tens of billions of dollars, but bankruptcy liquidation turned this "AI lottery ticket" to dust. The reason for its downfall was that FTX's internal ledger was long-term and deliberately mismatched with real assets. Through commingling of funds and covert operations, customer deposits became a "backyard" that could be freely misappropriated.

FTX was highly intertwined with its quantitative trading sister company, Alameda Research, both controlled by Sam Bankman-Fried (SBF). Alameda's balance sheet was filled with FTT, the native token issued by FTX itself. This asset had almost no external market anchor; its value primarily relied on internal liquidity and artificially maintained prices. More critically, the FTX platform granted Alameda nearly unlimited credit lines (disclosed to be as high as $65 billion at one point), and the real "collateral" for these lines was the deposits of FTX users.

These customer funds were secretly transferred to Alameda for high-leverage trading, venture investments, and even SBF's personal luxury spending, real estate purchases, and political donations. The internal ledger played a "cover-up" role here.

According to court documents, FTX's database could easily record customer deposits as "normal balances," while simultaneously using custom code in the backend to keep Alameda's account in negative balance without triggering any automatic liquidation or risk alerts. The balances users saw in the app seemed safe and reliable, but the actual on-chain assets had long been siphoned away to fill Alameda's loss holes or prop up the FTT price.

The FTX creditor reimbursement process is still not fully resolved, and bankruptcy liquidation proceedings are still ongoing.

Bithumb's 35 Minutes is Just a Narrow Window

Returning to Bithumb, the fact that this incident was resolved within 35 minutes does not mask the severity of this risk. On the contrary, it precisely illustrates the limits of emergency response: disaster was only contained within a "can cover the hole out of pocket" scope because the number of affected users was limited (only 695), the erroneous assets had not been moved on-chain on a large scale, and the platform possessed extremely strong account control capabilities (one-click bulk freezing of trading/withdrawal/login permissions). If this blunder had occurred at the level of the entire platform's user base, or if some users had already withdrawn the "phantom coins" to other exchanges or even on-chain, Bithumb could very likely have triggered a larger-scale systemic shock.

Even regulators have taken note. On February 9th, South Korea's Financial Supervisory Service (FSS) stated that the recent erroneous Bitcoin distribution incident at Bithumb highlights the systemic vulnerabilities in the crypto asset sector, necessitating further strengthening of regulatory rules. FSS Governor Lee Chan-jin pointed out at a press conference that the incident reflects structural issues in virtual asset electronic systems. Regulatory authorities are conducting focused reviews on this matter and will incorporate related risks into subsequent legislative considerations to promote the inclusion of digital assets into a more comprehensive regulatory framework. An on-site inspection has been urgently launched and explicitly stated to be expanded to other domestic exchanges like Upbit and Coinone. This likely means regulators have understood this signal.

Conclusion

Bithumb's $40 billion phantom airdrop, seemingly absurd on the surface, is profoundly revealing. It lays bare a long-standing problem in the most direct way possible. The convenience of centralized exchanges is fundamentally built upon a highly asymmetric trust relationship: users believe the "balance" in their account is equivalent to real assets, while in reality, it is merely a unilateral promise from the platform to the user. Once internal controls fail or are maliciously exploited, 'your balance' can vanish in an instant.

Therefore, even if the Bithumb incident ended "under control," it should not be interpreted as a successful crisis management case, but rather as an alarm bell that must be heard. The speed, low cost, and high liquidity pursued by exchanges are always obtained at the cost of users relinquishing direct control over their assets. As long as this premise is not properly acknowledged, similar risks cannot truly disappear.