The Bithumb 2000 BTC Mistake: The Fundamental Issue with CEX Ledgers

Original Article Title: "The Incident Behind 2000 BTC: The Fundamental Issue of CEX Ledgers"

Original Article Author: Ding Dang, Odaily Planet Daily

On the evening of February 6, the South Korean cryptocurrency exchange Bithumb, during a routine marketing event, caused an incident worthy of being recorded in the cryptocurrency industry's annals.

What was supposed to be a small-scale "random treasure chest" event turned into a mishap. As per the official plan, the platform intended to distribute a total of approximately 620,000 Korean won in cash rewards to 695 participating users. Of these, 249 people actually opened the treasure chest and claimed the rewards, with each individual receiving about 2000 Korean won, roughly equivalent to only $1.4. However, due to a backend unit configuration error, the reward unit was mistakenly set from KRW (Korean won) to BTC (Bitcoin), instantly "airdropping" 2000 BTC to each user who actually opened the treasure chest, totaling 620,000 BTC, causing the displayed asset value of a single account to exceed $160 million.

At the then rate of approximately 98 million KRW per BTC (about $67,000), the suddenly appearing Bitcoin batch had an on-paper value of about $41.5–44 billion. Although these assets do not exist on the chain, they are "tradable" within the exchange's internal system. The almost instantaneous result was as follows: the BTC/KRW pair on the Bithumb platform plummeted from the global average to 811.1 million KRW (about $55,000) within a dozen minutes, nearly a 17% drop; the global BTC market also briefly fell by about 3%, and the derivatives market saw over $400 million in liquidations.

Is Bithumb's "Swift Recovery" Truly Worthy of Celebration?

In a subsequent event disclosure announcement, Bithumb stated that within the 35 minutes of the mistaken payment, it had restricted the transactions and withdrawals of 695 customers; over 99% of the erroneous payment amount had been recovered, and the remaining 0.3% that had been sold (1788 BTC) had been replenished with company-owned assets to ensure user assets were not affected. Additionally, the platform introduced a series of compensatory measures. Starting from February 8, it began phased implementation of user compensation measures, including issuing 20,000 KRW compensation to online users during the incident, refunding the price difference to users who sold at a low price and providing an additional 10% condolence payment, and offering a 7-day 0% trading fee discount across all types of trades starting from February 9.

At this point, the whole situation seems to have come to a "controlled" conclusion.

But another question still lingers in our minds: Why was Bithumb able to generate 620,000 non-existent BTC in the background in one go?

To answer this question, we must go back to the most core yet least understood layer of centralized exchanges: the accounting method.

Unlike decentralized exchanges where each transaction occurs directly on the blockchain and balances are dynamically determined by on-chain states, centralized exchanges, in pursuit of ultimate transaction speed, low latency, and minimal costs, almost entirely utilize a "off-chain ledger + deferred settlement" hybrid model.

The balances, transaction records, P&L curves that users see are essentially just numerical changes in the exchange's database. When you deposit, trade, or withdraw, only the parts involving on-chain asset movements (such as withdrawing to an external wallet, inter-exchange transfers, large-scale internal settlements) trigger real blockchain transactions. In the vast majority of daily scenarios, the exchange only needs to modify a database field to complete the "one-time asset change" — this is precisely why Bithumb can instantly "create out of thin air" a balance of 620,000 BTC.

This model brings tremendous convenience: millisecond matching, zero gas fees, support for leverage, contracts, lending, and other complex financial products. However, the flip side of this convenience is a deadly trust asymmetry: users believe "my balance is my asset," when in reality, all users have is a paper promise from the platform (IOU). As long as the backend's permissions are extensive enough and the validation mechanisms are loose enough, a simple parameter error or malicious operation can cause a severe discrepancy between the numbers in the database and the actual on-chain holdings.

According to data disclosed by Bithumb in the third quarter of 2025, the platform actually held about 42,600 bitcoins, with only 175 being company-owned assets, and the rest being user custodial assets. However, in this incident, the system was able to credit users' accounts with a BTC amount that was more than ten times the actual holding.

More importantly, these "phantom balances" do not just exist in the backend display but can participate in real matching within the platform, influence prices, and create a liquidity illusion. This is no longer just a single-point technical bug but a systemic risk of a severe disconnect between the internal ledger and actual on-chain assets in the architecture of centralized exchanges.

The Bithumb incident merely amplified this risk to a moment where it was visible to everyone.

Mt.Gox: How a Ledger Illusion Once Destroyed an Era

History has repeatedly confirmed this with painful lessons. For example, the 2014 Mt.Gox collapse. Though more than a decade has passed since then, we still remember the market panic caused by each large transfer to the exchange for reimbursement.

As the world's largest Bitcoin exchange at the time, Mt.Gox once accounted for over 70% of Bitcoin trading volume but suddenly halted withdrawals and declared bankruptcy in February 2014, claiming to have "lost" around 850,000 BTC (valued at about $460 million at the time, later reports adjusted this to around 744,000 BTC). On the surface, this was attributed to hackers exploiting the "transaction malleability" loophole in the Bitcoin protocol, manipulating transaction IDs to make the exchange believe withdrawals had not occurred, leading to funds being sent multiple times. However, a deeper investigation (including a 2015 report by security teams like WizSec) revealed a more brutal truth: most of the lost Bitcoin had been gradually stolen between 2011 and 2013, unnoticed by Mt.Gox for years because its internal accounting system never thoroughly reconciled with the on-chain state.

Mt.Gox's internal ledger allowed for "magical trades": employees or intruders could arbitrarily adjust user balances without corresponding on-chain transfers. The hot wallet was repeatedly breached, funds were slowly siphoned to unknown addresses, yet the platform continued to display a "normal balance." Rumor has it that after a significant theft in 2011, the management chose to conceal the incident rather than declare bankruptcy, leading subsequent operations to continue running on a "fractional reserve" basis. This illusion in the ledger persisted for years until the hole became too large to conceal in 2014, and the excuse of a "transaction malleability bug" was used for public disclosure. Ultimately, Mt.Gox's bankruptcy not only shattered user trust but also caused Bitcoin's price to plummet over 20%, becoming the most famous "trust collapse" case in crypto history.

FTX: When a Ledger Shifted from a "Record Tool" to a "Cover Tool"

Recently, due to the fervor around Openclaw, a new topic has emerged: the intersection of crypto and AI, which once peaked in the FTX era. FTX had heavily invested in the AI field before its collapse, with its most notable case being the lead investment in the AI startup Anthropic, raising hundreds of millions of dollars. If FTX had not fallen, its stake in Anthropic could now be worth tens of billions of dollars, but the bankruptcy liquidation turned this "AI lottery ticket" into a mirage. The reason for its collapse was that FTX's internal ledger was misaligned with real assets for a long time intentionally, turning customer deposits into a "backyard" that could be freely misappropriated through fund mingling and covert operations.

FTX is highly intertwined with its quantitative trading sister company Alameda Research, both controlled by Sam Bankman-Fried (SBF). Alameda's balance sheet is filled with FTX's native token FTT, which has little external market anchoring and relies mainly on internal liquidity and artificially maintained prices. More crucially, the FTX platform provides Alameda with almost unlimited credit lines (disclosed to have reached up to $65 billion at one point), with the true "collateral" for this credit line being FTX users' deposits.

These client funds are surreptitiously moved to Alameda for high-leverage trading, venture capital investments, and even SBF's personal luxuries, real estate acquisitions, and political donations. The internal ledger here plays a "cover" role.

According to court filings, FTX's database can easily register client deposits as "normal balances" while custom code in the background keeps Alameda's account in a negative balance without triggering any automatic liquidation or risk alerts. Users see a seemingly secure and reliable balance on the app, but the on-chain assets have already been moved out to fill Alameda's loss-making holes or support the FTT price.

FTX creditors are still not fully compensated, and the bankruptcy settlement process is still ongoing.

Bithumb's 35 Minutes Was Just a Narrow Window

Returning to Bithumb, the incident was resolved within 35 minutes, but it did not overshadow the seriousness of this risk. Instead, it precisely illustrates the limits of emergency response: only when the number of affected users is limited (only 695 individuals), the wrong assets have not yet been massively transferred on-chain, and the platform has strong account control capabilities (one-click batch freeze of transactions/withdrawals/login permissions), can the disaster be contained within the scope of "self-funding the hole." If this error had occurred at the full platform user level, or if some users had already withdrawn the "ghost coins" to other exchanges or even on-chain, Bithumb would likely have caused a much larger systemic impact.

Even regulatory authorities have taken note of this. On February 9, the Financial Supervisory Service of South Korea (FSC) stated that the recent Bitcoin misdelivery incident at Bithumb highlights systemic vulnerabilities in the cryptocurrency field, emphasizing the need to further strengthen regulatory rules. FSS Director Lee Chan-jin stated at a press conference that this event reflects structural issues in the virtual asset electronic system, and regulatory agencies are conducting a focused review on this and will consider these risks in future legislation to promote digital assets' inclusion in a more comprehensive regulatory framework. An on-site inspection has been urgently initiated and will be expanded to include other domestic exchanges such as Upbit and Coinone, which likely indicates that regulators have understood this signal.

Epilogue

Bithumb's $40 Billion Ghost Airdrop, seemingly absurd yet profoundly revealing, has laid bare a longstanding issue in the most visceral way. The convenience of centralized exchanges is fundamentally built on a highly asymmetric trust relationship: Users trust that the "balance" in their account is equivalent to real assets, when in reality, it is merely a unilateral promise from the platform. Once internal controls are breached or maliciously exploited, "your balance" could instantly vanish into thin air.

Therefore, even though the Bithumb incident ended in a "controlled" manner, it should not be seen as a successful crisis management, but more like a warning bell that must be heard. The speed, low cost, and high liquidity that exchanges strive for are always obtained at the expense of users relinquishing direct control of their assets. As long as this premise is not addressed, similar risks cannot truly disappear.

Original Article Link