Let's trace back the story behind the BTC crisis at the South Korean cryptocurrency exchange Bithumb!!!

Behind the crisis of 2000 BTC: The fundamental issue of CEX ledgers
On the evening of February 6, South Korean cryptocurrency exchange Bithumb caused an incident that was significant enough to be recorded in the annual of the cryptocurrency industry during a routine marketing campaign.
What was originally a very small-scale 'random treasure chest' event. According to official design, the platform planned to distribute a total of about 620,000 KRW in cash rewards to 695 participating users, of which 249 actually opened the treasure chest and claimed the reward, meaning an individual amount of about 2000 KRW, equivalent to only around 1.4 USD. However, due to a backend configuration error, the reward unit was mistakenly set from KRW to BTC, instantly 'airdropping' 2000 BTC to each user who opened the treasure chest, totaling 620,000 BTC, with the display assets of a single account exceeding 160 million USD.
Based on the then price of about 98 million won per coin (about $67,000), the paper value of this batch of "suddenly appeared" Bitcoins is approximately $41.5–44 billion. Although these assets do not exist on-chain, they are "tradeable" within the exchange's internal system. The results were almost instantaneous: the BTC/KRW trading pair on the Bithumb platform rapidly fell from the global average price to 81.11 million won (about $55,000) within minutes, a drop of nearly 17%; the BTC global market also briefly dipped about 3%, and the derivatives market saw over $400 million in liquidations.
Is Bithumb's "rapid recovery" really something to be grateful for?
In subsequent incident disclosure announcements, Bithumb stated that within the 35 minutes during which the mispayment occurred, restrictions on transactions and withdrawals for 695 customers had been implemented, with over 99% of the mispayment amount recovered, and the remaining 0.3% (1,788 BTC) that had been sold was supplemented by the company's own assets to ensure that user assets were unaffected. At the same time, the platform launched a series of compensation measures. Starting from February 8, user compensation measures were rolled out in batches, including issuing a 20,000 won compensation to online users during the incident, returning the price difference to users who sold at low prices along with an additional 10% consolation payment, and offering a 0% trading fee discount for all products for 7 days starting from February 9.
As of now, the entire situation seems to have ended in a "controllable" manner.
But another question still lingers in our minds: Why could Bithumb generate 620,000 BTC that do not exist in the backend all at once?
To answer this question, we must return to the core layer of centralized exchanges that is most fundamental yet least understood by ordinary users: the method of bookkeeping.
Unlike decentralized exchanges where each transaction occurs directly on the blockchain and balances are determined in real-time by on-chain status, centralized exchanges, in pursuit of extreme trading speed, low latency, and very low costs, almost entirely adopt a hybrid model of "internal ledger + delayed settlement."
The balance, transaction records, and profit and loss curves visible to users are essentially just numerical changes in the exchange's database. When you deposit, trade, or withdraw, only the parts involving actual on-chain asset flows (such as withdrawing to an external wallet, transferring across exchanges, large internal settlements) will trigger real blockchain transfer operations. In the vast majority of everyday scenarios, the exchange only needs to modify a single line in the database to complete an "asset change"—this is precisely the fundamental reason Bithumb could "magically generate" 620,000 BTC to display balances in an instant.
This model brings tremendous convenience: millisecond-level matching, zero gas fees, support for leverage, contracts, lending, and other complex financial products. But on the other side of convenience is a fatal asymmetry of trust: users believe that "my balance is my asset", while in reality, what users possess is merely a piece of paper promise (IOU) from the platform. As long as the backend permissions are sufficiently large and the verification mechanisms are loose enough, simple parameter errors or malicious operations can lead to a severe disconnection between the numbers in the database and the actual on-chain holdings.
According to data disclosed by Bithumb in the third quarter of 2025, the platform actually holds about 42,600 Bitcoins, of which the company's own assets are only 175, while the rest are user-held assets. However, in this incident, the system was able to credit user accounts with quantities of BTC more than ten times the actual holdings.
More importantly, these "ghost balances" do not merely exist in the backend display but can participate in real matching within the platform, affect prices, and create a false illusion of liquidity. This is no longer just a single-point technical bug but represents a systematic risk of the long-standing severe disconnect between the internal ledger of centralized exchanges and real on-chain assets.
The Bithumb incident is merely a moment when this risk was magnified to the point of being visible to everyone.
Mt. Gox: How the illusion of the ledger once destroyed an era
History has repeatedly verified this painful lesson. For instance, the Mt. Gox collapse in 2014. Although this event happened over a decade ago, we can still remember the market panic caused by each large transfer to the exchange for compensation.
As the largest Bitcoin exchange in the world at the time, Mt. Gox accounted for over 70% of Bitcoin trading volume but suddenly suspended withdrawals and declared bankruptcy in February 2014, claiming to have "lost" approximately 850,000 BTC (worth about $460 million at the time, later reports adjusted this number to around 744,000). On the surface, this appeared to be hackers exploiting a "transaction malleability" flaw in the Bitcoin protocol, altering transaction IDs leading the exchange to mistakenly think withdrawals had not occurred, thus repeatedly sending funds. However, in-depth investigations (including a report from security team WizSec in 2015) revealed a harsher truth: the vast majority of the lost Bitcoins had already been gradually stolen between 2011 and 2013, yet Mt. Gox had remained unaware for years because its internal accounting system had never truly conducted periodic and comprehensive reconciliations with on-chain status.
Mt. Gox's internal ledger allowed for "magic trades": employees or intruders could freely add or subtract user balances without needing to correspond to on-chain transfers. Hot wallets were repeatedly hacked, and funds were slowly transferred to unknown addresses, yet the platform continued to display "normal balances". Even after a major theft in 2011, it is rumored that management chose to conceal rather than declare bankruptcy, causing subsequent operations to continue based on "fractional reserves". This illusion of the ledger was maintained for years until the holes became too large to cover in 2014, at which point it was publicly disclosed under the pretext of a "transaction malleability bug." Ultimately, Mt. Gox's bankruptcy not only destroyed user trust but also triggered a more than 20% drop in Bitcoin prices, becoming the most famous case of "trust collapse" in cryptocurrency history.
FTX: When the ledger became a "cover tool" instead of a "recording tool"
Recently, due to the popularity of Openclaw, a topic has resurfaced: the intersection of cryptocurrency and AI, which peaked during the FTX era. FTX had heavily invested in the AI field before its collapse, with its most famous case being the lead investment in the hundreds of millions of dollars financing for the AI startup Anthropic. If FTX hadn't collapsed, its holdings in Anthropic might now be worth hundreds of billions of dollars, but the bankruptcy liquidation turned this "AI lottery" into a mirage. The reason for its downfall was that FTX's internal ledger had long been, deliberately mismatched with real assets, using funds interchangeably and covert operations to turn customer deposits into a "back garden" that could be misappropriated at will.
FTX is closely tied to its quantitative trading sister company Alameda Research, both of which are controlled by Sam Bankman-Fried (SBF). Alameda's balance sheet is filled with native tokens FTT issued by FTX. These assets have almost no external market anchor, and their value mainly relies on internal liquidity and artificially maintained prices. More critically, the FTX platform granted Alameda nearly unlimited credit lines (disclosed at one point to be as high as $65 billion), and the true "collateral" for this credit line was indeed FTX users' deposits.
These customer funds were secretly transferred to Alameda, used for high leverage trading, venture capital, and even SBF's personal luxury consumption, real estate purchases, and political donations. The internal ledger played a "cover" role here.
According to court documents, FTX's database can easily record customer deposits as "normal balances", while simultaneously allowing Alameda's accounts to maintain negative balances in the backend through custom code without triggering any automatic liquidation or risk alerts. The balance users see on the app appears secure and reliable, but in reality, the actual on-chain assets have already been moved to cover Alameda's losses or support the FTT price.
FTX creditors' compensation has still not been completely resolved, and the bankruptcy liquidation process is still ongoing.
Bithumb's 35 minutes is just a narrow window.
Returning to Bithumb, the fact that this incident was able to conclude within 35 minutes does not mask the severity of this risk. On the contrary, it precisely illustrates the limits of emergency response: only when the number of affected users is limited (only 695 people), the erroneous assets have not been massively put on-chain, and the platform has extremely strong account control capabilities (one-click batch freezing of transactions/withdrawals/login permissions), can a disaster be contained within the scope of "self-funding to fill the hole." If this mishap had occurred at the level of all platform users, or if some users had already withdrawn the "ghost coins" to other exchanges or even on-chain, Bithumb could have triggered a larger-scale systemic shock.
Even the regulators have noticed this. On February 9, the Financial Supervisory Service (FSC) of South Korea stated that the recent Bitcoin mispayment incident at Bithumb highlights the systemic vulnerabilities present in the cryptocurrency asset sector, making it necessary to further strengthen regulatory rules. FSS President Lee Chan-jin pointed out at a press conference that this incident reflects structural issues in the electronic systems of virtual assets, and that regulatory authorities are conducting a focused review on this matter, intending to include related risks in future legislative considerations to promote the incorporation of digital assets into a more comprehensive regulatory framework. Emergency on-site inspections have been initiated, and it has been explicitly stated that they will expand to other local exchanges like Upbit and Coinone, which likely means that regulators have understood this signal.
Bithumb's $40 billion ghost airdrop seems absurd on the surface, yet it is profound; it lays a long-standing issue bare in the most straightforward way. The convenience of centralized exchanges is fundamentally built on a highly asymmetric trust relationship: users believe that the "balance" in their accounts is equivalent to real assets, when in fact, it is merely a unilateral promise from the platform to the users. Once internal controls fail or are maliciously exploited, 'your balance' can instantly vanish.
Therefore, even if the Bithumb incident concludes in a "controllable" manner, it should not be interpreted as a successful crisis management but rather as a loud warning that must be heard.
The speed, low costs, and high liquidity sought by centralized exchanges are always obtained at the cost of users giving up direct control over their assets. As long as this premise is not addressed, similar risks cannot truly disappear. Each of us should remember the profound lessons of history, class dismissed...