Original | Odaily Planet Daily (@OdailyChina)

Author | Dingdang (@XiaMiPP)

On the evening of February 6, South Korean cryptocurrency exchange Bithumb caused an incident during a routine marketing event that was significant enough to be recorded in the annals of the cryptocurrency industry.

This was originally just a very small-scale "random treasure chest" activity. According to the official design, the platform planned to distribute a total of about 620,000 Korean won in cash rewards to 695 participating users. Among them, 249 people actually opened the treasure chest and received rewards, which meant that the amount for each individual was approximately 2,000 Korean won, equivalent to only about 1.4 USD. However, due to a misconfiguration in the backend, the reward units were mistakenly set from KRW (Korean won) to BTC (Bitcoin), instantly "airdropping" 2,000 BTC to each user who opened the treasure chest, totaling 620,000 BTC, with the displayed asset in single accounts exceeding 160 million USD.

At the time, calculated at about 98 million won/BTC (approximately 67,000 USD), this batch of "suddenly appeared" Bitcoin had an on-paper value of about 41.5–44 billion USD. Although these assets did not exist on-chain, they were "tradeable" within the internal system of the exchange. The results were almost instantaneous: the BTC/KRW trading pair on the Bithumb platform quickly dropped from the global average price to 81.11 million won (about 55,000 USD) within minutes, a decline of nearly 17%; the global BTC market also briefly dropped by about 3%, and the derivatives market experienced over 400 million USD in liquidations.

Is Bithumb's "quick recovery" really something to be grateful for?

Bithumb stated in a subsequent disclosure that within 35 minutes of the erroneous payment, it had restricted the transactions and withdrawals of the 695 customers, and more than 99% of the erroneous payment amounts had been recovered; the remaining 0.3% (1,788 BTC) that had been sold had been supplemented by the company’s own assets to ensure that user assets were not affected. Meanwhile, the platform also introduced a series of compensation measures. Starting from February 8, it began implementing user compensation measures in batches, including paying 20,000 won to users who were online during the incident, returning the price difference to users who sold at low prices, and providing an additional 10% consolation payment, as well as offering a 0% trading fee promotion for all varieties for seven days starting February 9.

At this point, the whole incident seemed to have an "acceptable" conclusion.

However, another question lingers in our minds: How could Bithumb create 620,000 non-existent BTC in the backend all at once?

To answer this question, we must return to the core layer of centralized exchanges, which is least understood by ordinary users: the accounting method.

Unlike decentralized exchanges where each transaction occurs directly on the blockchain, and balances are determined by the on-chain status in real-time, centralized exchanges adopt a hybrid model of "internal ledgers + delayed settlement" to pursue extreme trading speed, low latency, and minimal costs.

The balances, transaction records, and profit and loss curves visible to users are essentially just numerical changes in the exchange's database. When you deposit, trade, or withdraw, only the parts truly involving on-chain asset flows (like withdrawing to external wallets, inter-exchange transfers, or large internal settlements) trigger real blockchain transfer operations. In most daily scenarios, the exchange only needs to modify a line of database fields to complete an "asset movement" — this is precisely why Bithumb could "magically generate" 620,000 BTC displayed balances in an instant.

This model brings immense convenience: millisecond matching, zero gas fees, supporting leverage, contracts, lending, and other complex financial products. But the other side of this convenience is a fatal trust asymmetry: users believe "my balance is my asset", while in reality, users only possess a platform’s promise (IOU). As long as backend permissions are large enough and the verification mechanisms sufficiently loose, a simple parameter error or malicious operation could cause a significant disconnect between the numbers in the database and the real on-chain holdings.

According to data disclosed by Bithumb in the third quarter of 2025, the platform actually holds about 42,600 BTC, of which only 175 are company-owned assets, and the rest are user-custodied assets. Yet in this incident, the system was able to credit user accounts with more than ten times the actual holding scale of BTC.

More importantly, these "phantom balances" do not just exist in backend displays; they can participate in real matching on the platform, influence prices, and create an illusion of liquidity. This is no longer a singular technical bug, but a systemic risk of severe disconnect between internal ledgers and real on-chain assets inherent in the architecture of centralized exchanges.

The Bithumb incident is just a moment where this risk has been magnified enough for everyone to see.

Mt. Gox: How ledger illusions destroyed an era

History has repeatedly verified this through painful lessons. For example, the Mt. Gox collapse in 2014. Although this incident has passed for over ten years, we can still remember the market panic brought about by each significant transfer to the exchange for compensation.

As the largest Bitcoin exchange at the time, Mt. Gox accounted for over 70% of Bitcoin trading volume but suddenly suspended withdrawals and announced bankruptcy in February 2014, claiming to have "lost" about 850,000 BTC (then worth about 460 million USD, later reports adjusted this to around 744,000 BTC). On the surface, this was a case where hackers exploited a vulnerability in the Bitcoin protocol's "transaction malleability" to alter transaction IDs, leading the exchange to mistakenly believe withdrawals hadn’t occurred, thus causing them to send funds repeatedly. However, in-depth investigations (including a report by security firms such as WizSec in 2015) revealed a more brutal truth: the vast majority of lost Bitcoins had been gradually stolen between 2011 and 2013, and Mt. Gox had remained unaware for years because its internal accounting system had never truly performed regular, comprehensive reconciliations with the on-chain status.

Mt. Gox's internal ledger allowed "magic transactions": employees or intruders could freely add or delete user balances without corresponding on-chain transfers. Hot wallets were repeatedly compromised, and funds gradually transferred to unknown addresses, yet the platform continued to display "normal balances." Even after a significant theft in 2011, it was rumored that management chose to conceal rather than declare bankruptcy, leading to continued operations on the basis of "fractional reserves." This illusion of the ledger persisted for years until 2014, when the hole became too large to cover, and was finally publicly announced under the pretext of a "transaction malleability bug." Ultimately, the bankruptcy of Mt. Gox not only destroyed user trust but also triggered a more than 20% collapse in Bitcoin prices, becoming the most famous case of "trust collapse" in cryptocurrency history.

FTX: When the ledger became a "cover tool"

Recently, a topic was reignited by the popularity of Openclaw: the intersection of cryptocurrency and AI reached its peak during the FTX era. FTX had made significant investments in AI before its collapse, with its most famous case being leading a hundreds of millions of dollars financing round for the AI startup Anthropic. Had FTX not fallen, its stake in Anthropic could be worth billions of dollars today, but the bankruptcy liquidation turned this "AI lottery ticket" into bubbles. The reason it fell from grace was FTX's internal ledger long-term and intentionally mismatched with real assets, using fund commingling and covert operations to turn customer deposits into "back gardens" that could be freely misappropriated.

FTX was tightly bound to its quantitative trading sister company Alameda Research, both controlled by Sam Bankman-Fried (SBF). Alameda's balance sheet was filled with native tokens FTT issued by FTX. These assets had almost no external market anchoring; their value relied primarily on internal liquidity and artificially maintained prices. More crucially, the FTX platform provided Alameda with nearly unlimited credit limits (which were once disclosed to be as high as 65 billion USD), and the true "collateral" for this limit was the deposits of FTX users.

These customer funds were secretly transferred to Alameda for high-leverage trading, venture capital, and even SBF's personal luxury spending, real estate purchases, and political donations. The internal ledger here played a role as a "cover".

According to court documents, FTX's database could easily record customer deposits as "normal balances," while simultaneously using custom codes in the backend to keep Alameda's accounts at a negative balance without triggering any automatic liquidations or risk alerts. The balance users saw on the app appeared safe and reliable, but the actual on-chain assets had long been siphoned off to fill Alameda's loss gaps or support FTT prices.

FTX's creditors' compensation is still not fully resolved, and the bankruptcy liquidation process continues to progress.

Bithumb's 35 minutes was just a narrow window

Returning to Bithumb, the fact that this incident was contained within 35 minutes does not mask the severity of this risk. On the contrary, it precisely illustrates the limits of emergency response: disaster was contained within the scope of "self-funded to fill the gap" only under the conditions that the number of affected users was limited (only 695 people), erroneous assets had not yet massively gone on-chain, and the platform had strong account control capability (one-click freezing of trading/withdrawal/login permissions). If this blunder had occurred at the level of all users on the platform, or if some users had withdrawn "ghost coins" to other exchanges or even on-chain, Bithumb could have triggered a larger-scale systemic shock.

Even regulators have taken note of this. On February 9, the South Korean Financial Supervisory Service (FSC) stated that the recent erroneous Bitcoin distribution incident at Bithumb highlights the systemic vulnerabilities present in the cryptocurrency asset field, and it is necessary to further strengthen regulatory rules. FSS Chairman Lee Chan-jin pointed out at a press conference that this incident reflects structural problems in virtual asset electronic systems, and the regulatory body is conducting a focused review on it, including relevant risks in future legislative considerations to push for digital assets to be included in a more完善的监管框架 (more complete regulatory framework). On-site inspections have been urgently initiated and it has been clearly stated that it will be expanded to other domestic exchanges such as Upbit and Coinone, which very likely means that the regulatory body has understood this signal.

Conclusion

Bithumb’s 40 billion dollar phantom airdrop, though absurd on the surface, profoundly lays bare a long-standing problem. The convenience of centralized exchanges is fundamentally built upon a highly asymmetric trust relationship: users believe that the "balance" in the account equates to real assets, when in fact, it is merely a unilateral promise from the platform to the users. Once internal controls fail or are maliciously exploited, 'your balance' may instantly vanish.

Therefore, despite the Bithumb incident concluding as "controllable," it should not be interpreted as a successful crisis handling, but more like a warning bell that must be heard. The speed, low costs, and high liquidity sought by exchanges are always exchanged at the price of users relinquishing direct control over their assets. As long as this premise is not addressed, similar risks cannot truly disappear.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。