Bithumb’s 5-Minute Glitch Sent $95B in Phantom Bitcoin to Users, Crashing Its BTC Price to $55K

A promotion misfire at Bithumb briefly rewired its market. For roughly five minutes, users were credited with 2,000 BTC each—not 2,000 won (~$1.37)—triggering an internal stampede that knocked the exchange’s Bitcoin quote to $55,000 while spot elsewhere stayed materially higher.

Here’s what happened, by the numbers. As part of a “Random Box” giveaway, where 96% of participants were set to receive the smallest reward, about 700 customers bought boxes. Applying that distribution implies roughly 672 accounts were mistakenly topped up with 2,000 BTC apiece, a notional transfer exceeding $95.4 billion at a Bitcoin price near $71,000. Crucially, these were ledger entries on Bithumb only—no on-chain Bitcoin moved. Even so, Korean authorities estimate users managed to sell over $2 billion of the phantom balances before the error was reversed within five minutes.

The localized liquidation was enough to gap Bithumb’s BTC/ KRW order book to $55,000, while broader markets—after dipping to around $60,000 on Thursday—had already rebounded to about $71,047. Bithumb said the anomaly was internally caused, not related to a hack, and emphasized there was no impact to customer asset custody or loss of preexisting funds.

The single point worth focusing on: exchange control design for non-fiat, non-crypto promotional credits. Many platforms bolt marketing features onto core trading systems without hard guardrails that treat “airdrop-like” balances as toxic until proved safe. This incident reveals four weak links that exchanges can shore up quickly:

- Denomination sanity checks: Any non-fiat reward flow should validate units and magnitude against historical caps. A “2,000” field hitting a BTC balance instead of KRW should fail loudly at multiple layers, including the UI, API, and ledger write. - Segregated promotional wallets: Credits tied to giveaways should live in isolated sub-balances with explicit spend states (frozen, vesting, withdrawable). Until settlement is confirmed, they shouldn’t route to the matching engine. - Real-time circuit breakers: If net issuance of BTC inside the ledger deviates beyond a tight threshold or if sell pressure from promotional sub-balances accelerates, the system should programmatically cut order routing or force resting-only behavior. - Kill-switch governance: Dual-approval ops with automated rollback on anomaly detection, plus an immutable audit trail. Five minutes is fast; with better triggers, this should resolve in seconds.

Why users rushed to sell is unsurprising: windfall credits—even obviously erroneous ones—create a race dynamic. Traders will test the venue’s consistency before the door closes. Ethically, exchanges owe clarity on the status of erroneous credits and clawback policies; users, in turn, shouldn’t assume enforceability of profits derived from a clear mistake—especially when nothing moved on-chain.

Business-wise, price integrity is the product. A -22% wick on a top Korean venue won’t sink confidence alone, but it invites regulatory questions about internal controls and could ripple into index construction, derivatives margining, and market data consumers that may not filter venue-specific anomalies. Many index providers already use outlier guards; events like this argue for tighter venue weighting and latency-aware filters.

The takeaway for operators: promotional UX can coexist with robust risk. Treat every non-settled credit like a potential supply shock, ring-fence it from the matching engine, and automate the brakes. For traders: dislocations on a single venue that aren’t confirmed on-chain or echoed cross-exchange are usually ledger artifacts, not free money.