When a user registers an account, they need to be assigned a permanent bitcoin address that the user can send BTCs to, and request to withdraw BTCs from.

This prevents a database to become compromised with BTC amount because the bitcoin address can be looked up at any time on blockexplorer to see the amount of BTC that address carries.