The Mt. Gox Hack
In 2014, Mt. Gox, one of the largest bitcoin exchanges on the globe and based in Japan, was on top of the world. They handled 70% of all bitcoin transactions globally. However, the end of February brought ruin and bankruptcy to Mt. Gox.
Mt. Gox lost almost 740,000 bitcoins or 6% of all the bitcoins accounted for at that time. Valued at €460 million at the time, and $3 billion at October 2017 prices, Mt. Gox was devastated. To make matters worse, $27 million was missing from the company’s bank ledgers. 200,000 bitcoins have been recovered, but the remaining 650,000 remain lost.
Mt. Gox’s History
The rest of this paper discusses the rise and fall of Mt. Gox, plus the aftermath of the hack and the ongoing investigation that is still trying to figure out what happened, and if it could happen another time.
Mt. Gox was formed in 2010 by Jed McCaleb, a US programmer who later went on to launch Ripple. Mt. Gox grew quickly and became the most used bitcoin exchange in the world. This happened in 2011 after being purchased by Mark Karpelés, a French bitcoin enthusiast and developer. Interesting note, the name Mt. Gox stands for “Magic: The Gathering Online eXchange.”
June 2011 saw Mt. Gox exchanged become the victim of a hacker. It was discovered that the hacking may have been the result of a compromised computer belonging to an auditor of the company. The hacker used access to the exchange to artificially alter the nominal value of bitcoin to one cent. The hacker then transferred an estimated 2,000 bitcoins from customer accounts at Mt. Gox and sold them. To make matters worse, an estimated 650 bitcoins were purchased from the exchange at an a substantially reduced price by Mt. Gox customers. None of these bitcoins ere ever returned.
Mt. Gox created several security measures, and took a substantial amount of its bitcoin offline and these are now in cold storage.
2013 Mt. Gox Website
The June 2011 hack caused problems, but by 2013 Mt. Gox has once again established itself as the largest bitcoin exchange in the world. This was a result of increased interest in bitcoin as the price of the coins rapidly increased (they jumped from $13 dollars in January 2013 to more than $1,200 in the same year).
Still, things at Mt. Gox were not good.
Mt. Gox Struggles Behind Closed Doors
Mt. Gox quickly became the largest bitcoin exchange by 2013, but there were struggles behind the scene. Since Mt. Gox’s collapse a few years ago, several Mt. Gox employees have expressed dismay about how Mt. Gox operates. They painted a picture of a disorganized and discordant management. There were poor security measures, issues relating to the source code on the website, and many other serious issues coming from the management of the company.
By May of 2013, a former business partner of Mt. Gox, and Coinlab sued the company for $75 million. The reason: breach of contract. Mt. Gox and Coinlab had signed a contract stating Coinlab would take over Mt. Gox’s American customers. However, the deal failed to materialize due to Mt. Gox’s breach of contract of several of clauses in the contract.
The US Department of Homeland Security began investigating claims that a subsidiary of Mt. Gox was operating as an unregistered money source, in the US, and without a license. This investigation caused more than $5 million to be seized by the US government from the company’s accounts.
The investigation resulted in a temporary suspension of withdrawals in US dollars. The suspension only lasted for one month, but many customers were experiencing delays of up to 3 months in withdrawing cash from their accounts. At this time very, few US dollar withdrawals were successful. Delays resulted in Mt. Gox falling from number one to number three by the end of 2013.
These issues were only the tip of the iceberg. Underneath the ice, Mt. Gox had huge problems. Mt. Gox had been the victim of hacking for over two years.
Mt. Gox is Hacked
In February of 2014, Mt Gox ceased all bitcoin withdrawals. They claimed it was pausing withdrawal requests “to obtain a clear technical view of the currency process.” Uncertainty reigned for several weeks and on 24 February 2014, the exchange stopped all trading and the website went dark. That same week, a corporate document was leaked that claimed hackers had cleared out Mt. Gox’s exchange and stole 744,408 bitcoins that belonged to Mt. Gox customers, plus an additional 00,000 bitcoins belonging to Mt. Gox. This resulting in the exchange being declared insolvent. On February 28, Mt. Gox filed for bankruptcy protection in Japan. Two weeks after they filed for bankruptcy protection in the US.
Ongoing investigations show the massive hack of Mt. Gox really began as early as September 2011. Mt. Gox was technically operating as an insolvent entity for almost two years. Most of its bitcoins were gone by mid-2013. Evidence suggests Mt. Gox was missing up to 80,000 bitcoins from its exchange long before the sell to Mark Karpelés in 2011.
Investigation is still open, but the facts are still unclear. Investigators presume the bitcoins stolen from Mt. Gox were taken from its online or hot wallets. This includes all the currency held in cold storage. It seems to be there was a leak in the hot wallet. Online cryptocurrency wallets are web-based and used to store secure digital codes or private keys. These keys show ownership of a public digital code, or pubic key is used to access the currency addresses. This information is stored in an online wallet. Before September 2011, Mt. Gox had a private key that was unencrypted, and it was stolen via a copied wallet.dat file. This could have happened by hacking or through an insider.
After the file was hacked, the perpetrators were able to access and cipher bitcoins slowly from the wallets that were associated with Mt. Gox’s private keys. They did this without the hack being detected. The keypool of the shared copies filed lead to address re-use, and the company was oblivious to the theft. Mt Gox systems interpreted the transfers as deposits being moved to more secure addresses or sites. When the wallets emptied, the Mt. Gox system understood the theft as deposits. This resulted in additions bitcoins of up to 40,000 being credited to multiple user accounts.
In The Aftermath of Mt. Gox
In March of 2014, Mt. Gox reported that it had found 200,000 bitcoins in old-format digital wallets. These wallets were used by the exchange prior to June 2011. Now, these bitcoins are held on trust for creditors while the company is under bankruptcy protection.
Mark Karpelés was arrested and charged with fraud and embezzlement in August 2015. None of his charges related to the theft, but he was still imprisoned until July 2016 when he was released on bail. He has pleaded not guilty to the charges and investigations and the trial is still ongoing.
Mt. Gox is still under bankruptcy protection and the case is under investigation. In addition, the litigation with Coinlab remains open and distribution to creditors will not resume until the lawsuits settle.
Where did the money go?
There are still 650,000 bitcoins unaccounted for because of the hack. Many online theories have conspired as to where the missing coins may be. There are some suggestions that Mt. Gox never had that amount and that Karpelés just manipulated the numbers.
Theories also range from suggestions that storage may have been compromised by an individual with on-site access. It is also suggested that the cold storage coins were deposited into the Mt. Gox exchange system when a hot wallet ran low. Still another suggestion is that lack of accountability among the staff meant there was no oversight that the wallets were being drained.
In July 2017, Alexander Vinnik, a Russian national, was arrested by US authorities in Greece. He was charged with having a key role in the laundering of bitcoins stolen from Mt. Gox. Vinnik was also charged by Greek authorities with laundering of almost $4 billion in bitcoin. Vinnik is alleged to be associated with BTC-e bitcoin exchange. As a result, the BTC-e was raided by the FBI. This is the first time the US government seized a foreign exchange on foreign soil. Investigations by Wizsec, a bitcoin security group, identified Vinnik as the owner of the wallets where the stolen bitcoins had been transferred. Many of these coins were sold on BTC-e.
Mark Karpelé’s trial is still ongoing in Japan and indictment against Vinnik make it seem like the separate strands of the Mt. Gox hack are coming together. This may not result in the recovery of all or any of the stolen bitcoins, but we may soon know how the Mt. Gox hack happened.
Could it Happen Again?
Yes, it could. There are many bitcoin exchanges are operating at the present, and some are not so reputable. Popular exchanges such as Coinbase are transparent about their operations and they offer insured deposits. They are also backed by reputable venture capitalists. However, because of Coinbase’s success they are the prime target of hackers who are looking to exploit security gaps.
Additionally, there are smaller exchanges trading that aren’t as transparent about how they operate. These exchanges ae not hackers or disreputable, but cryptocurrency trading is still relatively new, and it is recommended you use the more reputable exchanges. This will keep you a little safer, and for your own peace of mind. Unless you can absolutely guarantee the legitimacy of any smaller exchanges you deal with, stay with the larger firms.
If this isn’t enough to scare you, a word of advice would be to make sure you don’t store your bitcoin on an exchange. Check out our post on cryptocurrency wallets for more details on how to store your coins.