Mt Gox Hack Explained: Full History & Information Guide
Mt Gox is one of the most notorious hacks in cryptocurrency history. This hack has been dissected by experts and brought to light in various documentaries, including “The Rise And Fall Of Bitcoin”.
The mt gox founder dead is the story of how Mt Gox, a popular Bitcoin exchange, lost 850,000 Bitcoins which were worth around $450 million at the time. This has led to many questions about what happened and why it happened.
It was constructed on a shaky foundation. It was maybe appropriate that it came tumbling down like a house of cards.
Mt Gox was formerly the world’s biggest Bitcoin exchange — until a “hack” wiped off the majority of its assets. Overnight, crypto’s poster boy became its most reviled pariah, a botched crypto experiment.
Join us on a journey through its muddled past to learn what went wrong and where things stand now.
Online Exchange for Magic: The Gathering
It’s right, you read that correctly. Mt Gox is the name of a collectable card game, not a prominent mountain.
The iconic game of magic and fantastical creatures, Magic: The Gathering, has spawned an entire genre. Serious players value rare, strong cards, and they demand high market prices.
So one of the men had an idea. Why not create an online trade platform for Magic: The Gathering cards?
As a result, mtgox.com was created. John McCaleb was the guy in question, and he would eventually go on to develop cryptocurrencies such as Ripple and Stellar.
The exchange began operations in late 2007 and lasted for approximately two years. McCaleb went on to other ventures after receiving a lackluster reaction, repurposing the domain to promote his card game.
Then he came upon Bitcoin. He saw a need in the market for an online exchange for trading Bitcoin and decided to create a new site for it.
As a result, on July 18, 2010, Mt Gox began quoting Bitcoin values. Its popularity soared, and McCaleb soon found himself receiving tens of thousands of dollars via wire transfers. He didn’t have the time to scale the service up, so he decided to sell it to someone who could. Mark Karpelés, a French programmer and Bitcoin enthusiast, was an eager purchase.
And Mt Gox became serious about its business.
Years of Abundance
Karpelés moved the exchange to his chosen country of Japan, where he registered it as a business in Tokyo. Only 12% of the resultant shares went to McCaleb, with the remaining 88 percent going to Karpelés.
No one questioned his authority in the beginning. Karpelés worked tirelessly to grow the exchange’s business, transforming Mt Gox from an obscurity to the de-facto Bitcoin exchange. He started by rewriting much of the backend code, making the online exchange more secure and responsive, as befitting his background as a programmer.
Instant withdrawals were one of the features that set Mt Gox apart from its competitors. Users may withdraw their money at any moment in Bitcoin, USD, or even Japanese Yen. This increased investor trust and confirmed the exchange’s validity.
Trading possibilities At the time, Bitcoin was rare and hard to come by, thus transactions on the Mt Gox exchange exploded. It was unquestionably the most reliable and functioning exchange available, attracting a diverse range of Bitcoin investors from across the globe.
However, happy times don’t endure forever.
MT Gox’s Wrongdoings
Even when Mt Gox was processing 70% of all Bitcoin transactions, things were far from perfect on the inside. And it all came down to Mark Karpelés, a single guy.
Karpelés, on the other hand, was never cut out to be a CEO. Sure, he loved the concept, but the day-to-day grind irritated him. Managing a large business requires a very different skill set than programming, as well as a completely different mindset.
Karpelés lacks such kind of foresight.
Everything was viewed as a technological issue that could be solved by dumping more software and hardware at it (not that he was particularly good at the technical problems either).
One insider reportedly stated, “The source code was a total disaster.” The engineer, who spoke on the condition of anonymity, described Mt Gox’s code as a hacky mess. The business seems to have employed no controls, implying that new work might readily add faults and mistakes. Furthermore, since Karpelés was the only approver of modifications, important security patches might be put on wait for weeks at a time until he had a free minute to look at the code personally.
Mark Karpelés was a busy guy with a persistent attention issue, according to reports. Perhaps he couldn’t handle the demands of a managerial position. Or maybe he was just reluctant to do so.
Mr Karpelés was also notorious for wasting his time – and the company’s money – on pointless vanity projects. Take, for example, the ‘Cafe with Bitcoins.’
Mt Gox’s CEO had an amazing epiphany in the autumn of 2013. How about utilizing business funds to open a Bitcoin-accepting café on the Mt Gox grounds? Isn’t it something you’d want to do? You could stroll into this extremely contemporary skyscraper and purchase some beer with Bitcoin in only a few minutes from Tokyo’s biggest train station! What a fantastic story!
Except for the fact that Karpelés was meant to be operating a Bitcoin exchange rather than opening trendy cafés.
But there was no one to tell him that at a business nearly entirely controlled by the stoic CEO. As a result, Karpelés spent his time detailing the upgrades for the Mt Gox offices and the forthcoming café, as well as proudly displaying his hacked-together cash register that would take Bitcoin payments.
Then there were the occasions when he’d put aside his daily tasks to purchase flat-screen TVs or $400 lunches for the enlarged Tokyo headquarters’ employees. Alternatively, he might boast about his Mensa membership and above-average IQ.
Indeed, really amazing work for the CEO of the world’s largest Bitcoin exchange.
It should come as no surprise, therefore, that the house of cards eventually began to crumble. And what about the sad part? It was literally blown to bits with only a gust of wind.
The Long Downhill Path
Mt Gox had a very short journey ahead of him. Its demise was precipitated by a slew of problems that occurred over the course of a year. To be exact, the period between 2013 and early 2014, culminating in the notorious ‘hack.’
But that wasn’t the first time Mt Gox’s security has been compromised.
The MT Gox hack of 2011
The Bitcoin exchange was hacked in June 2011. The website had to be taken down due to the company’s inability to maintain it. Due to the limited size of the workforce at the time, many workers sought assistance from their acquaintances. Bitcoin fans from all around the globe rushed to their assistance, traveling to Tokyo to help the Bitcoin revolution’s mascot.
Jesse Powell was one of these nice Samaritans.
Powell came in from San Francisco and rushed to Shibuya station to see Roger Ver, one of Bitcoin’s most ardent advocates. The two rushed to Mt Gox’s headquarters as quickly as they could, saving the ailing business. They worked through the week with the exchange’s staff and a few other Bitcoin enthusiasts to bring the site back up.
Mark Karpelés, on the other hand, seemed oddly unconcerned about the situation. Powell and Ver were startled to discover the CEO had taken the weekend off when they arrived at the cramped workplace on Saturday. The discouraged volunteers, on the other hand, continued to work, hoping that the leader would be more serious on Monday.
When he returned to work, however, Karpelés spent the most of the day filling envelopes, oblivious to the fact that the site was down.
The big hack was made possible by this carelessness and lack of concern.
The Seeds of MT Gox’s Demise
The bitcoins were not taken in one fell swoop, contrary to common belief. The hack was stealthy and cunning, slowly emptying the exchange’s funds.
Following the 2011 breach, the business implemented a variety of safeguards to protect its Bitcoin holdings. One such feature was the transfer of the bulk of the coins to ‘cold’ storage (i.e. offline) and the retention of just a tiny portion of total assets in less secure ‘hot’ wallets (online).
They had no idea what a terrible error they had committed.
A hacker has gotten their hands on the unencrypted private keys of the Mt Gox hot wallet as early as September 2011. That would have been insignificant on its own, since just a tiny portion of the bank’s reserves were stored online, but the hacker was cunning. The thief was able to reuse addresses by exploiting the stolen data file’s shared keypool, disguising the thefts as legal transactions.
Mt Gox’s servers mistook the leak for real payments to other accounts, and because of the way they were written, they continued to top-up the depleted hot wallet with regular infusions from funds kept in cold storage. As a result, like a well with a hole at the bottom, Mt Gox gradually lost all of its supplies in a steady stream until there was nothing left.
The business was not just afflicted by hacks. For the majority of its existence, the exchange was in the news due to shady business activities.
Mt. Gox Issues
Then there came the legal battle with Coinlab. Mt Gox had apparently inked a deal with the firm allowing it to take over its US-based clients. The transaction, however, never came to fruition. Coinlab filed a lawsuit against the exchange for more than $75 million, which is still unresolved and has now risen to over $170 million.
Mt Gox was immediately investigated by the United States Department of Homeland Security. A subsidiary of the exchange was operating in the United States without the necessary permits, breaking the law. During the inquiry, the authorities seized about $5 million from the company’s bank accounts. Furthermore, withdrawals in US dollars were temporarily disrupted, with many users unable to access their money. As a result, Mt Gox dropped in the global rankings, losing its status as the leading cryptocurrency exchange.
Manipulation and Lies
All of this data was gathered after the business had gone bankrupt. No one, not even the workers of the exchange, realized what was going on at the time.
With the exception of Mark Karpelés, of course.
It’s unclear when the ‘King of Bitcoin’ learned of the attack. However, it is clear that Mr. Karpelés was aware of the issue long before it was made public. After all, the immutability of transactions is a fundamental principle of a cryptocurrency like Bitcoin. Anyone with access to the company’s public ledger may see the entire history of transactions. And what do you believe the results of the investigation revealed?
By mid-2013, Mt Gox’s entire resource has been depleted.
That was eight months before the information was made public.
But why did Karpelés keep this critical piece of information hidden from him? Why did Mt Gox continue to accept deposits from trusted investors despite the fact that it was on the verge of collapsing?
Only one thing comes to mind: hubris.
Mark Karpelés, you see, believed that the situation might still be saved. He first kept the facts hidden from everyone. He snatched up all the paper wallets holding the exchange’s private keys and spent his evenings pouring through them in secrecy.
But it wasn’t long before it became apparent that none of the hundreds of pieces of paper had a code that led to a single Bitcoin – the company’s entire holdings were gone.
The Obligation Exchange, a.k.a. Willy Bot
Even at this point, Karpelés felt he was in command of the situation. For a time, the entrepreneurial CEO had been operating a ‘obligation exchange,’ as he liked to call it. The name ‘Willy bot’ is preferred by experts.
For years, Karpelés was essentially operating an automatic trading bot behind the scenes at Mt Gox. While that may seem to be a minor detail, it is significant; a trading bot with administrator access could – and did – cause chaos, gaming the system to the company’s advantage.
The Willy Bot played a significant role in the Bitcoin bubble of 2013-14. Karpelés had created the software to purchase Bitcoin in small batches in a methodical manner. The bot extended its operations over several accounts to conceal its activities.
It took money from the company’s coffers to buy 250,000 Bitcoins. This extraordinary purchasing frenzy drove cryptocurrency values to new highs, pushing it into the triple digits for the first time. This generated fresh interest in Bitcoin and, as a result, increased exposure of Mt Gox, the leading Bitcoin exchange at the moment.
Trading veterans on the site have suspected the Willy bot for a long time. On the 7th of January, 2014, its existence – and connection with the exchange – was all but established. The Gox trading API was shut down for a period of around 90 minutes on that day. Except for our very own Willy bot, no one in the world was able to conduct transactions at that time.
Even throughout the outage, the software continued to purchase Bitcoin in increments, according to its algorithm.
A Manufactured Bubble
This event established Mt Gox’s involvement in the scam and provided investigators with crucial information about what was actually going on. WizSec, a private blockchain company led by Kim Nilsson’s one-man army, was one of these investigators.
Nilsson carefully tracked hundreds of transactions back to the bot’s accounts and went through the information to determine the effect. The findings were astounding: Karpelés’ trading bot was responsible for about 30% to 50% of all transactions on the market.
Karpelés put the Willy bot into overdrive when he saw his supplies were depleted. To begin, the bot inflated prices in order to generate a false sense of market optimism, resulting in a flood of deposits to the depleted exchange. When Mt Gox began to collapse in earnest, Willy went about selling the company’s vast assets, taking advantage of artificially inflated pricing to recover some of its losses. This worsened an already dire situation, sending Bitcoin values crashing to the ground.
It wasn’t enough, however.
Mt Gox, after all, had lost 850,000 Bitcoins. Small measures like this just prolonged the exchange’s operating lifespan, giving it a few more months of breathing room. As a result, Karpelés switched to plan B.
He quietly approached key players in the cryptocurrency industry, such as the Winklevoss brothers, in the hopes of finding a buyer for the ailing business. He felt that with a fresh injection of money, the exchange might recover from its current difficulty, with the new owner recouping his investment via future earnings.
Regrettably, that did not work. No one wanted to take on such a risk, so Karpelés was urged to bite the bullet and file for bankruptcy.
The MT Gox Debacle
Mt Gox halted all Bitcoin withdrawals on February 7, 2014. They are still refusing to provide a legitimate explanation. The firm said that it was halting withdrawals “to get a clear technical view” after discovering certain weaknesses in the Bitcoin protocol.
Customers, understandably, were dissatisfied. Many people sensed something was wrong and determined to take action. Kolin Burges expressed his displeasure by flying from London to Tokyo and maintaining a vigil outside the company’s offices, carrying a simple sign that said, “MTGOX WHERE IS OUR MONEY?”
Other protestors quickly joined him, and together they kept the pressure on the deceptive exchange for more than two weeks, until Mt Gox eventually stopped trading. The website was taken down soon after, and the Twitter account was deleted. Investors in a panic speculated on community boards, unsure of what was going on.
Then, on February 28, Mt Gox declared bankruptcy. The seriousness of the problem was exposed by leaked papers, which showed that 744,408 bitcoins belonging to clients, as well as 100,000 belonging to the business itself, had been “lost.” As a result, Mt Gox was declared bankrupt.
The deceived depositors cried out for Karpelés’ blood, with many suspecting him of taking the Bitcoins personally. He began getting hate mail and even death threats, but he was able to avoid imprisonment since there was insufficient evidence linking him to the crime. Until the Willy Bot scam was exposed.
Karpelés was arrested on accusations of altering electronic data after he used an internal trading software to cheat the system. When it was discovered that the bot had exaggerated its account balance to illegally acquire Bitcoins and then sold them to make cash, criminal charges of embezzlement and breach of trust were added.
But, before he was jailed, Karpelés found something that would permanently alter the case, making the Mt Gox bankruptcy one of the strangest in history.
What was lost and what was found
The year was 2014, and the date was March 7th. The location was an opulent penthouse with a breathtaking view of Tokyo. Mark Karpelés and his tabby cat (OK, just Mark Karpelés) were the protagonists.
The embattled CEO had imposed self-imposed house imprisonment for a week in order to escape the media and protestors who had besieged the Mt Gox headquarters. He spent his days carefully reviewing and double-checking the exchange’s old digital wallets on the off-chance that any Bitcoins may be remaining, in between pouring over the avalanche of hate mail that had filled his email.
He was starting to lose faith after about a dozen wallets had turned up empty when he struck gold. His most recent scan revealed 200,000 Bitcoins hidden in a cloud archived file. The coins had escaped the purge that wiped the rest of the exchange’s coffers clean in 2011, since they had missed the transfer to cold storage in 2011. Karpelés was relieved; he thought this was the answer to his problems, enabling creditors to be partially reimbursed. Unfortunately, it was not to be.
What it really started was a lengthy and drawn-out legal fight that is still going on today. The discovery of a secret stockpile of Bitcoins further added to the suspicions surrounding Karpelés, with many suspecting that he was merely confessing to a portion of the crime in order to avoid being held accountable. Furthermore, since the business was facing numerous lawsuits from Coinlab, a slew of other parties demanded a piece of the compensation pie.
As a result, the lawsuit dragged on for four years, during which time the coins were locked in the bankruptcy estate of the business. And then something occurred in those four years that turned the situation from odd to bizarre: the price of Bitcoin skyrocketed, putting the worth of the paltry 200,000 coins well above anything the exchange had ever owed. The assets might have brought in almost $4 billion at the height of the Bitcoin boom, more than paying out the existing obligations 10 times over.
The Problem of Bankruptcy
There was, however, a snag.
The value of creditors’ claims was limited under Japanese bankruptcy law at what they were worth when the business went bankrupt, which was $483 per Bitcoin.
Needless to say, the creditors, who were already depressed, were heartbroken. The joke, however, was still to come: the sale’s excess would go to Mt Gox’s stockholders. With an 88 percent stake, this mainly meant Mark Karpelés.
If it weren’t so sad, it would be hilarious.
Civil Rehabilitation Efforts
Richard Folsom wasn’t your typical Bitcoin depositor, and although most creditors had the means to do something about it, he wasn’t one of them. Folsom had both the knowhow and the financial chops to fight the judgment in court, having worked for Bain & Co. in Tokyo before establishing one of Japan’s earliest private equity firms.
He enlisted the help of Nishimura & Asahi, Japan’s largest legal firm, to obtain the investors their due. Shin Fukuoka, the project’s main partner, devised a strategy: What if Mt. Gox wasn’t officially insolvent any longer?
As a result, in November 2017, they filed a petition in court for Mt Gox’s civil rehabilitation, putting the present bankruptcy procedure on hold.
Examining the Situation
While the rest of the world was debating the destiny of the final 200,000 coins, a lone crusader was searching the treacherous waters of the internet for the remaining 650,000 coins. Kim Nilsson, a software engineer and renowned bug hunter, was the crusader. He had previously produced the famous Willy report, which revealed the depth of Karpelés’ antics during Mt Gox’s last years.
Nilsson wasn’t a blockchain engineer, but he enjoys putting puzzles together, so that’s how he tackled the issue. He established WizSec, a blockchain security company committed to solving the case, alongside other like-minded Mt Gox clients.
However, as time passed, other members’ enthusiasm faded, and one by one, they all dropped out of the initiative. Except for Nilsson himself.
He worked on the case in secrecy for the following four years, carefully tracking the route followed by the stolen money. Then, in early 2016, he struck gold. His investigation showed that all of the stolen money had been moved to the same person’s digital wallets. Nilsson even came upon a previous post by the same person, who goes under the name WME, by chance.
Nilsson maintained an eye on the account and was rewarded when the user uploaded a letter from his lawyer, exposing his true identity to the rest of the globe. The astute investigator wrote an e-mail to Gary Alford, a special agent with the Internal Revenue Service in New York who has assisted in the capture of cyber thieves.
Alexander Vinnik, a Russian IT expert, was apprehended as a result of his tireless efforts. Prosecutors accused him of laundering 530,000 Bitcoins via BTC-e, an exchange he set up specifically for the aim of disposing of the money stolen from Mt Gox.
The coins, however, could not be recovered since the hackers sold them straight away, and the trail stopped when the money became currency. What’s more, you know what’s funny? Because of the low price of Bitcoin at the time, the hackers only earned approximately $20 million (as opposed to a potential value of $10.6 billion at peak rates).
To say the least, it was disappointing.
The Tunnel Has a Light at the End of It
Vinnik’s arrest gave some finality to a controversy that had engulfed the Bitcoin community for almost a decade. There was also the issue of the remaining Bitcoins, which had gained by 5000 percent in the meantime and considerably outstripped the exchange’s obligations.
The court designated Nobuaki Kobayashi, a renowned restructuring lawyer in Japan, as the Mt Gox trustee to pay all outstanding obligations and liabilities of the bankrupt exchange in a fair and transparent way. Kobayashi seized control of the Mt Gox website and began posting updates on the bankruptcy proceedings as well as gathering depositor information.
Jesse Powell, a former donor of Mt Gox who went on to establish his own crypto exchange, Kraken, aided him in this endeavor. Mt Gox’s website and the Kraken interface began taking claims from depositors who had outstanding balances on the defunct exchange before to its demise.
Needless to say, the reaction was tremendous. The trustee was inundated with claims from tens of thousands of people, and he spent almost two years vetting them for authenticity. By the summer of 2016, the review process had been finished, and over 24,750 claims had been granted. The claims amount a little over $432 million, based on the previous rate of $483 per Bitcoin, much to the dismay of investors who had hoped to profit from Bitcoin’s recent price increase.
For a long time, however, the exact method for distributing the money remained a mystery. Many depositors sold their claims at a loss to others, such as Thomas Braziel, managing partner of hedge firm B.E. Capital Management, who bought $1 million in creditors’ claims at a discount.
Bankruptcy is no longer an option.
Then, on June 22, 2018, the unthinkable occurred. The Tokyo District Court approved Nishimura & Asahi’s civil rehabilitation case, which was headed by Shin Fukuoka. Mt. Gox’s bankruptcy procedures were stopped by a Japanese judge, clearing the door for the release of the 170,000 Bitcoin and Bitcoin Cash kept in reserve. The remaining 30,000 coins were sold by the Mt Gox trustee at last year’s high prices and are now kept separately in the exchange’s bankruptcy estate.
Creditors are expected to collect more than $1.2 billion in total for their stolen coins. While the sum is much less than what they might have received at last year’s high prices, it is still significantly more than what the bankruptcy procedure would have involved.
Surprisingly, Mark Karpelés was the most vocal backer of the move. Karpelés is still fighting a trial that he does not expect to win (given Japan’s 99 percent conviction record), and he no longer wants anything to do with Bitcoin or Mt Gox. He understands that if he takes advantage of the exchange’s bankruptcy windfall, he would be hit with a barrage of litigation.
By opting for civil rehabilitation, the exchange was able to avoid Coinlab’s vexing litigation, which had been slowing down the bankruptcy process. The trustee now intends to put aside a legal money in order to reach an amicable resolution without jeopardizing the process.
Do you want to make a new claim?
There was a lot of misunderstanding about what was going on for a time. The Mt Gox trustee has once again requested claims from creditors; it seems that the whole review procedure will have to be redone in order to be evaluated under the new civil rehabilitation process.
Creditors were understandably upset, since many of them no longer had access to their Mt Gox accounts, despite having successfully completed the previous review procedure all those years ago. Depositors were panicked when they tried to re-register on the Mt Gox site, which was barely functioning, or the Kraken exchange, which was once again assisting with the claims process.
The deadline for submitting this claim expired on October 22, leaving a large number of depositors unable to file their legitimate claim under the new method. While the situation is still unclear, it’s conceivable that the previously confirmed claims may be fulfilled.
So, if you weren’t able to file your claim this time, don’t give up hope; you may still be eligible for compensation.
The Bitcoin Cash Puzzle
The split of Bitcoin into Bitcoin Core and Bitcoin Cash last year created a new set of issues. While the new currencies provide a larger pool of money from which to distribute, they also add another digital asset to the mix. As a result, the Mt Gox trustee has chosen to distribute Bitcoin Cash in proportion to each creditor’s Bitcoin claim in order to keep things simple. This would prevent depositors from having to go through another approval procedure for the split cryptocurrencies while still ensuring that they get their fair part of the profits.
Those that enrolled on Kraken will get a further benefit: when the payment occurs, Kraken account users will most likely receive their money immediately on their accounts without any hassle. Your guess is as good as mine as to when it will happen. While the court-appointed date of February 14, 2019 is not far away, given the pile of new claims that need to be evaluated, it is unlikely to happen anytime soon.
But, whatever long it takes, one thing is certain: creditors are getting their Bitcoins back, six years after they had given up hope.
MT Gox Teachable Moments
When it comes down to it, cryptocurrency exchanges are fundamentally dangerous. Nothing compares to the security of having your own private key. Any transaction, no matter how well-known or ostensibly safe, may be hacked.
Mt Gox, like Coinbase and Kraken today, was the world’s top Bitcoin exchange prior to its demise. Its demise exemplifies the dangers of entrusting your cryptocurrency to centralized exchanges. Whether it’s a sophisticated hardware wallet or a simple piece of paper, self-custody wallets are the way to go.
TotalCrypto thinks that for trading reasons, you should only retain the bare minimum of coins on any exchange and transfer the remainder as quickly as feasible. Keep in mind that Blockchain transactions are irreversible, so once your coins are gone, they’re gone forever.
DISCLAIMER: The activity of the cryptoassets discussed in this paper is uncontrolled. This post is not intended to provide financial advice. Always do independent research.
The mt gox rehabilitation is the process that Mt Gox has undertaken to recover from their hack. This article provides a full history and information guide on what happened leading up to the hack, as well as how it’s been going since then.