Welcome to our Mt Gox news page. Here you'll find some of our featured Mt. Gox exchange's content pieces as well as all our latest Mt. Gox Bitcoin posts.
Meet the Engineer Who Solved the Mt. Gox Cryptocurrency Heist - And How He Did It
In 2014, Japan-based Mt.Gox cryptocurrency exchange was processing over two thirds of all bitcoin trades on the planet. Then, suddenly, the exchange collapsed. The exchange lost $400 million in bitcoin. Investors lost fortunes.
One man, however, decided to fight back. Software engineer Kim Nilsson lost access to his bitcoins in 2014. The police didn’t even understand how the theft had worked – and they certainly weren’t able to help him solve it. So Nilsson decided to take matters into his own hands.
You can view a 40 minute presentation from Breaking Bitcoin on Nilsson’s findings here. In that presentation, Nilsson describes how he investigated the heist, tracked down the culprits, and delivered justice for users who lost money in the collapse of Mt. Gox.
Nilsson’s story first appeared online in 2017. However, earlier today, The Wall Street Journal featured a story on Kim Nilsson titled, “The Man Who Solved Bitcoin’s Most Notorious Heist.” In that article, The Wall Street Journal explains how Nilsson fought back and investigated the exchange.
How Nilsson Solved the Mt. Gox Heist
Here’s the basic overview of how Kim Nilsson managed to crack the case with Mt. Gox:
Nilsson and Wizsec Scan the Public Blockchain to Identify Mt. Gox Addresses
- Nilsson realized that deposits and withdrawals were all posted on the public blockchain, making it easy to check the amount of money Mt. Gox took in compared to the amount of money Mt. Gox paid out. By subtracting the amount of withdrawals from the amount of holdings, Nilsson was able to see if there was a discrepancy. Since these were customer funds, a discrepancy would mean evidence of theft.
- Mt. Gox refused to provide a copy of the database when asked by Nilsson. However, Mt. Gox’s database had row-level exports leaked multiple times, allowing the partial reconstruction of their transaction history.
- Wizsec then built an index of the entire bitcoin blockchain correlated with all known activity on Mt. Gox, including deposits, withdrawals, and transfers.
- This index allowed Wizsec to reconstruction wallets and find hidden relationships between sets of bitcoin addresses. Wizsec then clustered transactions into wallets.
- Wizsec De-anonymized wallets using open source information, including the date, amount transferred, and number of confirmations compared to data posted online – like on bitcoin forums and with forum metadata.
- Wizsec ultimately identified approximately 2 million addresses belonging to Mt. Gox, allowing the security group to reconstruct Mt. Gox’s total holdings over time. Any withdrawals from Mt. Gox addresses not corresponding to withdrawal records from databases are, presumably, thefts.
Mt. Gox’s CEO is Arrested in 2015
- In 2015, Wizsec published details of the thefts. This was before rumors of the impending arrest of the Mt. Gox CEO. Up to this point, it was just assumed that Mt. Gox had been hacked.
- Mt. Gox’s CEO denies allegations of his impending arrest. He is arrested 8 hours later.
- By 2016, Wizsec and authorities had evidence of multiple thefts dating all the way back to 2011. Nilsson claims Mt. Gox had been “insolvent since 2011” and that “we had evidence that Mt. Gox was trading its liabilities on its own exchange, later known as the WillyBot.”
- Mt. Gox allegedly laundered these thefts by pairing thefts from Mt. Gox with thefts of other coins.
- Wizsec identifies a suspect in laundering these thefts: Alexander Vinnik. Wizsec avoided releasing Vinnik’s name until he was arrested by law enforcement in the United States.
- Wizsec identified Vinnik because Vinnik did not use tumblers or mixers in 2011 to obfuscate his bitcoins. He also used accounts on exchanges that were robbed or hacked. Plus, Vinnik used his real name online in connection with transactions that touched tainted. As Nilsson explains in his presentation, “If you’re going to steal coins, maybe don’t [use your real name online].”
- Wizsec, however, did not believe that Vinnik was the thief: he was just the launderer.
Nilsson and Wizsec Continue Investigating Shady Transactions
- Mt. Gox’s private keys were stolen via losing a copy of wallet.dat. We know that because wallet.dat once included 100 private keys for future transactions, including, for example, for use of change addresses later. If someone gets a copy of your wallet (your wallet.dat), your next 100 transactions and their next 100 transactions will use the same change addresses the next 100 outputs. This is easy to spot on the blockchain.
- Using this nifty trick, Nilsson and the Wizsec team were able to date the theft to September 11, 2011 at 21:30 UTC.
- The change from the thief’s transactions goes to addresses that Mt. Gox has allocated to customers as deposit addresses, which means each time the thief spends money, the change (that the thief still controls), gets seen by Mt. Gox as a deposit by a non-thief depositor. That means the depositors are credited with free BTC on Mt. Gox. Depositors who received free bitcoin immediately withdrew it. Dozens of Mt. Gox users received free BTC and apparently kept quiet about it.
Mt. Gox Was Hacked Multiple Times Before 2015 and Was Periodically Insolvent
- In March 2011, Mt. Gox is sold. At this point, the exchange is already insolvent. At various points throughout its history, Mt. Gox had already hit reserves of 0 BTC. The thefts that took place before 2011 that made the exchange insolvent were actually relatively small.
- Nilsson explains several thefts that took place over the years. Mt. Gox lost $50,000 USD in an XML injection attack that led to an unsinged input, for example. They also had their hot wallet stolen before the exchange was sold, leading to the loss of 80,000 BTC. Interestingly, those 80,000 BTC have not moved since 2011.
- Mt. Gox once lost 300,000 BTC in an off-site wallet from an unsecured network drive exposed to the internet. The thief returned those bitcoins for a 3,000 BTC finder’s fee. However, for a brief time, Mt. Gox had lost its entire reserves. Mt. Gox promised the hacker they wouldn’t investigate in exchange for the 3,000 BTC finder’s fee.
- Because of these hacks and others, Mt. Gox implemented an “obligation exchange”. This is the infamous WillyBot, an internal tool that balanced how insolvent the exchange was in USD and how insolvent they were in BTC so to avoid a liquidity crunch on either. When USD reserves were running low, for example, WillyBot would sell BTC for USD.
- In June 2011, the previous administrator’s admin credentials were hacked. The thief was able to reward himself (or herself) an infinite USD balance and purchase coins with that balance. The thief eventually withdrew 2,000 BTC in stolen funds.
- In September 2011, Mt. Gox’s database was hacked and an arbitrary read/write took place, leading to the loss of 77,500 BTC.
- We still haven’t gotten to the main theft – the one for which Mt. Gox is infamous. Between September 11, 2011 and October 1, 2011 was when the main theft took place. During this time period, a thief was able to get the wallet.dat file and syphon 630,000 BTC away. Mt. Gox did not notice. Nilsson criticized Mt. Gox for not having a monitoring feature on its holdings. This meant they didn’t notice the hack until it was far too late.
- In October 2011, Mt. Gox compounded the problem further when it accidentally destroyed 2,609 BTC by sending them to an unspendable address via a software bug.
At the End of the Day, Mt. Gox is Left With 220,000 BTC
- Nilsson and the Wizsec team tracked all of the Mt. Gox addresses to determine where and how money was being withdrawn and deposited.
- After all of these numerous hacks over the years, Mt. Gox had lost a total of $60 million (or around 865,000 BTC) to thefts and malicious attacks. Mt. Gox lost an additional $51.6 million and 22,000 BTC through WillyBot’s trading losses.
- Mt. God reported liabilities of 950,000 BTC in customer deposits and 100,000 BTC in assets (including the company’s BTC held on the exchange).
- Nilsson and the Wizsec team had expected to find 1.05 million BTC on deposit, and they knew that 865,000 were lost to hacks and malicious attacks. This means after bankruptcy, Mt. Gox would be expected to have 220,000 BTC.
Mt. Gox Could Have Avoided All of This
- Mt. Gox didn’t run into trouble because it got hacked. Every exchange faces hacking attacks and many exchanges have lost BTC in those attacks.
- What sunk Mt. Gox was the secrecy. Nilsson claims the company would have been shut down in 2011 if it hadn’t been secretive.
- Ideally, Mt. Gox would have disclosed the attacks early and avoided implementing WillyBot. WillyBot didn’t solve the problem: it just delayed the inevitable.
- Monitoring and auditing would have uncovered undeniable evidence of insolvency, which is why Mt. Gox didn’t implement monitoring for years. This made it difficult for Mt. Gox to spot the big attack – the loss of 630,000 BTC – when it took place.
Ultimately, Nilsson and the Wizsec team have performed some of the most comprehensive research regarding Mt. Gox’s infamous loss of bitcoins. The trial against Mt. Gox continues in Japanese courtrooms. You can read the full story about Nilsson’s efforts to investigate Mt. Gox in The Wall Street Journal here.
Revisiting Previous Bitcoin Lessons: Mt. Gox Controversy and Early Days of Bitcoin Overview
If you want to understand bitcoin, then you need to understand its history. Although bitcoin is only about a decade old, its path has been shaped significantly by various events over the last decade. One of the most important events to hit bitcoin was the Mt. Gox disaster. Today, we’re highlighting the Mt. Gox controversy and other key moments in the early days of bitcoin.
The Magic: The Gathering Online Exchange Was Launched in 2010
Today, the name “Mt. Gox” evokes thoughts of bad bitcoin exchanges, crypto hacks, and controversy.
Back in the early days, however, Mt. Gox was known as the Magic: The Gathering Online Exchange.
The platform was launched by Jed McCaleb in 2010, before any other major cryptocurrency exchange had emerged. Up to this point, it was difficult to purchase bitcoin. There were no exchanges you could use to exchange fiat into bitcoin or vice versa.
Interestingly, McCaleb purchased the MtGox.com exchange long before bitcoin was even a thing: he had wanted to create a Magic: The Gathering exchange since 2006. In January 2007, he purchased MtGox.com, then released a beta for the exchange later that year. He decided that it wasn’t worth his time and held off on the project until 2010 – after bitcoin had been released.
Jed McCaleb would later serve as the CTO of Ripple until 2013 before founding Stellar. Back in 2010, however, McCaleb simply wanted to create a gaming platform where players could trade Magic: The Gathering cards like stocks.
Mt. Gox was launched in July 10 and quickly grew to become one of the largest bitcoin exchanges. Before long, Mt. Gox was processing most of the 24 hour trading volume in the crypto industry. It was one of the easiest places to buy and sell crypto at a time when there weren’t many places to do so.
In 2011, McCaleb decided to sell Mt. Gox to a French developer based in Japan named Mark Karpelès.
June 2011 and the First Hacking Attack
Soon after Mt. Gox was sold to Karpelès, the exchange experienced its first sign of trouble. In June 2011, it was discovered that a hacker had used the Mt. Gox auditor’s computer to steal a large number of bitcoins from the exchange into his own account.
This caused the nominal price of bitcoin to drop to one sent on the exchange as the attacker sought to offload his bitcoins at any price.
Mt. Gox was closed for a week to deal with the controversy. Several lawsuits were filed during this time. The exchange eventually resumed operations as normal.
More Trouble in 2013
By 2013, Mt. Gox was encountering more problems. US regulators started to take notice. A number of incidents and investigations from various US government departments occurred in 2013 after customers reported delays in withdrawing their money.
These regulatory issues caused more trouble for Mt. Gox. The exchange eventually admitted that it had “effectively been frozen out of the U.S. banking system because of its regulatory problems.”
By 2014, Mt. Gox Was Handling 70% of All Bitcoin Transactions
Despite the regulatory troubles in 2013, Mt. Gox’s presence on bitcoin markets continued to rise. By 2013 and 2014, Mt. Gox was processing 70% of all bitcoin trading volume. Nearly 2 out of 3 bitcoin trades were being processed on Mt. Gox.
Part of the appeal of Mt. Gox came from its connections to Silk Road, the illicit drug marketplace on the dark web. Launched in 2011, that marketplace would dominate the online drug marketplace until it was shut down by the FBI in 2013. The FBI seized 26,000 BTC from the exchange’s founder, Ross Ulbricht. Today, Ulbricht is serving a controversial sentence of life in prison.
Mt. Gox and Silk Road rose simultaneously. Many users on Silk Road accepted bitcoin, and users appreciated the use of the Tor networking protocol to anonymize internet transactions. Users would buy bitcoin from Mt. Gox, then use those bitcoins to purchase drugs on Silk Road.
As the userbase and transaction volume continued to swell, and interest in bitcoin continued to rise, Mt. Gox’s infrastructure became increasingly strained. Unfortunately, this is where the trouble started happening.
On February 20, Mt. Gox halted all withdrawals, preventing users from withdrawing funds from the exchange. Mt. Gox did not provide a date for the resumption of withdrawals.
On February 23, 2014, Mt. Gox CEO Mark Karpelès resigned from the board of the Bitcoin Foundation. Later that day, he deleted all his tweets from his official Twitter.
Then, on February 24, 2014, the exchange suddenly halted all trading volume.
Mt. Gox had discovered that one of its wallets was almost completely empty. A hacker had been siphoning over 744,408 bitcoins in an ongoing theft that had gone unnoticed for years.
Soon after halting trading, Mt. Gox filed for bankruptcy protection from creditors. In April 2014, the company began liquidation proceedings.
Eventually, it was revealed that about 850,000 bitcoins belonging to customers and the company were missing and likely stolen. Eventually, Mt. Gox recovered 200,000 of those bitcoins.
In 2015, investors at WizSec revealed that the majority of missing bitcoins were stolen directly from Mt. Gox’s hot wallet over time, beginning all the way back in late 2011. Mt. Gox had rarely checked its hot wallet and did not notice the funds disappearing. By the time they noticed the hack, hundreds of thousands of bitcoins had disappeared.
The court case continues to make its way through the Japanese court system today.
Mt. Gox in 2018: What’s Next?
Mt. Gox was shut down after the hack in 2014. However, the Mt. Gox court case continues to make headlines across the cryptocurrency community. The battle is raging in a Tokyo courtroom over how to deal with Mt. Gox’s funds.
Mt. Gox CEO Mark Karpelès was arrested in August 2015 by police in Japan. He was charged with fraud and embezzlement. Japanese prosecutors alleged that Karpelès had siphoned money from investors into his own account, among other charges.
The 200,000 recovered bitcoins ended up in control of a trustee. That trustee sold many of these bitcoins between January and March 2018. By March, that trustee claimed that enough BTC had been sold to cover the claims of creditors.
Conclusion: What Can We Learn from Mt. Gox?
Mt. Gox was an undisputed disaster for the crypto world. Today, the name Mt. Gox continues to be synonymous with broken promises, problematic exchanges, and devastating bitcoin hacks.
However, there’s a silver lining to the Mt. Gox fiasco: because of Mt. Gox, customers now have extra caution when dealing with exchanges. Most well-informed bitcoin users refuse to keep significant funds on any exchange. They saw what happened with Mt. Gox and don’t want to lose their bitcoins again.