What was the Mt. Gox Hack?

What does it mean when a busy bitcoin exchange suddenly stops all activity? Next, their website mysteriously goes offline. Then, their entire Twitter feed suddenly disappears.

Something very big and very bad is going down.

In February of 2014, this very scenario played out with the Japan-based Mt. Gox cryptocurrency exchange.

The company had been hacked, and the results were devastating.

Before anyone even knew exactly what had happened, leaders of other bitcoin companies were scrambling to reassure investors and keep up the confidence in bitcoin.

So, what happened in the Mt. Gox hack? Let’s find out.

What was Mt. Gox?

The company was started by US programmer Jed McCaleb in 2010 and sold to French developed Mark Karpelés in 2011.


Mark Karpeles
Mt Gox founder Mark Karpeles. Source

Mt. Gox was more than a big player in the cryptocurrency world. At its peak in 2013, the exchange handled a whopping 70% of all bitcoin transactions worldwide.

This dipped a little to 70% by the beginning of 2014, but the company was still going strong.

Until…

Mt. Gox took a devastating hit in the largest bitcoin hack to date. Hackers accessed and stole 740,000 bitcoin from Mt. Gox customers and 100,000 from the company itself, roughly the equivalent of $460 million at the time.

The event quickly spiraled out of control and the company was bankrupt by the end of February 2014.


Mt Gox customers wait outside the old offices to ask for their money back
Mt Gox customers wait outside the old offices to ask for their money back. Source

How Did it Happen?

Though everything exploded in February 2014, it’s now suspected that hacking activity was going on as early as 2011.

In June of 2011, the company experienced its first hack in which hackers got ahold of Mt. Gox auditor’s computer and change the price of bitcoin to 1 cent.

Then they started buying bitcoin at this artificial price using the private hot wallet keys of Mt. Gox customers, obtaining about 2,000 bitcoin.

On top of that:

Customers bought about 650 bitcoin, of which 0 BTC was ever returned.

After this, Mt. Gox tightened security, but it wasn’t enough to protect the exchange.

Investigations of the 2014 fiasco reveal that the Mt. Gox private key was unencrypted and stolen back in 2011. It’s unclear whether this information was obtained through a hack or with the help of an insider.


Mt Gox customer confronts Karpeles
Mt Gox customer confronts Karpeles. Source

From there, the culprits began skimming bitcoins from customer accounts over the next couple of years.

The Mt. Gox system appears to have interpreted the thefts as transfers to more secure addresses, leaving the company apparently oblivious to the drain.

Company Mismanagement

Amazingly enough, although the company appears to be in the dark, they were technically insolvent for nearly two years before the hack became public.

By mid-2013, a year in which the company seemed to be enjoying huge success, they had already lost nearly all of their bitcoin.

It’s even possible about 80,000 was already missing when Mark Karpelés bought the exchange in 2011.

How did nobody know what was going on?

Many former employees cite mismanagement and disorganization within the company.

An anonymous developer revealed that the company didn’t even use version control software. This industry-standard tool was used to prevent colleagues from accidentally overwriting another’s work if they happened to be working on the same file.


old Mt Gox interface
The old Mt Gox interface. Source

Another problem was that the only person who could approve changes to the site’s source code was Mark Karpelés. This meant that even important security updates and bug fixes might wait weeks for approval.

Further Troubles

Other, more public problems were already beginning to surface in 2013.

In May of that year, Coinlab, a former business partner sued Mt. Gox for $75 million, claiming breach of contract. They were supposed to take over Mt. Gox’s American clientele, but due to Mt. Gox breaching their contract this never came about.

On top of that, Mt. Gox was under investigation by the US Department of Homeland due to claims that a Mt. Gox subsidiary was operating without a license in the U.S. Eventually the U.S. government seized over $5 million from Mt. Gox.

Recovering the Bitcoin

Shortly after the hack in 2014, Mt. Gox reportedly found 200,000 bitcoins in old-format digital wallets the company had been using before June 2011. They promised to disburse these bitcoins to victims of the hack.


mt gox finds 200,000 missing bitcoins
The WSJ headline after Mt Gox recovered more bitcoins. Source

However:

The bitcoins have been held in trust for the creditors for the last few years since the company is under bankruptcy protection.

Bankruptcy State

A Japanese court finally put a halt to the bankruptcy state, which would have turned assets over to Mt. Gox’s owners and instead put it under civil rehabilitation law. Under this law, as much of the company’s assets as possible will be turned over to Mt. Gox’s creditors when all is said and done.

Since then, promised deadlines for the disbursement of the bitcoins have come and gone. The next deadline is set for March 31, 2020. Fingers crossed.

Additionally, Russian lawyer Alexander Zheleznikov, managing partner of ZP Legal, has approached Mt. Gox saying he believes he can help recover up to 200,000 of the lost bitcoin. He believes the bitcoin ended up in another now-defunct exchange, the Russian BTC-e. The plan involves recovering the bitcoins from Russian nationals through legal action.


mt gox settlement headline
Headline in Coindesk about Alexander Zheleznikov. Source

Of course, ZP legal is more than happy to help, but may charge up to 75% of the recovered value for their efforts.

On the plus side, they’ve promised to only accept payment if they are successful in recuperating bitcoins.

What Have We Learned?

The main lesson learned from the Mt. Gox fiasco is that cryptocurrency is a whole new ballpark, far different from the currently known financial world. Bankruptcy law was not adequate for dealing with the fallout and the shift to civil rehabilitation is an important precedent for the crypto community.

Six years have ticked by and people are still waiting for access to their frozen assets. This is unacceptable and serves as a warning to the cryptocurrency community to put better structures in place for when disaster strikes.

Of course, the ultimate goal is to prevent those disasters altogether, but hackers get more creative every year.

If you want to take the plunge and invest in cryptocurrency, you have to do your homework. Choose reputable exchanges that are transparent about their business practices and learn how to store your bitcoins separately and not on any exchange.