Crypto Hack: The Mt. Gox Tragedy
Tech Deep Dives

Crypto Hack: The Mt. Gox Tragedy

Created 2yr ago, last updated 2yr ago

CoinMarketCap takes a deep dive into one of the earliest and biggest crypto hacks in history. Read more to find out what happened to Mt. Gox!

Crypto Hack: The Mt. Gox Tragedy

Table of Contents

Once regarded as the largest Bitcoin exchange, Mt. Gox met a fate that not many could foresee. It reigned as one of the earliest Bitcoin exchanges and was dubbed as the foundation for its succeeding platforms.

The Mt. Gox domain was bought by Jed McCaleb in the wake of 2007. It intended to serve as a card-trading forum for the famous game: Magic: The Gathering. McCaleb is also the co-founder of OpenCoin Inc. and is the chief developer of Ripple. In 2010, with the rising interest in Bitcoin, McCaleb decided to change Mt. Gox’s mode of operation.
On 18th July 2010, Mt. Gox emerged as a Bitcoin exchange. One of its kind, the platform was set to unite Bitcoin’s buyers and sellers. However, McCaleb did not have an elaborate plan at hand as to how he would recode the site and execute the process. In pursuit of a worthy candidate, McCaleb sold the platform to Mark Karpelès exactly a year later.
Mark Karpelès was his time’s most famous coder and programmer. His enthusiasm for cryptocurrency was befitting for establishing a Bitcoin exchange. Karpelès, who went by the online persona of Magicaltux, reprogrammed Mt. Gox. The young entrepreneur was able to set the idea of a Bitcoin exchange in motion within a week of the acquisition.
In 2014, Mt. Gox became the platform to handle 70 % volume of the Bitcoin being traded. While this happened to be the highlight for Mt. Gox, a series of covert hacking and losses were kept a secret until the Pandora box opened.

Join us in showcasing the cryptocurrency revolution, one newsletter at a time. Subscribe now to get daily news and market updates right to your inbox, along with our millions of other subscribers (that’s right, millions love us!) — what are you waiting for?

What Is Mt. Gox Hack 2014?

The Mt. Gox tragedy is not a single event, rather a series of events that led to the dissolution of the platform.

The first incident was a price crash that affected the platform in early 2011. The fiasco was kept undercover until the price for Bitcoin fell from $17 to a few pennies within a few hours. Investigation revealed a compromised user account on Mt. Gox. Subsequently, the platform went offline for a few days with a complete suspension of transactional activity. Karpelès issued a statement verifying the crash and added that it would be dealt with immediately. In his statement, he mentioned that the problem exclusively affected the website and had nothing to do with the traders. Within a few days, a copy of Mt. Gox’s user records became accessible online. Trader credentials with their account details were made public, which added fuel to the fire. The fault lay with Mt. Gox targeted the investors on the forum only since Bitcoin was doing fairly well on other exchanges and in peer-to-peer transactions.

Users also found out the vulnerability of Mt. Gox to one-click attacks or cross-site request forgery (CSRF). Traders lost trust in the platform and vowed to abandon it for good. However, there was a dearth of reliable exchange platforms for Bitcoin, and investors had few to no options.

More reports attested to the lack of adequate security provided on Mt. Gox. One of the investigations unveiled that 478 accounts on the platform had been breached, leading to a heist of more than 25,000 BTC. A total of USD 8.75 million were missing from the platform’s accounts, with no guarantees of return.

Many thought that since Mt. Gox was based in Japan, its operations in the US and elsewhere were lacking. The company teamed up with a relatively new exchange to oversee its American operations: CoinLab. Following the press release concerning the partnership, Bitcoin went up by 40 %.

Even with this collaboration, Mt. Gox was unreliable. After agreeing to transfer its Canadian and North American shares to CoinLab, Mt. Gox didn’t hold up its end of the deal and defaulted on the contract. CoinLab said:

"Despite repeated requests to do so, Mt. Gox has failed to deliver all passwords, Yubikeys, administrative logins and any other security information required so that CoinLab may assume operation of the Bitcoin exchange services for customers in the United States and Canada."

CoinLab’s attorneys filed a lawsuit of $75 million against Mt. Gox in Washington State.

Disapproval by experts became more profound following the lawsuit, as Mt. Gox had already suffered massive blows since 2011.

The last setback for Mt. Gox was its 2014 hack. Many experts claim that the heist was an inside job rather than being an external cyber-attack. A poll was set up to track if Mt. Gox traders were facing delays and other problems with their transactions. More than 3300 traders admitted to getting their transactions late by several weeks and others felt that they were not getting adequate customer support. Investor confidence continued to decline in the exchange.

In the middle of February 2014, the transactions on Mt. Gox came to standstill. To stall their inevitable doom, the company teamed up with to enhance transaction security.

By the end of February, Mark Karpeles decided to step down. The company filed for bankruptcy, first in Tokyo and later in the US.

During the proceedings, it was discovered that the company had lost over 750,000 of the traders’ coins and 100,000 of its own. The total amount lost was $473 million in 2014 and made the Mt. Gox tragedy the biggest crypto scam of its time. The value of Bitcoin plunged by 20% after the downfall of the platform.

When Did It Happen and Who Was Involved?

The tragedy started with the 2011 hack and ended in February 2014 following the declaration of bankruptcy.

To date, no particular group of hackers has been associated with the tragedy. Many experts think that it has more to do with the inability of the CEO and his lack of vigilance. During the pinnacle of its success, Mt. Gox did not have operational version control software. Anyone could re-write or overwrite the codes. 2011-2014 was the incubation It was difficult to assess the mode of operation of Mt. Gox.

The working environment and the motivation to make a secure blockchain ecosystem were lacking at the organization. An employee commented:

"Mark liked the idea of being CEO, but the day-to-day reality bored him."

How Did It Conclude?

The Mt. Gox is the most inconclusive crypto heist in history. Mark was arrested following the investigations and $500,000 from the company’s bank accounts were seized to make up for the victims’ losses.

Mt. Gox Trustee, Nobuaki Kobayashi, has been gradually selling Mt. Gox’s BTC and giving them back to the affected.

Post-Mortem of the Hack

Nothing has been concluded from any of the investigations so far. Bitcoin was new back in the day and so were exchange platforms.

Mt. Gox Trustee Nobuaki Kobayashi has been gradually selling Mt. Gox’s BTC and giving them back to the affected. Kobayashi currently has 150,000 BTC that will be used to reimburse the victims. A Japanese court took the users’ vote on the drafted plan, with 99% agreeing to take whatever is offered as compensation. Every claimant is asked to submit their bank details for the due process to take place. However, the timing of the repayments remains uncertain with many users complaining about incoherent communication.

How to Prevent Crypto Hacks in the Future?

The tragedy elicited the need for government regulation, testing environments for exchanges, and need for secure transactions. Many regulations were put into place and coding was made foolproof to prevent breaches in the future. Following the demise of Mt. Gox, many new exchanges sprouted, based on secure blockchain systems.

The most important lesson from Mt. Gox tragedy is that mismanagement can lead to the fall of even the greatest platforms. Hiring and working with capable people who are motivated to make the blockchain ecosystem benefitting for the investor is pivotal. Professional security should be considered for all platforms to ensure investor safety.

This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap. CoinMarketCap is not responsible for the success or authenticity of any project, we aim to act as a neutral informational resource for end-users.
8 people liked this article