Mt. Gox hacked, losing over $450 million worth of Bitcoin
Summary
Between 2011 and 2014, Mt. Gox, once the largest Bitcoin exchange, experienced a series of attacks that ultimately led to its downfall. A combination of transaction malleability attacks, poor security practices, and mismanagement resulted in the loss of approximately 850,000 BTC, valued at over $450 million at the time. As a consequence, Mt. Gox filed for bankruptcy, and its CEO, Mark Karpeles, faced legal action.
Attackers
The attacker behind the Mt. Gox hack remains unidentified, with theories suggesting an insider, a group of hackers, or a state-sponsored actor. The sophisticated nature of the attack, which exploited a vulnerability in the exchange’s software, implies that the perpetrator may have had both inside knowledge and technical expertise.
Money Laundering
It was reported that a Russian national named Alexander Vinnik was arrested in Greece in 2017 and accused of laundering at least $4 billion worth of funds, including some of the stolen bitcoins from the Mt. Gox hack, through a now-defunct cryptocurrency exchange called BTC-e. Vinnik was indicted by a U.S. grand jury on multiple counts of money laundering and other related crimes.
Losses
850,000 BTC was stolen, worth over $450 million at the time of the attack. While the exchange later recovered 200,000 of the stolen Bitcoins, the remaining 650,000 have never been found. In the years since the hack, Mt. Gox has been trying to repay its customers. However, the process has been slow and complicated. In 2018, a Japanese court approved a plan to repay customers with a combination of cash and Bitcoin. However, the repayment process is still ongoing, and it is not clear when all of the customers will be repaid.
Timeline
- April 2013: Mt. Gox experiences delays in processing withdrawals due to a growing backlog of transactions, raising concerns among customers.
- May 15, 2013: The US Department of Homeland Security seizes funds from Mt. Gox’s Dwolla account, citing unlicensed money transmission.
- June 20, 2013: Mt. Gox suspends USD withdrawals, citing the need to improve its transaction processing system.
- July 4, 2013: Mt. Gox resumes USD withdrawals, but issues persist.
- November 2013: A joint report by WizSec and Kraken reveals that a hacker had been siphoning bitcoins from Mt. Gox since at least September 2011.
- January 26, 2014: Mt. Gox suspends all withdrawals due to a software bug that enables transaction malleability.
- February 7, 2014: Mt. Gox claims it has found a solution to the transaction malleability issue and will resume withdrawals soon.
- February 10, 2014: Protests begin outside the Mt. Gox offices in Tokyo, as customers demand access to their funds.
- February 17, 2014: Mt. Gox resigns from the Bitcoin Foundation’s board of directors.
- February 20, 2014: Leaked documents reveal that Mt. Gox has lost over 744,000 BTC due to theft.
- February 24, 2014: Mt. Gox goes offline without warning, and all trading is suspended.
- February 28, 2014: Mt. Gox files for bankruptcy protection in Tokyo, citing liabilities of 6.5 billion yen ($63.6 million) and 850,000 missing bitcoins.
- March 9, 2014: Mt. Gox files for bankruptcy protection in the US.
- March 20, 2014: Mt. Gox announces the discovery of 200,000 bitcoins in an old digital wallet, reducing the number of missing bitcoins to 650,000.
- April 16, 2014: Mt. Gox officially begins liquidation proceedings.
Security Failure Causes
A combination of factors contributed to Mt. Gox’s security failure. These include transaction malleability attacks, inadequate cold storage practices, insufficient security measures, and mismanagement. The long-term effects of these issues culminated in the massive loss of Bitcoin and the eventual collapse of the exchange.