$300 000 000 USD

FEBRUARY 2014

JAPAN

MT. GOX

DESCRIPTION OF EVENTS

"Mt.Gox is the world's most established Bitcoin exchange. You can quickly and securely trade bitcoins with other people around the world with your local currency!" "It allows you to trade US Dollars (USD) for Bitcoins (BTC) or Bitcoins for US Dollars with other Mt Gox users. You set the price you want to buy or sell your BTC for." "Buy Bitcoins at market rates with your credit card or many other payment methods." "Automate your trading with our Trading API" "Dark pools allow you to trade large quantities without moving the market."

 

"4 Easy Steps: 1. Make an Account. 2. Add some funds. 3. Buy or Sell Bitcoins. 4. Withdraw your converted funds." "Fully automated, always available, 24 hours a day, Safe and Easy."

 

"Mt.Gox is protected by Prolexic and certified by VeriSign, which means all communications with our servers are encrypted with SSL technology." "We're always on. Buy and sell Bitcoin 24/7/365 with the world's most sophisticated trading platform." "Buying and selling Bitcoin doesn't have to be complicated! Get trading in a few simple steps." "The only multi-currency Bitcoin trading platform where you can trade with the entire world in your local currency."

 

"On February 7th, MtGox halted all BTC withdrawals from the exchange, citing a transaction malleability bug in the core Bitcoin software. When withdrawals had still not resumed after 2 weeks, users began to suspect that MtGox may not be able to pay its customers. On February 24th, Mt. Gox suspended all trading, then went offline completely, returning a blank page. News outlets reported on a leaked “crisis strategy draft” plan, which declared MtGox’s insolvency after losing 744,408 BTC of customer funds (valued at over $2 billion USD at today’s prices) as well as 100,000 of its own bitcoins."

 

"It didn’t take long for the information to become public, with Mt. Gox eventually filing for bankruptcy on Feb. 28."

 

"At a news conference, Karpeles claimed the exchange had been hacked. He apologized and promised to recover the missing cryptocurrency. The cybercrimes unit of the Metropolitan Police Department launched an investigation into the matter and Karpeles offered to cooperate with the inquiry."

 

"Naturally, those following the news have always wondered whether or not Mt. Gox had been hacked in the first place? Given the complexity of the issue, it was always going to be a difficult question to answer."

 

"In 2015, agents from the U.S. Treasury Department and Federal Bureau of Investigation, as well as members of Japan’s National Police Agency, met with Karpeles in Tokyo. They asked for Karpeles’ cooperation in an ongoing investigation involving an international hacker suspected of hacking several cryptocurrency exchanges, including Bitcoinica in 2012."

 

"By August 2015, many assumed the police were going to arrest Karpeles for some reason or another. The special investigation unit that deals mainly with white-collar offenses had taken control of the case, suggesting that the Frenchman would be arrested in order to extract some kind of confession."

 

"Karpeles, however, didn’t confess. The police subsequently arrested him on two other charges, with none of the indictments having any direct connection to hacking. Karpeles spent 11 months in detention before bail was granted."

 

“I was interrogated for eight hours each day,” Karpeles recalls. “I was asked about the missing bitcoins. I was even asked if I was Satoshi Nakamoto, the creator of Bitcoin. I was asked to sign confessions and statements in Japanese. Sometimes, the prosecutor would have pre-written statements for me in the morning they wanted signed.”

 

"Kim Nilsson, a Swedish engineer who had lost 12 bitcoins in the collapse of Mt. Gox, began sharing information with federal authorities in the United States while Karpeles was in detention. They specifically analyzed the block chain, the public ledger of all bitcoin transactions."

 

"In September 2016, U.S. authorities received a copy of the Mt. Gox database and used it to track the stolen bitcoins."

 

"Tigran “Blockchain Wizard” Gambaryan, an agent in the Internal Revenue Service who has extensive experience in cryptocurrency crime, led a joint task force that looked into the case."

 

"The task force concluded that Mt. Gox had been hacked by an outsider who had siphoned off more than 600,000 bitcoins in a period between 2011 and late 2013. It was able to trace the bulk of stolen bitcoins to one individual, a Russian bitcoin exchange operator named Alexander Vinnik."

 

"On July 25, 2017, U.S. authorities had Vinnik detained in Greece. He was indicted on 21 counts of money laundering and several other charges, some relating to Mt. Gox."

 

"During Karpeles’ trial in the Tokyo District Court, Ogata argued that Karpeles had only been detained because the police had hoped to extract a confession from him. When Ogata tried to enter Vinnik’s indictment into evidence, prosecutors objected, claiming the Russian should be presumed innocent until proven guilty. The fallacy of such an argument was not lost on the panel of judges, who specifically referred to the indictment in their ruling."

 

"On March 15, the court found Karpeles guilty of data manipulation and handed out a suspended prison sentence of 2½ years. He was found not guilty on a separate charge of embezzling millions of dollars through customer accounts. It’s perhaps just worth noting that the odds of a partial not guilty verdict in Japan after indictment are less than 1 percent."

 

"The Nikkei Shimbun noted the indictments had nothing to do with the initial investigation of the hacking. “The Metropolitan Police Department investigation into the missing bitcoins has, in fact, been terminated,” the paper said."

 

"Vinnik is expected to be extradited to France. And so it seems the man behind the Mt. Gox theft may have finally been identified. It’s a shame the domestic investigation into the case failed to add much to the end result."

 

"In May [2021], the trustee presiding over the Mt. Gox civil rehabilitation case opened the voting on how to partially reimburse victims who lost money to the in hacks dating back nearly a decade."

 

"Those who don’t vote are deemed to have voted against the proposal, according to the trustee. A minimum threshold of 50% of votes is required in order for the proposal to pass, so there is a chance the proposal could fail even if the majority of votes actively cast vote in favor of acceptance."

 

The most famous incident that everyone has heard of. Lack of secure storage for funds, a CEO who had his focus elsewhere, and the hacks apparently went undetected for months. There is still an ongoing bankruptcy. Luckily, at least one of the cold wallets escaped capture and can be used for disbursement. While victims have massive losses in bitcoin terms, due to the time that has passed they will most likely have minimal losses in fiat terms.

HOW COULD THIS HAVE BEEN PREVENTED?

Mt. Gox could have been avoided through smaller hot wallets. Using a multi-sig for cold fund storage and having accountability to ensure all funds are fully backed would also have significantly reduced the damage.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.