Mt. Gox was a cryptocurrency exchange that operated between 2010 and 2014, handling over 70% of all bitcoin transactions globally at its peak.
The exchange abruptly ceased operations and declared bankruptcy in February 2014 after the loss/theft of 850,000 bitcoins, then worth hundreds of millions of dollars and representing 7% of the total supply of the cryptocurrency. Reasons for the “loss” were not clear at the time and only 200,000 bitcoins were initially recovered. The exchange was the subject of speculation, news, and lawsuits for years, and, as of 2023, creditors are still trying to reclaim their funds.
Subsequent investigations showed that hackers had been slowly siphoning bitcoin from the exchange since 2011, with the fraudulent transactions going unnoticed. Regulators have blamed a mix of bad business and engineering practices, poor security protocols, and a lack of an accurate accounting system as reasons for the long-term theft.
The collapse of the most prominent bitcoin exchange in the world at the time was a defining event in cryptocurrency history. The failure destabilized the crypto market, with the bitcoin price falling by 23% in the days following the bankruptcy. Investors lost confidence in both the value of the digital currency and the overall security of cryptocurrency exchanges.
The public perception of Bitcoin became inextricably linked with the high-profile hacking.
Founding of Mt. Gox
Jed McCaleb, an American programmer and entrepreneur, originally created the mtgox.com website for players of the game “Magic: The Gathering” to trade Magic cards online. The name ‘Mt. Gox’ is an acronym for “Magic: The Gathering Online Exchange.” In 2006, a beta version of the site went live for three months until McCaleb lost interest and moved on to other projects.
A few years later, McCaleb became involved with Bitcoin and decided to use the mtgox.com domain to build an exchange for users to trade bitcoin and fiat currencies. After the site attracted more users, McCaleb sold Mt. Gox to Mark Karpelès, a French programmer and Bitcoin enthusiast, in March 2011. Karpelès moved the company’s headquarters to Tokyo, hired staff, and oversaw further development on the site.
June 2011 security breach
By early 2011, Bitcoin was still a relatively unknown technology outside of crypto enthusiasts and programmers, and Mt. Gox was one of the first sites that allowed users to their exchange bitcoin. At the time, Mt. Gox was processing tens of thousands of dollars in transactions each day and its early prominence in the market made the exchange a target for hackers. The site experienced multiple security incidents throughout its operation.
In June 2011, a hacker breached the site through a compromised computer belonging to an auditor of the company. The hacker used stolen credentials to briefly alter the nominal value of bitcoin from $16.85 (the price of bitcoin at the time) to $0.01, then transferred 2,000 bitcoins out of customer accounts. Additional bitcoins were also purchased by customers at the artificially low price during the hack. In all, about $8.75 million in bitcoin was stolen.
The exchange’s user database was also leaked for sale, including usernames and hashed passwords. Mt. Gox administrators responded by taking the site offline for several days.
After hearing about the security breach, crypto enthusiast (and future founder of the Kraken crypto exchange) Jesse Powell flew to Tokyo where he met friend Roger Ver, a prominent Bitcoin supporter. The two rushed to Mt. Gox’s office intending to help the fledgling business. They worked alongside Karpelès and his staff to answer support inquiries and troubleshoot the site until it was back online. Powell later noted Karpelès’ relaxed attitude during the attack, where he insisted on taking the weekend off, and the company’s general disorganization in executing critical tasks.
Collapse of Mt. Gox
Customers had been complaining about delays in withdrawing cash from their accounts in the weeks and months leading up to the collapse in February 2014. The company blamed technical bugs as a reason for the delays.
On February 7, the exchange halted all withdrawals. In interviews, Karpelès declined to comment on customers’ increasing concerns about the financial status of the exchange. On February 24, the exchange suspended all trading, and the site was taken offline.
A few days later, a leaked internal document indicated that the exchange had lost almost 750,000 of its customers' bitcoins and an additional 100,000 of its own bitcoins. Ryan Selkis, a crypto blogger and entrepreneur, later revealed himself to be the individual who leaked the document.
The company declared bankruptcy in Japan on February 28 and in the US two weeks later. 24,000 customers globally lost access to their funds, which were worth about $470 million US dollars at the time. In 2023, the lost bitcoin is worth an estimated $21 billion.
Investigations into the collapse
Initial inquiries revealed that hacking activities had been ongoing since 2011 when the exchange’s unencrypted private key had been stolen. The criminals had been slowly moving customers’ funds out of their accounts. Mt. Gox had viewed the transactions as customer-induced transfers rather than suspicious activity and administrators had been unaware of the drain.
The company was technically insolvent as early as two years before the collapse and investigators believe that bitcoin were being stolen even before Karpelès bought the company. Mt. Gox lacked a reliable accounting system for reconciling customers’ bitcoin balance and its inventory.
Subsequent investigations found that the exchange had poor security protocols and serious technical issues, as well as disorganization and business mismanagement at the company level.
In interviews, former employees noted that Mt. Gox’s engineering team did not use a version control system (the practice of tracking and managing changes to software code), which was standard in the industry. Only Karpelès himself could approve changes in the source code, which led to long delays in development, bug fixes, or security reviews. Additionally, the team only introduced a quality assurance testing environment in 2013, long after becoming one of the top Bitcoin exchanges.
Impact on the cryptocurrency community
The Mt. Gox hack left a tainted public perception of cryptocurrency as being associated with hacking and lost funds, with many only hearing about Bitcoin for the first time in the context of the bankruptcy. Some journalists still call Mt. Gox the most existential threat to crypto in its 15-year-history.
Crypto businesses continue to look back to the Mt. Gox collapse and other failures as examples of what can happen when crypto businesses have inadequate controls in place. The downfall of the exchange sparked calls for greater accountability and transparency within the industry and highlighted the importance of proper accounting protocols that reflect the needs of a complex global financial business.
However, crypto enthusiasts argue that the hack was a result of bad business and engineering practices by the exchange, not a flaw inherent to Bitcoin itself. Early crypto businesses were often run by entrepreneurs and tech enthusiasts (Karpelès, for example, was a PHP developer) and lacked the leadership and structure provided by seasoned financial professionals. Current global exchanges are now subject to much stricter regulation.
Mt. Gox essentials
Mt. Gox was a cryptocurrency exchange that operated between 2010-2014, handling over 7% of all bitcoin transactions at its peak.
Mt. Gox went bankrupt in February 2014 and over 850,000 bitcoins were lost or stolen, representing $470 million in value at the time.
The bankruptcy destabilized the cryptocurrency market and tainted public perception of Bitcoin as being a target for criminals and hacking.