header banner
Default

CoinDesk Celebrates Its Tenth Anniversary: Mt Gox: Why the Biggest Bitcoin Hack Is Still Important


“Hi everyone, I just put up a new Bitcoin exchange,” Jed McCaleb wrote on the Bitcoin forum. “Please let me know what you think.”

This was in 2010. The new exchange was called Mt. Gox.

On Mt. Gox’s first day of operations, 20 bitcoins (BTC) were traded. They each sold for 5 cents.

The origin story is now legendary – it almost feels like a fable. The roots even go back to elves and dwarves. McCaleb, as all students of bitcoin history know, had created the site years earlier as a place to geek-out on the fantasy card game “Magic: The Gathering.” He wanted to buy and sell cards. So he launched “Magic: The Gathering Online Exchange,” or Mt. Gox for short.

This feature is part of our "CoinDesk Turns 10" series looking back at seminal stories from crypto history.

Back then, it wasn’t easy to buy bitcoin. Some early enthusiasts would barter the “coins” (as they were called then) for things such as T-shirts and Visa gift cards. As then-software developer Kolin Burges remembers, to purchase bitcoin he’d use a clunky workaround that involved buying “Linden dollars,” the digital currency from Second Life. “It was a disaster,” Burges says now. In one $5,000 purchase, he lost 40% of the value because of a lack of liquidity.

When a Canadian we’ll call Greg first tried to buy bitcoin, he was so confused that he went to a local TD Bank because he knew it converted currency. None of the tellers knew what he was talking about; they had never heard of bitcoin.

Then came Mt. Gox. Suddenly, you could just buy and sell bitcoin (or “bitcoins,” as people said then) without any major headaches. Sure, maybe the downside was that the digital currency sat on a “centralized exchange,” but was that really so risky or problematic? Isn’t it easier to just let someone else – the experts – handle the nitty-gritty of security?

So Mt. Gox grew. It grew and it grew and it grew. Despite an early hack in 2011 when it lost 25,000 bitcoin – temporarily sending the price to almost zero – eventually Mt. Gox accounted for 70% of all bitcoin transactions. It seemed that Mt. Gox was the bitcoin market.

SingleQuoteLightGreenSingleQuoteLightGreen

The stolen loot from Mt. Gox is now over three times more valuable than the top 10 bank heists in all of recorded history

SingleQuoteLightGreenSingleQuoteLightGreen

Along the way, Mt. Gox changed ownership. In 2011 McCaleb, frustrated with the burdens of running the site, sold Mt. Gox to a French coder named Mark Karpelès, a “chubby twenty-four-year-old” who “had tremendous difficulty with human interaction, while the logic of the computer had spoken to him naturally,” as Nathaniel Popper described him in the book “Digital Gold.”

Burges, Greg and the other 24,000 users of Mt. Gox didn’t really care who owned the exchange. They just liked that it worked. For Burges, that changed in January 2014 when, while traveling with his girlfriend in Paris for his 40th birthday, he tried to cash out some of his bitcoin(s). The withdrawal didn’t go through. Huh?

TOKYO, JAPAN - JUNE 05: Former Mt. Gox Chief Executive Officer Mark Karpeles attends a press conference at the Foreign Correspondents' Club of Japan on June 5, 2019 in Tokyo, Japan. Mt. Gox, once the world largest cryptocurrency exchange, collapsed in 2014 after the hacking of 650,000 bitcoins. Karpeles was arrested in 2015 and held for 11 months without bail on three criminal charges. (Photo by Tomohiro Ohsumi/Getty Images)
Former Mt. Gox CEO Mark Karpeles (Tomohiro Ohsumi/Getty Images) (Getty Images)

Others noticed the same thing. Daniel Kelman, a 20-something lawyer who began buying bitcoin when it cost $100, also couldn’t book any withdrawals. Mt. Gox told him the withdrawal couldn’t be processed for know-your-customer (KYC) reasons, but that explanation seemed fishy. Kelman had 44.5 bitcoin in Mt. Gox (each worth around $1,000 at the time) – a life-changing amount of money. Kelman was so anxious he couldn’t sleep. He was confused and he was pissed.

So were thousands of fellow Mt. Gox customers, especially when they read vague and unsatisfying explanations from Karpelès. In a post on Reddit, Mt. Gox stated that “it is necessary to temporarily pause all withdrawal traffic to obtain a clear technical view of the current processes.” (“Haha, the first bitcoin bank run,” one Redditor posted. “Awwww, it's growing up so fast.”)

Burges had 250 bitcoin tied up in Mt. Gox – then worth a quarter of a million dollars. He wanted them back. So he booked a flight from London to Tokyo and he staged a mini-protest outside of Karpelès’ office.

It was cold and snowing and Burges was jet-lagged, but he slapped together a sign that said “MT. GOX WHERE IS OUR MONEY?” Burges intentionally did not say, “Where is our bitcoin?” because at the time no one would know what the hell he meant.

Burges soon met a reporter from The Wall Street Journal and a reporter from a new website that had begun covering the crypto space – CoinDesk. Burges’ protest soon gained more attention and became one of bitcoin’s early crossover stories into mainstream media.

The Japanese onlookers, meanwhile, seemed bewildered by the protest as 1) Burges didn’t speak Japanese and 2) no one had heard of bitcoin. But this didn’t deter Burges. He patiently waited for Karpelès to show up to work and when he did, he confronted him.

“Do you still have everyone’s bitcoins?” Burges asked Karpelès in the snow, who awkwardly carried an umbrella and iced coffee.

Karpelès had no adequate answer for Burges, and he had no adequate answer for the other 24,000 Gox customers. Eventually, the hard truth emerged: Mt. Gox had been hacked. The bitcoin was gone. It seemed that nothing was left. "We had weaknesses in our system, and our bitcoins vanished,” Karpelès said at a Tokyo press conference in February 2014, where he announced Mt. Gox’s bankruptcy. “We've caused trouble and inconvenience to many people, and I feel deeply sorry for what has happened.”

This was roughly 7% of all the bitcoin that existed at the time. At present market value of roughly $30,000 per bitcoin, this tallies up to a crime of over $22 billion. Mt. Gox isn’t just the largest hack in crypto’s history. The stolen loot from Mt. Gox is now over three times more valuable than the top 10 bank heists in all of recorded history.

But the wildest part of Mt. Gox? The legacy is as relevant in 2023 as it was in 2014; the hack helped shape the crypto industry; and now, somehow, nearly a decade later … the story has a final surprise twist.

Not your keys

VIDEO: The Legacy of Mt. Gox: Why Bitcoin’s Greatest Hack Still Matters
Crypto World Daily

In the aftermath of the hack, other heavyweights in the space – no dummies – quickly distanced themselves from the odor of Mt. Gox, stressing that the exchange was the blunder of one bad actor and not a failure of bitcoin. Sound familiar?

“This tragic violation of the trust of users of Mt. Gox was the result of one company’s actions and does not reflect the resilience or value of bitcoin and the digital currency industry,” Brian Armstrong of Coinbase, Jesse Powell of Kraken, and the heads of several other exchanges wrote in a joint statement. “As with any new industry, there are certain bad actors that need to be weeded out, and that is what we’re seeing today.”

You can swap out Mt. Gox for “FTX” and this is a carbon copy of what crypto advocates have been saying about Sam Bankman-Fried.

Mt. Gox, to many, embodies the original sin of the crypto space: putting too much trust in centralized exchanges. To them this is a lesson that should have been learned in 2014, but it’s a mistake that still haunts us in 2023. “The legacy of Mt Gox is ‘not your keys, not your coins,’” says Caitlin Long, a longtime bitcoin advocate and founder of Custodia Bank. Long, who was a Mt. Gox customer, regrets trusting a centralized institution and now says that “it was the cheapest tuition I’ve ever paid to learn a critical life lesson.”

Roger Ver, who had once lent a hand to help Mt. Gox during the 2011 hack, says nearly exactly the same thing. “Not your keys, not your bitcoin,” says Ver when asked for Mt. Gox’s core lesson. Peter McCormack, host of the “What Bitcoin Did” podcast, offers an identical takeaway from Mt. Gox: “Not your keys, not your bitcoin.”

Then McCormack offers a second takeaway. He notes that in the carnage of Mt. Gox, the price of BTC collapsed and it seemed to many that bitcoin was done. As tech reporter Kevin Roose wrote just after the hack, “The Bitcoin dream is all but dead.”

To his credit, Roose has since recanted. (“Hoo boy, did I blow it,” he followed up in 2017.) And bitcoin, of course, did not die. You could argue that it grew stronger. Less fragile. When you look at the past 13 years of history that includes Mt. Gox and Silk Road and FTX, says McCormack, “the fact that it’s still here is its strength. It’s very hard to kill a blockchain.” Even in the worst-case scenario where bitcoin itself is hacked, or it becomes banned in the United States, says McCormack. “I guarantee you that the next day people will be moving it around and it will have a price.”

The hack of Mt. Gox didn’t just fail to kill bitcoin, it led to certain improvements and innovations in the space. In part because Mt. Gox’s collapse had left customers in the cold – in the protestor Burges’ case, the literal snow and cold – Japanese authorities strengthened the regulations of crypto exchanges. JP Koning argues that because of this Mt. Gox-inspired regulation, “Japan was the safest place to be an FTX customer.”

SingleQuoteLightGreenSingleQuoteLightGreen

The identity of Satoshi Nakamoto is the juiciest unsolved mystery in the crypto space, but the question of who hacked Gox is arguably the runner-up

SingleQuoteLightGreenSingleQuoteLightGreen

The hacker’s success at Mt. Gox led to a hardening of security measures. Jed McCaleb’s original exchange, after all, was designed with orcs and goblins and magic missiles in mind – not billions of dollars in assets. Security was lax. Steve Walbroehl, a crypto security expert, teaches classes on Web3 security and his syllabus includes a section on Mt. Gox. The failings of Karpelès’ exchange, says Walbroehl, led to advancements in both “technical controls” (such as extra password security like two-factor authentication) and “administration controls,” such as KYC mandates and a certain amount of collateral that an exchange needs to hold in reserve.

As for the exact details of how the hack happened, while the U.S. Department of Justice later fingered a Russian crypto exchange runner named Alexander Vinnik for laundering Mt. Gox’s stolen bitcoin, the exact cause and culprit of the hack is “still a mystery,” says Walbroehl. (The prevailing view by many in the space is that while Karpelès was sloppy and perhaps even negligent with safeguarding the Mt. Gox data, he was not the mastermind and did not act with malice. Karpelès was found guilty in court for manipulating data, but not for embezzling or hacking funds.) So who’s the real villain here? The identity of Satoshi Nakamoto is the juiciest unsolved mystery in the crypto space, but the question of who hacked Mt. Gox is arguably the runner-up.

And there’s one more mystery of Mt. Gox that has long cast a shadow over the space. Weeks after Mt. Gox declared bankruptcy and all of the bitcoin had vanished, Karpelès made a startling discovery. He had found an old bitcoin wallet. That wallet contained 200,000 bitcoin, which he thought had been stolen. For perspective, this one tiny wallet contained nearly 1% of all the bitcoin that will ever exist. Think of the Goonies discovering One-Eyed Willie’s treasure, and now imagine not just a single pirate ship but instead an entire fleet.

Kelman, the young lawyer who had lost 44.5 bitcoin in the hack, had been obsessively following the Mt. Gox bankruptcy. And when Karpeles discovered that stash of 200,000 bitcoin, says Kelman, “everything changed.”

(CoinDesk)
(CoinDesk)

End of the rainbow

VIDEO: The Legacy of Mt. Gox: Why Bitcoin’s Greatest Hack Still Matters
Colin Boyd SEO

What happened next is convoluted and confusing and took nearly a decade to sort out. “The crazy thing about Mt. Gox is that it took place in Japan, but almost none of the creditors are in Japan,” says Kelman. “No one knew what was going on.” For perspective, when you look at the crypto legal intrigues of today – Celsius Network, Voyager Digital, FTX – you can easily access court documents in the United States. “That didn’t exist in Japan,” says Kelman, who was not formally involved in the legal case. “There’s one set of physical documents. It’s in a room. You have to go to that room in the Tokyo District Court and you have to speak Japanese and you have to be a creditor.”

Put yourselves in the shoes of the Mt. Gox creditors. They were livid and they wanted answers. A bitcoiner who goes by the alias “Django Bits,” at the time a Swiss photo editor, first bought bitcoin in 2011 when it cost around 30 cents. He had 20 bitcoins in Mt. Gox, worth around $20,000 at the time. He set up a Telegram group for fellow creditors to swap stories, commiserate and keep track of any developments in the Mt. Gox bankruptcy case.

Keeping track was hard to do. “We’re looking at these weird documents coming from Japan. And things kept dragging on,” says Django. With Karpelès booted from the exchange, a Japanese attorney named Nobuaki Kobayashi was appointed by the court as Mt. Gox’s trustee. He was charged with distributing any remaining assets to the creditors.

But what exactly were those assets worth? In 2014, before the hack, each bitcoin was worth around $1,000. Post-hack, the price crashed to below $500. At one point, the trustee’s plan was to liquidate the 200,000 bitcoin and then divvy up the cash to the creditors … with the price pegged to $483.

Kelman and the other creditors had a different idea. What if they could get back their bitcoin, as opposed to a cash payout? “It would be a message to the whole world that bitcoin was money,” says Kelman, who occasionally visited the Tokyo courtroom to view the documents and then leak them to the community. Kelman believed in bitcoin. He had attended weekly meetups in Tokyo’s Roppongi district where they had convinced a few bars to accept bitcoin for beers. To Kelman bitcoin was money. If the Gox payout to creditors was paid in bitcoin, that would help validate their underlying thesis.

Meanwhile, the Gox bankruptcy case – which was later changed to a “civil rehabilitation” case – dragged on and on. Complicating matters was a lawsuit from an early bitcoin exchange called CoinLab, where founder Peter Vessenes claims he had an early agreement to purchase Gox. And over the years, a who’s who of bitcoin notables drifted in and out of the Mt. Gox scene. Brock Pierce tried to launch “Gox Rising” as an alternate resolution path for creditors. Craig Wright claimed to own the wallet that contained over 79,000 of the stolen bitcoin.

And Karpelès himself has popped up from time to time, at one point even wading into Django’s creditor group Telegram to answer questions and face the music. (Django even credits Karpelès for warning the group that they were at risk of having their bitcoin – at the time worth well over $1,000 – of being liquidated at $488. The creditors wrote concerned letters to the trustee and averted that outcome.)

Even Django, who runs the creditors Telegram group, struggles to follow every twist and turn. He describes the current state of play, the “Civil Rehabilitation Plan,” as a 102-page document that’s written in Japanese. “There’s a 17-page English document but it says that the translation is for ‘reference purposes only,’” Django says with a laugh. “It always says that the Japanese version is the binding one.”

Happily, that 102-page Japanese document does appear to have one important takeaway: The creditors will soon get back their bitcoin, or at least a chunk of it. The creditors will receive roughly 21% of the bitcoin they lost at Mt. Gox, plus a matching amount of bitcoin cash (BCH), which was created during the “fork wars” of 2017.

In a normal settlement, a paltry 21% payout might feel profoundly disappointing – no one’s happy with a 79% loss. But nothing about bitcoin is normal. Even though the current crypto climate is often characterized as a “bear market” with “low” prices, today’s prices (about $30,000) are roughly 30 times higher than they were during the Gox hack ($1,000).

SingleQuoteLightGreenSingleQuoteLightGreen

The Mt. Gox creditors were some of the earliest believers in bitcoin. The exchange might be gone but they are still here, still HODLing, still believing.

SingleQuoteLightGreenSingleQuoteLightGreen

Greg had 14.7 bitcoin in Mt. Gox; he’ll get back roughly 2.2, as well as 2.2 bitcoin cash and some actual cash. At today’s prices that will give him roughly $60,000, which far exceeds the 2014 value of his 14.7 bitcoin (around $15,000). After this decade of frustration and angst he is now, suddenly, better off. His assets have quadrupled. He can use the windfall to help renovate a home he just purchased. “It’s also nice,” he says, “to have the mindset of, ‘f**k it, it’s done.’”

In theory, if Greg’s bitcoin had never been shackled at Mt. Gox and if he had perfectly timed the market, he could have sold all 14.7 bitcoin in November 2021 for $69,000 each, pocketing a cool $1 million. But that feels unlikely. What are the odds he would have held onto all 14.7 for many bumpy years and then sold at the top?

Greg, Kelman, Burges, Django and the other creditors were essentially locked into “forced HODling,” and many are now better off for it. “The forced HODL has made a lot of people money,” says Kelman, as they had no choice but to ignore the market gyrations and play the long game. For many of the creditors, says Kelman, “there’s gold at the end of the rainbow.”

As things stand now, each creditor has a choice: Receive an early lump sum that the Mt. Gox trustee will (theoretically) pay by October 2023, or wait until the CoinLab lawsuit is finalized and receive a potentially larger sum. The early payout is roughly 90% of what they could get if they wait for the CoinLab resolution, which could drag on for even more years. (A poll from the Telegram group, says Django, showed that 46% are opting for the early lump sum payment, 20% for the final, and 30% are undecided.)

Django politely pushes back on the “forced HODL” narrative, acknowledging that, yes, some creditors might be better off for it, but they did still lose 80% of their bitcoin. Fair.

If and when the creditors finally receive these long-lost bitcoin? Django ran another poll in the creditors’ Telegram group. Incredibly, Django says that only 14% would sell the bitcoin immediately, 25% would sell a portion of their total, and a jaw-dropping 50% said they would continue to HODL.

Depending on your perspective, this is either madness or inspiring. These creditors spent a decade in limbo. They thought their money was gone. Then they thought they’d only get crumbs. Now it turns out they might receive four times (in terms of comparable U.S. dollars) what they had in 2014. And thousands of them believe in bitcoin so much that they’re not cashing in a nickel.

The Mt. Gox creditors were some of the earliest believers in bitcoin. The exchange might be gone but they are still here, still HODLing, still believing.

Edited by Ben Schiller.

Sources


Article information

Author: Robert Yates

Last Updated: 1704379203

Views: 1690

Rating: 3.8 / 5 (44 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Robert Yates

Birthday: 2017-08-20

Address: 1105 Armstrong Port Suite 573, Williamsborough, NY 78208

Phone: +4220099700600900

Job: Robotics Engineer

Hobby: Embroidery, Kite Flying, Horseback Riding, Chess, Telescope Building, Cycling, Dancing

Introduction: My name is Robert Yates, I am a candid, treasured, expert, fearless, daring, Adventurous, bold person who loves writing and wants to share my knowledge and understanding with you.