What is Mt. Gox? How 850.000 bitcoins got stolen

In 2014 the Bitcoin price dropped with almost 36% in just two months. What happened in such a short time for the price to drop so significantly? Today we are going to take a history lesson and explain what happened during the infamous Mt Gox hack. The event where approximately 7% of all existing bitcoins were stolen.

The online magic exchange

Mt.Gox (short for Magic The Gathering Online eXchange) was a Tokyo based bitcoin exchange. Launched in 2010, it took the exchange three years to become the world’s largest bitcoin exchange, handling nearly 70% of all bitcoin transactions at one point. But it didn’t start that way. As the name might suggest, Mt Gox was created for a popular collectable card game named Magic the Gathering. Programmer Jed McCaleb, a huge Magic the Gathering Online enthusiast, had a vision of an online exchange where these cards could be traded like stocks. He purchased the domain in 2007 and released his beta at the end of the year. This didn’t pan out like he thought it would and he abandoned the project after three months. In 2010, McCaleb read about Bitcoin on social media. Enthralled by the concept, Jed created an exchange where bitcoin could be traded against regular currencies. Using the domain he already had laying around, Mt.Gox was reanimated, harvesting attention in rapid succession. Such rapid succession, that McCaleb sold it to a French developer called Mark Karpeles, keeping 12% of the shares.

Halfway 2013, Mt.Gox had become the largest Bitcoin intermediary in the world, handling over 70% of all worldwide bitcoin transactions.

A hectic timeline

But this isn’t a blog where we praise MtGox for its immaculate business decisions. This is a history lesson where we describe what went wrong. And an awful lot went wrong. So much, that we will describe the events with a historic timeline.

1. February 7 2014: All bitcoin transactions were halted. MtGox mentioned that the halt was initiated "to obtain a clear technical view of the currency processes.”
2. February 10 2014: The company published a press release saying that there was a transaction malleability, making it possible for someone to alter transaction details. The alteration made it seem that certain transactions never occurred, when in fact, they did. People were starting to panic.
3. February 15 2014: A poll created by CoinDesk indicated that 68% of MtGox users were still waiting for their funds. Two days later, the company published another press release saying that people shouldn’t worry and that they were still working on the issue.
4. February 23 2014: CEO Mark Karpeles resigns his duties on the Bitcoin Foundation. All his social media accounts are removed. People were getting pretty angry.
5. February 24 2014: The website went offline and redirected to a blank page. An internal crisis communication document leaked, indicating that 744,408 bitcoins had been stolen. Six partnering exchanges abandon ship and distance themselves from MtGox.
6. March 30 2014: During these events, the price of bitcoin dropped by 36%.

On the 28th of February, the charade finally ended and MtGox filed a bankruptcy protection form at the Tokyo courthouse. MtGox was searching for a buyer and unveiled that they had a debt of 65 million dollars. In reality, the company lost 750.000 bitcoins of its customers and around 100.000 of their own. That’s right, 7% off all bitcoins were stolen over the years due to MtGox’s security issues. A $460 million catastrophe. An infamous event that will forever be remembered in the history of BTC. Between 2014 and 2019, numerous lawsuits and investigations have commenced, resulting in the arrest of Karpeles on March 14 2019. The court found him guilty of falsifying data, embezzlement and the aggravated breach of trust.

Moved my BTC to MtGox to sell for fiat because there was a price premium there... in early 2014. 😅

— antiprosynthesis.eth ⟠ (@antiprosynth) February 11, 2020

So what happened?

The MtGox incident was not something that happened overnight. Due to bad source code, hackers were able to alter it in a very early stage. Simply put, they transferred bitcoins to a certain address and altered the data to make it seem that no transaction ever occurred. Skimming bitcoins of the top year after year. The disaster was bound to happen as MtGox didn’t use any version control software. A system that is responsible for changes to computer programs, that is installed on top of the entire infrastructure. Without this software, the bad code had seeped into the system without ever being noticed. It took years for the exchange to introduce a software test environment, meaning that untested changes were implemented before that. On top of that, Mark Karpeles was the only person who could approve new changes to the source code. This all resulted in a horrible source code mess where hackers were able to steal 850.000 bitcoins from 2011 till 2014. A pivotal moment in Bitcoin history.