February 28th, 2024 marks the tenth anniversary of the Japanese exchange’s collapse: history and recent developments.
Initially conceived as a trading space for online collectible cards of the game Magic: The Gathering Online, the Mt. Gox platform was born in July 2010. The name is directly linked to its original purpose, consisting of the initials of Magic: The Gathering Online Exchange.
The founder of the platform is Jed McCaleb, an American programmer and entrepreneur who later became known for his contribution to the development of altcoin such as Ripple and Stellar.
A few months after the launch, the website’s business model was changed, and Mt. Gox became an online marketplace for trading bitcoin.
As early as March 2011, McCaleb decided to sell Mt. Gox to the French programmer and Bitcoin enthusiast, Mark Karpelès.
The rise and problems
At the time, Mt. Gox was already establishing itself in its reference market, effectively becoming one of the very first exchanges in the world. Thanks also to the increase in the price of bitcoin, growth was exponential: by early 2013, Mt. Gox became the largest exchange in the world by trading volumes, handling approximately 70% of bitcoin trading volumes.
The exchange’s problems would only become serious in 2014, but one of the most widespread suspicions is that Mt. Gox was actually subject to continuous hacker attacks as early as 2011.
The first breach dates back to June 2011, presumably due to a compromised computer belonging to an auditor. On that occasion, the hacker used the auditor’s credentials to access the exchange, artificially manipulate the price of bitcoin by quoting it at 1 cent each, and transfer about 2,000 bitcoin from customers’ accounts.
Due to this vulnerability, it was also estimated that some customers were able to purchase 650 bitcoin at the price of 1 cent each.
Following the hack, Mt. Gox implemented a series of security measures, including transferring a considerable amount of bitcoin to cold wallets. Despite the countermeasures, on February 7th, 2014, there was a sudden suspension of withdrawals, and the website became inaccessible.
On February 24th, the exchange permanently suspended bitcoin trading, and four days later, the company declared bankruptcy in Japan. Karpelès admitted to the loss of 844,408 bitcoin, of which 744,408 belonged to customers and 100,000 belonged to Mt. Gox itself.
To this day, the hack at Mt. Gox represents the largest failure ever to occur at an exchange in terms of lost bitcoin.
A few weeks after the collapse, in March 2014, Mt. Gox claimed to have recovered 200,000 bitcoin. Karpelès immediately became the subject of investigations. In 2015, he was arrested in Japan on charges including fraud and embezzlement. Karpelès did not plead guilty to the charges and remained in prison until July 2016 when he was released on bail.
The causes of the failure
After the company’s bankruptcy, some employees leaked internal operational procedures of the exchange. The descriptions provided painted a disastrous picture: disorganized teams, negligence in platform management, lack of expertise, poor security procedures, and a series of serious issues related to the website’s source code.
Investigations initiated in 2014 revealed that Mt. Gox’s wallet’s private key was not encrypted. According to the investigations, the key was stolen in 2011, following the breach of the wallet.dat file. It is unclear whether access to the file was obtained through a hack or by an insider.
Once the file was obtained, hackers had the opportunity to access the wallet and gradually transfer the bitcoin outside without the hack being detected by the exchange.
Mt. Gox attributed the losses to the vulnerability known as transaction malleability, stating that hackers exploited this bug to repeatedly withdraw bitcoin from the exchange. However, some argue that transaction malleability could not have allowed hackers to steal such a large amount of bitcoin without being noticed. On-chain analysis showed that, although the issue of transaction malleability was real, there was no widespread use of that type of attack at the time. From the analysis, it appears that only 386 bitcoin may have been stolen by exploiting the transaction malleability issue.
The compensation plan
Since the declaration of Mt. Gox’s bankruptcy, a long process has been underway aimed at partially reimbursing the customers affected by the failure.
In November 2021, Japanese courts and Mt. Gox creditors reached an agreement on the exchange’s rehabilitation plan. The plan establishes a registration and compensation process composed of various phases. Creditors approved for rehabilitation, equipped with a creditor code, were able to register on the Mt. Gox Online Rehabilitation Claiming System portal to request reimbursement.
According to the original compensation plan, Mt. Gox was supposed to reimburse its customers by September 30th, 2023. Later, the company rescheduled the reimbursement to October 31st, 2023.
In September 2023, Kobayashi announced a second deadline extension: now the bankruptcy trustee has until October 31st, 2024, to finalize the reimbursement process.
According to some official documents from 2019, the company’s bankruptcy trustee holds an amount of 141,686 bitcoin, as well as some bitcoin cash and Japanese yen.
The reimbursement consists of returning 17% of the funds each customer held on the exchange and is provided in both bitcoin and fiat currency, at the creditor’s discretion.
On December 26th, 2023, some customers confirmed receiving the reimbursement in yen via bank transfer or PayPal. Some even received the reimbursement twice due to an error by the exchange. Within the r/mtgoxinsolvency subreddit, a user reported the email that Mt. Gox sent to some users, admitting the error and requesting the return of the second payment.
Finally, it is worth noting that for several years now, as various repeatedly postponed reimbursement deadlines approach, the Bitcoin community has seen growing Mt. Gox FUD, or concern about a potential large sale of bitcoin by reimbursed customers and the consequent price crash that such a sale could bring about.
