10th anniversary of Mt. Gox collapse: Who is behind it? How did the theft occur?

Author: Mark Hunter, CoinDesk; Compiled by: Deng Tong, Golden Finance

When Japanese Bitcoin exchange Mt. Gox collapsed in February 2014, people had good reason to worry that it might Killing the nascent cryptocurrency more than five years before it was born. It would be easy to scoff at such a suggestion now, but considering that Bitcoin has yet to face such a catastrophe, many people feel the same way.

Between March 2011 and January 2014, more than 880,000 BTC were lost or stolen by Mt. Gox in various forms. Today, this loss is worth up to US$45 billion.However, on the 10th anniversary of Mt. Gox's collapse, there are still several important issues that need to be addressed.

Who is the culprit?

One of the key questions that remains unknown is whether we know all of the culprits. During Mt. Gox’s lifetime, more than 809,000 BTC were stolen in six hacks, and we only know two names associated with one hack: Alexey Bilyuchenko and Aleksandr Verner, who were accused in 2011 Member of the Russian hacking group that breached the exchange in October. Over the course of 26 months, the pair stole and laundered 647,000 Bitcoin from the exchange’s cold wallets.

Verner and Bilyuchenko have only been charged in the U.S. However, authorities have charged them with money laundering, not the hacking itself, which may indicate a lack of evidence for the charges against them.

Beyond these allegations, which were sealed in 2017 and made public last June, we don’t know who stole the remaining 162,000 BTC. 79,956 BTC are still tied to well-known addresses starting with “1Feex,” while the 77,500 BTC stolen in September 2011 has never been traced. The hack was so successful that it was not discovered until 2015. Gox CEO Mark Karpelès He left with more than half of the Bitcoins held on the exchange stolen. The wallet is located on a drive with an unencrypted network. Fortunately for Karpelès, the hacker got cold feet and negotiated a 1% bounty, resulting in the exchange only losing 3,000 BTC instead of 300,000 BTC.

In all of these cases, we didn't know who did it, and it's now almost certain we never will. Given the identical modus operandi, many suspected that the 1Feex hack was a dry run for damaging vulnerabilities from October 2011 to January 2014, but this has never been confirmed.

How did the theft occur?

Of the 881,865 BTC lost from Mt. Gox, we can only determine how 72,409 BTC were lost. Mt. Gox’s systems recorded 30,000 BTC as customer deposits, but the funds had actually been stolen by hackers. In October 2011, Mark Karpelès made a mistake that resulted in 2,609 emails being sent to a non-existent address. Two bots running on Mt. Gox, Markus and Willy, lost 22,800 BTC. Karpelès acquired Polish exchange Bitomat in July 2011 for 17,000 BTC.

As for the rest, the means of entry are usually either unknown or merely suspected. In the June 2011 hack, we know that hackers were able to access Mt.Gox servers through administrator-level accounts. This was initially attributed to auditor Auden McKernan, but it was later revealed that it was the account of founder Jed McCaleb, who sold Mt. Gox to Mark Karpelès, who inexplicably still had administrator access. It is thought that hackers obtained the details when the entire Mt.Gox user database was stolen along with 79,956 BTC in the 1Feex hack.

Given that U.S. authorities are confident that Verner and Bilyuchenko were members of the group that invaded Mt. Gox in October 2011, they must have some evidence to back up their claims, but unless a trial is held (There will almost certainly not be a trial, now that their names have been released.) Those details may never be revealed.

How safe are the Bitcoins stored in Mt. Gox?

Related to the question of how hackers gained access to Mt. Gox servers is how they were able to access funds allegedly stored securely in cold wallets. We know that before the June 2011 hack, Karpelès kept users' Bitcoins in a haphazard manner in various physical and software wallets, which exacerbated the impact of the hack and prolonged the cleanup time.

Karpelès claimed that the incident prompted him to adopt a more secure system: he split his Bitcoins into multiple paper wallets (he later said hundreds of pieces of paper were involved) and stored them across Tokyo of bank vaults and safe deposit boxes. Therefore, if the hot wallet is stolen again, like in the 1Feex hack, the cold wallet should not be affected.

This in itself seemed secure enough, but when it was revealed that the exchange's cold wallets had indeed been looted between October 2011 and January 2014, Many people started asking questions, including Arianna Simpson, then a Bitcoin blogger and future general partner at crypto investment firm Andreessen Horowitz: "If you do it right, cold storage wallets should not go through hot wallets. Access, leaked or not. That's the whole point of separating the two."

So how are cold wallets compromised? Karpelès has never confirmed his custom cold wallet-hot wallet setup, possibly to avoid lawsuits over mishandling funds, but he has dropped hints in interviews, painting an inconsistent and sometimes illogical scenario.

The only way to top up a hot wallet with your funds safe when using a paper wallet is to get a paper wallet and perform a multi-step manual transaction on an ultra-secure network. This must be done every time, which is of course completely impractical for any Bitcoin exchange, regardless of its size or trading volume. No Mt. Gox staffers reported seeing Mark Karpelès handling paper wallets, in fact, several high-profile staffers told The Ultimate Disaster: How Mt. Gox Lost $5 Billion and Nearly Killed Bitcoin Me, they have only heard hot topics mention wallets, never cold wallets.

So, is there a system that can automatically top up the hot wallet when the cold wallet is empty and vice versa? This seems to be the only feasible way for the exchange to operate, although it completely defeats the principles of the cold wallet system.

Did Karpelès know that the exchange was bankrupt?

This is a big issue that still divides people. Of course,Karpelès insists that he didn’t know the exchange had been drained until he checked the cold wallet in mid-February 2014, but that argument is flawed. Mt. Gox began experiencing issues with Bitcoin withdrawals as early as August 2013, which should be cause for alarm. However, Karpelès does not seem to believe that Mt. Gox is underfunded, despite the fact that the exchange has been hacked multiple times.

When the "transaction malleability" vulnerability emerged in early 2014, Karpelès was quick to blame the withdrawal problems on it, but as we all know, even small thefts require a large amount of Social engineering can make it happen. He also said he did not suspect any damage because there was a surveillance system in place. If such a system exists, it is poorly designed and indicates mismanagement on the part of the exchange.

Needless to say, many people did not believe that Karpelès only discovered the damage in February 2014. Others further stated that Karpelès was not only aware of the missing Bitcoins but also used Willy and Markus to recoup the losses. If this was Karpelès’ intention, it backfired: the pair lost 22,800 BTC and $51.6 million before the exchange crashed.

The simple answer is that we can only speculate on how Bitcoin on Mt. Gox is protected, and unless Mark Karpelès deigns to tell us, that will remain the case.