The Mt Gox Bitcoin collapse - what really happened

I first learned of Bitcoin a few years ago, so it’s been interesting to observe how it has become more widely known in recent months. At first the coverage focused on the esoteric mathematics behind the algorithm, and the fortunes being made by the early adopters. But recently the news has become less positive.

Mt Gox was the first of the Bitcoin exchanges, where you could buy or sell bitcoins, effectively trading them for more normal, “fiat” currency, and for a long time it was the largest. I never had much to do with them initially, because I mined my own bitcoins. I stored these in my own electronic wallet. When I first began finding out about Bitcoin, it seemed obvious to me that keeping my bitcoins safe was an important consideration. In fact, while I was at an early stage of research, I came across a harrowing tale of a person who had lost his entire bitcoin wallet to a hacker. At that stage his bitcoins were worth more than a hundred thousand dollars. (They would be worth a lot more today.) So I spent some time researching and deciding on a secure strategy for keeping my coins.

After I had mined my bitcoins, and I needed some money, I did transfer them to Mt Gox so as to convert them into fiat currency. But only just before the trade. If someone had suggested to me that I leave substantial holdings of Bitcoin on Mt Gox’s servers, I would have thought them mad. I wanted to control my own coins, not leave them to the care of someone else.

But it now seems that many, many people were of the opposite opinion. Mt Gox apparently had some 600,000 bitcoins in its “cold wallet” - the offline storage facility that was supposed to keep customer deposits safe. At current prices that’s about $300 million. And it’s all gone.

It may be that when you come to bitcoin from the mining side, like I did, you either have a technical bent, or you get one. And when you have this technical understanding, you are more aware of the risks. But if your only experience of Bitcoin is buying coins on an exchange, you might not fully understand the technology and the ways in which it can be misused. And so you may see nothing wrong with leaving your bitcoins on Mt Gox’s servers after buying them. After all, wallet software is difficult to install and use safely. And when you log in to Mt Gox you can see your coins in your account. So why bother?

I used Mt Gox to sell my bitcoins on two occasions last year. The first transaction went off without a hitch, and I received the money in my account a few days later. But the second one didn’t go so well. The cash withdrawal was delayed. Mt Gox blamed their bank, and urged patience. After two months, however, I had had enough. I cancelled the withdrawal, bought bitcoins with the money, and transferred those out (which happened almost instantly).

It now seems obvious that Mt Gox was already facing problems at that stage. While they now blame something called “transactional malleability” for the loss, many in the Bitcoin community are skeptical of the story. It just doesn’t seem possible for 600,000 bitcoins to simply vanish, especially from “cold storage” which is not connected to the electronic servers of the trading system. In any event, transactional malleability has been known about for some time, and all the other exchanges have long since improved their software to protect against this. So it’s strange to blame an old problem now. Unless the problem has been going on for much longer than Mt Gox are implying.

Some theorise that the losses caused by transactional malleability were in actual fact much smaller, but that they did get Mt Gox to the point where it had to take some coins out of the “cold wallet” in order to meet customer withdrawal requests. And they found that they couldn’t.

All wallet mechanisms use a system of public and private encryption keys to protect the currency that they hold. This makes them very secure; but if you lose the key, they are impossible to open. Also, Mt Gox is known for using software that was custom written by its founder Mark Karpeles, so another possibility is that a failure of the software has rendered the wallet inaccessible. Karpeles does not exactly enjoy a stellar reputation among coders, with many disparaging comments made on his technical writing, so this is a distinct possibility.

If this theory is correct, then the bitcoins have not been stolen. Mt Gox knows exactly where they are and can even look at them on the blockchain, the complete record of transactions on Bitcoin that is stored in every coin mined; but they are inaccessible unless and until the encryption keys can be recovered or the failure of the software is rectified.

Under this scenario, then, Mt Gox and Karpeles have been engaged in an exercise to buy time and conserve their store of bitcoins while they try to solve the problem of the inaccessible wallet. By slowing down cash withdrawals they engineered a situation where it was easier to put bitcoins into the system than to get them out, a sort of bitcoin honeytrap. Those, like me, who transferred coins in and then sold them faced waiting for a long time to get the money, and many, like me, must have given up and bought bitcoins just to get them out of Mt Gox. This worked as a bitcoin-conservation strategy while prices were rising. For example, I sold five bitcoins at a price of about £90 per coin, netting me £450, which I then tried to withdraw. By the time I gave up and cancelled the withdrawal, that £450 bought me only one coin, as the price had shot up in the months that I sat waiting. So Mt Gox saved having to find four bitcoins when I eventually managed to fight free of their clutches.

Unfortunately for Mt Gox, the price rises couldn’t continue indefinitely. When they stopped, the missing bitcoins became a crisis. And with no solution to the cold wallet problem in sight, Karpeles may have made a last, desperate gamble. It’s possible he deliberately leaked a “crisis strategy document” that was meant to panic the other bitcoin exchanges and individuals owning large amounts of bitcoins into bailing out Mt Gox, making good the missing bitcoins to prevent a crisis of confidence in the crypto currency.

If this was the intention, it backfired spectacularly. All of the major players closed ranks against Mt Gox, distancing themselves from what they described as a poorly run (and even criminally negligent) operation that was not representative of the general state of the bitcoin industry.

I don’t think that the collapse of Mt Gox will deal a fatal blow to Bitcoin, but it does teach some valuable lessons: if you let someone else look after your property, you may lose it. And if anyone makes you wait an unreasonable amount of time to give you what belongs to you, assume the worst, cut your losses, and end the relationship as quickly as you can. By the time it had sunk in that Mt Gox was behaving in a suspicious manner, I had lost four-fifths of the value of what I had sold them. At least I got something though, which is likely more than those who had coins in their accounts at Mt Gox a few days ago will get.
blog comments powered by Disqus