Mt Gox Files for Bankruptcy Protection in Japan

Despite its once pre-eminent position, Mt Gox has been in decline with a series of problems for about a year
Despite its once pre-eminent position, Mt Gox has been in decline with a series of problems for about a year

On Friday the Mt Gox website was replaced by a notice from Mark Karpeles, formerly CEO of the company. "MtGox Co., Ltd. Made today an application for commencement of a procedure of civil rehabilitation (minji saisei) at the Tokyo District Court. This application was accepted on the same day." It was formal confirmation of what many bitcoiners had come to suspect – Mt Gox was broke.

A few weeks ago several bitcoin exchanges were hit with a form of DDoS and had to temporarily shut down. The attack used a problem with the Bitcoin protocol known as 'transaction malleability.' Stefan Tanase, a lab expert with Kaspersky, described the issue in a blog posted on Friday: "Under specific circumstances it can enable an attacker to issue different signatures (or TX IDs) for the same transaction, essentially making it appear as the transaction didn’t happen. This can allow a malicious customer of an exchange to request multiple Bitcoin withdrawals of the same coins by claiming the transactions never went through."

The effect was to flood the attacked exchanges with false transactions, and cause them to cease trading while they tried to sort the genuine from the false. Other exchanges succeeded, and soon reopened for business. Mt Gox never reopened.

But despite its once pre-eminent position, Mt Gox has been in decline with a series of problems for about a year. In May 2013 it was processing more than 66,000 transactions per day. This had dropped to 14,000 by September, and to 9000 by January 2014. Reuters quotes Mike Hearn, a Bitcoin developer based in Switzerland: "It was obvious there was something really bad going on there for nearly a year. They were processing withdrawals very slowly and generally being very opaque about what was going on."

Now Mt Gox claims that 750,000 bitcoins have been stolen by hackers, lending weight to the 'Crisis Strategy' document that began circulating last week. That document said, "At this point 744,408 BTC are missing due to malleability-related theft which went unnoticed for several years. The cold storage has been wiped out due to a leak in the hot wallet."

But if this is true, it will lead to further questions. 'Hot wallets' are online; 'cold wallets' are offline. "Yes, it is easy to steal bitcoins," wrote Brian Hanley in International Policy Digest, Saturday. "In fact, it is trivially easy to do it – if you have access to the drive the bitcoins are stored on. A bitcoin is just an encryption key that is stored on a computer. Now, let’s ask ourselves, who had access to offline data storage that bitcoins were stored on?"

There will be questions asked: was this an insider hack? But Hanley goes further. He notes that the price of Bitcoins within Mt Gox had fallen (because of its problems) much further than the price outside of Mt Gox. "And that opened up an awfully tempting opportunity for the guys running Mt. Gox to buy up bitcoins on Mt. Gox, transfer them to Coinbase or Kraken, or wherever, and sell them all at a 150% or more of their costs basis. They would have the ability to do that. But none of their clients did. Did the operators of Mt. Gox play arbitrage against their clients for a few weeks in February?"

What’s Hot on Infosecurity Magazine?