Mt Gox bitcoin theft began in 2011, latest report claims

The theft of bitcoins from Mt Gox started as early as 2011, according to a new report probing further into the exchange’s collapse.

Mt Gox’s missing bitcoins were stolen long before the exchange collapsed in February 2014, according to a report from Tokyo-based security firm WizSec. In fact, they were siphoned off over a longer period of time, starting in 2011.

The exchange had been operating on a fractional reserve basis – unwittingly or not – for a good few years before its collapse.

The stolen bitcoins were sold off on various exchanges including MtGox itself, the report said, likely at a much lower price than the cryptocurrency’s 2013/14 highs given the bitcoin prices of the day.

WizSec has been conducting an unofficial investigation using data pieced together from leaks, banks and other sources.

According to the report, Mt Gox held only around 100,000 bitcoins from May 2013. This does not include the 200,000 ‘lost’ bitcoin placed in cold storage around this time. Unsurprisingly, the research shows a huge discrepancy between the bitcoins actually held by the exchange, and the 950,000 in supposed total holdings at the time of its collapse.

Report author Kim Nilsson did establish that the coins did leave Mt Gox, meaning they were did exist and were definitely deposited at some point, rather than records of their deposit being faked.

While it could be that they exchange’s cold storage was compromised, either physically by someone with on-site access, or somehow electronically through some security flaw in the key generation process, the report added, there are alternative explanations.

Nilsson understands that MtGox did not have continuous monitoring of its cold storage, which consisted of paper wallets generated ahead of time and stored away. These locked-up paper wallets would be automatically be filled one by one by the system over time, by depositing surplus bitcoins out from the hot wallet. Whenever the hot wallet ran low, staff would manually scan a paper wallet to refill the hot wallet with stored bitcoins.

Without any monitoring of the storage or comparing incoming and outgoing amounts, MtGox staff may have blindly kept pouring their cold storage into their leaking hot wallet, assuming that they were just dealing with frequent swings in deposits/withdrawals and that on average the cold storage was being refilled at roughly the same rate they were draining it.

“A reminder to all bitcoin businesses out there: Always. Monitor. Your. Bitcoins,” Nilsson wrote.

Related reading

Leave a comment