The Bitcoin world went into a panic on February 24 at 6:23 pm EST. That's when prominent Bitcoin blogger Ryan Selkis made a post to his blog in which he described an unverified report that Mt. Gox - a popular Bitcoin exchange - may have lost nearly 745,000 BTC (the Bitcoin currency unit). This figure would be worth above $400 million at current prices. A few hours later he posted his source, a document entitled "Crisis Strategy Draft," on the digital library site Scribd. It outlines a desperate four-part plan to save Mt. Gox from insolvency. According to FOX Business, Mt. Gox CEO Mark Karpeles admitted to industry consultant Jon Fisher in an internet chat that the document was "more or less" accurate, though he denied it originated from Mt. Gox. Here is a screenshot of the supposed Mt. Gox "Strategy Timeline" from the document, which appears to be in the form of a PowerPoint deck:
(Image source: Coindesk)
Soon thereafter, Mt Gox's site went down completely, displaying nothing but a blank page, and reports of the Mt. Gox outage hit mainstream media outlets such as Coindesk (the top Bitcoin news site) and the New York Times. Also on the evening of February 24, industry leaders teamed up to release a defensive joint statement about Mt. Gox's "insolvency," assuring the public that Mt. Gox's incompetence was an exception and not the rule, and that the industry as a whole was far more trustworthy.
On the morning of the 25th, Mt. Gox's site displayed the following in plain text:
"Dear MtGox Customers,
In light of recent news reports and the potential repercussions on MtGox's operations and the market, a decision was taken to close all transactions for the time being in order to protect the site and our users. We will be closely monitoring the situation and will react accordingly.
The price of Bitcoin took a hit. On the morning of the 24th, the Winkdex, an index of Bitcoin's price calculated using a volume weighted average of the top three exchanges, stood around $600. The following night it hit a low of $437.35, but as of the time of this writing the price has rebounded to $558.
This morning, Mt. Gox added this message:
"February 26th 2014
Dear MtGox Customers,
As there is a lot of speculation regarding MtGox and its future, I would like to use this opportunity to reassure everyone that I am still in Japan, and working very hard with the support of different parties to find a solution to our recent issues.
Furthermore I would like to kindly ask that people refrain from asking questions to our staff: they have been instructed not to give any response or information. Please visit this page for further announcements and updates.
In order to fully understand this debacle, some background is necessary.
What is Bitcoin?
Bitcoin is a digital currency started in 2009. It follows the ideas set out in a white paper by the mysterious Satoshi Nakamoto, whose true identity has yet to be verified. Bitcoin offers the promise of lower transaction fees than traditional online payment mechanisms. It is operated by decentralized authority, unlike government issued currencies.
Bitcoin balances are kept using public and private "keys," just long strings of numbers and letters, that are linked through the mathematical encryption algorithm that was used to create them. The public key (comparable to a bank account number) serves as the address which is published to the world and to which others may send Bitcoin. The private key (comparable to an ATM PIN) is meant to be a guarded secret, and only used to authorize Bitcoin transmissions.
There are no physical Bitcoins, only balances associated with these public and private keys. These balances are kept on a public ledger, along with all Bitcoin transactions, that is verified by a massive amount of computing power. In order for someone to tamper with this public ledger, someone would need to control over half of the computing power dedicated to verifying the Bitcoin ledger and purposely use that power with ill intention.
The independent individuals and companies who own this computing power and participate in the network, also known as "miners," are motivated by mining rewards (the release of new Bitcoin) and transaction fees paid in Bitcoin. These miners can be thought of as the decentralized authority enforcing the credibility of the Bitcoin network. New Bitcoin is being released to the miners at a fixed, but periodically declining rate, such that the total supply of Bitcoin approaches 21 million. The amount released to date is 12.4 million Bitcoin. One Bitcoin is divisible to eight decimal places, and if necessary and if the participating miners accept the change, could in the future be made divisible to even more decimal places.
What Exactly is Mt. Gox?
Mt. Gox is a Bitcoin exchange based in Tokyo, Japan. One of Bitcoin's first exchanges, Mt. Gox went online July 18 of 2010, and until recently had been the largest exchange in terms of popularity and volume, offering fast transactions and low fees. When it was operating, users could register an account and exchange fiat currency for Bitcoin and vice versa. Orders could be placed through the website or through the Mt. Gox Application Programming Interface (API), which allows some actions on the site to be automated. Orders could be placed at the market price and would execute almost immediately, or could be placed at a specified price. Unfulfilled orders could also be canceled. From the U.S., before a citation by the Department of Homeland Security in May 2013, users could send USD to Mt. Gox through the online money-sending service Dwolla.
After the citation, the only way to get cash into Mt. Gox from the US was to do an international wire transfer. From the EU, users could do a Single Euro Payments Area (SEPA) bank transfer. For two-factor authentication, Mt. Gox permitted the use of YubiKeys - USB-mountable devices (as USB drives are), which provide a secondary step for authentication. When employing a Yubikey, users would have to both enter a password and mount their YubiKey on one of the computer's USB ports in order to be authenticated. Mt. Gox was responsible for holding its users' balances in both fiat and Bitcoin, though it is never recommended to use exchanges for storing Bitcoin (or fiat, for that matter). The general guideline is that only an amount you wish to use for trading should be left on an exchange.
What Supposedly Brought Down Mt. Gox?
Mt. Gox "paused" all Bitcoin withdrawals on February 7th, blaming a well-known "issue" with the Bitcoin protocol called "transaction malleability," whereby the id of a transaction may be tampered with before being approved by the Bitcoin network. And in the "Crisis Strategy Draft," it is claimed that almost 745,000 were missing due to malleability-related theft. Bitcoin transaction malleability is an aspect of the Bitcoin protocol that Mt. Gox was apparently not accounting for, which could have led them to mishandle transaction verifications. This apparent slip-up could have allowed people to steal Bitcoins from Mt. Gox by requesting a withdrawal, listening over the network for when Mt. Gox transmitted the transaction to the Bitcoin network, duplicating the transaction, changing the transaction id, and then propagating the modified version across the network ahead of the original one.
This avenue of attack would have caused the originally-requested amount to be sent, but with a different transaction id than that which Mt. Gox originally placed on the transaction. Then the thief could claim the Bitcoin withdrawal never got sent, even though s/he had received the balance. If not properly aware of transaction malleability, it is feasible and seems likely that at some point Mt. Gox had an automated system in place that checked only the transaction id before attempting to resend the funds. In order to be protected from such an attack, Mt. Gox would have also had to be checking whether the balance had been sent to the intended address.
Instead, it seems likely that Mt. Gox's automated system would recognize that the transaction with the id they had originally transmitted to the network did not make it into the public ledger. The system would then take this to mean the funds were not transferred out, and would resend the funds. Thus, over time, thieves would have been able to rob Mt Gox repeatedly, as is claimed by the "Crisis Strategy Draft." A basic, and yet unanswered question, is this: If the "Crisis Strategy Draft' is correct, how could Mt. Gox have been getting robbed for so long (the "Crisis Strategy Draft" claims this went on for years) and not have noticed the basic accounting mismatch between their user accounts and their stores of Bitcoins?
Mt. Gox's Beleagured History
Mt. Gox has long been plagued by problems. In June 2011, a significant security breach occurred wherein account usernames and encrypted passwords were compromised. And in May 2013, the U.S. Department of Homeland Security cited them for operating as an unregistered money transmitter in the U.S. These problems as well as issues with unfulfilled fund withdrawals from the exchange which have been mounting over the past several months, and a general lack of professional communication, have led many familiar with Bitcoin to decry Mt. Gox's incompetence. On his popular podcast Let's Talk Bitcoin, in the episode Mt. Gox and Malleability published on February 18th, Andreas Antonopoulos said the problem with Mt. Gox was its "clownish and incompetent management from the top that has persisted for three years." Anders Brownworth, Cambridge, Ma.-based "disruptive technology" guru, described Mt. Gox in an interview with Investopedia as "more of a mom and pop company" and says that the February 24 problems "were not entirely unexpected." Anders also said that "Overall, it's a very good thing when a weak player disappears."
What does the Mt. Gox Meltdown Mean for Bitcoin's Future?
Anders' comment illustrates that those in the Bitcoin community do not see the events with Mt. Gox as all gloom and doom. The Brookline, Ma.-based James D'Angelo, dubbed by some as a "Bitcoin evangelist," drew a comparison to the incident in October of last year when Silk Road, where Bitcoin was used to purchase illegal goods, was brought down by law enforcement. D'Angelo told Investopedia, "When Silk Road went down, the price dropped more than it did [on February 24]. With Silk Road, everyone thought that would be the end of Bitcoin because the Bitcoin economy seemed to be riding on Silk Road. But actually, it was a great weight lifted off of people's shoulders. That seems to be the case with Mt. Gox as well."
The Bottom Line
Mt. Gox is an exchange created in the early days of Bitcoin that is run by inexperienced management. Its likely insolvency and seemingly imminent demise is something that has been long expected by many in the community, and while it is quite a tarnish on the industry to have the once largest exchange go under, Mt. Gox's demise does not point to the failure of Bitcoin, and the rest of the industry is eager to move past the Mt. Gox debacle.
Disclosure: The author owns some Bitcoin.