WEBVTT

00:00:00.000 --> 00:00:04.800
REPORTER: The CEO of Mt. Gox has released a statement for the first time since the Bitcoin

00:00:04.800 --> 00:00:10.620
exchange was shut down. This, amid speculation that the CEO was in hiding following reports that

00:00:10.620 --> 00:00:18.660
an estimated 744,000 Bitcoins, worth about 350 million dollars, was stolen. Japanese authorities

00:00:18.660 --> 00:00:27.140
are currently said to be investigating the matter. JACK (INTRO): [INTRO MUSIC ] This is Darknet

00:00:27.140 --> 00:00:35.270
Diaries, true stories from the dark side of the internet. I’m Jack Rhysider. [INTRO MUSIC ENDS]

00:00:35.270 --> 00:00:41.680
JACK: What if there was a money system that wasn’t tied to any specific country? What if

00:00:41.680 --> 00:00:46.150
that money system was both anonymous where you can’t tell who owns the money, and transparent,

00:00:46.150 --> 00:00:50.590
where anyone can see every transaction? What if that money system was completely digital

00:00:50.590 --> 00:00:55.210
where there wasn’t a need to print bill or coins? There is such a money system;

00:00:55.210 --> 00:01:03.280
it’s called Bitcoin. Bitcoin is a decentralized electronic currency. Instead of there being a big

00:01:03.280 --> 00:01:07.660
data center that handles all the transactions, in Bitcoin world the transactions are done by

00:01:07.660 --> 00:01:13.150
crowdsourcing. Anyone can join in on processing Bitcoin transactions. But why should they?

00:01:13.150 --> 00:01:16.930
When people use their computers to help process Bitcoin transactions,

00:01:16.930 --> 00:01:21.580
they get a small amount of Bitcoin in exchange. There are a couple of other neat features of

00:01:21.580 --> 00:01:26.740
Bitcoin. It’s not tied to any particular country, it’s anonymous, and all transactions and Bitcoin

00:01:26.740 --> 00:01:31.360
are public information. When someone gives Bitcoin to another person, anyone can see

00:01:31.360 --> 00:01:36.730
that that money was moved. You might find all this confusing but just know this; Bitcoin

00:01:36.730 --> 00:01:41.350
is digital money and you can buy it in almost the same way you can buy any foreign currency;

00:01:41.350 --> 00:01:46.510
through an exchange. You give the Bitcoin exchange your dollars and they send you the digital money.

00:01:46.510 --> 00:01:50.800
You can keep your digital money in the exchange itself or move it to your own Bitcoin wallet

00:01:50.800 --> 00:01:55.210
which can be stored on your computer, or phone, or somewhere else. Bitcoin has been around for

00:01:55.210 --> 00:02:00.670
less than ten years. It first started in 2008 but for the first few years there were no exchanges.

00:02:00.670 --> 00:02:06.190
In 2010 a web programmer named Jed McCaleb took an interest in Bitcoin and he had an old domain

00:02:06.190 --> 00:02:12.370
lying around called mtgox.com which initially stood for Magic the Gathering Online Exchange

00:02:12.370 --> 00:02:17.650
but that project only lasted a few months before he abandoned it so he reused that domain and used

00:02:17.650 --> 00:02:23.260
it to start the first Bitcoin exchange called Mt. Gox in July 2010. Being first to market of

00:02:23.260 --> 00:02:27.610
an emerging technology usually means you’re going to be the leader of the market. That

00:02:27.610 --> 00:02:32.110
was certainly the case for Mt. Gox. For the entire life of Mt. Gox, it was the dominant

00:02:32.110 --> 00:02:37.210
Bitcoin exchange for the world. Even when there were multiple other exchanges, Mt. Gox was still

00:02:37.210 --> 00:02:42.370
processing 70 percent of all Bitcoin. They were processing over 100,000 Bitcoins a day,

00:02:42.370 --> 00:02:48.380
which would well exceed 15 million US dollars. You could go to the Mt. Gox website and buy Bitcoin

00:02:48.380 --> 00:02:53.090
with US dollars, Japanese yen, British pounds, Russian rubles, and several other currencies.

00:02:53.090 --> 00:02:58.220
You could also do the opposite; trade your Bitcoin for any of those currencies and they’ll deposit it

00:02:58.220 --> 00:03:03.200
into your bank account. Mt. Gox was the go-to place if you wanted to buy or sell Bitcoin.

00:03:03.200 --> 00:03:10.430
But all that came to a screeching halt in 2014. Suddenly, without warning, Mt. Gox went offline

00:03:10.430 --> 00:03:18.290
and shut down. Mt. Gox contained 750,000 Bitcoins when they shut down. That’s seven percent of the

00:03:18.290 --> 00:03:24.530
Bitcoins in the world, which was worth over 450 million US dollars. A statement from Mt.

00:03:24.530 --> 00:03:30.440
Gox initially said the Bitcoins were stolen. So what happened? A series of unfortunate

00:03:30.440 --> 00:03:37.490
events. [MUSIC] The technology behind Bitcoin is fairly complicated. Investigators, police,

00:03:37.490 --> 00:03:41.390
government agencies, they just don’t have the resources to really investigate and figure out

00:03:41.390 --> 00:03:45.959
what happened to the Bitcoins at Mt. Gox. In fact, a lot of it is over my head, too.

00:03:45.959 --> 00:03:46.147
KIM: Hello?

00:03:46.147 --> 00:03:48.072
JACK: So I called someone up.

00:03:48.072 --> 00:03:48.104
KIM: Hi Jack, how are you doing?

00:03:48.104 --> 00:03:50.360
JACK: Who knows a thing or two about Bitcoin.

00:03:50.360 --> 00:03:55.490
KIM: My name is Kim Nilsson. I’m actually just a general software consultant. I work

00:03:55.490 --> 00:04:01.010
with software development mostly, but I also do blockchain analysis or as I

00:04:01.010 --> 00:04:05.240
sometimes call it blockchain archaeology since I mostly look into historical stuff.

00:04:05.240 --> 00:04:09.260
JACK: The blockchain is the public record that stores all Bitcoin transactions. There are over

00:04:09.260 --> 00:04:14.120
[00:05:00] 300,000 transactions a day and each one of these is stored in a way that anyone can view

00:04:14.120 --> 00:04:19.400
them all. Bitcoins are stored in virtual wallets. We can see how much Bitcoin moves around from one

00:04:19.400 --> 00:04:24.440
wallet to another but we can’t determine who that wallet belongs to. That part is anonymous.

00:04:24.440 --> 00:04:30.980
KIM: I was pretty much a Mt. Gox customer, yes. I was just using them for trading and whatnot.

00:04:30.980 --> 00:04:34.010
I wasn’t really actively observing them while they were up or anything,

00:04:34.010 --> 00:04:42.440
so I was kind of taken off-guard when Mt. Gox just went down. I didn’t lose

00:04:42.440 --> 00:04:48.050
an insane amount of money but I didn’t take it particularly well. I felt like someone

00:04:48.050 --> 00:04:55.070
needs to investigate this and I wasn’t really prepared to trust that normal law enforcement,

00:04:55.070 --> 00:05:02.700
the normal usual actors would investigate it properly considering a) what a cutting edge

00:05:02.700 --> 00:05:08.430
technical field it is and b) would they even get the necessary data and whatnot?

00:05:08.430 --> 00:05:15.900
I kept watching the situation going forward from there with great interest. There started

00:05:15.900 --> 00:05:21.030
to be leaks coming out with some of the internal Mt. Gox data. Suddenly well,

00:05:21.030 --> 00:05:27.420
actually maybe someone else can investigate this from the outside. That’s sort of where this all

00:05:27.420 --> 00:05:31.890
got started. I joined forces a little bit with some other guys and cooperated when necessary

00:05:31.890 --> 00:05:38.190
and we tried to get a hold of as much data as we could to try to figure it out. After that

00:05:38.190 --> 00:05:43.530
it’s basically just been me plowing through that and doing technical analysis on it ever since.

00:05:43.530 --> 00:05:47.760
JACK: For the last three years Kim has been studying the blockchain and trying

00:05:47.760 --> 00:05:52.890
to personally piece together what happened to Mt. Gox. He’s trying to count how much money went in,

00:05:52.890 --> 00:05:58.590
how much money went out, and reconcile these numbers. This is no easy task. The

00:05:58.590 --> 00:06:03.300
data containing all these transactions is almost 40 gigabytes and there were hundreds

00:06:03.300 --> 00:06:07.830
of millions of records. He was trying to go through all of them to try to make sense of

00:06:07.830 --> 00:06:13.620
what happened to Mt. Gox. He spent a long time crunching this data and found brilliant ways

00:06:13.620 --> 00:06:18.930
of searching it faster. He would also ask the CEO of Mt. Gox directly for additional

00:06:18.930 --> 00:06:24.120
information. The CEO would sometimes comply. It also helped that they both lived in Japan.

00:06:24.120 --> 00:06:27.810
KIM: As you say, one of the things that makes it quite hard to get an overview

00:06:27.810 --> 00:06:32.910
of what actually happened in Mt. Gox is that there really wasn’t any one thing,

00:06:32.910 --> 00:06:35.820
it was a lot of different things. Some of them are connected,

00:06:35.820 --> 00:06:42.240
some of them aren’t. It’s hard to get a single satisfying answer to what actually happened.

00:06:42.240 --> 00:06:48.550
JACK: Let’s start from the beginning and try to find where Mt. Gox went wrong.

00:06:48.550 --> 00:06:52.720
KIM: [MUSIC] Mt. Gox was founded, or reworked, as a Bitcoin exchange in 2010.

00:06:52.720 --> 00:06:55.660
JACK: Which was likely ran by a single person at the time,

00:06:55.660 --> 00:07:00.130
Jed McCaleb. He was a web developer and personally created the site from scratch.

00:07:00.130 --> 00:07:05.170
KIM: In January of 2011 there was two exploits

00:07:05.170 --> 00:07:09.745
related to Mt. Gox integration of Liberty Reserve withdrawals.

00:07:09.745 --> 00:07:13.270
JACK: Liberty Reserve was a company Mt. Gox used to transfer money from

00:07:13.270 --> 00:07:17.140
one person to another. It was a service tied to their back end which allowed money to be

00:07:17.140 --> 00:07:20.920
moved around but Jed made some mistakes when adding the service to his site.

00:07:20.920 --> 00:07:27.640
KIM: A user would just be able to inject XML to override parameters in the API request

00:07:27.640 --> 00:07:33.325
sent to Liberty Reserve to get more money than they actually withdrew from Mt. Gox.

00:07:33.325 --> 00:07:36.730
JACK: So hackers were withdrawing more than they should be allowed to withdraw

00:07:36.730 --> 00:07:40.900
by exploiting this poorly implemented code. But that wasn’t the only issue

00:07:40.900 --> 00:07:45.580
Jed had with Liberty Reserve. Users type in how much money they want to withdraw, but…

00:07:45.580 --> 00:07:48.145
KIM: The code forgot to check for negative inputs.

00:07:48.145 --> 00:07:53.260
JACK: This had screwy results, allowing users to withdraw money they didn’t have. Jed found

00:07:53.260 --> 00:08:00.550
these bugs and fixed them but it wasn’t until he had already lost $50,000. Around that time,

00:08:00.550 --> 00:08:06.040
Jed McCaleb and Mark Karpelès started talking. Jed was realizing the site required more time

00:08:06.040 --> 00:08:10.960
than he could put into it. Then Mark showed an interest in taking over Mt. Gox from Jed. Mark

00:08:10.960 --> 00:08:16.030
was a web programmer from France but had recently moved to Tokyo, Japan where Mt. Gox was located.

00:08:16.030 --> 00:08:25.600
KIM: Jed basically almost gave it away to Mark Karpelès in that very favorable price and sold it

00:08:25.600 --> 00:08:31.900
for almost no upfront money and just getting a cut of the revenue for the next six months, I think.

00:08:31.900 --> 00:08:38.390
JACK: But just before the transfer of ownership to Mark, something terrible happened to Mt. Gox.

00:08:38.390 --> 00:08:44.060
Someone had broken into the Mt. Gox servers and stole the hot wallet file. The hot wallet

00:08:44.060 --> 00:08:48.440
is a Bitcoin wallet Mt. Gox used to conduct daily operational trades. This

00:08:48.440 --> 00:08:51.950
differs from a cold wallet, which was not stored on the Mt. Gox servers but

00:08:51.950 --> 00:08:56.060
in another location in a much safer place. The thief took the hot wallet

00:08:56.060 --> 00:08:59.060
and then transferred all the Bitcoins that were in it to their own wallet.

00:08:59.060 --> 00:09:05.000
KIM: That was about 80,000 Bitcoins that disappeared and are actually

00:09:05.000 --> 00:09:09.320
still sitting untouched on the blockchain to this day. It’s quite possible they’ve

00:09:09.320 --> 00:09:16.850
been [00:10:00] accidentally destroyed or something. Since these 80,000 Bitcoins have

00:09:16.850 --> 00:09:21.860
been stolen there was of course, at this point, already a shortage. Mt. Gox was technically

00:09:21.860 --> 00:09:27.560
already insolvent as soon as Mark Karpelès took it over. I don’t think Mt. Gox was ever,

00:09:27.560 --> 00:09:32.900
in fact, solvent for a single moment for as long as it existed under Mark Karpelès.

00:09:32.900 --> 00:09:36.200
JACK: That is, if all the Mt. Gox users were to try to take

00:09:36.200 --> 00:09:39.950
all their Bitcoins out of the exchange, there wouldn’t be enough for everyone.

00:09:39.950 --> 00:09:45.050
KIM: Already by the time Mt. Gox was sold a few months later, there was a lot

00:09:45.050 --> 00:09:49.280
of money missing. So off to a bit of a bad start under his management, you could say.

00:09:49.280 --> 00:09:53.480
JACK: Mark Karpelès is now running Mt. Gox from Tokyo, Japan. All ownership is

00:09:53.480 --> 00:09:57.290
now transferred to him and a few months go by under his management. Mark was in

00:09:57.290 --> 00:10:01.340
the process of figuring out where the Mt. Gox Bitcoins should be kept. He had some

00:10:01.340 --> 00:10:05.840
in the Mt. Gox servers in the form of a hot wallet and he had some in a secure off-line

00:10:05.840 --> 00:10:09.890
location which is a cold wallet, but he also had some on his personal computer.

00:10:09.890 --> 00:10:18.080
KIM: During this time it appears that someone was able to get into Mark’s own computer which at this

00:10:18.080 --> 00:10:23.150
particular point in time appears to have been quite unsecured. It looks like they got it off

00:10:23.150 --> 00:10:29.660
of his personal machine from home. At the time he was unfortunately keeping 300,000 Bitcoins

00:10:29.660 --> 00:10:35.930
from Mt. Gox on his own unsecured machine, and a thief was just poking around, got lucky,

00:10:35.930 --> 00:10:45.800
and found it and ran away with it. This is a huge number of Bitcoins lost obviously,

00:10:45.800 --> 00:10:52.310
but it never got any mainstream attention because actually the thief, as it turned out, got nervous

00:10:52.310 --> 00:10:57.980
it seemed and offered to give all the Bitcoins back in exchange for a small keeper’s fee.

00:10:57.980 --> 00:11:03.890
JACK: The thief kept 3,000 Bitcoins and gave the remaining 297,000 back to Mark.

00:11:03.890 --> 00:11:08.960
KIM: Probably, if I were to venture a guess, they offered to give the coins back because

00:11:08.960 --> 00:11:14.570
they hadn’t been particularly careful. I don’t think it was some master hacker. It

00:11:14.570 --> 00:11:21.110
was probably just someone poking around, like I said. If I had been in their shoes

00:11:21.110 --> 00:11:25.580
I probably would have been astonished that it even worked in the first place. Presumably the

00:11:25.580 --> 00:11:30.170
deal at the time was that they gave the coins back in exchange for not being investigated.

00:11:30.170 --> 00:11:38.840
JACK: Another month goes by. It’s now June 2011. Mark had

00:11:38.840 --> 00:11:40.670
only been running Mt. Gox for about three months.

00:11:40.670 --> 00:11:49.040
KIM: At some point someone again got into Mt. Gox’s system. They were probably able to take

00:11:49.040 --> 00:11:57.530
a small database dump of the user’s table that contained accounts and their password hashes

00:11:57.530 --> 00:12:05.930
and everything. Whoever stole this small database dump were able to also brute-force a fair amount

00:12:05.930 --> 00:12:12.650
of the passwords including the password to Jed’s own admin account. Part of having an

00:12:12.650 --> 00:12:16.610
admin account at Mt. Gox meant you had access to a small, separate page where you can view

00:12:16.610 --> 00:12:22.610
admin tasks like manipulate account balances and things like that. Whoever got into this

00:12:22.610 --> 00:12:31.070
made good use of this little feature and started adding crazy amounts of Bitcoins to new accounts.

00:12:31.070 --> 00:12:35.780
JACK: The hacker was creating Bitcoin out of thin air and selling them as fast as they could.

00:12:35.780 --> 00:12:40.640
Bitcoin was worth around 17 dollars at the time. This hacker sold so many Bitcoins it

00:12:40.640 --> 00:12:45.170
drove the price all the way down to one cent each. Some people bought thousands of Bitcoins

00:12:45.170 --> 00:12:52.520
at that price. The market had gone haywire and hit rock bottom. Then the thief bought back

00:12:52.520 --> 00:12:57.140
the cheap Bitcoin and tried to move the Bitcoin to another address, but Mark Karpelès saw this

00:12:57.140 --> 00:13:02.300
crash happening and shut the servers down. He knew something was very wrong and investigated.

00:13:02.300 --> 00:13:07.580
He even had help from others to investigate the situation. Mt. Gox remained offline for

00:13:07.580 --> 00:13:12.770
days. They eventually found how the hacker got in and crashed the market, so Mark rolled back

00:13:12.770 --> 00:13:18.110
the system to undo all trades during the time of the crash. Mt. Gox came back online with the

00:13:18.110 --> 00:13:23.120
price restored back to 17 dollars per Bitcoin but the hacker wasn’t completely empty-handed.

00:13:23.120 --> 00:13:28.490
KIM: They were also able to get some actual Bitcoins out by inflating balances, trading

00:13:28.490 --> 00:13:32.180
them for a bit, and just trying to withdraw. They got about two thousand Bitcoins out that way.

00:13:32.180 --> 00:13:35.900
JACK: It’s two thousand Bitcoins that Mt. Gox had to absorb since they were

00:13:35.900 --> 00:13:40.820
actually transferred out of Mt. Gox. A couple more months go by and Mark

00:13:40.820 --> 00:13:43.880
is looking to expand Mt. Gox to be able to do business in Europe.

00:13:43.880 --> 00:13:50.720
KIM: In late summer 2011 there was this other exchange in Poland called Bitomat

00:13:50.720 --> 00:13:57.110
that accidentally destroyed their own Bitcoin holdings. I think they had their wallet in

00:13:57.110 --> 00:14:02.870
a virtual machine that accidentally wiped it or something like that. That destroyed

00:14:02.870 --> 00:14:11.840
17,000 Bitcoins. At this point Mt. Gox was sort of looking to [00:15:00]expand and have

00:14:11.840 --> 00:14:19.250
local licenses and whatnot to operate in local markets. They were trying to get a

00:14:19.250 --> 00:14:27.890
foothold in Europe. Mark looked at this as a chance to get into Europe by acquiring

00:14:27.890 --> 00:14:32.810
Bitomat and whatever company registrations they had in exchange for covering this debt,

00:14:32.810 --> 00:14:40.670
basically. Mt. Gox absorbed all of Bitomat including the 17,000 Bitcoin in customer holdings.

00:14:40.670 --> 00:14:45.440
JACK: At this point Mark had only been running Mt. Gox for about five months and is already missing

00:14:45.440 --> 00:14:52.390
$50,000 in cash and a massive 100,000 Bitcoin. While Mark’s skillset was mostly in programming,

00:14:52.390 --> 00:14:55.360
he believed Mt. Gox could be turned around and become a very profitable

00:14:55.360 --> 00:15:01.120
company. He had every intention on making it a success. He was just in a little over

00:15:01.120 --> 00:15:05.080
his head. Not another month goes by and there is another breach.

00:15:05.080 --> 00:15:12.370
KIM: Yep, another incident where someone seems to have gotten into the system. They have access

00:15:12.370 --> 00:15:18.340
to the database. Recall that the June hack, as well, involved getting information out of

00:15:18.340 --> 00:15:22.960
the database. This time around though, there definitely seems to be that the attacker has

00:15:22.960 --> 00:15:29.230
right access to the database as well, that they can make changes directly to it and they make –

00:15:29.230 --> 00:15:34.300
they alter account balances, they’re able to wipe accounts. They tried to wipe their

00:15:34.300 --> 00:15:40.600
tracks as well in this way. Because of that, this incident is a bit harder to track because

00:15:40.600 --> 00:15:48.880
all of the evidence seems to have been wiped. I’ve reconstructed some of it by basically

00:15:48.880 --> 00:15:55.150
sketching out the gaps where there should have been logs but there aren’t any, or there are

00:15:55.150 --> 00:16:01.060
orphan records in the database that suggest that something has been deleted and whatnot. Probably

00:16:01.060 --> 00:16:07.870
by the best estimates, something a bit short of 80,000 Bitcoins was taken out of Mt. Gox.

00:16:07.870 --> 00:16:14.710
JACK: Mark did not detect this breach until after the Bitcoins were already transferred out of Mt.

00:16:14.710 --> 00:16:21.250
Gox, so he wasn’t able to stop this theft from happening. Now Gox is now missing almost 200,000

00:16:21.250 --> 00:16:27.207
Bitcoins. The very next month another breach occurs and this one, the biggest one of all.

00:16:27.207 --> 00:16:36.760
KIM: [MUSIC] The hot wallet, wallet.dat got stolen by someone with access to the system.

00:16:36.760 --> 00:16:41.410
JACK: Once again, the hacker broke into the Mt. Gox server and stole the Bitcoin wallet from Mt.

00:16:41.410 --> 00:16:46.690
Gox. The thief quickly moved the Bitcoin into their own wallet but because they had control

00:16:46.690 --> 00:16:52.180
of the main hot wallet from Mt. Gox, any new deposits into that wallet, the thief would also

00:16:52.180 --> 00:16:57.970
be able to take those funds, too. For the longest time Mt. Gox didn’t detect any of this activity.

00:16:57.970 --> 00:17:13.800
KIM: This theft went on until at least a good chunk into 2013. That’s almost a full two years.

00:17:13.800 --> 00:17:16.980
JACK: By the time it was finally detected and stopped,

00:17:16.980 --> 00:17:21.900
the thief had been able to siphon 650,000 Bitcoins from Mt. Gox.

00:17:21.900 --> 00:17:27.450
KIM: This is the big theft that most people will be thinking of

00:17:27.450 --> 00:17:29.610
when they talk about the Mt. Gox missing Bitcoins.

00:17:29.610 --> 00:17:33.900
JACK: You might be wondering why didn’t Mark encrypt the wallet? Well ironically,

00:17:33.900 --> 00:17:37.590
the feature to encrypt Bitcoin wallets was released a few weeks after the theft

00:17:37.590 --> 00:17:42.210
took place. There simply wasn’t a technology out there to encrypt Bitcoin wallets at the

00:17:42.210 --> 00:17:46.350
time. You might also wonder why Mt. Gox was target for so many attacks.

00:17:46.350 --> 00:17:51.510
KIM: Bitcoin is basically incentivized hacking in that now that you have things

00:17:51.510 --> 00:17:56.280
like crypto-currency you can actually steal actual money just by hacking computers whereas

00:17:56.280 --> 00:18:01.350
previously you could just acquire the means of stealing the money and whatnot. You can

00:18:01.350 --> 00:18:06.120
get data in holding them for ransom and whatnot but with Bitcoin and other crypto-currency you

00:18:06.120 --> 00:18:13.920
can actually steal the actual money from digital systems. That increases the risk by a magnitude,

00:18:13.920 --> 00:18:19.890
easily, in that it now is a lot more lucrative for hackers to attack your systems. Mt. Gox had

00:18:19.890 --> 00:18:24.930
the – it was a double-edge sword in that it pioneered a lot of the markets [00:20:00] but

00:18:24.930 --> 00:18:32.220
also since it was the first, it’s not like this was some big established company that spent

00:18:32.220 --> 00:18:40.380
millions developing secure software or anything. It was just an amateur code base that they were

00:18:40.380 --> 00:18:45.960
then trying to keep patched and somehow handle the load over the years. It was never a professional

00:18:45.960 --> 00:18:51.390
exchange in the sense that people who deposited money probably thought or wanted it to be.

00:18:51.390 --> 00:18:57.270
JACK: Even though by this time Mt. Gox had lost over 800,000 Bitcoins, the problems didn’t stop

00:18:57.270 --> 00:19:02.430
there. Another error in the code base of Mt. Gox had a problem processing transactions.

00:19:02.430 --> 00:19:07.080
KIM: This showed up in the Mt. Gox system as a deposit to user accounts even though

00:19:07.080 --> 00:19:11.910
there was no new Bitcoins coming in. It was misidentifying those transactions as putting

00:19:11.910 --> 00:19:16.440
new Bitcoins into user accounts. It was a bit under fifty accounts;

00:19:16.440 --> 00:19:20.310
they got free Bitcoins for about 45,000 Bitcoins in total.

00:19:20.310 --> 00:19:29.130
JACK: There went another 45,000 Bitcoins. During that month of October 2011, Mark Karpelès deployed

00:19:29.130 --> 00:19:33.180
a new wallet system into Mt. Gox that he had programmed himself in an attempt to have a

00:19:33.180 --> 00:19:38.310
more secure service but near the end of 2011 his new wallet system had a programming error.

00:19:38.310 --> 00:19:44.910
KIM: This is an instance where he actually had a bug in his code. That meant that a

00:19:44.910 --> 00:19:49.080
number of withdrawals actually sent Bitcoins to unspendable addresses,

00:19:49.080 --> 00:19:56.040
which is the same as destroying Bitcoins. That lost about 2,500 Bitcoins that became

00:19:56.040 --> 00:20:03.180
destroyed because of this. The irony is that this is basically the only real

00:20:03.180 --> 00:20:09.030
instance of Mark’s replacement wallet actually losing any significant funds.

00:20:09.030 --> 00:20:17.730
JACK: Mt. Gox didn’t have any more thefts or break-ins since the new wallet software was

00:20:17.730 --> 00:20:23.220
added. It seems like his improved security was working. But Mark knew he was missing so many

00:20:23.220 --> 00:20:28.380
Bitcoins and Mt. Gox was insolvent. He tried to keep all these breaches and thefts under wraps

00:20:28.380 --> 00:20:32.820
and hidden from the public. He didn’t want to ruin the reputation of Mt. Gox being the leader

00:20:32.820 --> 00:20:37.830
of Bitcoin exchanges so he tried to keep these breaches secret. Things went okay for Mark and

00:20:37.830 --> 00:20:43.620
Mt. Gox in 2012. No significant breaches occurred, no big programming errors that resulted in a loss

00:20:43.620 --> 00:20:48.420
of Bitcoin, and Mt. Gox continued to dominate the market as the largest Bitcoin exchange.

00:20:48.420 --> 00:20:53.250
It appeared that Mark had finally gotten things under control and was slowly recouping his losses.

00:20:53.250 --> 00:20:59.610
By mid 2013 Mt. Gox was handling 70 percent of the world’s Bitcoin trades which was around

00:20:59.610 --> 00:21:05.160
150,000 Bitcoins a day. Even though it was the leader of Bitcoin exchanges there weren’t that

00:21:05.160 --> 00:21:10.650
many employees working for Mt. Gox. Mark did a lot of the programming himself but he did have a few

00:21:10.650 --> 00:21:14.580
other developers helping out. It’s not clear whether Mark thought he could just handle it

00:21:14.580 --> 00:21:19.770
himself, or he had a hard time trusting others, or maybe he didn’t have the money to hire staff.

00:21:19.770 --> 00:21:26.250
[MUSIC] In 2013 Mt. Gox wanted to expand into the US so it agreed to use a company

00:21:26.250 --> 00:21:30.150
called CoinLab to handle all North American transactions. Mt. Gox gave

00:21:30.150 --> 00:21:34.020
them five million dollars to get started with, but for some reason this deal went

00:21:34.020 --> 00:21:39.630
bad and CoinLab filed a lawsuit against Mt. Gox because of a breach of contract. CoinLab

00:21:39.630 --> 00:21:45.150
was seeking 75 million dollars and they kept the five million dollars that Mt. Gox gave them. I

00:21:45.150 --> 00:21:51.030
believe this lawsuit is still going on today. Later in the summer of 2013 the US Department

00:21:51.030 --> 00:21:57.240
of Homeland Security issued a warrant to seize money from Mt. Gox. They had been in

00:21:57.240 --> 00:22:02.880
violation of acting as an unregistered money transmitter in the US. In total, DHS seized

00:22:02.880 --> 00:22:10.456
five million dollars from Mt. Gox. It was also discovered that Mark was running a trading bot.

00:22:10.456 --> 00:22:17.340
KIM: [MUSIC ] I don’t know who had the original idea. There was an e-mail leaked where Mark and

00:22:17.340 --> 00:22:23.250
Jed is discussing it and Jed is, amongst other things, suggesting that maybe you can

00:22:23.250 --> 00:22:31.770
make trades on your own exchange to shift this liability back and forth between Bitcoins and

00:22:31.770 --> 00:22:41.580
fiat money as a way to recover the funds, if you can basically trade the losses back. Of course,

00:22:41.580 --> 00:22:48.540
require you to be a trader that can make reliable profits and Mark doesn’t seem to have been a

00:22:48.540 --> 00:22:55.350
trader that was able to make profits. If anything he seems to have bought high and sold low.

00:22:55.350 --> 00:22:58.920
JACK: This trading bot he was running was called the Willy Bot and there’s a

00:22:58.920 --> 00:23:03.330
paper that explains it in detail. At the time the paper came out it was just speculation,

00:23:03.330 --> 00:23:05.910
though. But the speculation proved to be spot-on.

00:23:05.910 --> 00:23:11.310
KIM: The way Mark had implanted this internal trading mechanism,

00:23:11.310 --> 00:23:17.460
it actually kept all the logs so it’s possible to get quite accurate information

00:23:17.460 --> 00:23:21.030
of what work was done or not. He didn’t seem to wipe any logs or anything like that.

00:23:21.030 --> 00:23:24.870
JACK: By analyzing the logs and adding up the trades, this bot resulted in

00:23:24.870 --> 00:23:31.680
Mark [00:25:00] losing an addition 50 million dollars and 22,000 Bitcoins. In February 2014

00:23:31.680 --> 00:23:37.650
Mt. Gox suddenly, without warning, halted all withdrawals from its site. Mark stated they

00:23:37.650 --> 00:23:43.140
were addressing some security concerns but a few weeks later Mt. Gox, the largest Bitcoin exchange

00:23:43.140 --> 00:23:52.080
on the market, shut down entirely. [MUSIC] The website went offline and simply returned a blank

00:23:52.080 --> 00:23:59.640
page. Protests began outside the Tokyo office. Thousands of customers were furious. Mt. Gox had

00:23:59.640 --> 00:24:06.990
closed his doors, seemingly holding onto 850,000 Bitcoins but in reality the Mt. Gox coffers

00:24:06.990 --> 00:24:13.710
were entirely empty. At the end of February Mt. Gox had filed for bankruptcy in Tokyo,

00:24:13.710 --> 00:24:22.380
stating they had lost 850,000 Bitcoins which was worth 470 million dollars. Nobody believed

00:24:22.380 --> 00:24:27.060
that Mark had lost this many Bitcoins. That’s seven percent of all the Bitcoins in the world.

00:24:27.060 --> 00:24:31.200
People just couldn’t grasp how such a large amount of Bitcoins could become

00:24:31.200 --> 00:24:41.620
lost. But as you heard it was lost, just not all at once. The next month,

00:24:41.620 --> 00:24:45.490
when looking through some of the old Mt. Gox systems that were in use in 2011,

00:24:45.490 --> 00:24:52.210
Mark Karpelès found a wallet in the system that still had 200,000 Bitcoins. This brought

00:24:52.210 --> 00:24:59.230
the total losses down to 650,000 Bitcoins. In August 2013, Tokyo police arrested Mark

00:24:59.230 --> 00:25:05.140
Karpelès. Not for losing the 650,000 Bitcoins but on charges for embezzlement and fraud.

00:25:05.140 --> 00:25:10.570
Japanese prosecutors accused him of falsely adding Bitcoins into the accounts of investors

00:25:10.570 --> 00:25:15.850
and then moving that to his own wallet. He has continued to plead innocent to these charges.

00:25:15.850 --> 00:25:21.490
As far as the thieves go who stole the money from Mt. Gox, only one person has been caught

00:25:21.490 --> 00:25:26.230
and arrested. His name is Alex Vinnik and is a Russian national and was arrested in

00:25:26.230 --> 00:25:30.790
Greece. He was arrested for money laundering but evidence shows that he had some of the

00:25:30.790 --> 00:25:35.080
Bitcoins that were stolen from Mt. Gox. However, just because he had them doesn’t

00:25:35.080 --> 00:25:41.310
mean he stole them. He was just accused of laundering, not of stealing the Bitcoin. The

00:25:41.310 --> 00:25:49.560
year after his arrest, Mark Karpelès was released on bail and is currently residing in Tokyo. He’s

00:25:49.560 --> 00:25:53.310
still undergoing the legal process of his arrest in the Mt. Gox bankruptcy.

00:25:53.310 --> 00:26:00.750
Those 200,000 Bitcoins he found have sat untouched since he found them. The bankruptcy case restricts

00:26:00.750 --> 00:26:06.090
him from touching them but since 2014 when Mt. Gox filed for bankruptcy, the price of Bitcoin

00:26:06.090 --> 00:26:13.140
has skyrocketed. At the time of this recording it’s now worth over $10,000 per Bitcoin. Mt.

00:26:13.140 --> 00:26:18.840
Gox owes their creditors 450 million dollars which is what the Japanese courts have locked

00:26:18.840 --> 00:26:27.270
in as what he owes. But his 200,000 Bitcoins are now worth two billion dollars. If he were

00:26:27.270 --> 00:26:33.000
to pay off all his creditors today, he may then get to walk away with over one billion dollars.

00:26:33.000 --> 00:26:43.950
KIM: For sure, the industry and the community has learned a lot since Mt. Gox. Like I said,

00:26:43.950 --> 00:26:53.250
most of the reason for Mt. Gox being so unprepared to fill its own shoes, so to speak, was because it

00:26:53.250 --> 00:26:58.650
was the first of its kind. There was no real best practices back in 2011 or anything like

00:26:58.650 --> 00:27:04.170
that and as anyone has been in any initially successful start-up can tell you, it can be

00:27:04.170 --> 00:27:09.120
really hard to keep up with actually investing the time needed to keep your technology up to date.

00:27:09.120 --> 00:27:12.900
JACK: One big thing we’ve learned from Mt. Gox is that it’s not a good idea to leave your Bitcoin

00:27:12.900 --> 00:27:18.390
on the exchange unless you’re actually trading it. For long-term storage it’s best to keep a Bitcoin

00:27:18.390 --> 00:27:24.030
wallet on your own computer that you control. This way it can’t be stolen from an exchange but you

00:27:24.030 --> 00:27:28.650
still need to be careful, protect your computer from thieves, though. When determining if an

00:27:28.650 --> 00:27:33.990
exchange is reliable, check to see if it complies with audits. For Bitcoin exchanges to operate in

00:27:33.990 --> 00:27:39.120
the US they must adhere to strict audits but some exchanges even take it a step further and agree

00:27:39.120 --> 00:27:43.830
to even more strict audits. It’s also good to use an exchange that has a good reputation and

00:27:43.830 --> 00:27:49.190
not something that’s just popped up yesterday. A lot of lessons can be learned from Mt. Gox.

00:27:49.190 --> 00:27:52.700
KIM: Yeah, it’s quite a wild ride.

00:27:52.700 --> 00:27:55.970
JACK: And it will be interesting to see what happens next,

00:27:55.970 --> 00:28:00.525
not just to Bitcoin but also to Mt. Gox and Mark Karpelès.

00:28:00.525 --> 00:28:00.770
JACK (OUTRO): [OUTRO MUSIC] You’ve been listening to Darknet Diaries. For show notes and links,

00:28:00.770 --> 00:28:08.436
check out darknetdiaries.com. Music is provided by Podington Bear.