While the FTX crash last year rocked the Bitcoin ecosystem, a major failure nine years ago further damaged it. What does that teach us?
The fall of FTX, a crypto empire that defrauded investors, clients and employees to the tune of $8 billionit shook up the ecosystem, and many worried if the ecosystem would survive.
However, this was not the first time that a fault of this magnitude had occurred in space. Unbeknownst to many cryptocurrency newcomers, in 2014 the world’s largest bitcoin exchange, Mt. Gox, went bankrupt after a series of hacking and mismanagement issues. The crash caused clients to lose more than 800,000 bitcoins, a level of concern that makes FTX seem like a blip in time.
Tokyo-based Mt. Gox, whose domain (MtGox.com) was originally Registered in 2007 to host a trading site for the wildly popular “Magic: The Gathering” playing cards, it began operating as a rudimentary bitcoin exchange in late 2010. As the business began generating heavy traffic, the owner sold the rig to Mark Karpelès.
Karpelès, an avid programmer and Bitcoin enthusiast, hardened the web platform’s code to handle a higher volume of bitcoin transactions and buy and sell orders. Ultimately, the failure of the trade demonstrated that he did not do a sufficient job, either technically or in the administrative aspects of the business, as he tried to fill the role of CEO of Mt. Gox with little experience.
On February 24, 2014, Mt. Gox suspended trading and went offline. Eventually, it came to light that the Mt. Gox infrastructure had been exploited by attackers multiple times over the course of several years. The attackers had slowly stolen the exchange from its bitcoin by manipulating parts of the transaction data, a feature known as transaction malleability — leading Mt. Gox to believe that certain withdrawals had not occurred, leading it to send the requested funds multiple times.
Earlier that month, Mt. Gox went offline for a few hours, and his team issued a press release. blaming the Bitcoin protocol itself for being faulty in its transaction monitoring mechanism. Upon receiving a withdrawal request, the exchange would look at the Bitcoin blockchain to confirm the withdrawal transaction ID, a hash constructed from the transaction data. However, a transaction ID is only final once the transaction is confirmed on the blockchain, a feature that allows attackers to alter parts of the transaction, not including the inputs and outputs, and thereby alter your ID. . The result? The Mt. Gox database would not show a successful withdrawal as the specific transaction ID the exchange was looking for would never make it to a block, but the attacker would still receive the bitcoin when the altered transaction was confirmed. (It is important to reiterate that this was a failure of Mt. Gox, and not of the Bitcoin protocol.)
Although this accounting discrepancy was, Amazingly never seenon February 24, 2014 an internal Mt. Gox document leaked, detailing the size of the hole he had actually dug for himself. The document stated that more than 800,000 bitcoins were stolen, worth more than $430 million at the time and nearly $18 billion now; nine years later and customers are still waiting to get some of their bitcoin back.
At the time of the failure, Mt. Gox was estimated to be handling up to 70% of all bitcoins traded worldwide. For comparison, the FTX crash accounted for more than $8 billion in fraud, or less than half the corresponding amount of bitcoin lost with Mt. Gox. The Sam Bankman-Fried trade was notable, but it was not ranked #1 worldwide at the time of the flop.
While the two exchanges differed in terms of how they crashed, the main problem was the same: centralized exchanges represent single points of failure. In both cases, the CEOs failed their clients, who had entrusted them with custody of their bitcoin. For all exchanges, the risk of error, fraud, or bankruptcy is a pervasive threat that should be treated as such. It’s never too late to go into self-custody and take control of your bitcoin.
