Mt. Gox Coins Destroyed: Difference between revisions
No edit summary |
(Another 30 minutes complete. Starting to integrate sources and further information built up.) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}{{Unattributed Sources}} | ||
[[File:Mtgox.jpg|thumb|Mt. Gox]]Mt. Gox originally had a glitch where some bitcoins were sent to invalid addresses, effectively burning them. This loss was not passed on to customers. | [[File:Mtgox.jpg|thumb|Mt. Gox and Mark Karpeles]]Mt. Gox originally had a glitch where some bitcoins were sent to invalid addresses, effectively burning them. This loss was not passed on to customers. | ||
This exchange or platform is based in Japan, or the incident targeted people primarily in Japan. | This exchange or platform is based in Japan, or the incident targeted people primarily in Japan.<ref name="bitcointalklistold-20" /><ref name="bitcointalklist-87" /><ref name="darknetdiaries-1157" /><ref name="bitcointalk-4667" /><ref name="bitcointalk-4668" /><ref name="cryptocurrencyminingblog-4669" /> | ||
== About Mt. Gox == | == About Mt. Gox == | ||
"Mt.Gox is the world's most established Bitcoin exchange. You can quickly and securely trade bitcoins with other people around the world with your local currency! | Mt. Gox launched with a very simple interface<ref name="mtgoxarchive1-4126" />. At the time Mt. Gox was established, there were very few other major trading platforms for cryptocurrencies. Mt. Gox was thus able to obtain over 80% of the global trading volume for bitcoin<ref name="mtgoxarchive2-4127" />.<blockquote>"Mt.Gox is the world's most established Bitcoin exchange. You can quickly and securely trade bitcoins with other people around the world with your local currency!" | ||
" | "It allows you to trade US Dollars (USD) for Bitcoins (BTC) or Bitcoins for US Dollars with other Mt Gox users. You set the price you want to buy or sell your BTC for." | ||
" | "Buy Bitcoins at market rates with your credit card or many other payment methods." "Automate your trading with our Trading API" "Dark pools allow you to trade large quantities without moving the market." | ||
" | "Fully automated, always available, 24 hours a day, Safe and Easy." | ||
"The only multi-currency Bitcoin trading platform where you can trade with the entire world in your local currency."</blockquote>Users could trade on Mt. Gox using a wide range of world currencies<ref name="mtgoxarchive2-4127" />. Mt. Gox achieved a wide popularity due to the ease with which users could sign up for services there<ref name="mtgoxarchive1-4126" />.<blockquote>"Buying and selling Bitcoin doesn't have to be complicated! Get trading in a few simple steps." | |||
"4 Easy Steps: | |||
1. Make an Account. | |||
2. Add some funds. | |||
3. Buy or Sell Bitcoins. | |||
4. Withdraw your converted funds."</blockquote>Basic features like SSL were provided for account security and 24/7 uptime was advertised as a selling point<ref name="mtgoxarchive2-4127" />. The Mt. Gox platform featured a "Norton Secured" seal<ref name="mtgoxarchive2-4127" />.<blockquote>"Mt.Gox is protected by Prolexic and certified by VeriSign, which means all communications with our servers are encrypted with SSL technology." "We're always on. Buy and sell Bitcoin 24/7/365 with the world's most sophisticated trading platform." </blockquote> | |||
== The Reality == | == The Reality == | ||
While Mt. Gox had made a significant number of important security improvements based on [[Mt. Gox Auditor Theft|their auditor theft in June 2013]], the platform was still far from flawless. | |||
== What Happened == | == What Happened == | ||
Blockchain transactions sent bitcoin from Mt. Gox to invalid addresses, which meant that the bitcoin could not be retrieved in the future. | |||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - Mt. Gox Coins Destroyed | |+Key Event Timeline - Mt. Gox Coins Destroyed | ||
| Line 51: | Line 36: | ||
!Description | !Description | ||
|- | |- | ||
|October 28th, 2011 | |October 28th, 2011 3:11:28 AM MDT | ||
| | |Blockchain Transactions | ||
| | |"October 28, 2011, about two dozen transactions appeared in the block chain (Block 150951) that sent a total of 2,609 BTC to invalid addresses. As no private key could ever be assigned to them, these bitcoins were effectively lost." As all transactions happened in the same block, they all happened at the exact same time. | ||
|- | |- | ||
| | | | ||
| Line 59: | Line 44: | ||
| | | | ||
|} | |} | ||
== Technical Details == | |||
Bitcoin works based on a key pair relationship between the public and private keys. | |||
Bitcoin can be sent to any valid public key. In order to spend those funds, the matching private key is necessary. | |||
While finding a public key to match a private key is fairly trivial, finding the private key of a known public key is considered to be impossible given current technology. This forms the basis of bitcoin security. | |||
Generation of a typical bitcoin wallet starts with a private key, which is used to generate a matching public key. The creator of the wallet can then spend any funds sent to the public key, since they know the matching private key. | |||
However, if funds are sent to a public key without a known matching private key, they cannot be retrieved based on current technology. These funds are considered to have been "burned". | |||
Unfortunately, the Mt. Gox platform unintentionally sent 2,609.36304319 bitcoin to an invalid address. These funds became permanently lost based on the nature of key pairs. | |||
== Total Amount Lost == | == Total Amount Lost == | ||
"Exactly 2609.36304319" BTC. | |||
{| class="wikitable" | |||
|+Summary Of Bitcoin Transactions | |||
!Date | |||
!Block | |||
!Position | |||
!Transaction Hash | |||
!Lost Bitcoin | |||
|- | |||
|October 28th, 2011 3:11:28 AM MDT<ref name="blockchaindotcom-4672" /> | |||
|150951 | |||
|21 | |||
|[https://www.blockchain.com/explorer/transactions/btc/ddddf9f04b4c1d4e1185cacf5cf302f3d11dee5d74f71721d741fbb507062e9e ddddf9f04b4c1d4e1185cacf5cf302f3d11dee5d74f71721d741fbb507062e9e] | |||
|37.00000000 | |||
|- | |||
|October 28th, 2011 3:11:28 AM MDT<ref name="blockchaindotcom-4671" /> | |||
|150951 | |||
|22 | |||
|[https://www.blockchain.com/explorer/transactions/btc/81f591582b436c5b129f347fe7e681afd6811417973c4a4f83b18e92a9d130fd 81f591582b436c5b129f347fe7e681afd6811417973c4a4f83b18e92a9d130fd] | |||
|100.00000000 | |||
|- | |||
|October 28th, 2011 3:11:28 AM MDT<ref name="blockchaindotcom-4670" /> | |||
|150951 | |||
|23 | |||
|[https://www.blockchain.com/explorer/transactions/btc/111291fcf8ab84803d42ec59cb4eaceadd661185242a1e8f4b7e49b79ecbe5f3 111291fcf8ab84803d42ec59cb4eaceadd661185242a1e8f4b7e49b79ecbe5f3] | |||
|24.31000000 | |||
|} | |||
The total amount lost has been estimated at $8,000 USD. | The total amount lost has been estimated at $8,000 USD. | ||
== Immediate Reactions == | == Immediate Reactions == | ||
| Line 72: | Line 95: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
“Mt. Gox fully reimbursed customers after this incident.” "Mt. Gox did not pass the impacts of this incident on to customers." | |||
=== Potential Methods of Recovery === | |||
While it is possible that future technology could be powerful enough to brute force private keys, such a technology would also undermine all wallets on the bitcoin blockchain and impact a significant number of other systems which depend on public key cryptography to operate. It is also possible that there are some public keys which do not have any matching private key solution at all. | |||
It would be possible to create a fork of the bitcoin blockchain in which these coins were considered to have a different owner. However, such a proposal would violate or alter the rules that form the basis of bitcoin, and would require the support of the vast majority of bitcoin nodes and mining power. It is highly unlikely that such a global consensus could be achieved. | |||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== General Prevention Policies == | |||
== Prevention Policies == | |||
There were no losses to customers in this case. The use of multi-signature wallets allows each key holder to check the outgoing transaction for validity. All systems would be checked over by two reviewers prior to launch, and only a small minority of funds would be in hot wallets. In the event that these measures fail to prevent loss, an industry insurance fund would be available to cover it. | There were no losses to customers in this case. The use of multi-signature wallets allows each key holder to check the outgoing transaction for validity. All systems would be checked over by two reviewers prior to launch, and only a small minority of funds would be in hot wallets. In the event that these measures fail to prevent loss, an industry insurance fund would be available to cover it. | ||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Regulatory Prevention Policies == | |||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
[https://bitcointalk.org/index.php?topic=4412667.0 Bitcointalk history of MtGox and how a Bitcointalk post caught the MtGox hacker.] (Dec | == References == | ||
<references> | |||
[https://bitcointalk.org/index.php?topic=576337#post_toc_27 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses] (Dec | <ref name="bitcointalklistold-20">[https://bitcointalk.org/index.php?topic=83794.msg923918#post_toc_27 <nowiki>List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old]</nowiki>] (Jan 28, 2020)</ref> | ||
<ref name="bitcointalklist-87">[https://bitcointalk.org/index.php?topic=576337 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses] (Feb 15, 2020)</ref> | |||
[http://cryptocurrency-mining.blogspot.com/2014/02/list-of-biggest-bitcoin-scams-and-heists.html CRYPTOCURRENCY: LIST OF BIGGEST BITCOIN SCAMS AND HEISTS] (Dec | <ref name="darknetdiaries-1157">[https://darknetdiaries.com/episode/9/ The Rise and Fall of Mt. Gox – Darknet Diaries] (Jun 25, 2021)</ref> | ||
<ref name="mtgoxarchive2-4127">[https://web.archive.org/web/20120112024603/https://mtgox.com/ Mt.Gox - Bitcoin Exchange - January 12th, 2012 - Internet Archive] (Oct 12, 2021)</ref> | |||
[https://www.blockchain.com/btc/tx/111291fcf8ab84803d42ec59cb4eaceadd661185242a1e8f4b7e49b79ecbe5f3 Transaction | <ref name="mtgoxarchive1-4126">[https://web.archive.org/web/20110203031942/http://mtgox.com/ Mt Gox - Bitcoin Exchange - February 3rd, 2011 - Internet Archive] (Oct 12, 2021)</ref> | ||
<ref name="bitcointalk-4667">[https://bitcointalk.org/index.php?topic=4412667.0 Bitcointalk history of MtGox and how a Bitcointalk post caught the MtGox hacker.] (Dec 22, 2021)</ref> | |||
[https://www.blockchain.com/btc/tx/81f591582b436c5b129f347fe7e681afd6811417973c4a4f83b18e92a9d130fd Transaction | <ref name="bitcointalk-4668">[https://bitcointalk.org/index.php?topic=576337#post_toc_27 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses] (Dec 22, 2021)</ref> | ||
<ref name="cryptocurrencyminingblog-4669">[http://cryptocurrency-mining.blogspot.com/2014/02/list-of-biggest-bitcoin-scams-and-heists.html CRYPTOCURRENCY: LIST OF BIGGEST BITCOIN SCAMS AND HEISTS] (Dec 22, 2021)</ref> | |||
[https://www.blockchain.com/btc/tx/ddddf9f04b4c1d4e1185cacf5cf302f3d11dee5d74f71721d741fbb507062e9e Transaction | <ref name="blockchaindotcom-4670">[https://www.blockchain.com/btc/tx/111291fcf8ab84803d42ec59cb4eaceadd661185242a1e8f4b7e49b79ecbe5f3 Transaction Sending 24.31 Bitcoin To Unknown Wallet - Blockchain Explorer] (Dec 22, 2021)</ref> | ||
<ref name="blockchaindotcom-4671">[https://www.blockchain.com/btc/tx/81f591582b436c5b129f347fe7e681afd6811417973c4a4f83b18e92a9d130fd Transaction Sending 100 Bitcoin To Unknown Wallet - Blockchain Explorer] (Dec 22, 2021)</ref> | |||
<ref name="blockchaindotcom-4672">[https://www.blockchain.com/btc/tx/ddddf9f04b4c1d4e1185cacf5cf302f3d11dee5d74f71721d741fbb507062e9e Transaction Sending 37 Bitcoin To Unknown Wallet - Blockchain Explorer] (Dec 22, 2021)</ref> | |||
</references> | |||
Latest revision as of 11:54, 3 January 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Mt. Gox originally had a glitch where some bitcoins were sent to invalid addresses, effectively burning them. This loss was not passed on to customers.
This exchange or platform is based in Japan, or the incident targeted people primarily in Japan.[1][2][3][4][5][6]
About Mt. Gox
Mt. Gox launched with a very simple interface[7]. At the time Mt. Gox was established, there were very few other major trading platforms for cryptocurrencies. Mt. Gox was thus able to obtain over 80% of the global trading volume for bitcoin[8].
"Mt.Gox is the world's most established Bitcoin exchange. You can quickly and securely trade bitcoins with other people around the world with your local currency!"
"It allows you to trade US Dollars (USD) for Bitcoins (BTC) or Bitcoins for US Dollars with other Mt Gox users. You set the price you want to buy or sell your BTC for."
"Buy Bitcoins at market rates with your credit card or many other payment methods." "Automate your trading with our Trading API" "Dark pools allow you to trade large quantities without moving the market."
"Fully automated, always available, 24 hours a day, Safe and Easy."
"The only multi-currency Bitcoin trading platform where you can trade with the entire world in your local currency."
Users could trade on Mt. Gox using a wide range of world currencies[8]. Mt. Gox achieved a wide popularity due to the ease with which users could sign up for services there[7].
"Buying and selling Bitcoin doesn't have to be complicated! Get trading in a few simple steps."
"4 Easy Steps:
1. Make an Account.
2. Add some funds.
3. Buy or Sell Bitcoins.
4. Withdraw your converted funds."
Basic features like SSL were provided for account security and 24/7 uptime was advertised as a selling point[8]. The Mt. Gox platform featured a "Norton Secured" seal[8].
"Mt.Gox is protected by Prolexic and certified by VeriSign, which means all communications with our servers are encrypted with SSL technology." "We're always on. Buy and sell Bitcoin 24/7/365 with the world's most sophisticated trading platform."
The Reality
While Mt. Gox had made a significant number of important security improvements based on their auditor theft in June 2013, the platform was still far from flawless.
What Happened
Blockchain transactions sent bitcoin from Mt. Gox to invalid addresses, which meant that the bitcoin could not be retrieved in the future.
| Date | Event | Description |
|---|---|---|
| October 28th, 2011 3:11:28 AM MDT | Blockchain Transactions | "October 28, 2011, about two dozen transactions appeared in the block chain (Block 150951) that sent a total of 2,609 BTC to invalid addresses. As no private key could ever be assigned to them, these bitcoins were effectively lost." As all transactions happened in the same block, they all happened at the exact same time. |
Technical Details
Bitcoin works based on a key pair relationship between the public and private keys.
Bitcoin can be sent to any valid public key. In order to spend those funds, the matching private key is necessary.
While finding a public key to match a private key is fairly trivial, finding the private key of a known public key is considered to be impossible given current technology. This forms the basis of bitcoin security.
Generation of a typical bitcoin wallet starts with a private key, which is used to generate a matching public key. The creator of the wallet can then spend any funds sent to the public key, since they know the matching private key.
However, if funds are sent to a public key without a known matching private key, they cannot be retrieved based on current technology. These funds are considered to have been "burned".
Unfortunately, the Mt. Gox platform unintentionally sent 2,609.36304319 bitcoin to an invalid address. These funds became permanently lost based on the nature of key pairs.
Total Amount Lost
"Exactly 2609.36304319" BTC.
| Date | Block | Position | Transaction Hash | Lost Bitcoin |
|---|---|---|---|---|
| October 28th, 2011 3:11:28 AM MDT[9] | 150951 | 21 | ddddf9f04b4c1d4e1185cacf5cf302f3d11dee5d74f71721d741fbb507062e9e | 37.00000000 |
| October 28th, 2011 3:11:28 AM MDT[10] | 150951 | 22 | 81f591582b436c5b129f347fe7e681afd6811417973c4a4f83b18e92a9d130fd | 100.00000000 |
| October 28th, 2011 3:11:28 AM MDT[11] | 150951 | 23 | 111291fcf8ab84803d42ec59cb4eaceadd661185242a1e8f4b7e49b79ecbe5f3 | 24.31000000 |
The total amount lost has been estimated at $8,000 USD.
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
“Mt. Gox fully reimbursed customers after this incident.” "Mt. Gox did not pass the impacts of this incident on to customers."
Potential Methods of Recovery
While it is possible that future technology could be powerful enough to brute force private keys, such a technology would also undermine all wallets on the bitcoin blockchain and impact a significant number of other systems which depend on public key cryptography to operate. It is also possible that there are some public keys which do not have any matching private key solution at all.
It would be possible to create a fork of the bitcoin blockchain in which these coins were considered to have a different owner. However, such a proposal would violate or alter the rules that form the basis of bitcoin, and would require the support of the vast majority of bitcoin nodes and mining power. It is highly unlikely that such a global consensus could be achieved.
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
There were no losses to customers in this case. The use of multi-signature wallets allows each key holder to check the outgoing transaction for validity. All systems would be checked over by two reviewers prior to launch, and only a small minority of funds would be in hot wallets. In the event that these measures fail to prevent loss, an industry insurance fund would be available to cover it.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] (Jan 28, 2020)
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Feb 15, 2020)
- ↑ The Rise and Fall of Mt. Gox – Darknet Diaries (Jun 25, 2021)
- ↑ Bitcointalk history of MtGox and how a Bitcointalk post caught the MtGox hacker. (Dec 22, 2021)
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Dec 22, 2021)
- ↑ CRYPTOCURRENCY: LIST OF BIGGEST BITCOIN SCAMS AND HEISTS (Dec 22, 2021)
- ↑ 7.0 7.1 Mt Gox - Bitcoin Exchange - February 3rd, 2011 - Internet Archive (Oct 12, 2021)
- ↑ 8.0 8.1 8.2 8.3 Mt.Gox - Bitcoin Exchange - January 12th, 2012 - Internet Archive (Oct 12, 2021)
- ↑ Transaction Sending 37 Bitcoin To Unknown Wallet - Blockchain Explorer (Dec 22, 2021)
- ↑ Transaction Sending 100 Bitcoin To Unknown Wallet - Blockchain Explorer (Dec 22, 2021)
- ↑ Transaction Sending 24.31 Bitcoin To Unknown Wallet - Blockchain Explorer (Dec 22, 2021)