When FTX collapsed last year rattled the Bitcoin ecosystem, nine years ago a huge failure damaged it even more. What does that teach us?
The collapse of FTX, a crypto empire that defrauded investors, customers and employees to the tune of $8 billion, shook the ecosystem, and many worried that the ecosystem would survive.
However, this is not the first time such a major failure has occurred at the venue. Unknown to many cryptocurrency newcomers, in 2014, the world’s largest bitcoin exchange, Mt. Gox, went bankrupt after a series of hacks and mismanagement. The fall caused customers to lose more than 800,000 bitcoins – a level of concern that makes FTX look like a blip in time.
Tokyo-based Mt Gox, whose domain (MtGox.com) was originally registered in 2007 to host a trading site for the wildly popular “Magic: The Gathering” card game, began operating as a rudimentary bitcoin exchange at the end of 2010. As the business began to drive huge traffic , the owner sold the platform to Mark Karpelès.
Karpelès, an avid programmer and Bitcoin enthusiast, improved the code of the web platform to handle the increasing volume of bitcoin transactions and buy and sell orders. Ultimately, the failure of the exchange showed that he did not do enough work, either technically or in the business management aspect, as he tried to fill the role of executive director of Mt. Gox with little experience.
On February 24, 2014, Mt. Gox suspended trading and went offline. Finally, the infrastructure of Mt. Gox has been exploited by attackers many times over the years. Attackers have been slowly robbing bitcoin exchanges by manipulating parts of transaction data – a characteristic known as transaction malleability – leading to Mt.
Earlier that month, Mt. Gox has been offline for several hours and the team issued a press release blaming the Bitcoin protocol itself for a fault in its transaction watch mechanism. When receiving a withdrawal request, the exchange will look at the Bitcoin block to confirm the withdrawal transaction ID – a hash created from the transaction data. However, the transaction ID is only final after the transaction will be confirmed in the blockchain, a characteristic that allows attackers to change parts of the transaction – excluding inputs and outputs – and thus change its ID. The result? Database of Mt. Gox will not show a successful withdrawal because the specific transaction ID monitored by the exchange will not enter the block, but the attacker will still receive bitcoins because the modified transaction is confirmed. (It’s important to point out that this is the failure of Mt. Gox, and not the Bitcoin protocol.)
When this accounting discrepancy, surprisingly, never appeared, on February 24, 2014, an internal document of Mt. Gox leaks, detailing the size of the hole it has dug itself. The documents show that more than 800,000 bitcoins were stolen, worth more than $430 million then and almost $18 billion today; nine years later and customers are still waiting to get some of their bitcoins back.
At the time of the failure, approximately Mt. Gox handles 70% of all bitcoins traded worldwide. For comparison, the fall of FTX represents a fraud of more than $8 billion, or less than half the amount of bitcoin lost with Mt. Gox. The Sam Bankman-Fried exchange was one of the famous ones, but it wasn’t the top spot in the world when it failed.
While the two exchanges differ in how they collapse, the backbone problem is the same: centralized exchanges represent a point of failure. In both cases, the chief executive failed the client, who had been entrusted with the custody of bitcoin. For all exchanges, the risk of error, fraud or bankruptcy is an omnipresent threat that must be treated as such. It’s never too late to get hold of yourself and take control of your bitcoins.