In July, WizSec posted an excellent analysis of what happened to the Mt. Gox bitcoins, once the main suspect, Alexander Vinnik of BTC-e, had been arrested.

Kim Nilsson of WizSec gave an amazing talk at this year’s “Breaking Bitcoin” last week on precisely what they did to analyse what had happened: “Cracking MtGox.”

This is really pretty awesome, if a bit technical; I recommend you take the 40 minutes to listen to Kim talk through just what happened. In security terms, Mt. Gox fell down the stairs and hit its head on every step. There are multiple “holy crap!” moments. Here are the slides.

Although I knew that 80,000 BTC were already missing from Mt. Gox when Jed McCaleb sold it to Mark Karpèles — McCaleb suggesting to Karpèles “maybe you don’t really need to worry about it” — hackers had already cleaned out Mt. Gox while McCaleb owned it. He had sold Karpèles an insolvent exchange.

As I note in chapter 4 of the book: the thought “I know PHP! How hard could running an exchange be?” never goes anywhere good.

Update: patio11 has written out the highlights of the video, if you don’t have time to watch it — though you absolutely should when you can..