Mt. Gox was one of the oldest Bitcoin exchanges. It became a symbol and cult phenomenon of the beginning of the crypto era. Now, the site of Mt. Gox is an ungainly sight consisting of a user interface, a set of press releases, reports, and messages. But it was not always so.

Origin

The domain mtgox.com was registered in 2007 by Jed McCaleb, creator of the eDonkey2000 and Overnet1 file sharing networks, and in the crypto era, he is better known as the co-founder of Ripple and Stellar. Initially, the site was to become a platform for trading cards from the popular game "Magic: The Gathering" hence the name: Magic The Gathering Online eXchange. The live version of the service was launched in late 2007 and lasted like this for about three months. Then McCaleb lost interest in the project, however, and in 2009, used the same site to advertise his card game The Far Wilds.

In an interview in 2013, McCaleb told how the wandering site turned into a crypto exchange, which was launched on July 18, 2010: "I read that first Slashdot article about Bitcoin and thought the idea was awesome. I’ve always been interested in ways the Internet can make people’s lives freer . . . and at that point, there wasn’t a good way to buy and sell Bitcoins and I wanted to buy some. So, as a side project, I made Mt. Gox and bought my first Bitcoins there. As the company started to take off, I sold it."

In 2011, McCaleb sold the exchange to the Japanese company Tibanne, whose CEO was Mark Karpeles. Karpeles copied the backend of the site, and soon Mt. Gox turned into the most popular Bitcoin exchange.

Who Is Mark Karpeles? The Insides

When the price of Bitcoin soared from $13 in early 2013 to more than $1,200, Karpeles, as the largest shareholder of Mt. Gox, was enriched. When interviewed by Reuters in April 2013, he was the largest player in the Bitcoin industry. Mt. Gox did not offer company shares to employees, and by the time of the latest hacker attack, the company had 100,000 Bitcoins in stock (about $50 million at that time). Karpeles owned 88 percent of the shares, and McCaleb had 12 percent, which became known after the leakage of their business plan.

At the dawn of the Bitcoin Foundation, Karpeles invested 5,000 Bitcoins in it and became one of the fund's founders, along with Gavin Andresen, Peter Vessenes, Roger Ver, Charlie Shrem, and Patrick Murck (on February 23, 2014, Karpeles left the board at the height of the madness during the fall of Mt. Gox).

When asked about the reason for the sale of Mt.Gox, McCaleb replied: "Mt.Gox is cool and should exist, but technically it is not interesting, and I'm not interested in managing it in the long term." A similar image was created in the press about Mark Karpeles, the buyer of Mt.Gox.

Wired made Karpeles the personification of the "first wave" of crypto entrepreneurs, writing that "over its first several years, Bitcoin has been driven largely by computer geeks with little experience in the financial world" and calling Karpeles "the most prominent example." Referring to the insiders, the publication noted that Karpeles "was more a programmer than a CEO, and yet sometimes he was distracted even from his technical duties when they were most needed."

This example was described in detail by Jesse Powell, CEO of Kraken, who, together with Roger Ver, helped Mt. Gox deal with the consequences of the first attack in 2011. According to him, Karpeles was strangely indifferent in those tense days. Powell flew to Tokyo from San Francisco and Ver, Karpeles, other employees, and just Bitcoin enthusiasts, were all engaged in the restoration of the operation of the exchange. They responded to requests in tech support, fixed the site, and they intended to work all weekend. When they came to the office, however, it turned out that Karpeles had decided to take a day off. "I thought that was completely insane and demoralizing for the rest of the team," Powell recalls. On Monday, Karpeles returned to work but spent the day filling the envelopes. "I thought, ‘Dude, why are you doing this? This can be done at any other time. The site is offline. You must bring it online,’" says Powell. By the way, it was he who was appointed as the trustee after the bankruptcy of the exchange, and in 2015, Kraken began accepting applications for damages from Mt. Gox creditors and also announced that Mt. Gox users would be provided with up to $1 million for trading as a bonus.

Powell met with Karpeles in January 2014 before it became known about the last attack. They dined in Tokyo, and as Powell recalls, Karpeles seemed completely unconcerned about the future of Mt. Gox, as he was fascinated by a new Bitcoin Cafe project. It was supposed to be a stylish place in the spirit of the French bistro, located in Tokyo in the same building as the offices of Mt. Gox (by origin Karpeles is a Frenchman). Of course, Bitcoins should be used for payment there, and according to the insider, Karpeles "was super-proud of being able to use his hacked cash register with the code he wrote." The same person reported that Mt. Gox spent $1 million on the cafe in Bitcoins and allegedly, this particular project distracted Karpeles from managing the exchange at the most critical moment. The cafe was due to open in late 2013, but this never happened. "It was probably some light for them in a very dark world of dealing with banks and customer complaints all day. I'm sure that Mark has been very stressed for a long time and the Bitcoin Cafe was probably a fun project," says Powell.

"Aside from the cafe, he liked to spend time fixing servers, setting up networks, and installing gadgets . . . probably distracting himself from dealing with the real issues that the company was up against," as the Wired interlocutor noted. Also, people familiar with Karpeles remembered that he could easily quit the business to order a flat-screen TV or lunches for the staff of the exchange for $400." Mark liked the idea of being CEO, but the day-to-day reality bored him . . . He likes to be praised, and he likes to be called the king of Bitcoin. He always talks about how he's a member of Mensa (an organization for people with high IQ) and has an above-average IQ," said the anonymous insider.

Many said that, knowing Mt. Gox from the inside, they foresaw a catastrophe. The developer from Tokyo, who came to a business meeting at the Mt. Gox office in 2013, noted that the company did not have a version control system, a standard tool in any professional development. Without it, any employee can accidentally overwrite or erase another's code if they are working on the same file. The same developer noted that the largest exchange introduced a test environment only in 2014, which means that previous changes to the software that did not pass testing fell directly to users. And only Karpeles could approve the changes. And some of them, such as eliminating bugs (and even vulnerabilities in security), could wait for Karpeles' attention for weeks. "The source code was a complete mess," said another insider.

First Attack

On June 19, 2011, Mt. Gox was hacked, and the hackers managed to steal more than $8.5 million. The exchange went offline for several days.

Presumably, the hacker could access the exchange through the compromised computer of the auditor of Mt. Gox. He artificially lowered the price of Bitcoins on the exchange to one cent and transferred them to his own address and then sold them. In addition, about 650 Bitcoins were purchased at this low price by ordinary users.

This time, the service managed to cope with the crisis and even return user funds.

Second Attack and Bankruptcy

By early 2014, Mt. Gox was the largest trading platform for Bitcoins and accounted for 70 percent of all Bitcoin transactions. By the end of February of the same year, the exchange was bankrupt. As a result of the attack, Mt. Gox lost more than 740,000 Bitcoins of users and 100,000 Bitcoins from its own funds, which, at that time, accounted for seven percent of the total issue and was approximately $546 million. In an official statement, the company said that "with a high degree of probability, the Bitcoins were stolen,” but nothing happens overnight.

February 7, Mt. Gox stopped the withdrawal of Bitcoins, explaining this by the desire to "get a clear technical picture of the currency processes." In a press release issued a few days later, Mt. Gox reported that a bug in Bitcoin software allowed for someone to change transaction details, forcing the system to think that Bitcoins had not been sent, that is, they were double-spent. Mt. Gox said that it is working to fix this vulnerability in conjunction with Bitcoin Core developers. The exchange continued to report on the steps being taken to normalize the work and on the "imminent resumption of withdrawals.” By mid-February, some exchange users said that the delays in withdrawing funds had taken more than three months. The protester Kolin Burges gained infamy as he was “on duty" at the Tokyo office of Mt. Gox with a poster "Mt. Gox Where Is Our Money.” Soon, there were reports that the company had left the building.

On February 24, the exchange stopped trading, and its site went offline. Although there were reports that the transactions were suspended temporarily, on February 28, the company declared bankruptcy, filing for bankruptcy protection first in Japan and two weeks later in the U.S. "There were weaknesses in our system, and our Bitcoins disappeared. We created problems and inconveniences for many people and I'm very sorry that this happened," Karpeles said at a press conference in Tokyo to declare bankruptcy. By that time, users had already filed class action lawsuits against the exchange in Chicago and Illinois district courts suspecting it of fraud, and the protection from creditors provided under the bankruptcy law helped the exchange to postpone litigation.

During this time, the exchange managed to reduce its arrears from 850,000 to 650,000 Bitcoins: on March 20, 2014, Mt. Gox reported the discovery of 199,999.99 Bitcoins (about $116 million at that time) in an old wallet used by the exchange before June 2011. In April, Mt. Gox refused the civil rehabilitation plan and submitted a petition for liquidation to the Tokyo court. Some users at the same time were convinced that the management is hiding part of the funds in order not to reimburse them, while others, on the contrary, believed that Mt. Gox never owned such a number of Bitcoins, which was publicly stated. They assumed that Karpeles had fabricated the numbers to give "weight" to Mt. Gox.

In August 2015, Karpeles was arrested in Japan and was charged with fraud, misappropriation of funds, and manipulation of the computer system of the exchange to artificially increase the balance of accounts. After the interrogation, he was accused of appropriating 315 million yen ($2.6 million) in Bitcoins owned by users and stored on the exchange in the form of deposits. According to the investigation, he transferred this money to his account about six months before the February events. Karpeles spent almost a year in prison, after which he was released on bail of $100,000 in July 2016.

By May 2016, the creditors of Mt. Gox demanded compensation of $2.4 trillion, but the trustee of the exchange Nobuaki Kobayashi said that the debt of the exchange was only $91 million.

The Course of the Attack

At the end of February 2014, it became known from the Mt. Gox crisis plan that was leaked onto the net that the attack "remained unnoticed for several years.” A study published by the security company WizSec in April 2015 showed that the attack had been carried out from September 2011, when private keys from hot Mt. Gox wallets were stolen (they were simply copied from the wallet.dat file). Thus, the hackers not only got access to existing deposits but could also spend Bitcoins incoming on compromised addresses. In the same report, the name of Alexander Vinnik, a technical expert on the BTC-e exchange (as he calls himself) can be noticed, as he was sought by the U.S. Department of Justice and was arrested in Greece last July.

There were short breaks in this long-stalled theft, and the second major phase of hidden robberies took place during 2012 and 2013, so by mid-2013, about 630,000 Bitcoins were withdrawn from Mt. Gox. Because of the bug in the system, Mt. Gox completely lost about 40,000 Bitcoins through its fault, because the settings of wallet.dat allowed for reuse of addresses and the system mistook some of the hacker-made transfers as deposits, diminishing some accounts in large amounts. The funds transferred to Vinnik's address were transferred to the BTC-e exchange and were sold or laundered. According to the WizSec report, about 300,000 of the stolen Bitcoins passed through BTC-e (at the moment, the exchange is closed and its domain is seized by the FBI). Other stolen coins were laundered through the same compromised addresses, including from Bitcoinica and BitFloor exchanges. And according to some assumptions, Mt. Gox had lost 80,000 Bitcoins before it was purchased by Karpeles.

Not Long Before

Critical problems within Mt. Gox began as early as autumn 2013. Federal agents seized $5 million from the bank account of the company because Mt. Gox was not registered as a financial institution. At the same time, in 2013, a lawsuit against Mt. Gox for $75 million was filed by its former business partner CoinLab due to non-compliance with the terms of the transaction, as a result of which American clients of the exchange had to switch to CoinLab.

By the end of 2013, customers noted delays in withdrawals lasting for several months, and Mt. Gox moved from one to three in the ranks of trading volume.

Nowadays

In March, the Bitcoin rate staggered, falling by almost double in a month. Among the reasons were the "sales" of Bitcoins arranged by Kobayashi, the trustee of exchange. From a report sent to the Tokyo District Court on March 7, it became known that in three months, he had sold Bitcoins worth $400 million. Kobayashi himself, however, denied that he provoked the fall of Bitcoin. "After consulting with crypto experts, I sold Bitcoins and Bitcoin Cash, not in the course of ordinary exchange trades but in order to avoid influence on the market price, while making sure that the transaction is safe . . . Please do not look for any connection between selling Bitcoins and Bitcoin Cash and their market price based on the assumption that they were sold at the same time as they were transferred from the addresses under my control, as this assumption is incorrect," Kobayashi wrote in a report for creditors published on the exchange's website on March 17. At the same time, in March, it was reported that Mt. Gox had enough assets to repay its users more than $1.4 billion.

On June 22, the Tokyo District Court granted a petition of creditors filed in November 2017 and decided to begin the process of civil rehabilitation of Mt. Gox. In his tweet, Karpeles wrote that he was "currently being flooded with emails about @MtGox civil rehabilitation," and promised to review them all, having warned that it would take some time.

Kobayashi should report on the state of assets of Mt. Gox at a meeting of creditors, which will be held on September 26 in Tokyo. All users seeking compensation for damages were required to file an application with evidence of legal possession of the required funds before October 22.

In August, in an official press release, the exchange said that it is possible to apply on the Mt. Gox website using a specially developed tool, or by email. Kobayashi must provide the court with a plan for rehabilitation and reimbursement of user funds by February 14, 2019.

Thus, the case of Mt. Gox is far from over, as are many claims against Karpeles.