What Happened To Mt. Gox? Who Stole The Bitcoins?

Executive Summary:

Mt. Gox was an exchange that enabled users to purchase, trade, and sell cryptocurrency-related assets such as Bitcoin.

The exchange was ultimately shut down in February 2014 after a hack led to the loss of 850,000 Bitcoins.

What Is Mt. Gox?

Mt. Gox was an exchange that enabled users to purchase, trade, and sell cryptocurrency-related assets such as Bitcoin.

In order to trade on Mt. Gox, users would need to create two accounts: one to store Bitcoins (BTC) and another one that for fiat currencies (such as USD).

Bitcoins are purchased using funds from the fiat currency account, and the proceeds from the sale of Bitcoins are deposited into the same account.  

Trading itself had to involve Bitcoins (e.g., Bitcoin to USD) and didn’t support exchanges between fiat currencies. Mt. Gox, as the intermediary, would store the Bitcoins until the transaction had been settled.

Deposits and withdrawals had to furthermore be conducted in a fiat currency. That means if one wanted to liquidate their Bitcoins, they first had to sell them and then withdraw in the currency of their choice.

Due to lagging regulations, withdrawals and deposits could only be conducted using wire transfers (including SEPA). Users were permitted from linking their bank accounts. In the past, Mt. Gox had also offered payments via services such as Dwolla or OKPay.

Mt. Gox itself made money from the exchange by charging a 0.6 percent fee for purchasing Bitcoins and was only applied on ‘smaller’ trades, namely below 100 BTC – a different world indeed.

The exchange ultimately declared bankruptcy in 2014 after a hack led to the loss of hundreds of thousands of Bitcoins. How it came to be, who’s behind it, and what happened to the stolen assets will be covered in the next few chapters.

What Happened To Mt. Gox?

Mt. Gox, also known as ‘Mount Gox’ or ‘MTGOX’ and formerly headquartered in Tokyo, Japan, was launched in 2010 by Jade McCaleb.

McCaleb, who was born in the mid-1970s in Arkansas, became drawn to computers from a very early age.

This led him to study computer science at Berkeley but he ultimately to drop out to work as a software engineer in New York City. At the time, the dot-com bubble was in full swing and thus creating an onslaught of new opportunities literally every day.

In the summer of 2000, right after the dot-com bubble had burst, he decided it was time to branch out on his own.

Together with Sam Yagan, who later started the dating site OkCupid, the pair launched MetaMachine, a browser that was able to “add and edit captions, keywords, licenses, and ownership in images.”

While the browser never really took off, other creations did yield more success. One of them was eDonkey, a decentralized, peer-to-peer (P2P) file-sharing network similar to LimeWire.

McCaleb and Yagan eventually managed to grow eDonkey to millions of users. Unfortunately, in September 2006, just weeks after Napster’s settlement, MetaMachine was forced to shut down the eDonkey P2P network and pay $30 million in fines to the Recording Industry Association of America (RIAA).

Around the same time, McCaleb made a personal purchase that would wind up changing his life forever. He bought the domain name mtgox.com to create an online marketplace that would enable people to trade Magic: The Gathering cards. This is also how the Mt. Gox name came to be, which is essentially an acronym for Magic: The Gathering Online eXchange.

After dabbling in game development for the next few years, McCaleb eventually came across the now-legendary Bitcoin whitepaper on Slashdot, a Reddit-like news side for all things tech.  

“I was super excited,” he recalled in an interview with Forbes. “I didn’t think it was possible to solve [the double-spend] problem before I read the white paper. It was super interesting to me and, about two weeks later, I had made the Mt. Gox exchange, because at the time there wasn’t really a good way to buy or sell bitcoin, and I wanted to experiment with the technology to learn the system.”

In July 2010, he finally unveiled the Mt. Gox exchange to the public. It became not only the first but quickly rose to be the biggest cryptocurrency exchange in the world (which, at the time, meant one thousand registered users).

However, McCaleb soon became disassociated with what he thought would only be a small hobby project. On top of that, hackers began attacking the site soon after it launched and even managed to steal $45,000 worth of Bitcoins.

By March 2011, McCaleb officially wanted out. It just so happened that McCaleb, who later went on to launch both Ripple and Stellar, met someone willing to take on the duty of running Mt. Gox.

That person ended up being Mark Karpeles, a French software developer residing in Tokyo, Japan. The two had become acquainted with each other through online forums. Despite the fact that Mt. Gox was projected to generate revenues of around $100,000 in 2011, McCaleb offered Karpeles the business essentially as a freebie. All he asked for in return was a 12 percent stake in the company as well as 50 percent of the profits for the coming half year.

Karpeles would soon find out what it meant to run an unlicenced cryptocurrency exchange. U.S. Senators Chuck Schumer and Joe Manchin urged Attorney General Eric Holder and Drug Enforcement Agency (DEA) administrator Michele Leonhart to shut down Silk Road, an online community in which users would sell and buy drugs using Bitcoins.

The problem was that a portion of these transactions wound up being facilitated through Mt. Gox’s exchange. Karpeles wrote a letter to the DEA to let them know that he was willing to provide them with any information they may need. Mt. Gox also began to track suspicious transactions taking place on its platform.

Despite the scare, usage of Mt. Gox would soon skyrocket. Users grew from 1,000 to over 65,000 within less than two months of Karpeles’ takeover. This propelled the price of Bitcoin to over $30 from just a few dollars.

Unfortunately, the attacks on Mt. Gox would continue just as the exchange grew in relevance. On June 18th, 2011, a hacker managed to compromise an Mt. Gox admin account and retrieve thousands of Bitcoins, which he immediately cashed out. This caused Bitcoin’s price to plummet from $30 all the way down to a few pennies.

As a result, Karpeles quickly halted trading on the exchange and shut it down. He also managed to move $7 million worth of Bitcoins that customers held before even more damage could be done. Mt. Gox’s dev team eventually managed to fix the issue and put the exchange back online.

Throughout 2011 and 2012, Mt. Gox continued to grow at an exponential rate. At one point, more than 90 percent of all Bitcoin trades would be conducted via the platform. Karpeles hired dozens of new employees to keep up with demand and even moved the company into Google’s former Tokyo offices.

However, regulatory pressure also kept on increasing. U.S. investigators began to suspect that Karpeles continued to be actively involved in facilitating drug transactions through his exchange. They alleged that Mt. Gox was operating an illegal money-transfer business and wanted to seize $2 million from Mt. Gox’s U.S. bank account.

A quick side note here: the investigator who filed the affidavit was Shaun Bridges, one of the two Silk Road investigators. It was later revealed that Bridges, a Secret Service agent, had moved $820,000 worth of stolen BTC on Mt. Gox. People later speculated that he ordered the seizure to cover up his own tracks.

As a result of Mt. Gox’s legal troubles, Mizuho Bank, its Japanese payment processor, halted all international transfers and withdrawals. In order to still be able to operate in the States, Mt. Gox announced a partnership with Silicon Valley startup CoinLab, which possessed a money transmitter license, on February 27th, 2013.

In the meantime, hackers would continue hitting Mt. Gox with various DDoS attacks, causing multiple outages and the price of Bitcoin to go down once again (this time, however, from around $265 to $150).

A mere two months after the partnership announcement, on May 2nd, 2013, CoinLab filed a lawsuit against Mt. Gox, alleging that the latter had breached the terms of their agreement and failed to hand over its American business.

Mt. Gox continued to frustrate its customers as well, for instance by halting withdrawals for two weeks in late June. As a result of the firm’s continuous problems, competing exchange Bitstamp (which was shut down a few months later) overtook Mt. Gox as the world’s leading exchange.

Apart from introducing major improvements to its site, Mt. Gox also launched an informational site under the domain Bitcoins.com to educate newcomers on BTC and cryptocurrencies as a whole. Unfortunately, all of this wasn’t enough to prevent the inevitable.

On February 7th, 2014, Mt. Gox suspended trading on its platform, citing an unexpected increase in customers wanting to make withdrawals. Three days later, it issued a statement and said it would continue halting withdrawals:

The problem we have identified is not limited to Mt. Gox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result, we took the necessary action of suspending Bitcoin withdrawals until this technical issue has been resolved.

Other exchanges, such as Bitstamp and BTC-E, also halted withdrawals after various DDoS attacks. Meanwhile, the price of Bitcoin fell from over $800 all the way to just above $110. Concern among the wider public increased when, on February 23rd, Karpeles resigned from the Bitcoin Foundation’s board of directors and Mt. Gox deleted all of its tweets.

A day later, the site was shut down completely. Just hours after the shutdown, news began circulating that the exchange had been hacked and around 850,000 bitcoins – equal to about $500 million at the time – had gone missing.

On February 28th, 2014, Mt. Gox officially filed for bankruptcy protection. CEO Karpeles held a press conference in which he apologized to the exchange’s users and even symbolically bowed down in front of the press that was in attendance.

At the beginning of March, Mt. Gox filed for civil rehabilitation, which would allow it to rebuild its business and repay some creditors.

In the meantime, the situation for Karpeles only worsened. On March 9th, hackers defaced the personal blog of Karpeles and uploaded tropes of sensitive user data such as account balances and trades. To make matters worse, security researchers later revealed that the stolen data contained malware, which would scan one’s computer to retrieve Bitcoin-related files.

Things took another weird turn when, on March 20th, Mt. Gox announced that it had located 200,000 BTC in a digital wallet. The team had randomly discovered the bitcoins in an old-format wallet.

Meanwhile, more and more lawsuits kept piling on. Karpeles was even ordered to appear before U.S. courts but ultimately refused to leave Japan. Weeks later, original founder McCaleb announced that he had also lost around $50,000 (held in dollars, not bitcoins) during the hack. He also revealed that he sold his 12-percent stake to Sunlot Holdings, a Cyprus-registered company, for one bitcoin weeks after the hack took place.

Over a year after the incident, in August 2015, Tokyo police arrested Karpeles. He was believed to have altered his own cash accounts by about $3 million. Karpeles himself said the number was much lower but admitted that he tweaked the amounts held in certain accounts to test a new computer system. Additionally, he was accused of having used some of those funds for his personal usage, such as purchasing a $48,000 bed or spending it on prostitutes.

The Tokyo District Public Prosecutors Office later charged him with embezzlement. He spent close to a year in Japanese prison and, in July 2016, was released on bail. He allegedly paid $94,500 to secure his release.

He was finally put on trial in July 2017 and pleaded not guilty to charges of embezzlement and data manipulation before the Tokyo District Court. Around the same time, Greek authorities (on behalf of the U.S.) managed to arrest Alexander Vinnik, a chief member of the former BTC-e Bitcoin exchange, on suspicion of money laundering. Subsequent reporting later revealed that he was also the prime suspect in the Mt. Gox hack.

In March 2018, Tokyo lawyer and trustee Nobuaki Kobayashi who is overseeing the Mt. Gox creditors’ claims investigation disclosed that he sold around $405 million in Bitcoin and Bitcoin Cash since September 2017. However, the money was still being held in the trust and still not distributed to anyone. Interestingly enough, the sell-off also caused Bitcoin’s price to plummet.

Throughout 2018, Karpeles continued his battle with U.S. courts. In late August, for example, he urged a U.S. federal judge in the state of Illinois to dismiss a fraud lawsuit brought against him by Mt. Gox’s former customers. A Pennsylvania judge, weeks later, dismissed a claim against Karpeles due to a lack of jurisdiction.

Around the same time, both individual, as well as corporate creditors, were finally able to file online claims to claw back some of the money they had lost in the hack. Unfortunately, trustee Kobayashi kept extending the deadline for the submission of rehabilitation plans. In the meantime, he also continued to sell off more Bitcoin and Bitcoin Cash.

By February 2019, creditors grew increasingly tired with the delayed payouts. As a result, a new movement called GoxRising emerged, which would compensate creditors in exchange for ownership of their claims. Brock Pierce, the figure behind the movement, furthermore claimed that he could reboot the platform once all disputes had been settled.

Karpeles, in the meantime, had one of his biggest worries removed. On March 15th, 2019, he received a suspended jail sentence after being found guilty of tampering with financial records while being acquitted of the embezzlement charges. He received a 2.5 years jail sentence which he only would need to serve if he committed another crime in the coming four years.

Two weeks later, Kobayashi yet again extended his deadline for the submission of his rehabilitation plans to July 2020. The continuous delays led Andy Pag, the head of the largest organized creditor group representing former Mt. Gox customers (totaling around 1,000 members), to step down.

In June 2019, two traders also filed a lawsuit against Jade McCaleb, accusing him of failing to create a secure exchange. However, former customers weren’t the only ones trying to capitalize on the exchange’s demise.

At the beginning of 2020, the Fortress Investment Group offered to purchase claims from creditors who lost their money. The company was offering up to 88 percent of the estimated account value to anyone wanting to finally be done with this saga.

After months of deliberation, attorney and trustee Nobuaki Kobayashi finally released a draft of his rehabilitation plan in late March 2020. The draft, amongst others, revealed that creditors who filed to receive their assets in BTC would be paid out in the cryptocurrency.

However, he also obtained yet another approval to extend his submission from October to December 2020. Finally, on December 15th, he submitted a draft rehabilitation plan to refund Mt. Gox users.

One of the major reasons for the repeated delays was the claims of former partner CoinLab, which had filed a lawsuit against Mt. Gox back in 2013. In early 2021, CoinLab, Kobayashi, and a group of creditors finally were able to cut a deal, which would allow the trustee to proceed with his payout plan.

On October 20th, 2021, creditors overwhelmingly (99 percent) approved the trustee’s rehabilitation plan, which would pave the way for the repayments to be initiated. Consequently, the rehabilitation plan was finalized three weeks later, on November 16th. That means it is now final and binding. Payouts are expected to take be conducted in 2022.

Who Stole Mt. Gox Bitcoins?

Unfortunately, to this date, it has not been revealed who was behind the Mt. Gox hack. The closest lead that prosecutors have is Russian national Alexander Vinnik.

Vinnik was arrested in December 2017 by Greek authorities on behalf of U.S. authorities. He operated one of the world’s largest crypto exchanges called BTC-e which eventually shuttered its doors.

Some of the BTC-e wallet addresses were later linked to stolen Mt. Gox bitcoins. Some of the stolen coins were essentially laundered through the platform.

Kobayashi, in October 2019, even requested information from the U.S. Department of Justice (DOJ) regarding transactions recorded on the exchange.

In December 2020, Vinnik was sentenced to serve five years in prison in France and fined USD$121,000 in relation to various charges, such as identity theft and drug trafficking. Similarly, the DOJ, back in 2017, brought a total of 21 charges against Vinnik. They alleged that the BTC-e exchange served as a facilitator for money sourced from “computer intrusions and hacking incidents, ransomware scams, identity theft schemes, corrupt public officials, and narcotics distribution rings.”

Meanwhile, in June 2020, self-proclaimed Bitcoin inventor Craig Wright (vis-a-vis his lawyers), in June 2020, stated that he was behind the hack. However, he also claimed that he lost access to the wallet keys. Due to Wright’s questionable past, many simply ignored his claims.  

Hi folks, my name is Viktor! By day, I lead a tech team of 10 for an e-commerce startup. At night, I work on expressing my weird thoughts through this blog. And if there's time, I cuddle my cat..