Mt Gox: The brief reign of bitcoin's top exchange

(Reuters) - The collapse of Mt. Gox might appear sudden, but bitcoin insiders say its downfall began nearly a year ago as the virtual currency exchange tangled with regulators, split from former business partners and grappled with cyber attacks.

Mt. Gox’s fall lays bare the difficulties the bitcoin community faces as it tries to square its freewheeling, libertarian ideals with the rigorous regulation required in financial services and customers’ needs for reliable service.

Once the world’s biggest bitcoin exchange, Mt. Gox on Friday filed for bankruptcy protection, saying it may have lost nearly half a billion dollars worth of the virtual coins due to hacking into its faulty computer system. How it managed to lose so much so quickly is still unclear.

U.S. federal prosecutors have subpoenaed Tokyo-based Mt. Gox - and other bitcoin businesses - to seek information on a recent spate of disruptive cyber attacks that overwhelmed some exchanges and forced them to suspend withdrawals. Mt. Gox never recovered, whereas rivals such as Slovenia-based Bitstamp have since resumed operations.

“The first wave of entrepreneurs were evangelists for the technology, but low on quality,” said Nick Shalek, an investor at Ribbit Capital, which has backed bitcoin companies including digital-wallet Coinbase. Now, he said, a more serious group of entrepreneurs is trying to build more serious infrastructure around bitcoin.

Bitcoin is a digital currency that, unlike conventional money, is bought and sold on a peer-to-peer network independent of central control. Its value has soared in the last year, and the total worth of bit coins minted is now about $7 billion.

Mt. Gox’s decline, ironically, started just as bitcoin was hitting a new level of notoriety in the broader public. Proponents include prominent Silicon Valley venture capitalists who talked up a virtual currency system free of government intervention or control.


Founded in 2009 by American software hacker Jed McCaleb, Mt. Gox was originally a site for people to trade cards for a game called “Magic: The Gathering.” (Mt. Gox is short for “Magic: The Gathering Online Exchange”)

McCaleb turned the site into a bitcoin exchange and sold the fledgling business in 2011 to Mark Karpeles. Under the Frenchman, Mt. Gox became the face of bitcoin - where investors regularly checked the price of the digital currency and where the largest volume of trades occurred.

As regulators started to take notice of the bitcoin market, Karpeles became a vocal champion. He described Mt. Gox as “the main exchange” and argued for bitcoin’s legitimacy while trying to distance it from criminals using the digital currency for money laundering or drug-related activities.

Karpeles said Mt. Gox had no interest in helping criminals launder funds, and pushed back against claims that bitcoin transactions were completely anonymous, noting that while the system was designed for privacy, it was easy to track bitcoin across the network.

If authorities found a way to shut down Mt. Gox, “the likely result will be more exchanges popping up all over, with methods much harder to track, and who will be much less likely to agree to help with any investigation,” Karpeles said in a 2011 email to a reporter for the Compliance Complete service of Thomson Reuters Accelus.

“We want (authorities) to understand that the problem is not bitcoin itself, but what some people do with those,” he said in the message, one of numerous emailed exchanges over the years.

In 2011, bitcoin was barely trading at $1, but volumes were picking up at Mt. Gox, which routinely saw more than 20,000 transactions daily, more than double those in late 2010.

Kolin Burges, a self-styled cryptocurrency trader and former software engineer from London, holds a placard to protest against Mt. Gox, in front of the building where the digital marketplace operator was formerly housed in Tokyo February 26, 2014. REUTERS/Toru Hanai

Karpeles said Mt. Gox had servers in the United States but little in the way of money. It used Iowa-based online payment processor Dwolla Inc to make U.S. customer transactions easier.


Bitcoin’s popularity increased incrementally, similar to its price. On April 1, 2013, it topped $100 for the first time, and trading volumes were increasing.

Around this time, a regulatory push intensified. The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) declared bitcoin exchanges to be money transmitters, requiring them to register, enact formal anti-money laundering programs, and report suspicious activity.

Shortly after that, a bitcoin exchange known as bitfloor was shuttered after its U.S. bank account was closed because it had not properly registered with regulators.

Concerns that regulatory action would cause customer funds to be trapped resulted in a sharp plunge in bitcoin, falling from $230 on April 10 to a low of $68.49 on April 17 - a period of time that turned out to be the peak in terms of dollar-denominated trading on Mt. Gox, according to Bitcoincharts.

As volumes jumped that month - on two separate days, there were more than 500,000 dollar-denominated transactions on Mt. Gox - the exchange said it was overwhelmed by the volumes, and it was working to upgrade its systems.

Karpeles said in an April 13 email that bitfloor’s closure was a fate that would not befall Mt. Gox. “We apply very strict AML (anti-money laundering) procedures to avoid exactly this kind of issue. We have very good relationships with our banking partners and making sure everything is run as good as possible.”

On April 18, Karpeles clarified that Dwolla was the company’s only transaction provider. “We do not use any U.S. bank,” he said via email.

Mt. Gox did not immediately register with FinCEN - a misstep that would in part lead to its demise.

In May 2013, the U.S. Department of Homeland Security froze an account that Dwolla held at Veridian Credit Union in the name of Mutum Sigillum LLC, a Mt. Gox subsidiary incorporated in Delaware.

A related court document said another account at Wells Fargo had been seized earlier that month. The Department of Homeland Security justified the seizures by accusing Mt. Gox of failing to register with Treasury as demanded by FinCEN. (It eventually registered in June.)

Karpeles has declined to comment on the seizures, but this complicated the ability of Mt. Gox to allow U.S. customers to liquidate existing investments. Dwolla eventually ended its relationship with Mt. Gox, in a blow to the exchange.

“Most professional users moved away from Mt. Gox months ago, leaving April 2013 or thereabouts. By June 2013, the final nail was in the coffin for U.S. users,” said one of bitcoin’s core developers, who requested anonymity.

This in turn caused bitcoin’s prices on Mt. Gox to surge.

“What happened then is because you couldn’t withdraw dollars, there became a major premium for bitcoin on Mt. Gox,” said Jacob Dienelt, a maker of bitcoin paper wallets in New York.


The rise in bitcoin’s value gave it more cachet with the general public, even though most people were still uninformed about exactly what bitcoin was.

Dollar trading volumes started to diminish on Mt. Gox then - from about 66,770 transactions daily in May to a little over 14,000 in September. Volumes surged for a few months, but dropped to about 9,000 daily by January, according to bitcoincharts.

Those in the industry said Mt. Gox ceased to be the exchange of choice about nine months ago as competitors such as Bitstamp gained prominence. By the start of this year, Mt. Gox was considered a diminished player due to concerns about its technology and safety.

“It was obvious there was something really bad going on there for nearly a year. They were processing withdrawals very slowly and generally being very opaque about what was going on,” said Mike Hearn, a bitcoin developer based in Switzerland.

Mt. Gox’s problems earlier this month stemmed from “distributed denial of service” attacks, where hackers sent thousands of phantom transactions to the exchange to slow its operations. Other exchanges experienced this problem as well, but were able to restore service more quickly.

The hackers exploited a process used by some bitcoin exchanges that introduced “malleability” into the code governing transactions, experts said. Simply put, this allowed hackers to slightly alter the details of codes to create thousands of copies of transactions. These copies slowed the exchanges to a crawl, forcing them to independently verify each transaction to determine what was real and what was fake.

“It was a well-known issue that every major exchange in the bitcoin community knew about and had solutions for. Mt. Gox did not,” said Jordan Kelley, chief executive of Robocoin, the world’s first bitcoin ATM maker.

Mt. Gox said on Friday that it had lost 750,000 of its users’ bitcoins and 100,000 of its own. At the current bitcoin price of about $565, that would total some $480 million - representing about 7 percent of the estimated global total of bitcoins.

“There could be issues with security, with theft and so on, and there could be issues with the way things were implemented, where there’s just some negligence and just some accidents and poor management of the exchange,” said Moshe Cohen, assistant professor at Columbia Business School in New York.

Mt. Gox said there was a discrepancy of 2.8 billion yen ($27.4 million) in its bank accounts when it checked on Monday.

It had 127,000 creditors in bankruptcy, just over 1,000 of whom are Japanese.

“First of all, I’m very sorry,” Karpeles, wearing a suit instead of his customary T-shirt, told a news conference in Tokyo on Friday. “The bitcoin industry is healthy and it is growing. It will continue, and reducing the impact is the most important point.”

Reporting by Brett Wolf of the Compliance Complete service of Thomson Reuters Accelus in St. Louis and Emily Flitter in New York; Additional reporting by Jim Finkle in Boston and Sarah McBride in San Francisco; Writing by David Gaffen; Editing by Tiffany Wu