WizSec Study:Mt. Gox
The Bitcoin community has always speculated that Mt. Gox was insolvent before its collapse in early 2014. A new study done by WizSec now confirms this speculation. The study reports that MtGox was insolvent long before it collapsed, with thieves were routinely stealing bitcoin from the exchange’s reserves.
The WizSec study also confirms that the majority of the missing Gox bitcoin was stolen by someone on the inside — echoing a report from The Yomiuri Shimbun that the coins were lost due to fraud rather than an external hack. The report cited sources at the Japanese Metropolitan Police Department (JMPD) who claimed that out of 650,000 missing Bitcoins, only 7,000 — or one percent — of the poached currency was lost due to cyber attack.
When Gox collapsed in February 2014, it claimed that it lost track of 850,000 bitcoins — worth about $500 million. The money belonged to thousands of creditors, many of whom used the exchange up until its demise. Although Mt. Gox denied that they had done anything criminal, WizSec suggests that the exchange’s reserves had been raided as early as 2011.
According to WizSec, MtGox’s reserves had practically been wiped out by the summer of 2013, with most of the coins being stolen from the exchange’s hot wallet. In reaching this conclusion, the WizSec team trawled millions of entries on the blockchain. They found a recurring pattern of someone sending Gox-related bitcoin to a new address, without a withdrawal log entry, often in groups of a few hundred coins at a time. The bitcoins would then be sent to larger addresses, holding a few thousand coins each.
Was Cold Storage Compromised Too?
Although cold storage is generally considered a secure way to hold bitcoin, its safety depends on how it is managed. WizSec found no historical data regarding whether or not Gox’s cold storage was well-managed. However, they do believe that the cold storage could have been compromised — either physically by someone with on-site access electronically through a security flaw in the key generation process.
WizSec did find that Mt. Gox failed to adequately monitor its cold storage, which consisted of paper wallets generated ahead of time and stored away. Gox took pre-printed paper wallets and automatically filled each one with surplus bitcoin from the hot wallet. Similarly, whenever the hot wallet ran low, the company staff manually scanned paper wallets to refill the hot wallet. According to WizSec, it is possible that Mt. Gox’s lack of adequate cold storage monitoring led to staff pouring funds into the compromised hot wallet. Not knowing that the hot wallet was compromised, the staff likely assumed that they were refilling the hot wallet after normal withdrawals, rather than feeding bitcoin to a hacker.
Being independent investigators, WizSec did not have access to enough data to pin down a concrete suspect in the Gox theft. The team will make follow-up reports, although they intend to leave the full criminal investigation up to the proper law enforcement agencies.
Kim Nilsson, the report’s author and Chief Engineer at WizSec, says that this kind of activity would be hard to interpret as anything but intentional theft. This claim contradicts Mark Karpeles’ statement on the theft:
“We believe that there is a high probability that these bitcoins were stolen as a result of an abuse of this bug and we have asked an expert to look at the possibility of a criminal complaint and undertake proper procedures.”
Was Karpeles really oblivious to the theft that was happening within his own company? Let us know what you think in the comments below!
Featured Image: NCPR