The bad aftertaste of Bitcoin exchange Mt. Gox’s collapse

The full article appears in the Daily Beast. 

February 28th, 2014

Bitcoin, the virtual currency that has been racing toward acceptance as a genuine currency, had a colossal setback this past Tuesday, when a major Bitcoin exchange, Mt. Gox, based in Tokyo, went off-line.  Thousands of customers are unable to withdraw deposits and CEO Mark Karpeles is not talking to the press about what happened. Fears about the virtual currency’s security have multiplied with the closing of Mt. Gox. It appears that the theft of several hundred thousand Bitcoins from the company forced it to close the exchange. Speculation is rampant as to what exactly happened. On February 28th, the firm declared bankruptcy. 

The Daily Beast was able to speak with a former employee of Mt. Gox, on the condition of anonymity, due to a nondisclosure agreement with the company. According to the former employee’s testimony and other expert analysis, it seems very likely that the collapse of Mt. Gox was not a criminal fraud but the result of poor management, faulty accounting, and system bugs that went unfixed many months after being recognized by the CEO himself. The final nail in the coffin was the unauthorized release of an internal document that was supposed to serve as the groundwork for saving the company. It is unclear who leaked the document—which was an unfinished draft of a plan of action.

“Essentially,” said the former employee, “Mt. Gox was a dysfunctional organization. Nobody was doing accounting reconciliation and there was an exploitable fault in the transaction system that allowed people to get paid twice—or in other words, withdraw more or less the same amount of Bitcoins two times. Think of it this way—if Bitcoins were like frozen hamburger patties being served at a diner with a touchscreen menu, someone figured out that by tapping the screen twice you could get two hamburgers for the price of one. One day someone at the diner went to the freezer and realized that they were completely out of hamburgers—and they’d only served half the customers they thought they had.”

Bitcoin is a virtual currency that is produced by a computer program and is supposed to be extremely secure. Bitcoins.com explains it as follows “All newly mined Bitcoins, along with every transaction, are publicly recorded and verified through the network. This record is known as the blockchain and is one of the features that helps keep the system secure from fraud and abuse. Bitcoins cannot be duplicated or forged.”

And it does seem true that Bitcoins are very hard to forge or duplicate. Unfortunately, if you know what you’re doing, they may be easy to steal. Or if you’re not careful, they may be very easy to lose. Security in the transactions is paramount.

Flaws in the system became apparent on Feb. 7, when Mt. Gox was forced to halt withdrawals of Bitcoins. In a press release on Feb. 10, the company said it had suspended withdrawals because of a software flaw that would allow people trading the virtual currency to defraud the exchange. The announcement drew the ire of the Bitcoin community.

Jason Maurice, chief technology officer of Wiz Technologies Inc., says that Mark Karpeles, who corresponded on the Internet under the name MagicalTux, seemed to lack a good sense of cybersecurity. He asserts that the CEO admitted to flaws in the system on an Internet Relay Chat (IRC) in October 2013.

Maurice explains, “Mark seemed to acknowledge, but misunderstood the severity of the security issue, and didn’t implement a correct fix at the time. By February 2014, he realized the severity of the bug and came up with a proper fix, but by then it was too late, the damage had been done. He basically dismissed a multimillion-dollar bug in his software that any decent software engineer would have immediately realized was a huge issue. Any financial institution would have a huge quality assurance team to find such bugs, but for Mark it was all up to him. Quite amazing.”

Several attempts were made to contact Karpeles for comment or his version of events, but he did not reply as of this posting.

Maurice and his friends, who have a total of $40,000 in Bitcoins in limbo, have been exhaustively examining what went wrong with the firm. “From our analysis of [the record of Bitcoin transactions], it appears Mt. Gox might not only have leaked money through a bug, but might have also accidentally thrown away Bitcoins. It’s hard to believe this level of incompetence,” he said.

For the rest of the story, please go to The Daily Beast: Inside The Bitcoin Heist  which was posted on February 28th 11:50 am Japan time.  A few hours later on the same day Mt.Gox declared bankruptcy acknowledging that they had lost 850,000 Bitcoin, the  combined amount of company and customer Bitcoin. At the time of the announcement it was close to being valued at $470 million.