How did the once-largest Bitcoin exchange lose hundreds of millions of dollars’ worth of the digital currency?
Two words: transaction malleability. A hacker can tinker with the code that makes a Bitcoin transaction happen, so that it looks like it didn’t go through. The person who was supposed to receive a payment then asks again and, in Mt. Gox’s case, is paid again automatically. Mt. Gox has acknowledged this was happening. It seems that someone has been slowly bleeding it for months, leaving it without the funds to pay out legitimate withdrawals. But with the company being pretty tight-lipped about it for now, that’s only the best theory.
Was this a shot from the blue?
Not quite. Mt. Gox has been having problems for months, and people have been complaining about not being able to get their money out of the system since late last year. The company halted withdrawals altogether in early February. So while the number of lost Bitcoins is striking, many people have seen the failure of Mt. Gox as imminent for a while.
Who is affected?
Many people who had Bitcoins were relying on Mt. Gox to hold them, and the chances they will get them back at this point don’t seem very good. Other Bitcoin companies may also be affected. BTC.SX, which allows users to trade derivatives based on the Bitcoin market, said Tuesday it couldn’t take new orders because of Mt. Gox’s problems, although it also said that users’ balances were secure and it would continue to honor withdrawals.
Where did the lost Bitcoins go?
In theory, Mt. Gox could begin to track their path by identifying the fraudulent transactions and searching for the wallets the coins ended up in. But no one is putting much faith in the accounting expertise over there at the moment. In any case, many of the tainted coins have likely moved beyond their initial destinations. If there really has been a slow leak from Mt. Gox for a long time, then the coins could have spread to the ends of the earth by now. One thing is certain: They are probably all over the place, just based on the sheer number of coins alleged to have been stolen. They’d amount to about 6 percent of the Bitcoins in existence.
Is this a security problem with Bitcoin itself?
When Mt. Gox described the issue as a bug in the Bitcoin protocol, people didn’t appreciate it. The technical issue at the root of Mt. Gox’s problem didn’t just crop up recently; it seems that Mt. Gox was left vulnerable because it didn’t protect itself against the issue.
For Mt. Gox, probably not much. For the rest of the Bitcoin world, probably greater scrutiny from regulators, who will want to be confident that this doesn’t happen again. And for those who lost their Bitcoin, likely a fair dose of cynicism.