Cyber Security
Cryptocurrency Insecurity Mt. Gox, where are our bitcoins?
By Guillaume NoĂŠ
Mark Karpeles bowed in front of the Japanese press with his eyes closed. He looked deeply humbled and uncomfortable. He was apologising to his clients for having lost 750,000 of their bitcoins, and an extra 100,000 bitcoins owned by his company. Karpeles was the CEO of the Mt. Gox, a bitcoin exchange based in Tokyo, Japan. By 2013, Mt. Gox was the biggest bitcoin exchange in the world, handling 70% of global bitcoin trading. At a press conference on February 28, 2014, Karpeles referred to some "weakness in the system" and blamed hackers for the loss. At the time, the lost 850,000 bitcoins were worth $473M USD. By early November 2017, those bitcoins would have been worth $5.57B USD. The Mt. Gox's clients impacted by the loss have been denied a substantial profit from their early investment in the cryptocurrency. Hackers allegedly exploited an application business logic vulnerability on the exchange trading web app. Tokyo security company WizSec investigated the case and concluded that most or all of the missing bitcoins were stolen straight out of the MtGox hot wallet over time, beginning in late 2011. When discovered and reported in February 2014, it was a disaster overnight. The exchange shut down. Mt. Gox filed for bankruptcy and left many of their clients short of their valuable bitcoins. There is more to the story of Karpeles and Mt. Gox. 100,000 client bitcoins were eventually recovered. Karpeles was also found guilty of fraud, embezzlement and financial mismanagement in a charge unrelated to the missing
58 | Australian Cyber Security Magazine
client bitcoins. He ended up in prison. The case of Mt. Gox shook the cryptocurrency ecosystem and created a strong precedent with the risks of cryptocurrencies.
Cryptocurrency security risks Bitcoin and other cryptocurrencies are fast growing in popularity and not only with high-risk investors. They are becoming mainstream and they are offering a valid