In a previous story, I had explained the infamous DAO Hack in detail. However, the DAO hack was not the first or the last hack in the wild world of crypto tokens. In this story, I will explore the first major crypto hack, the infamous Mt Gox, the effects of which still could not be recovered.
Mt Gox had been founded by Jed McCaleb in 2010, sold to Mark Karpeles in March 2011 and it was the biggest Bitcoin exchange in late 2013-early 2014.
Mt Gox went through two hacks in 2011 and 2014 respectively. The one in 2011 was relatively small and manageable. The attackers managed to take over the account of an Mt Gox auditor by stealing hot waller private keys that were stored in a wallet.dat file. By using the privileges of that account, the attackers were able to arbitrarily assign himself a large number of Bitcoins and, by selling these Bitcoins, they reduced the price of Bitcoin to 1 cent from 17 USD. Then they withdrew approximately 2000 BTCs from this low price. Additionally, approximately 650 BTC were purchased by Mt Gox customers from that low price.
On the front side, Mt Gox seemed to be handling this crisis in a reasonable manner. Karpeles issued an extensive statement explaining the hack, the recovery procedure, and measures that would be taken, including but not limited to compensation for 2000 stolen BTCs and transferring a substantial amount of Bitcoins into cold wallets. In early 2013, Mt Gox was, once again, the largest Bitcoin exchange. However, things were not that good behind the scenes.
In May 2013, Mt Gox was sued by CoinLab, a US start-up that was supposed to conduct Mt Gox’s US operations, for 75 Million USD over Mt Gox’s breach of an exclusivity clause by servicing directly to customers in the US as well as its failure to deliver the necessary information.
Also in June and August, the US government seized 5 Million USD in total from Mt Gox for operating for involving into unlicensed money transmitting activity.
The second Mt Gox hack, on the other hand, was the first major crypto hack. In February 2014, more than 850.000 Bitcoins, 750.000 of which were owned by Mt Gox customers, were stolen from Mt Gox. Although this hack is commonly cited separately from the 2011 hack, it has been reported that the theft was spread over time and Mt Gox had been insolvent since 2012 and emptied of all its Bitcoins by 2013.
The investigation is still on-going and the details are not clear for now. According to one scenario, this second hack has been conducted with private keys that were stolen in 2011 and, hence, the attackers managed to gradually transfer BTCs to desired accounts making these transactions look like ordinary deposits to the Mt Gox system.
Banktrupcy and Civil Rehabilitation
Mt Gox halted Bitcoin withdrawals on 7 February 2014 and the website went offline on 24 February 2014. Mt Gox filed for bankruptcy in Japan on 28 February and in the US on 9 March 2014. While the bankruptcy proceedings were pending and the Mt Gox Estate’s Bitcoins were being sold by the bankruptcy trustee, some creditors filed a petition for civil rehabilitation against Mt Gox before the Tokyo District Court in November 2017 and on 22 June 2018, Nobuaki Kobayashi announced that the court stayed the bankruptcy proceeding; issued an order of the commencement of civil rehabilitation proceedings and Kobayashi has been appointed as the civil rehabilitation trustee.
Relevant key differences between the bankruptcy and civil rehabilitation proceedings are explained as follows in Kobayashi’s announcement:
In bankruptcy proceedings, non-monetary claims are converted into monetary claims based on the valuation as at the time of the commencement of bankruptcy proceedings. In contrast, in civil rehabilitation proceedings, non-monetary claims are not converted into monetary claims at the time of commencement of the civil rehabilitation proceedings.
In bankruptcy proceedings, bankruptcy claims that have not been filed are not stated in the statement of approval or disapproval of claims. In contrast, in civil rehabilitation proceedings, the rehabilitation debtor, etc. … will state the rehabilitation claims which the rehabilitation debtor, etc., is aware of in the statement of approval or disapproval of rehabilitation claims, notwithstanding that proof of claims have not been filed for them.
In civil rehabilitation proceedings, the rehabilitation debtor, etc., will prepare a rehabilitation plan, in which matters such as the content of any modifications of rights of civil rehabilitation creditors and the payment plan are set out. This type of plan does not exist under bankruptcy proceedings. The rehabilitation debtor, etc., is required to obtain the court’s confirming order via a rehabilitation creditors’ resolution on the proposed rehabilitation plan to make repayments in accordance with the rehabilitation plan. If the proposed rehabilitation plan is rejected or not otherwise approved, the civil rehabilitation proceedings in this matter will be discontinued and the bankruptcy proceedings will be recommenced.
The practical conclusion of this is that unlike the period before the civil proceedings, Bitcoins would not be sold but to be distributed among creditors on a pro-rata basis. This means that considering the current market price of Bitcoin, creditors could obtain much more than 440 USD per Bitcoin — the price coming from the beginning of bankruptcy proceedings.
On the other hand, civil rehabilitation is a long process just like bankruptcy. Collecting claims and negotiating with creditors is not an easy task. Additionally, in February 2019, after the civil rehabilitation proceeding commenced, CoinLab increased its claim of 75 Million USD to 1.6 Billion USD against which Kobayashi fights thoroughly as the civil rehabilitation trustee. Unfortunately, this and other similar claims create significant delays in the payout schedule.
Tracking the Stolen Funds?
On 20 March 2014, after the bankruptcy proceedings started, Mt Gox confirmed that approximately 200.000 BTCs were found in old-format wallets. The whereabouts of 650.000 BTCs is still unknown and subject to parallel investigations pending in different jurisdictions. Especially the question of how the attackers accessed the cold wallets is an important one. It is commonly presumed that Mt Gox was not continuously monitoring cold wallets and, thus, it is likely that cold wallets might have been compromised by an insider or that the staff recklessly and gradually poured the content of cold wallets into hot wallets.
Despite the fact that the identity of attackers in the Mt Gox hacks remained unknown for a long time, US authorities linked Alexander Vinnik, a Russian national who was arrested in Greece in July 2017, to these hacks. It has been reported on Wizsec, a platform comprised of Bitcoin security specialists, that Vinnik was a crucial piece of the puzzle behind not only the Mt Gox hacks but also some others such as Bitcoinica, Bitfloor as a money launderer though not as a hacker. According to these experts, Bitcoins that were stolen from Mt Gox were transferred first to various accounts, then transferred to big holding accounts and finally deposited on exchanges including Mt Gox itself, but mainly BTC-e which was founded by Vinnik. Investigations are on-going on this issue as well.
Karpeles was arrested in Japan in August 2015 and spent almost a year in jail before being released on bail. Then in March 2019, a Tokyo District Court held that Karpeles was guilty of production of electronic records, for which Karpeles got suspended jail term, but there was not sufficient evidence for more serious charges of embezzlement and breach of trust.
Additionally, in a case brought against Karpeles before the Illinois Northern District Court for financial losses that arose from Mt Gox’s collapse, Karpeles’ motion to dismiss based on the lack of personal jurisdiction was denied on the grounds that by continuously exploiting Illinois market, Karpeles maintains a sufficient connection with Illinois to justify the exercise of specific jurisdiction and the case is on-going.
As can be seen above, it does not seem possible to compensate all Mt Gox creditors for the full amount of their losses. However, the civil rehabilitation proceedings, despite the interference caused by frivolous claims of CoinLab, is a good sign in the sense that the creditors could be paid more and Mt Gox’s executives and other affiliates could not benefit from their erroneous conduct/management.
On the other hand, it would be extremely optimistic to think that there would be no new legal proceedings with regards to Mt Gox hacks. Creditors are waiting for the civil rehabilitation proceedings to conclude in Japan. But they are also trying to get a hold of Karpeles in different states in the US. Quite recently, one of former Mt Gox customers failed to certify a class before the California Central District Court. But in addition to the case in Illinois, it is likely to expect more actions to be brought.