As Mark Karpeles comes back to the fora of crypto, much to the hissing and disgust of its members, clear episodes of Mt.Gox PTSD come to haunt anyone who lived (and still lives) through it.
At sight to this long forgotten villain of the crypto-space I am once again reminded of the intrinsic irony of the decentralised movement, and how relying on influential people and organisations within the space can be such a central point of failure.
Refresher on The Mt.Gox Saga
(Skip if you’re still licking your wounds)
In 2014 at the peak of its saga, Mt.Gox (the name “Mount Gox” inspired from the card game Magic: the Gathering (Exchange), for you, fun fact enthusiasts) was largest global cryptocurrency exchange of its time, carrying 70% of the global crypto trading volume on its shoulders.
Mt.Gox was a welcomed solution to the long-standing issues of trading bitcoin in a sufficiently liquid exchange or resorting to over-the-counter trades.
The opportunity to finally engage in active trading meant that many of the miners who had racked up thousands of bitcoin could now trade their investment and grow their wealth further.
This welcomed opportunity lead many, to overlook affects failures in Mt.Gox’s security and operations, as a trade-off or a concession to the fact that it’s better to have a bad exchange than no exchange at all.
So much so that even when Mt.Gox suffered not one but two system failures in 6 months in 2011; one being a security breach which caused a flash crash of the bitcoin price to $1 and another which saw the system lose 2600 Bitcoin to invalid addresses, the backlash was not significant.
Over the next few years, things did not get easy for Mt.Gox, as being the largest trading platform it attracted the attention of not only hackers and other malicious actors but also the scrutiny and attacks of public authorities like the US Department of Homeland Security and the US Financial Crimes Enforcement Network (FinCEN).
During such times it was not uncommon for the exchange to suspend trading or withdrawals for days on end, not to mention the ludicrous delays in execution of withdrawal requests when it was actually then possible.
In retrospect, it does not surprise me how bitcoin’s price remained depressed for so long.
What does surprise me is the risk tolerance many in the space were happy to live with when using this exchange or really what they thought was the actual level of risk they were tolerating.
Still, you will never, ever fully appreciate the fallibility of any person or organisation until you experience the consequences yourself.
When Mt.Gox halted withdrawals on 7th February 2014, it was greeted with the tepid response of “here we go again”. It was not until three days later that the exchange published the news that it suffered a Malleability Attack.
This allowed hackers to exploit a vulnerability in the bitcoin protocol that effectively allowed them to withdraw bitcoin from the same Mt.Gox addresses where it was kept on for multiple times on end on the basis that the amounts first withdrawn were never received.
The next ten days spelt disaster and much heartache for many in the community as day after day more bad news came to the fore.
Firstly with the overarching fact that withdrawals had been halted for 14 days straight.
Next came the resignation of Mark Karpeles (CEO) and finally the halting of trading and the closure of the website on the 24th February 2014. It was soon after revealed through leaked internal documents that Mt.Gox had been losing around 750,000 of its customers’ bitcoin to undetected theft over the last three years.
Mt.Gox filed for bankruptcy four days later, and bitcoin’s price was smashed by 36% to around 520$.
Since then Mt.Gox, Mark Karpeles, and the unfortunate souls who had their coins on the exchange have been on a long and winding road toward unravelling the mess that was Mt.Gox.
Today, four years later, each is still engulfed in a tense situation to resolve outstanding claims and return the funds (which were due in the price at the time – forget about today’s prices) to their ailing customers.
The best part is everyone else was unwittingly dragged along for the ride, through market turmoil, conspiracy, debate and the begrudging paranoia that many people have come to depend on to survive in this space.
Captain Hindsight and the Karpelian Chronicles
(Read if you haven’t learnt your lesson)
Have we learnt our lesson; not to trust, even in the trustless space?
I believe that anyone from 2014 is still frothing at the mouth at the thought of leaving a single satoshi on an exchange or some wonky hot wallet on their desktop.
However, I believe the new generation of crypto-maniacs might not be prepared for such bitter medicine as the lesson of Mt.Gox.
Many may say we have come a long way since; Karpeles was given his sentence, the Trustees of the Mt.Gox liquidation are slowly reimbursing some of the customers and security has improved.
However, has the underlying constant of crypto changed? Are we less vulnerable than before? In each case, my paranoia says a resounding “no”.
As Andreas Antonopoulos once rightly said, it is not a question of if you get hacked but when.
The trustless protocol that is bitcoin and the blockchain solves a myriad of problems that come with centralised money, but this comes at a cost. The cost is what is derived from removing a central father figure authority that can right all the world’s wrongs and reverse illicit transactions and scams.
The cost is also what follows the double-edged sword that is a censorship-resistant blockchain that cannot be altered by anyone.
What inevitably comes to the surface is that responsibility remains ultimately with he who controls or has an interest in controlling the keys to their wealth. This might come as a staggering surprise for some who have come to expect and demand security out of institutions such as Banks and similar custodians of wealth.
However, what many seem to fail to understand is that in this realm of true proprietary ownership, owning crypto is much like owning cash, diamonds, gold or pretty much anything that can be offed with if left for the taking. Hence much like having money in your wallet which you’ll never leave it out of your sight nor trust in the hands of a weird looking establishment called Mt.Gox, so to must you treat your cryptocurrency.
Many fail to appreciate the slight but very significant nuance that comes with the true ownership of money and financial freedom and privacy: personal responsibility.
Will Mt.Gox Ever Happen Again? Should We Worry?
For starters, it’s happening all the time and will continue to happen. The only difference being that the scams and hacks are just not concentrated to the degree that effects 70% of the current tradable volumes.
The solution to all this doom and gloom is short and simple but hard: take responsibility for your god damn money.
The next is start listening to those paranoid tinfoil-hatted veterans who operate only through cold storage devices and VPNs.
Fourth accept that, much like money in your wallet, nothing is 100% secure and that Banks might not be as useless as you may think – at least for now.