
How Mt. Gox Imploded - aaronbrethorst
http://motherboard.vice.com/read/how-mt-gox-imploded
======
jpatokal
Un-spoiler: As far as I can tell, this article tells nothing new about what
happened, and in particular doesn't actually say anything about _how_ Mt. Gox
lost all its Bitcoins.

------
sparkzilla
I actually interviewed Karpeles a few months before the crash. At the time it
seemed to me he was ill-prepared to deal with the stress of becoming a large
organization under a lot of political and financial scrutiny.

I also made a timeline of events, which is much more detailed than the
article: [http://newslines.org/mt-gox/?order=ASC](http://newslines.org/mt-
gox/?order=ASC)

------
emergentcypher
It's like we need to constantly be rediscovering why the financial system is
heavily regulated.

~~~
wdr1
Given Bernie Madoff alone made off with at least 10x what was lost with Mt.
Gox, I'm not sure I agree with that conclusion.

------
dylanjermiah
"The panic that this caused only got worse on Monday when Mark provided the
first explanation: the exchange had run up against a flaw in the Bitcoin
protocol. The flaw, known as transaction malleability, allowed devious users
to request a withdrawal, change the code, and then successfully request the
same withdrawal again."

It was my understanding that double spending wasn't possible?

~~~
VMG
Double spending was not possible.

This (known) flaw was about being able to change certain parts of a
transaction that were unsigned, allowing multiple equally valid transfers to
have different ids. Only one of then ends up in the blockchain, however.

You could thus not rely on a transaction id as a reference to see if a payment
was made, but some systems did nonetheless.

See
[https://en.bitcoin.it/wiki/Transaction_Malleability](https://en.bitcoin.it/wiki/Transaction_Malleability)

~~~
yc1010
And anyways the transaction malleability "excuse" was debunked, it can not
explain millions worth of bitcoins AND millions worth of USD "disappearing"
from their bank as well.

[http://www.theregister.co.uk/2014/04/09/mt_goxs_transaction_...](http://www.theregister.co.uk/2014/04/09/mt_goxs_transaction_malleability_claim_rubbished_by_researchers/)

Karpeles is either a deliberate fraud (he does have a prior history) or
possibly a bad programmer whose bugs in code dealing with money caught him
with his pants down...

Eitherway he has greatly damaged Bitcoin name with his shenanigans, blaming
transaction malleability was one of the straws he tried to clutch at as his
house of bad code collapsed, he also tried to blame his staff and few other
tricks.

~~~
__z
>a bad programmer

He certainly didn't understand a lot about security. In the original topic on
bitcoin talk
([https://bitcointalk.org/?topic=444.0](https://bitcointalk.org/?topic=444.0))
someone pointed out he was sending passwords in the query string. He replied
"It is a post over https. It is secure." ignoring the other (obvious) problems
with putting passwords in the query string
([http://security.stackexchange.com/questions/29598/should-
sen...](http://security.stackexchange.com/questions/29598/should-sensitive-
data-ever-be-passed-in-the-query-string))

------
jackgavigan
_" For most of January, the price of a Bitcoin on Mt. Gox had been almost $100
higher than on any other exchange..."_

That doesn't sound right to me. I seem to recall that the price on MtGOX was
_lower_ than elsewhere.

~~~
Avalaxy
No, it was higher because it wasn't easy to get fiat out. People wanted
bitcoin because it was easier to get out. Only after they shut the withdrawals
down did the MT Gox BTC price crash.

~~~
jackgavigan
Right, gotcha.

------
mirimir
What about the pump-n-dump that someone was running during 2013 and mid 2014?
Was that Mt Gox or someone who had pwned it? The article doesn't even mention
the issue.

------
pakled_engineer
Wouldn't believe anything he told this Vice reporter. Karpeles once famously
slammed Prolexic and Black Lotus for weeks claiming they were 'a scam' then
somebody noticed he had failed to do even basic firewalling and ports were
still wide open allowing attackers to easily bypass the DOS mitigation
service. He's only one notch above in competency from the exchange that nuked
their wallet when they shut down an AWS VM accidentally. That ol chestnut
about the malleability vuln is not supported by their own logs they released
it's more likely they were cleaned out months before and ran a scheme to
inflate Bitcoin and recoup the losses until even that scheme imploded.

~~~
emodendroket
He's not quoted in the article and the only part of the article based on his
account comes from another source and notes that it is impossible to verify
and there is reason to be suspicious of it. Why not read the article before
commenting?

