Welcome to PYMNTS’ series on crypto crime. We’ll be taking a look at the crimes that have not only been committed in the cryptocurrency industry but have defined it — especially Bitcoin — in many people’s minds.
We’ll give you a look at the realities and the myths, the methods and tools and the ways authorities and private securities are starting to break through the mythical anonymity that many criminals — and honest people — believe shields their transactions.
Along the way, we’ll tell you some great stories to illustrate. Some will be funny, some will be whimsical, some will be sad, and a few will be horrifying. A whole lot of them will be hard to believe. But they’ll all be true — or at least what Watergate journalist Bob Woodward called “the best obtainable version of the truth.”
See also: PYMNTS Crypto Crime Series: The $612 Million Heist That Wasn’t
PYMNTS Crypto Crime Series: The Tale of QuadrigaCX, Canada’s Longest Crypto Ponzi Scheme
PYMNTS Crypto Crime Series: In India Hacking Case, Bitcoin Trail Leads to Hamas
PYMNTS Crime Series: Another Day, Another Nine-Figure Crypto Hack
Mt. Gox. It’s like a one-word-name celebrity, and if you’ve spent any time delving into the history of Bitcoin you know about it. If you owned bitcoin in early 2014, chances are pretty good you learned about it the hard way.
On Feb. 7 that year, the Japan-based cryptocurrency exchange halted withdrawals. Three weeks later it went offline. A few days later, the news broke: The world’s largest cryptocurrency exchange, which handled 70% of all crypto trades, had been robbed of 600,000 bitcoins.
Then? About $460 million. On March 10, 2022? A staggering $26 billion.
The CEO, Mark Karpelès, got a suspended 2.5-year jail term in Japan for manipulating electronic data, and he was acquitted of more serious charges of embezzlement and breach of trust — he has maintained his innocence in the hack and is widely believed. Russian hackers are thought to have been behind it.
Like everything about the case, and the exchange itself, the end was messy.
The loss was first reported to be 850,000 bitcoins, but the company later found 200,000 BTC in an old, offline “cold” wallet — essentially a hard drive that could not be hacked because it was not connected to the internet.
That neglected wallet, with more than $100 million worth of bitcoins in it, would likely have been cleaned, too, if connected occasionally, as cold wallets are. The hack had apparently been going on for years.
Where the Magic Happened
Mt. Gox’s roots are humble: It started in 2010 as an online exchange for cards used in a fantasy role-paying game, Magic: The Gathering.
That’s where the name comes from. It’s an acronym for Magic: The Gathering Online Exchange. It was started by Jed McCaleb, who went on to create the cryptocurrencies Ripple and then Stellar.
He transitioned it to a crypto exchange quickly, but by 2011, McCaleb was bored and found a buyer in Karpelès. McCaleb was long gone by the time of the hack.
Karpelès was, by all accounts, a less-than-stellar manager. The exchange had suffered previous hacks, outages, and in 2013 had $5 million seized from its U.S. accounts by the U.S. government after a judge found it was likely operating as a money transmitter without a license. CoinLab, a U.S. company it partnered with in order to get compliant, sued the exchange for $75 million that year after the partnership collapsed.
According to Wired, the site’s tech management was a mess. “There was only one person who could approve changes to the site’s source code: Mark Karpelès,” it wrote in 2014, shortly after the collapse. “That meant that some bug fixes — even security fixes — could languish for weeks, waiting for Karpelès to get to the code. ‘The source code was a complete mess,’ says one insider.”
The same can be said of the bankruptcy process.
Delayed repeatedly, the trustee received an enormous amount of criticism, both for charging hundreds of thousands of dollars in fees per month, and also accusations of selling off the bitcoin at the wrong time — or so quickly that it drove the price down.
It took seven years for the court-appointed trustee to create a plan to sell off the crypto and apportion it among creditors, and get that plan approved. That plan only received the final go-ahead for the planned payout of $8.5 billion to the creditors in October — when bitcoin was at about $60,000. At this writing, it’s $40,000, and there’s no news of the checks dropping.
Even so, and while it’s far less than the current market value of the crypto they lost, the Mt. Gox hack victims could actually turn a profit.