Mt. Gox Hack Technical Explanation

Rough Timeline

September 2011 — Mt. Gox’s hot wallet private keys were stolen from a wallet.dat file.

What Got Stolen

Bitcoin is spent using digital signatures. In order to create a digital signature, you have to have the private key. Most wallets these days encrypt these private keys to a password or pin, but before September of 2011, the Bitcoin Core Wallet did not encrypt them.

Why Funds Kept Coming In

It’s hard to fathom Mt. Gox not knowing that these keys were compromised, but that’s exactly what seems to have happened. Most of the company probably thought that funds were being moved to more secure addresses. Funds probably kept flowing into the compromised addresses because they were associated with customer accounts. This is a known problem for exchanges in that customers will often deposit funds to the same Bitcoin address over and over, even if new addresses are created for new funds.

Conclusion

It’s obvious that Mt. Gox was not very good at security, but this is an unconscionable neglect of fiduciary duty. Thankfully, wallets have gotten a lot more secure and funds are a lot more difficult to steal.

--

--

Bitcoin Educator, Developer and Entrepreneur. Book: https://amzn.to/2RSlnTb PGP Fingerprint: C1D7 97BE 7D10 5291 228C D70C FAA6 17E3 2679 E455

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jimmy Song

Jimmy Song

35K Followers

Bitcoin Educator, Developer and Entrepreneur. Book: https://amzn.to/2RSlnTb PGP Fingerprint: C1D7 97BE 7D10 5291 228C D70C FAA6 17E3 2679 E455