Mt. Gox Hack Technical Explanation

WizSec recently released a technical analysis of what ultimately led to the bankruptcy of Mt. Gox. In this article, I’m going to explain what the hackers stole and what likely happened.

Rough Timeline

September 2011 — Mt. Gox’s hot wallet private keys were stolen from a wallet.dat file.

What Got Stolen

Bitcoin is spent using digital signatures. In order to create a digital signature, you have to have the private key. Most wallets these days encrypt these private keys to a password or pin, but before September of 2011, the Bitcoin Core Wallet did not encrypt them.

Why Funds Kept Coming In

It’s hard to fathom Mt. Gox not knowing that these keys were compromised, but that’s exactly what seems to have happened. Most of the company probably thought that funds were being moved to more secure addresses. Funds probably kept flowing into the compromised addresses because they were associated with customer accounts. This is a known problem for exchanges in that customers will often deposit funds to the same Bitcoin address over and over, even if new addresses are created for new funds.


It’s obvious that Mt. Gox was not very good at security, but this is an unconscionable neglect of fiduciary duty. Thankfully, wallets have gotten a lot more secure and funds are a lot more difficult to steal.

Bitcoin Educator, Developer and Entrepreneur. Book: PGP Fingerprint: C1D7 97BE 7D10 5291 228C D70C FAA6 17E3 2679 E455

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store