Most Mt Gox Bitcoins Were Gone by May 2013, Report Claims

Mt Gox operated a fractional reserve system since 2011, and had lost most of its bitcoins by mid-2013, according to a newly-released report.

AccessTimeIconApr 19, 2015 at 3:59 p.m. UTC
Updated Sep 11, 2021 at 11:38 a.m. UTC

Mt Gox's missing bitcoins were stolen from the exchange over a period of time beginning in 2011, according to a new report released today by a group investigating its collapse.

They were gone long before the company's collapse in February 2014, the report said. Gox had therefore been operating on a fractional reserve basis for most of that time, either knowingly or unknowingly.

The stolen bitcoins had been withdrawn and sold off on various exchanges including Mt Gox itself, and given the timing probably at prices far below the 2013-14 highs.

Tokyo-based bitcoin security firm WizSec, which produced today's update and a previous one in February, has been conducting an unofficial investigation into Mt Gox's collapse based on data pieced together from various leaks, hacks and other sources.

Bankruptcy trustee Nobuaki Kobayashi and his police team have still not made all transaction data available, including a list of all the bitcoin addresses Mt Gox used.

WizSec's report says its team has assembled a list of over 2m bitcoin addresses related to Mt Gox by comparing leaked data with blockchain records and performing clustering analysis on addresses used at similar times.

Huge discrepancy

The resulting chart shows a dramatic difference between the number of bitcoins Mt Gox should have held, and what it actually held.

 chart by WizSec
chart by WizSec

The company held little or no more than 100,000 BTC from May 2013 onward. Interestingly, neither the ideal nor actual totals includes the 200,000 BTC 'found' in cold storage after the collapse.

One key question (until now) has been whether Mt Gox's bitcoins were stolen or whether they ever existed at all, and records of their deposit faked.

Report author Kim Nilsson notes that the coins did in fact leave Mt Gox, meaning they definitely were deposited there at some point.

Speaking to CoinDesk, he said the WizSec team was "happy to finally have this breakthrough out in the public", but noted that there is still a lot of investigative work to be done by those with access to more complete data.

How many bitcoins did Gox have?

After a prior security breach in mid-2011, CEO Mark Karpeles performed a transaction proving the company controlled at least 424,242.42424242 BTC.

Using that figure as a baseline, Nilsson measured changes in total BTC held since that day, arriving at 950,000 BTC on the day of Gox's collapse in February 2014.

This matched total holdings stated elsewhere in leaked data, he wrote.

Not Willy

One surprising revelation from the latest report is that the bitcoins likely disappeared long before the appearance of Mt Gox's infamous trading bot, nicknamed "Willy".

Speculation surrounding Gox's dying days in 2013-14 had implied Willy was related somehow to the theft, though WizSec's report says that is no longer considered possible.

The bot may, however, have existed to convert the missing bitcoins into missing fiat currency amounts instead.

"The possibility exists that this kind of manipulation may have been the main purpose behind Willy as a way of coping with the practical problems caused by such a massive bitcoin shortage. This is left for later investigations to clarify."

Cold storage not monitored

That nearly all Mt Gox's bitcoins disappeared raises several questions about the nature of its cold storage system. How 'cold' was it?

The company was known to keep paper wallets stored under lock and key, which it added to and subtracted from as required. The cold storage system was also reportedly not monitored with any degree of scrutiny, meaning the thief was free to either compromise them or wait for the funds to be moved to a 'hot' wallet.

"A reminder to all bitcoin businesses out there: Always. Monitor. Your. Bitcoins," Nilsson wrote.

To be continued

This latest report will again confirm suspicions many had about the way Mt Gox was run.

A newspaper report at the beginning of the year claimed the theft was an 'inside job' by someone with access to the company's system. Today's revelation that Gox was indeed running a fractional reserve will also surprise few – other than the sheer length of time over which it happened.

Trustee Kobayashi announced in November that exchange Kraken would assist with the investigation, as well as manage the claims process and distributing Mt Gox's remaining assets to creditors at some point in future.

Nilsson wrote that his contribution to the research has been voluntary, and hopes the work will now prove valuable to the authorities in their continuing investigation.

Magnifying glass image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.