Threat Management

Mt. Gox CEO lied about massive Bitcoin theft, according to alleged hackers

Mt. Gox CEO Mark Karpeles lied when he said that the former world's biggest Bitcoin exchange – which filed for bankruptcy protection in the U.S. on Sunday and in Japan on Feb. 28 – had been relieved of 850,000 Bitcoins by hackers, according to the alleged hackers themselves.

“We stole no bitcoins,” the alleged miscreants wrote on Karpeles' hacked and defaced blog on Sunday, which was posted on Pastebin not long after. “There were none to steal.”

The alleged Bitcoin thieves posted a breakdown of Bitcoin balances by country that totaled more than 950,000 Bitcoins, and included a file that was said to contain relevant database dumps, CSV exports, specialized tools and highlighted summaries compiled from the data. User database dumps are said not to have been included.

Bitcoin users took to Reddit on Sunday to discuss how an executable – contained in the downloadable file posted by the hackers – may actually be a Bitcoin wallet stealing malware; however, some users indicated that the other information contained within the downloadable is still correct.

Karpeles announced in Japan earlier this month that hackers had taken advantage of weaknesses in the exchange's computer systems and stole 750,000 customer Bitcoins and 100,000 Mt. Gox owned Bitcoins – which currently amounts to more than half a billion dollars.

Shortly after, roughly 1,700 lines of code allegedly belonging to Mt. Gox was posted on Pastebin. Frode Nilsen, a developer with five years of experience working on banking applications with money transactions, told at the time that the code was very amateur and explained that the most glaring offense is a vulnerability to SQL injection.

Mt. Gox claimed the issue that allowed hackers to steal Bitcoins involved a vulnerability in a Bitcoin software algorithm. The exchange filed for Chapter 15 bankruptcy protection in Dallas on Sunday, stating that hackers took advantage of “a flaw in the software algorithm that underlies Bitcoin,” according to documents.

“This Chapter 15 case is being filed in an effort to maximize recoveries to, and provide for an equitable distribution of value among, all creditors,” according to the documents. A Mt. Gox “Crisis Strategy Draft” discovered online, but not confirmed authentic, indicates that there are 1.1 million accounts and 550,000 verified customers.

Although the trials and tribulations involving Mt. Gox continue to turn heads, one thing is certain – the number of attacks in the virtual currency market are increasing.

Bitcoin bank Flexcoin recently announced it was shutting down after attackers stole all 896 Bitcoins, and not long after, cryptocurrency exchange Poloniex announced that a hacker took advantage of a vulnerability in the website's withdrawal protocol and made off with 12.3 percent of Bitcoins.

Still, Bitcoin value continues to stay relatively strong, with a single coin being valued at around $620 as of Monday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.