On the morning of Tuesday, February 24, 2014, Mt. Gox went dark. The website returned a blank page. The Twitter account fell silent. Mark Karpelès, the chief executive officer of what was then still the largest bitcoin exchange in the world, posted a single statement to the homepage in Japanese and English announcing that the company was suspending all transactions. The reason given was vague: a bug in the bitcoin protocol called transaction malleability had, the statement implied, caused unspecified problems. Customers seeking to withdraw funds were referred to a future announcement that did not arrive on the schedule promised.
The actual situation, established four days later when the company filed for civil rehabilitation in a Tokyo court on February 28, was substantially worse than a protocol bug. Approximately 850,000 bitcoin — about 750,000 belonging to customers and 100,000 belonging to the exchange itself — were missing. At the prices then prevailing, the loss was on the order of $473 million. By the cryptocurrency-denominated accounting that subsequent developments would compel, the loss was much larger. The 850,000 bitcoin would be worth approximately $60 billion at the all-time high reached eleven years later.
The forensic analysis, conducted over the following several years primarily by the Tokyo-based security firm WizSec, established that systematic theft from Mt. Gox’s hot wallet had begun in late 2011 — within months of the public 2011 incident — and had continued, undetected and uncorrected, until early 2014. The thefts were traced to a single sophisticated actor whose techniques exploited the same auditor-account vulnerability that had produced the 2011 flash crash. Karpelès, in this telling, had not stolen the missing bitcoin. He had simply failed, for two and a half years, to discover that they were being stolen, and the company’s accounting infrastructure had been incapable of detecting the discrepancy. Karpelès was arrested by Japanese police in August 2015 on charges of falsifying records and personal embezzlement. He was acquitted of the embezzlement charges in March 2019 and given a suspended sentence on the records charge. He has, in subsequent years, written a book and given interviews. He has not run another exchange.
The bankruptcy proceedings have, in their patient way, become one of the longest-running creditor recovery efforts in cryptocurrency history. The trustee, Nobuaki Kobayashi, recovered approximately 200,000 bitcoin from a wallet that Karpelès had inadvertently preserved. Those recovered coins, which had appreciated dramatically during the proceedings, made the case unusual: by 2018, the bankruptcy estate’s assets were worth more than the original creditor claims, denominated in dollars. Distributions to creditors began in 2024, eleven years after the collapse, and continue. Most creditors, having waited a decade to recover their funds, will receive substantially more than they lost in dollar terms.
The cultural significance was that Mt. Gox provided, for the first time, the full version of the lesson that the 2011 incident had only sketched. Not your keys, not your coins was no longer a slogan. It was a documented case study with eleven hundred court filings and a sentencing in Tokyo District Court. The phrase, though it would not be widely associated with Andreas Antonopoulos for another two years, was taught in February 2014 by ten months of customer support emails that were never answered, by a CEO whose statements grew progressively more evasive, and by a quantity of bitcoin sufficient to fund a small national treasury, all of which had simply ceased, on a Tuesday in February, to be where it was supposed to be.