Mt. Gox kept exchange open despite knowledge of large-scale theft, filing suggests

The exchange continued to operate and collect transaction fees despite its troubles

Mt. Gox continued to process tens of thousands of transactions a day in the two weeks leading to its collapse, potentially collecting fees.

Mt. Gox continued to process tens of thousands of transactions a day in the two weeks leading to its collapse, potentially collecting fees.

Mt. Gox may have collected a large sum in trading fees in the weeks before its closure, even though it was already aware that a vast number of bitcoins had gone missing, its U.S. bankruptcy filing suggests.

A sworn declaration in the filing from Robert Karpeles, Mt. Gox 's CEO, reveals that the Bitcoin exchange knew in early February that its situation was far graver than it had disclosed at the time.

Mt. Gox halted bitcoin withdrawals from its exchange on Feb. 7. It told customers it was investigating possible fraud due to a security issue called transaction malleability, but did not specify at the time how many bitcoins were missing. Buying and selling on the exchange continued until Feb. 25, when its website went dark.

Mt. Gox's first disclosure of the scale of its problems came when it filed for bankruptcy protection in Tokyo District Court three days later, saying 750,000 of its customers' bitcoins were missing, along with 100,000 of its own.

It appears from the U.S. bankruptcy filing that Mt. Gox executives knew the gravity of the company's losses up to 19 days before its public disclosure, but gave traders no reason at the time to believe the exchange might not be solvent.

In the filing, Karpeles states that the withdrawals were halted Feb. 7 due to "the theft or disappearance of hundreds of thousands of bitcoins owned by Mt. Gox customers as well as Mt. Gox itself."

Why Mt. Gox continued to operate the exchange with that knowledge is unclear.

Karpeles did not respond to a request for comment for this article sent to his personal email address.

The impact of Mt. Gox allowing customers to buy and sell bitcoins it suspected it did not have may be revealed by class-action lawsuits, one of which was filed in Chicago on Feb. 27, and another of which is planned in the U.K.

"They took trading fees on assets which didn't exist and accepted deposits when they knew they were insolvent," Aaron G., a Bitcoin investor who did not want his last name used, said via email.

"The origin of the losses may or may not be incompetence," added Aaron, who has filed a fraud complaint against Mt. Gox with Tokyo police. "But they knew for at least two weeks and kept operating as normal."

After Feb. 7, Mt. Gox was still processing thousands of trades a day, according to, which records trading volumes for many Bitcoin markets.

An average of 49,912 bitcoins were traded daily on Mt. Gox between Feb. 7 and Feb. 25, at an average weighted price of US$380.54 per bitcoin.

Mt. Gox would have charged fees for those transactions, which traders could pay in cash or the equivalent in bitcoins. Mt. Gox had a tiered fee system that rewarded higher-volume traders with lower fees.

The highest fee paid by customers was 0.6 percent per trade, for volumes amounting to less than 100 bitcoins per month. For example, if a trader sold one bitcoin for $380.54, the fee would have been $2.28. The lowest fee was 0.25 percent for volumes higher than 500,000 bitcoins per month.

Without figures from Mt. Gox, it's impossible to know exactly how much it collected in fees during the period, but even with the highest discount it would have taken in an average of about $47,500 a day, based on an average of its trading volumes. Over 19 days, that would amount to $902,000.

The fees would have been collected in a mix of cash and bitcoins. If Mt. Gox was indeed selling bitcoins it no longer had, it would mean any fees it collected in bitcoins were worthless.

Since Mt. Gox said it was also missing $27.3 million in cash from customer deposits, it raises the possibility that customers -- despite seeing a cash balance displayed in their account -- might have actually been buying bitcoins that did not exist, with cash that was already long gone.

The Mt. Gox call center, set up after the bankruptcy filing to answer questions from customers, was unable to comment Wednesday on any fees collected. An attorney at one of Mt. Gox's law firms in Tokyo said he was unable to comment.

(Tim Hornyak in Tokyo contributed to this report.)

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesMt. Goxsecurityinternet

More about indeed

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts