An estimated 1 million investors have been left fearing the worst and the value of the Bitcoin digital currency has tumbled after the MtGox bitcoin exchange stopped trading on 25 February, amid claims that hackers had stolen hundreds of millions of pounds from the business and that it may now be acquired and re-launched.
In a rapidly changing picture, Tokyo-based MtGox (Mount Gox) suspended all customer withdrawals earlier this month after spotting what it described as a “transaction malleability” bug in its software that made it liable to being defrauded. Then on Sunday, 23 February, under-fire MtGox CEO Mark Karpeles resigned from the board of the Bitcoin Foundation, which oversees and develops bitcoin software.
MtGox removed its entire Twitter feed on Monday, abruptly stopped trading at 01.59 GMT on Tuesday and hours later took its website offline.
In a further twist, a document purporting to be a MtGox ‘Crisis Strategy Draft' was posted online on 24 February by blogger Ryan Galt (aka twobitidiot). The document - which can be viewed at http://www.scribd.com/doc/209050732/MtGox-Situation-Crisis-Strategy-Draft and whose authenticity is unconfirmed - suggests the exchange will close down for a month and then re-launch as simply ‘Gox'.
The document claims that “744,408 bitcoins are missing due to malleability-related theft which went unnoticed for several years”. That loss was equivalent to just over £200 million at the time of writing, using the exchange rate published by Coindesk.com.
In a bid to shore up confidence in the digital currency – which fell in value by over 20% in just one 24-hour period this week - the leaders of six major bitcoin businesses issued a joint statement following Karpeles' resignation from the Bitcoin Foundation.
The statement from the founders of Coinbase and the CEOs of Kraken, BitStamp, BTC China, Blockchain.info and Circle said: “This tragic violation of the trust of users of MtGox was the result of one company's actions and does not reflect the resilience or value of bitcoin and the digital currency industry. In order to re-establish the trust squandered by the failings of MtGox, responsible Bitcoin exchanges are working together and are committed to the future of bitcoin and the security of all customer funds.”
But the future is highly uncertain for MtGox's estimated 1 million or more investors.
BBC business editor Robert Peston, writing on the corporation's website on 25 February, called it “Bitcoin's life-or-death moment”.
He added: “There is no central authority to step in and give any kind of guidance to MtGox customers whether their money is safe or gone. And there's no compensation safety net.”
Tax expert Cameron Keng, writing on Forbes.com on 25 February, agreed: “Over 1 million people were MtGox customers and they need to know what their immediate options are to deal with their financial losses. First, it's important to understand that MtGox is not a bank and it does not protect its users. Unfortunately, MtGox does not provide insurance or any assurances for a user's account. Thus, we're left in the wind – cold and unprotected.”
But Keng insisted: “MtGox's failure is not the end of Bitcoin. It is a single company failing in a large ecosystem.”
Security expert Adrian Culley, a global technical consultant with Damballa, believes Bitcoin and other digital currencies will only survive if those involved can protect themselves and investors from cyber-attacks.
He told SCMagazineUK.com via email: “All currencies are vulnerable to attempts to undermine and/or subvert them. Conventional currencies are tied to nation states, which have specialist teams to deal with such things as counterfeiting. One distinguishing feature of the new cyber currencies is that are not explicitly aligned with any specific nation state. It is not at all clear who is responsible for policing and protecting such currencies.
“As recent events have shown cyber currencies are just as vulnerable, if not more so, than established conventional currencies. Confidence is a key element of any financial transaction system, and if they are to survive they need to figure out how to protect themselves, and most importantly those who use them, from advanced threats and targeted attacks.”
MtGox has had a chequered past. It was reported to have been hacked in 2011 at a loss of 400,000 Bitcoins, while last year it had $5 million of its assets seized by the US authorities. Other Bitcoin businesses have been targeted by cyber criminals. Around £2.7 million in bitcoins was stolen earlier this month from the Silk Road 2 website whilst Bitcoinia lost over 40,000 bitcoins in an attack in 2012 and MyBitcoin lost over 150,000 Bitcoins in a 2011 attack.
Meanwhile in a further bitcoin blow, researchers from Trustwave this week discovered that criminals using the ‘Pony' botnet had hacked the credentials of around 700,000 digital currency accounts and relieved them of over 700 Bitcoins and related currencies, at the time valued at over $200,000 (£120,000).