On this day 12 years ago, Mt. Gox suspended its operations.
This imploded the exchange and revealed that 850,000 bitcoin had been lost.

This is: The build up, The aftermath & The behind the scenes.

Mt. Gox had a public API that would broadcast the status of internal TXs, withdrawals, etc. So at the time, several community-built tools monitored the exchange using the API.
On February 4, 41,390 BTC were in "BAD Transaction" status, according to these tools. At $934/BTC, this meant $38 million were locked somewhere.

Later that day, Mt.Gox issued a statement acknowledging the problem.
They claimed the issue was being fixed and that it only affected large transactions.

By the 6th of Febryary, tension was rising in the community, and people were growing more suspicious.

On the 7th of February, Mt. Gox released another press release.
This time, they claimed that the increased flow of withdrawals had "hindered them from a technical level." In order to fix the issue, they needed to temporarily pause all withdrawals.

On February 10, Mt. Gox released another statement.
They claimed that the reason they encountered all these problems was transaction malleability.

Before the SegWit upgrade, someone could change some small data in a Bitcoin transaction, resulting in two versions of the same transaction on the Bitcoin network.
Both transactions would be valid but of course, only one would ultimately be confirmed in blocks.

Both transactions are spent using the same private key, so an adversary who malleates your transactions cannot actually steal your bitcoins. In most cases, this was more of an annoyance than a serious security vulnerability (when using non-custodial wallets, of course).

This issue was already well known at the time and was simply a consequence of how Satoshi designed Bitcoin transactions.

In Mt. Gox’s case, this could have indeed been a genuine problem. A user could request a withdrawal, then malleate the transaction so that two versions appeared on the Bitcoin network:

• One that would confirm and send the funds to the user
• And a mutant (invalid) one that looked similar but would not confirm.

Mt. Gox’s software would only detect the mutant/bad transaction (which failed to confirm), it would think there was some kind of issue and fail to recognize that the withdrawal had actually succeeded.

As a result, the attacker could withdraw bitcoins from Mt. Gox to their own wallet while tricking the exchange into believing the withdrawal had failed.

And in all fairness, this was a real vulnerability at the time, but most other services had already implemented extra checks to handle it.

At this point, the lid had blown off and full panic had set in across the community. People were deeply suspicious that the transaction malleability attack could really have caused all this harm.

https://m.stacker.news/131914

On Friday, February 14, 2014, Kolin Burges (https://x.com/The_K_meister) began a protest in front of the Mt. Gox office in Tokyo.
It quickly gained significant media attention, thanks to his infamous handwritten sign reading "Mt. Gox, where is our money?"

Kolin had flown from London to Tokyo just two days earlier, specifically to resolve the withdrawal issues himself :)

On February 23, Mark Karpelès (CEO) resigned from the Bitcoin Foundation.

And Mt.Gox's Twitter feed was wiped clean.

On February 24, full trading was suspended, and the Mt.Gox website went completely blank and offline.

https://m.stacker.news/131921

And on February 28, the final blow came.
Mt.Gox officially filed for bankruptcy, announcing that it had lost 850,000 bitcoins, 750,000 belonging to customers and 100,000 of their own.

The dust has settledThe dust has settled

Even though Mt. Gox had officially suspended all trading on February 24 and the website had largely gone offline, desperate users continued panic-selling BTC for fiat on whatever limited access remained.

The Mt. Gox price chart reflects this final chaotic phase into early March, with prices plunging as low as ~$130–$133 while Bitcoin traded at $450–$550 on healthier exchanges like Bitstamp and BTC-e.

But what actually happened?But what actually happened?

In a paper published on March 26, 2014, by Christian Decker and Roger Wattenhofer, it was revealed that transaction malleability alone could not possibly have been responsible for the entire 850,000 bitcoin loss.

We can clearly see that, indeed, around the time of the incidents there was a significant rise in the number and volume of malleated transactions on the Bitcoin network. (green and blue line)

However, only 302,000 bitcoins were ever involved in malleability attacks, and out of these, only 1,811 bitcoins were part of attacks before Mt.Gox stopped users from withdrawing bitcoins.

Furthermore, 78.64% of these attacks were ineffective, which still leaves roughly 849,600 bitcoins unexplained.

The Crisis Strategy DraftThe Crisis Strategy Draft

Around the 24th of February an internal "Crisis Strategy Draft" was written. It was never meant to be public, but on February 25 (three days before the bankruptcy filing), it was leaked and shared widely, including on Wired.com.

The document stated that "The truth, it turns out, is that the damage had already been done. At this point, 744,408 BTC were missing due to malleability-related theft which had gone unnoticed for several years. The cold storage had been wiped out due to a leak in the hot wallet."

Of course, Mt. Gox never got back on its feet and is now widely known as a cautionary tale in the Bitcoin world.

However, in March 2014, ~200,000 BTC were found (recovering part of the lost funds), and around 2019 the bankruptcy trustee began selling and distributing the remaining assets to creditors.

But this still leaves a very big question open.

What actually happened to all the lost bitcoins?What actually happened to all the lost bitcoins?

Mt.Gox had various security problems over the years that resulted in losses of funds.

Mark Karpelès (who acquired the exchange from founder Jed McCaleb in early 2011) ran a platform that was already known for weak security practices from the start.

In June 2011, a hacker compromised an auditor/admin account, crashed the Bitcoin price to $0.01 on the exchange, and stole approximately 2,000 BTC.

On a separate occasion in October 2011, a software bug in their wallet code accidentally sent another 2,609 BTC to invalid addresses, locking them permanently.

In 2015, WizSec(https://x.com/wizsecurity) released a report that sheds some light and provides very plausible speculations.
Source: https://blog.wizsec.jp/2015/04/the-missing-mtgox-bitcoins.html

It turns out that most or all of the missing bitcoins were stolen straight out of the Mt. Gox hot wallet over time, beginning in late 2011. Somehow, someone was draining the hot wallet constantly, and by the time of the collapse, they were left with very few bitcoins.

The pattern appeared to be that the coins were extracted from Mt.Gox hot wallet addresses and then moved and sold on various exchanges, including, at times, even back on Mt. Gox itself.

From time to time, the exchange would send bitcoins to cold storage or withdraw them from cold storage depending on operational needs, but these internal transfers were not properly monitored.

This created a way to inject coins into the Mt. Gox system that went untracked, which could then later be extracted as illustrated in the picture.

It would therefore have been very easy for employees (or anyone with access) to start draining coins using this method: withdraw from cold storage, send to the exchange/hot wallet, and then send out to external addresses, as this process was not monitored.

As a result, Mt. Gox was technically insolvent for years (whether knowingly or not) and was practically depleted of bitcoins by 2013.

In this chart, the blue line represents what Mt.Gox expected to have (based on deposits, withdrawals, and internal records), while the orange line shows what they actually had in identifiable wallets. The darker orange area labeled "legacy BTC" refers to the ~200,000 BTC that were later discovered in old cold storage wallets after the collapse.

Of course, this is just speculation based on primarily WizSec's 2015 report, and even today it is not definitively known who actually stole the coins.

The AftermathThe Aftermath

Mt.Gox never reopened.
Following the February 28, 2014 bankruptcy filing, former CEO Mark Karpelès was arrested in Tokyo on August 1, 2015.
He was charged with embezzlement, aggravated breach of trust, and data manipulation related to the collapse.

He spent nearly 11 months in pre-trial detention before being released on bail in 2016.

In March 2019, the Tokyo District Court convicted him on one count, falsifying electronic records to inflate Mt.Gox’s apparent holdings by about $33.5 million, but acquitted him of all embezzlement and theft charges. He received a 2½-year prison sentence, fully suspended for four years, so he served no additional jail time.

ConclusionsConclusions

Even though there were transaction malleability attacks on the network, and some of them were successfully executed while targeting Mt. Gox (as shown in the research paper), they represented a very small percentage of the total loss.

Most probably, people who were aware of this attack vector figured the best time to do it was when the chaos broke out and used it to their advantage.

Plus, in the leaked document, it does seem they were consciously telling this half-truth to buy time.

But at the end of the day, even if transaction malleability had not made this blow up when it did, the explosion was right around the corner.

Looking back now, it’s easy to see the mistakes, and hard to ignore the awful security practices they were employing.
But keep in mind the context: when Mark Karpelès acquired the exchange from Jed McCaleb in March 2011, Bitcoin was basically a dinky science experiment trading around $1.
By 2014 it was growing very fast.
It probably grew too fast for them to keep up with proper security and accounting.

This does not excuse their actions by any means.
They lied and a lot of people lost a lot of money.

That said, Mt.Gox was incredibly important for the Bitcoin ecosystem.
For quite some time it was essentially the only real place where someone could acquire Bitcoin, which was crucial for the growth of the whole space.

And even as bad as Mt.Gox was, if it had not existed, there is a very big chance Bitcoin may not have taken off and would have remained some weird niche internet currency.

Today, Mark is kinda considered a Bitcoin villain, and frankly with good reason.
But I personally find something very admirable about him.

When he bought Mt.Gox, Bitcoin had just hit $1, there was zero infrastructure, and even the most die-hard Bitcoiners saw it as a “what if, maybe.”

Clearly Mark believed in Bitcoin probably more than anyone alive at the time.
He took a massive risk, made some big mistakes, built something big… and then it blew up in his face.
But he tried.

When others were just talking on the forums, he actually did something that pushed Bitcoin forward when it needed it most.

And this is exactly the attitude we are missing today in Bitcoin, and only with this attitude we can build things that change the world and move Bitcoin forward.

I am referring to building and taking risk, not embezzling funds, to be extra clear. :)

Where are we now (February 2026)?Where are we now (February 2026)?

Twelve years later, the Mt. Gox saga is still winding down.
While roughly 200,000 BTC were recovered shortly after the collapse, actual repayments to creditors only began in earnest in 2024.

The process has been excruciatingly slow.
In October 2025 the rehabilitation trustee once again pushed the final repayment deadline to October 31, 2026.
As of early 2026, around 19,500 creditors have received partial distributions in Bitcoin and fiat, but thousands more are still waiting.

Former CEO Mark Karpelès (https://x.com/MagicalTux) continues to live in Japan, now working on VPN technology and NFT projects.

If you enjoyed this article please consider making a donation, as it will allow me to write similar article.

It takes a lot of time to research everything and add sources on each image increase a lot the time.

• On-chain: bc1qpu7rgun9w3j2e77medm8qvj75dzn0qlgwk8s6f
• LN address: alexwaltz@blink.sv
• LN invoice: https://pay.blink.sv/alexwaltz
• Dirty-fiat: https://buymeacoffee.com/alexwaltz/