Introduction By now, the story of Mt. Gox is coming to a close. Once the lawsuits are settled, it seems this chapter of Bitcoin History will be finished. Many people know Mt. Gox and what happened (they used an insecure password, got hacked and lost thousands of Bitcoin).
But did you know Mt. Gox had made some oopsies in the past too? They were one of the first victims of the transaction malleability attack (https://en.bitcoin.it/wiki/Transaction_Malleability). From what I can tell, some attackers withdrew Bitcoin from Mt. Gox, then malleated the transaction such that the transaction ID would change. At this point Mt. Gox would see that the withdrawal never went through (the tx ID they had in their system is no longer in the mempool or in any block), and so they would start another withdrawal.
I think one of the most interesting displays of Mt. Gox's incompetence is when they destroyed around 2000 Bitcoin in a single block due to one mistake. The infamous block 150,951 has losses totalling over 2600 Bitcoin that can't ever be recovered.
Inside one of the transactions By far the biggest loss was in the transaction aa62bdd690de061a6fbbd88420f7a7aa574ba86da4fe82edc27e2263f8743988, which destroyed 367.758 BTC
Notice anything strange? Lets inspect the UNKNOWN output further:
If you're familiar with Bitcoin Script, you might have spotted the issue already. For those not in the know, let me briefly explain what happened. A normal P2PKH output's locking script looks like this:
  • Compute the hash of the public key that was put on the stack
  • If the public key hash matches, then check that there is a valid signature on the stack for that public key
  • If these conditions are met, you can spend the output!
But.. that's not what this output does. Instead of pushing a public key hash to the stack, it simply pushes a 0. So what this output is saying is: If you can provide a public key that hashes to 0, and you have a valid signature for that public key, you can spend it.
But there is no public key that hashes to 0! Even if we were to start finding it, it'd take us far longer than the heat death of the universe to find such a special key. Thus this output is unspendable. Infact it gets even worse; as far as I can tell OP_0 pushes a single byte to the stack. A RIPEMD-160 hash is 20 bytes. So this script is just not valid at all, because OP_EQUALVERIFY would always be false (comparing a 20 byte value to a 1 byte value).
Thus this, and all other similarly malformed transactions in this block are unspendable. Here's a list (thanks bitcoin-supply.com):
More about the Mt. Gox case, that new people should know:
reply
I am a sucker for history. Very nice work. Also good explanation regarding the script. I need these things spoon fed to me as if I was a five year old.
reply
Awesome article
Very interesting!
reply
Some basic topics to know about Mt. Gox.
Mt. Gox was a prominent Bitcoin exchange that faced a security breach in 2011, resulting in the theft of thousands of Bitcoins. In 2014, the exchange filed for bankruptcy after losing around 850,000 Bitcoins, causing substantial financial losses for users. Legal proceedings followed, leading to a civil rehabilitation process for compensating affected users. The Mt. Gox incident highlighted the importance of security, transparency, and regulatory oversight in the cryptocurrency industry. It also damaged trust in exchanges and emphasized the need for individuals to secure their digital assets carefully.
reply
Thanks for sharing, really interesting to learn about something I was not either thinking was possible 🤙
reply
There are lots of ways to destroy Bitcoin but very few where an outside observer can tell that the Bitcoin was destroyed. Imagine for example you generate an address and send to it, and then destroy the private key. This Bitcoin is now lost, but nobody could tell just from looking that this address can't be spent from. Similarly, you could generate a random hash, and send to a Pay-to-Script-Hash address with that hash. Since you don't know the script that hashes to that hash, the Bitcoin is once again destroyed.
However, there are some provably lost Bitcoin (that bitcoin-supply.com tracks):
  • OP_RETURN outputs are unspendable
  • If a miner does not claim all of the fees in the block, those fees are destroyed
  • The above example (what happened to Mt. Gox)
Some funds were recently burned with invalid Taproot outputs too, see here: https://suredbits.com/taproot-funds-burned-on-the-bitcoin-blockchain/
reply