More than eight years after Mt. Gox went bankrupt, this once-popular online trading platform once occupied the vast majority of bitcoin transactions.
Mt. Gox is headquartered in Tokyo, and its domain name MtGox.com was originally registered in 2007. This is a trading website that hosts the popular game card magic: party. At the end of 20 10, it began to operate as a basic bitcoin trading platform. However, as the business began to generate huge traffic, the owner sold the platform to the tag core.
Kapils is an avid programmer and bitcoin enthusiast. He strengthened the code of this online platform to handle more and more bitcoin transactions and orders. However, the transaction failed in the end, indicating that he did not do enough in technology or management, because he tried to perform the duties of Mt. Gox without experience.
On February 24, 20 14, Mt. Gox was suspended from production. Finally, it is found that the infrastructure of Mt. Gox has been used by attackers many times in the past few years. These attackers slowly robbed the bitcoin exchange by manipulating some transaction data (a feature called transaction extensibility), which led to the attack of mt.gox. Gox believes that some of the withdrawals did not occur, so the requested funds were re-sent several times.
Earlier this month, a few hours after Mt. Gox went offline, his team issued a press release, accusing the Bitcoin protocol itself of causing defects in the trading observation mechanism. When receiving the withdrawal request, the exchange will check the bitcoin blockchain to confirm the withdrawal transaction ID-a hash value composed of transaction information. However, the transaction ID is final only after the transaction is confirmed on the blockchain, which allows the attacker to change the transaction ID by changing some transaction data (excluding input and output). And the result? Mt. Gox's database did not show that the withdrawal was successful, because the transaction id monitored by the exchange never entered the block, but the attacker still received bitcoin, because the changed transaction was indeed confirmed.
Surprisingly, although this accounting difference was never discovered, on February 24th, 20 14, an internal document of Mt. Gox was leaked, which described in detail how big a hole the company had dug for itself. The document shows that more than 744,000 bitcoins were stolen, which was worth about $35 million at that time and is now worth nearly $30 billion. But the ultimate success of Mt. Gox is not the first time.
1 1 years ago, that is, 20 1 1 years ago, hackers began to take advantage of the company's security vulnerabilities, and at that time, thousands of bitcoins were lost in at least four different transactions.
On 20 11March1day, thieves successfully copied the Wallet.dat file of Mt. Gox hot wallet and stole 80,000 BTC. In May this year, more peer-to-peer funds were stolen from the exchange, and hackers obtained 300,000 bitcoins stored in otc wallets through insecure and publicly accessible network drives. However, the thief quickly returned 297,000 bitcoins, leaving only 3,000 bitcoins as "storage fees". The following month, an attacker managed to access an internal administrator account, manipulated the price, and once crashed the market before stealing 2000 bitcoins.
In September of that year, a hacker successfully obtained the read and write permission of Mt. Gox database, which enabled them to create new accounts on the exchange, increase the user balance and withdraw 77,500 bitcoins. After that, they deleted most of the evidence logs. The following month, the CEO's new wallet software went wrong, resulting in 2609 bitcoins being sent to an unusable empty key.
In 20 13, a hacker once again obtained a copy of the Wallet.dat file of Mt. Gox and stole a shocking 630,000 bitcoins.
By 20 14, Mt. Gox had become a troubled exchange, and people began to exchange their bitcoins into "real" bitcoins at a discount price in Mt. Gox-a backup mechanism for those who found themselves in trouble and could not extract any bitcoins from Mt. Gox. Adelaide Cox. The seller's transfer of bitcoin from his own Mt. Gox wallet to the buyer's Mt. Gox wallet is insider trading, and there is no proper withdrawal, while the buyer transfers the chain bitcoin from his own wallet to the seller's own wallet. Custody wallet.
The withdrawal problem of Mt. Gox is so serious that an Australian Mt. Gox user flew to the exchange headquarters in Japan to protest and asked why Kapils could not withdraw money from the exchange. Mt. Gox's executives refused to disclose behind-the-scenes details, saying that this was a "technical problem" rather than a serious management mistake that occurred before resigning. After the user left Australia, Mt. Gox officially announced that it would freeze all withdrawals indefinitely.
Although a series of isolated hacker attacks occurred a few years ago, after years of management negligence and software failure, Mt. Gox was finally submerged.
Speaking of software, an insider revealed that Mt. Gox doesn't use version control at all-it seems ridiculous for a company like Mt. Gox that handles a lot of financial value. In addition, all code changes must be approved by CEO Kapils, which means that urgent bug fixes may be left on his desk for weeks until he comes to check and push them into the main code. In fact, the code test suite did not exist a few years ago. These new functions and bug fixes depend entirely on manual inspection, and then can be realized for thousands of users who rely on exchanges to buy, sell and host Bitcoin.
Although the technical infrastructure and software development method of Mt. Gox represent the ultimate level of centralization, because it relies heavily on Kapils, all centralized systems have their inherent shortcomings and represent a single point of failure.
Therefore, although it is very important to improve the security and robustness of centralized exchanges, the real answer to achieve lasting security and wealth preservation lies in decentralized systems. Since the birth of Bitcoin, centralized transactions and services have continuously replaced the flawed traditional financial system, while the decentralized peer-to-peer monetary system allows anyone to completely control their own finances. However, in order to realize the sovereign future, users need to put Bitcoin in their wallets.
Mt. Gox declared bankruptcy at the end of February 20 14, which exposed a series of hacker attacks caused by the company's defective withdrawal checking software. These attacks did not take into account the extension of the transaction-at least from 20 1 1, people have known the possibility of the extension of the transaction.
Although the exchange tries to blame Bitcoin itself, it is obvious that the only thing to blame is its own system-a bad customized execution system, which has consumed thousands of people's life savings. In the crash of Mt. Gox, even bitcoin entrepreneurs who should know the risk of hosting and the importance of self-hosting lost hundreds of bitcoins for convenience.
Therefore, although the decline of Mt. Gox is unfavorable to Bitcoin and its global awareness in the short term, it can be said that it is the most important reminder that users can receive about the importance of self-hosting of Bitcoin assets.
The situation at that time still applies today: Bitcoin users can only control the number of bitcoins they should own if they have the private key completely. But users still hold millions of bitcoins in centralized exchanges.
It is never too late to adjust yourself. Although the best time to withdraw bitcoin from the central exchange or a third-party custodian was yesterday, the second best time is today.
Don't delay cashing your bitcoin-it's the most asymmetric investment you can make. Self-care can provide a guarantee that will last for generations. From the simplest self-hosting settings to more powerful settings, bitcoin lovers will only become bitcoin lovers if they see bitcoin from exchanges and self-hosting wallets.
Start with small things, such as configuring a simple mobile wallet, and then extract some bitcoin to show you that it can be done. Gradually transfer coins from the central wallet to your own wallet until all your funds are under your control. There are even some white-glove self-hosting services for users who are afraid of screwing up.
Whatever you end up doing, don't put your bitcoin assets in a centralized exchange.