Monday, March 3, 2014

The Inside Story of Mt. Gox, Bitcoin’s $460 Million Disaster

Mark Karpeles, chief executive officer of Mt. Gox, center, is escorted as he leaves the Tokyo District Court on Friday, Feb. 28, 2014. Photo: Tomohiro Ohsumi/Bloomberg via Getty Images
Mark Karpeles, the chief executive officer of bitcoin exchange Mt. Gox, center, is escorted as he leaves the Tokyo District Court this past Friday. Photo: Tomohiro Ohsumi/Bloomberg via Getty Images
From a distance, the world’s largest bitcoin exchange looked like a towering example of renegade entrepreneurism. But on the inside, according to some who were there, Mt. Gox was a messy combination of poor management, neglect, and raw inexperience.
Its collapse into bankruptcy last week — and the disappearance of $460 million, apparently stolen by hackers, and another $27.4 million missing from its bank accounts — came as little surprise to people who had knowledge of the Tokyo-based company’s inner workings. The company, these insiders say, was largely a reflection of its CEO and majority stake holder, Mark Karpeles, a man who was more of a computer coder than a chief executive and yet was sometimes distracted even from his technical duties when they were most needed. “Mark liked the idea of being CEO, but the day-to-day reality bored him,” says one Mt. Gox insider, who spoke on condition of anonymity.
Last week, after a leaked corporate document said that hackers had raided the Mt. Gox exchange, Karpeles confirmed that a huge portion of the money controlled by the company was gone. “We had weaknesses in our system, and our bitcoins vanished. We’ve caused trouble and inconvenience to many people, and I feel deeply sorry for what has happened,” Karpeles said, speaking at a Tokyo press conference called to announce the company’s bankruptcy. This would be the second time the exchange was hacked. In June 2011, attackers lifted the equivalent of $8.75 million.
Bitcoin promises to give a bank account to anyone with a mobile phone, no ID required. It’s clearly an amazing and potentially world-changing technology — the first viable, decentralized, reliable form of digital cash. It could democratize international finance. But it’s also a technology that was pushed forward by a community of people who were unprepared or unwilling to deal with even the basics of everyday business. A new wave of entrepreneurs may bring the digital currency a new level of respectability, but over its first several years, bitcoin has been driven largely by computer geeks with little experience in the financial world. The most prominent example is Mark Karpeles.
The Mt. Gox offices in Tokyo. The site of the proposed Bitcoin Cafe would be in the far right space in the photo above. Photo: Ariel Zambelich/WIRED
The Mt. Gox offices in Tokyo. Photo: Ariel Zambelich/WIRED

The King of Bitcoin

The 28-year-old Karpeles was born in France, but after spending some time in Israel, he settled down in Japan. There he got married, posted cat videos and became a father. In 2011, he acquired the Mt. Gox exchange in from an American entrepreneur named Jed McCaleb.
McCaleb had registered the Mtgox.com web domain in 2007 with the idea of turning it into a trading site for the wildly popular Magic: The Gathering game cards. He never followed through on that idea, but in late 2010, McCaleb decided to repurpose the domain as a bitcoin exchange. The idea was simple: he’d provide a single place to connect bitcoin buyers and sellers. But soon, McCaleb was getting wires for tens of thousands of dollars and, realizing he was in over his head, he sold the site to Karpeles, an avid programmer, foodie, and bitcoin enthusiast who called himself Magicaltux in online forums.
Karpeles soon set about rewriting the site’s back-end software, eventually turning it into the world’s most popular bitcoin exchange. A June 2011 hack took the site offline for several days, and according to bitcoin enthusiasts Jesse Powell and Roger Ver, who helped the company respond to the hack, Karpeles was strangely nonchalant about the crisis. But he and Mt. Gox eventually made good on their obligations, earning a reputation as honest players in the bitcoin community. Other bitcoin companies had been hacked and lost customer funds. Most of the time, they simply folded. But Karpeles and Mt. Gox did not.
“He likes to be praised, and he likes to be called the king of bitcoin”
–Mt. Gox insider
As bitcoin prices took off, jumping from $13 at the start of 2013 to more than $1,200 at its peak, Karpeles, as Mt. Gox’s largest stake holder, appeared to become an extremely wealthy man. Mt. Gox did not offer company equity to employees, and by the time of the most recent hack, the company had squirreled away more than 100,000 bitcoins, or $50 million. Karpeles owns 88 percent of the company and McCaleb 12 percent, according to a leaked Mt. Gox business plan.
When Karpeles was interviewed by Reuters in the spring of 2013 — seated, inexplicably, on top of a blue pilates ball — he was a major player in the bitcoin world. He had ponied up 5,000 bitcoins to help kickstart the Bitcoin Foundation, a not-for-profit bitcoin software development and lobbying group, where he was a board member (he has since resigned). And, according to insiders, he thought nothing of dropping the business of the day to order flat screen TVs or $400 lunches for the staff of Gox’s expanded Tokyo headquarters, which now occupies three floors of a modern office building in the city’s Shibuya neighborhood. “He likes to be praised, and he likes to be called the king of bitcoin,” says another insider who spoke on condition of anonymity. “He always talks about how he’s a member of Mensa and has an above-average IQ.”

Citizen Karpeles

But beneath it all, some say, Mt. Gox was a disaster in waiting. Last year, a Tokyo-based software developer sat down in Gox’s first-floor meeting room to talk about working for the company. “I thought it was going to be really awesome,” says the developer, who also spoke on condition of anonymity. Soon, however, there were some serious red flags.
Mt. Gox, he says, didn’t use any type of version control software — a standard tool in any professional software development environment. This meant that any coder could accidentally overwrite a colleague’s code if they happened to be working on the same file. According to this developer, the world’s largest bitcoin exchange had only recently introduced a test environment, meaning that, previously, untested software changes were pushed out to the exchanges customers — not the kind of thing you’d see on a professionally run financial services website. And, he says, there was only one person who could approve changes to the site’s source code: Mark Karpeles. That meant that some bug fixes — even security fixes — could languish for weeks, waiting for Karpeles to get to the code. “The source code was a complete mess,” says one insider.
The unfinished site of the Bitcoin Cafe. Photo: Name Withheld
The unfinished site of the Bitcoin Cafe.
By the fall of 2013, Mt. Gox’s business was also a mess. Federal agents had seized $5 million from the company’s U.S. bank account, because the company had not registered with the government as a money transmitter, and Mt. Gox was being sued for $75 million by a former business partner called CoinLab. U.S. customers complained of months-long delays withdrawing dollars from the exchange, and Mt. Gox had tumbled from the world’s number one bitcoin exchange to position number three.
But Karpeles was obsessed with a new project: The Bitcoin Cafe. Inspired by a French bistro, it would be a stylish hang-out located in the same building as the Mt. Gox offices, a very-new-looking building of metal and glass within walking distance of Tokyo’s largest train station. You could drop by for a beer or some wine, and — using a cash register proudly hacked by Mark Karpeles — you could buy it all with bitcoin. When WIRED tried to meet with Karpeles and Mt. Gox at their offices this past October — and a company representative turned us away, saying that legal reasons prevented Mt. Gox from talking to the press — the placard in the lobby of the building already identified the cafe. This company representative said it would open by the end of the year. It never did.
One insider says that Mt. Gox spent the equivalent of $1 million on the cafe venture, renovating Mt. Gox’s office building to Karepeles’ specifications. At a time when Gox’s business was falling apart, this insider says, the project was a major distraction. “[Karpeles] was super-proud of being able to use his hacked cash register with the code he wrote,” this insider says.
Says another insider, “Aside from the cafe, he liked to spend time fixing servers, setting up networks and installing gadgets… probably distracting himself from dealing with the real issues that the company was up against.”
Then, in February, the company’s fortunes took another turn. Mt. Gox stopped paying out customers in bitcoins, citing a flaw in the digital currency, and after days of silence from the company, protesters turned up outside its offices, asking whether it was insolvent.

Years-Long Hack

According to a leaked Mt. Gox document that hit the web last week, hackers had been skimming money from the company for years. The company now says that it’s out a total of 850,000 bitcoins, more than $460 million at Friday’s bitcoin exchange rates. When bitcoin enthusiast Jesse Powell heard this, he was reminded of June 2011.
After Mt. Gox was hacked for the first time in summer of 2011, a friend asked Powell to help out, and soon, the San Francisco entrepreneur found himself on a plane to Tokyo. After landing, he rushed to Shibuya station, where he was met by his friend, Roger Ver, one of the world’s biggest bitcoin supporters who just happened to live across the street from Mt. Gox. Without bothering to drop off Powell’s bags, the two rushed to the Mt. Gox offices to see what they could do. They worked through the week with Karpeles, other employees, and a handful of other bitcoin enthusiasts. They answered support inquires, did troubleshooting on the site, and tried to support the tiny company in any way they could. At one point, Powell rushed to the Apple store and came back with $5,000 worth of computers that could support the cause. But two days later, the site was still offline.
Ver and Powell were set to work through the weekend, but when they arrived at the company’s tiny office that Saturday, there was a surprise. Mark Karpeles had decided to take the weekend off. The two volunteers were flabbergasted. “I thought that was completely insane and demoralizing for the rest of the team,” Powell remembers. On Monday, Powell says, Karpeles did return to work, but he spent part of the day stuffing envelopes. “I was like: ‘Dude why are you doing this? You can do this anytime. The site is offline. You need to get the site online.’”
Powell last met with Karpeles in January, before news of the latest hack broke. He now runs a competitor to Mt. Gox called Kraken. They had lunch in Tokyo, and Karpeles seemed unworried about Gox’s future. He was excited about his Bitcoin Cafe. “It was probably some light for them in a very dark world of dealing with banks and customer complaints all day,” Powell says. “I’m sure that Mark has been very stressed for a long time and probably the Bitcoin Cafe was a fun project.” But now that world is even darker.
Robert McMillan
Robert McMillan is a writer with Wired Enterprise.

No comments:

Post a Comment