MtGox Lost ‘Barely 386 Bitcoins’ Due to Cyber Attacks – Not 850,000

A study carried out by the Swiss Federal Institute of Technology in Zurich has concluded that, at most, MtGox lost 386 bitcoins in cyber attacks trying to take advantage of the transaction malleability flaw inherent in the bitcoin source code – not the 850,000 bitcoins its CEO Mark Karpeles claims.

When MtGox, once the world’s biggest bitcoin exchange, collapsed last month it claimed that 850,000 bitcoins had been stolen in a persistent cyber attack which took advantage of a flaw in the bitcoin source code which altered transaction ID information to trick exchanges like MtGox into sending bitcoins to an address without that transaction showing up on the public ledger.

The study, carried out by Christian Decker and Roger Wattenhofer, looks closely at all bitcoin transactions from January of 2013 to February of this year.

While the study concludes that the transaction malleability problem is real however. it goes on to say:

“While MtGox claimed to have lost 850,000 bitcoins due to malleability attacks, we merely observed a total of 302,000 bitcoins ever being involved in malleability attacks. Of these, only 1,811 bitcoins were in attacks before MtGox stopped users from withdrawing bitcoins.”

via MtGox Lost ‘Barely 386 Bitcoins’ Due to Cyber Attacks – Not 850,000.

Author: Daniel Garrie

Daniel Garrie is a renowned computer forensics, e-discovery, privacy, and cyber security expert and thought leader. Quoted in Forbes and profiled in the Los Angeles Daily Journal, he is a frequently retained neutral and Chair of Alternative Resolution Center’s (ARC) E-Discovery and Forensic Dispute Resolution practice. Today, Mr. Garrie is a Partner and General Counsel for Law and Forensics LLC, a boutique legal strategy and forensics firm that works with clients across industries to address privacy, e-discovery and forensic issues in the U.S. and abroad.In the past two years, Mr. Garrie has been involved in over 50 e-discovery matters both in the U.S. and abroad.