Hot or Cold: When Wallets Get Goxxed

Screenshot from bitcoinwisdom.com

By now you’d have heard the news regarding the shutdown of Mt Gox, one of the more visible and well-known Bitcoin exchanges.

Earlier, a consortium of prominent players released a joint statement, incriminatingly titled addressing the insolvency of Mt Gox. They have since revised the wording to be less sensationalistic pending a more transparent investigation.

Trouble began brewing for Mt Gox when they were slow to fix a known vulnerability in Bitcoin: Transaction Malleability.

Having precautions in place for unforeseen circumstances is admirable: it helps mitigate damages from vulnerabilities. However, ignoring— whether by choice, or oversight — that those safeties aren’t working properly is worse than not having any; which, as some are pointing out, is what happened.

In this case, it appears to be a leak in their wallets.

Which one of these are hot? Hint: they all are.

Much like cash, Bitcoins are stored in wallets — it just so happens that these are digital files instead of some piece of stitched leather. But unlike their physical counterparts, they can hold as much of the digital currency as you can stick in them. They don’t burst at the seams.

It is tempting to store everything in one convenient wallet. But just like their namesakes, that’s not terribly secure. Should someone get access to it, then all of its contents could be stolen: no different from a pickpocket making off with a wallet nicked from an unsuspecting subway commuter.

Exercising caution meant having a “hot wallet”, one where there’s only enough within to cover expected expenditures; and having multiple “cold wallets”, where the rest are kept under lock and key until needed.

It would appear that Mt Gox did have such a setup. But for some unknown reason, their system still allowed their cold wallet to be accessible. Which pretty much defeats the purpose — they may as well have kept everything in one wallet.

Reports are they have as much as 750,000 Bitcoins unaccounted for over years of sloppy and unmonitored accounting.

Regardless, Mt Gox as an exchange, should have been close to 100% solvent like Coinbase, who took it upon themselves to perform a self-audit.

All new technology, systems and industries go through growing pains. If there’s doubt as to why banks are mired in regulations, it’s to prevent cases like these from happening again(because they’d already gone through it before — it’s not perfect but there’s some security for the common people, like the FDIC as one example).

But if you were to consider Mt Gox as a bank, then you could state that under the fractional reserve system, they were unable to collect on monies they lent out. They then failed to monitor their reserve as it fell past below the required minimums. Noticing this, they halted withdrawals which resulted in sell-offs — the equivalent of a bank run — further exacerbating their situation. Failing to stem the hemorrhage, and without a central bank to act as a white knight, they’ve now declared a banking holiday.

Ultimately, this is a learning opportunity for everyone, and Bitcoin as a whole is all the more stronger because this happened. We are wiser, more vigilant, and more mature because of it.