ELI5

What’s happening to Bitcoin and MtGox

For people curious as to what is happening, but don’t want to wade through a bunch of complex history or technical details here is what is happening:

1. A long time ago an unprofessional programmer created bought a domain called mtgox.com (pronounced Mount Gocks, or Empty Gocks as a semi-joke) named after Magic the Gathering Online eXchange. He never built a Magic related site there.
2. That programmer created one of the first real money to Bitcoin exchanges. He was asking very noob questions and did bad practice things like setting the password in such a way that it would be visible in your browser history. (HTTPS GET query param, so encrypted, but still bad practice.)
3. That programmer quickly sold the site to someone that knew Bitcoin would be a big thing, but even though he brought on more professional programmers, the site had a number of hacks.
4. They started making it harder to withdraw money out. At first you could give no ID and get out around $1k per day (in real cash) and up to $10k per day with ID, but they slowly tightened up on these restrictions. This is KEY to understanding the current problem. Some people had tens of thousands of Bitcoins that they were trying to get real money for, but the limit stopped them from cashing out everything at once.
5. After a number of hacks stole Bitcoins, they tightened up their Bitcoin withdraws as well, even though there was no technical or regulatory reason to do so. Tightening up here means requiring a high resolution photo of your drivers licence and a utility bill. Many people were hesitant to give them this information, since it is very valuable to the black market. With it someone can effectively steal your identity. There were also rumors of MtGox being somehow affiliated with the Yakuza.
6. MtGox, blaming government involvement, started slowing real money payments to some customers, even though they had fully complied.
7. Someone figured out that MtGox was incorrectly using a Bitcoin Transaction ID. Some parts of a transactions are changeable by anyone in Bitcoin (nothing that matters) but changing those things changes the transaction. So if I change a transaction, that changed one goes through, MtGox wasn’t seeing it, because their custom software was incorrectly written.
8. In what could only be described as gross negligence, MtGox didn’t keep double ledger accounting rules when verifying transactions. This means that they didn’t notice that they were paying you out more than you had (in a series of faked transactions that “failed”).
9. In what could only be described as gross negligence, MtGox didn’t keep a significant fraction of their assets in “cold storage” (not connected to any computer, but on, say, a backed up, encrypted USB stick in a bank vault).
10. But all those things together, some black hat hackers stole a sizable amount of MtGox’s holdings (around $500 million worth, depending on how you account it) and now they are insolvent.
11. The Transaction ID mistake could have been done by anyone, even a competent programmer, but the lack of overall controls given Bitcoin’s irreversible nature, is inexcusable. Because of that the Bitcoin open source developers are fixing the Transaction ID problem.
12. There is some loose evidence to suggest that MtGox is getting bailed out via acquisition since programmers left a comment in one of the HTML pages that amounted to “put acq announcement here”. If this is the case, it is likely that only the small holdings customers (< $10k) are going to get bailed out by the aquiring company (likely Coinbase if it is within the Bitcoin system, but it could obviously be anybody, like Paypal or Google, if it isn’t).

This can happen to any site, but even those of us, like myself, that saw it coming couldn’t necessarily have withdrawn all of our money. I had around $500 left in there when they put in the guidelines of needing my drivers license. At the balance, I figured it was worth it to just ignore it and move on, rather than risk identity fraud which could cost me much more in the future.

Here are some simple Bitcoin rules:

1. Don’t use windows. Ever.
2. Don’t use any app that doesn’t allow two factor authentication, unless the amount of money is small.
3. Probably use blockchain.info if you don’t know what you are doing, but be sure to turn on two factor auth.
4. If you back up your wallet.dat file, make sure it is encrypted.
5. If you back up your wallet.dat file, don’t do more than 50 transactions before switching wallet.dat files.

Some people lost millions today. All they had. My sympathies go out to them.