Mt. Gox — 850,000 BTC theft

At its peak in 2013 Mt. Gox handled roughly 70% of global Bitcoin trading volume from an office in Tokyo. On 28 February 2014 the exchange suspended trading, closed its website, and filed for bankruptcy in Japan, declaring 750,000 customer-owned BTC and 100,000 of its own BTC missing — about $480 million at the time and roughly $50 billion at recent prices. The story that emerged over the following years was that the theft had not happened in a single event but had drained the exchange continuously since 2011, with fraudulent transactions disguised by manipulation of the trading software and bookkeeping that no one inside Mt. Gox audited rigorously.

Forensic work by WizSec, a Japanese security research outfit that examined the bankruptcy estate’s blockchain records, established that the stolen coins had moved primarily through BTC-e, a now-defunct exchange operated by the Russian national Alexander Vinnik. In 2017 US authorities arrested Vinnik in Greece and indicted him on a 21-count federal complaint that linked him to laundering more than $4 billion through BTC-e and explicitly named the Mt. Gox theft as one of the proceeds. Vinnik was extradited first to France, then to the United States; he pleaded guilty in 2024 to running BTC-e as an unlicensed money transmitter. He has not been charged as the original Mt. Gox intruder, and the question of how much of the theft was internal fraud versus external compromise has never been fully resolved.

The Mt. Gox bankruptcy proceeding became the first large-scale test of how to compensate creditors of a crypto exchange that no longer exists in any meaningful operational form. After a decade of litigation, partial recoveries from frozen assets, and a switch from bankruptcy to a civil rehabilitation procedure that allowed creditors to be paid in BTC rather than at the 2014 USD valuation, the trustee began distributing approximately 142,000 recovered BTC plus 143,000 BCH and ¥69 billion to creditors in mid-2024. Creditors filing in 2014 received roughly 25 cents on the dollar of their original holdings — a recovery that dwarfs the original loss in fiat terms but that took ten years to deliver.

Defender takeaway: Mt. Gox was not a sophisticated technical compromise. It was an exchange that scaled past the operational discipline of its leadership, with hot wallets that signed transactions automatically based on legacy code paths, no segregation between customer funds and operational treasury, and bookkeeping that nobody outside the company ever audited. Every modern crypto-exchange security control — proof-of-reserves audits, multi-signature custody, third-party penetration testing, segregation of duties between wallet operations and trading-engine operations, hardware-security-module key custody — exists in part because of Mt. Gox. The harder, ongoing lesson is that the consumer protections taken for granted in regulated banking (FDIC insurance, FSCS deposit guarantees, know-your-counterparty rules) do not exist in default crypto custody, and where they do exist they are voluntary. Anyone holding more than spending money on an exchange is, in practice, an unsecured creditor of that exchange. The Mt. Gox creditors are still receiving distributions in 2026.