{"id":996,"date":"2017-09-17T22:33:15","date_gmt":"2017-09-17T22:33:15","guid":{"rendered":"https:\/\/davidgerard.co.uk\/blockchain\/?p=996"},"modified":"2018-01-21T20:46:20","modified_gmt":"2018-01-21T20:46:20","slug":"kim-nilsson-of-wizsec-how-the-bitcoins-were-stolen-from-mt-gox","status":"publish","type":"post","link":"https:\/\/davidgerard.co.uk\/blockchain\/2017\/09\/17\/kim-nilsson-of-wizsec-how-the-bitcoins-were-stolen-from-mt-gox\/","title":{"rendered":"Kim Nilsson of WizSec: how the bitcoins were stolen from Mt. Gox"},"content":{"rendered":"<p>In July, WizSec <a href=\"http:\/\/blog.wizsec.jp\/2017\/07\/breaking-open-mtgox-1.html\">posted<\/a> an excellent <a>analysis<\/a> of what happened to the Mt. Gox bitcoins, once the main suspect, Alexander Vinnik of BTC-e, had been <a href=\"https:\/\/www.theguardian.com\/technology\/2017\/jul\/27\/russian-criminal-mastermind-4bn-bitcoin-laundering-scheme-arrested-mt-gox-exchange-alexander-vinnik\">arrested<\/a>.<\/p>\n<p>Kim Nilsson of WizSec gave an amazing <a href=\"https:\/\/youtu.be\/l70iRcSxqzo\">talk<\/a> at this year&#8217;s <a href=\"https:\/\/breaking-bitcoin.com\/\">&#8220;Breaking Bitcoin&#8221;<\/a> last week on precisely what they did to analyse what had happened: &#8220;Cracking MtGox.&#8221;<\/p>\n<div class=\"jetpack-video-wrapper\"><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"735\" height=\"414\" src=\"https:\/\/www.youtube.com\/embed\/l70iRcSxqzo?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-GB&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\"><\/iframe><\/span><\/div>\n<p>This is really pretty awesome, if a bit technical; I recommend you take the 40 minutes to listen to Kim talk through just what happened. In security terms, Mt. Gox fell down the stairs and hit its head on every step. There are multiple &#8220;holy crap!&#8221; moments. <a href=\"https:\/\/breaking-bitcoin.com\/slides\/CrackingMtGox.pdf\">Here are the slides<\/a>.<\/p>\n<p>Although I knew that 80,000 BTC were already missing from Mt. Gox when Jed McCaleb <a href=\"http:\/\/www.thedailybeast.com\/behind-the-biggest-bitcoin-heist-in-history-inside-the-implosion-of-mt-gox\">sold it<\/a> to Mark Karp\u00e8les \u2014 McCaleb suggesting to Karp\u00e8les &#8220;maybe you don\u2019t really need to worry about it&#8221; \u2014 hackers had <em>already<\/em> cleaned out Mt. Gox while McCaleb owned it. He had sold Karp\u00e8les an insolvent exchange.<\/p>\n<p>As I note in <a href=\"https:\/\/davidgerard.co.uk\/blockchain\/table-of-contents\/\">chapter 4<\/a> of <a href=\"https:\/\/davidgerard.co.uk\/blockchain\/book\/\">the book<\/a>: the thought &#8220;I know PHP! How hard could running an exchange be?&#8221; never goes anywhere good.<\/p>\n<p><b>Update:<\/b> patio11 has written out <a href=\"https:\/\/gist.github.com\/patio11\/598ec35c6c1675c97d93383f41b39b0b\">the highlights<\/a> of the video, if you don&#8217;t have time to watch it \u2014 though you absolutely should when you can..<\/p>\n<br><br><div align=\"center\"><p><a href=\"https:\/\/www.patreon.com\/bePatron?u=8420236\"><img src=\"https:\/\/davidgerard.co.uk\/blockchain\/wp-content\/uploads\/2021\/10\/become_a_patron_button.svg\" alt=\"Become a Patron!\" title=\"Become a Patron!\" width=217 height=51><\/a><br><p style=\"align:center;\" class=\"patreon-badge\"><i>Your subscriptions keep this site going. <a href=\"https:\/\/www.patreon.com\/bePatron?u=8420236\">Sign up today!<\/a><\/i><\/p><\/div>","protected":false},"excerpt":{"rendered":"<p>The thought \u201cI know PHP! How hard could running an exchange be?\u201d never goes anywhere good.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[91,89,90,88,92],"class_list":["post-996","post","type-post","status-publish","format-standard","hentry","category-uncategorised","tag-jed-mccaleb","tag-kim-nilsson","tag-mark-karpeles","tag-mt-gox","tag-wizsec"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/posts\/996","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/comments?post=996"}],"version-history":[{"count":20,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/posts\/996\/revisions"}],"predecessor-version":[{"id":4346,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/posts\/996\/revisions\/4346"}],"wp:attachment":[{"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/media?parent=996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/categories?post=996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/davidgerard.co.uk\/blockchain\/wp-json\/wp\/v2\/tags?post=996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}