This is the story of the world's largest cryptocurrency heist, and it all started with the founding of Mt. Gox.
"I thought Mt. Gox will really benefit the bitcoin ecosystem, and I think it was, you know, up to a certain point .. " - Jed McCaleb describes Mt. Gox as the worst project of his life.
And it's not just that this has led to numerous lawsuits against him. Jed was used to it now. His first company, which was engaged in peer-to-peer file sharing, paid $30 million out of court in favor of a large music company.
Mt. Gox was worse, because this time its reputation and freedom were at stake. After managing the company for seven years, Jed turned it over to management, after which it grew into a huge business with dozens of employees renting one of the most expensive offices in Japan.
According to a certain circle of people, the rapid growth of the company after his departure caused him to doubt the correctness of his action. He became one of the first suspects in the theft of the missing millions of dollars. After the value of bytecoin skyrocketed, the amount of stolen coins was estimated in the billions, which increased the anger of thousands of customers who demanded answers.
When in early 2014 Mt. Gox stopped trading, it wasn't surprised. Signs of problems became apparent in the summer of 2010, when its founder Jed started its activities.
Sometimes some people blamed Jed's inexperience in the first few months for the company's eventual collapse. But back then, bitcoin was just a toy.
"It's hard for you to imagine how we felt about cryptocurrency in those days, knowing what bitcoin is today. None of us could have predicted its huge success, except for that small group of 2,000 people on the forums. Creating Mt. Gox was mostly a game for me. Almost a game, because I wanted to go deeper into understanding how bitcoin works, " says Jed in an interview.
It was a far cry from the idea of creating a huge business or anything like that. It all started out as a weird side project. Jed even used the domain of one of his long — defunct projects, Magic: The Gathering Online EXchange, to trade cards for the popular fantasy game.
But despite its strange start, the site immediately became popular in the small bitcoiner community. It was a centralized and convenient place to exchange coins for fiat currency. In one of the interviews, Jed was asked if he remembers what the price of bitcoin was when he started working in this direction?
Jed replied that when bitcoin first appeared on Mt. Gox, its price was around 6 cents or something like that, and it was at this price that the first transactions were made.
This model laid the foundation for modern cryptocurrency exchanges. Before that, it was difficult to get bitcoins. You could either mine them or find someone willing to exchange them, and you had to deal with some difficulties.
Mt. Gox has simplified this task by removing barriers. However, over time, as the popularity of BTC grew, more and more people registered on the exchange.
But such rapid growth brought its own problems. At first, Jed added PayPal to the site as the main payment system, but there was a huge amount of chargeback fraud with this system.
PayPal, of course, didn't like it. Just a few months later, they permanently banned Mt. Gox use their services. Thus, Liberty Reserve remained the main payment tool for buying and selling bitcoins on the site, but there was a problem with the setup.
Hackers have discovered that when requesting a withdrawal, they can manipulate data sent to Liberty Reserve by exploiting a vulnerability in the Mt. Gox API integration method.
The Mt. Gox code did not perform any validation checks. Like changing the amount on a bank check after it was issued, but before it was cashed out, attackers could enter fake amounts for withdrawals, and the system blindly trusted them, making transactions and allowing them to withdraw more money than was actually on their balance.
By the time Jed discovered and fixed the bug, Mt. Gox had already been robbed of $50,000, and then he realized that he needed help.
"I managed it for about six months before I handed it over to Mark, unfortunately. It was becoming clear that security was becoming an increasingly serious issue, and we needed more specialists involved in this area. This is one of the reasons I handed over the manual to Mark. I became the target of a considerable number of threats and almost completely lost my trust when I was running Mt. Gox, " Jed says in an interview.
On a cold January morning in Tokyo, Marc Karpeles, a French developer, woke up to an email from his client. Jed asked that its contents be kept secret as he was about to sell Mt. Gox didn't want the news to cause a panic. In his email, Jed asked if Mark was interested in buying the company, given their previous collaboration on implementing complex banking APIs and his long-standing connection to the BTC community.
Mark replied that although he was intrigued by the offer, he had a small hosting company, and his income would not allow him to buy Mt. Gox. It was predicted that the exchange will bring about a hundred thousand dollars of profit per year.
He expected this to be the end of the conversation, but to his surprise, Jed soon wrote back with a lucrative offer that would change their lives: buy Mt. Gox at no additional cost.
They agreed that they would share the income for six months, and after that Jed would keep 12% of the income indefinitely. Mark was taken aback, but part of the reason the deal was so lucrative was because he was supposed to inherit a site with a $ 50,000 debt owed to Liberty Reserve.
The agreement was supposed to start transferring rights in February 2011, and at the end of this process, when Mark took full control of the site, a disaster occurred. The first bitcoins were stolen from the site.
"We both had a two-week period when we had access to the server, which is the real site where Mt. Gox was running, so I could show it how it worked, and during that time someone hacked us and stole bitcoins," says Jed.
80,000 user Bitcoins from the Mt. Gox server were transferred to an external address. Jed noticed this first and sent Mark a Skype message telling him the bad news.
The coins disappeared at the end of the transfer period, around the same time that Jed sent Mark the password to the server. Stolen coins accounted for almost a third of all customer deposits.
At that time, their cost was about $68,000. It was a significant blow, and the worst part was that they couldn't find out who did it. It doesn't matter who it was, but someone carefully deleted the server logs.
Information about the hack was not made public. Jed suggested that Mark buy back the lost coins, relying on the site's future earnings from transaction fees, and immediately take out a loan, the essence of which was to convert the debt in bitcoins into more stable dollar debt.
Some believe that Jed betrayed Mark by taking the coins after signing the contract. This is because the damage clause in the contract made him fully responsible for such incidents. But when analyzing their chat logs from the moment of theft, this assumption is not confirmed.
At that time, Jed still fully controlled the deposits of other clients, which was about 160,000 coins. If the robbery was organized for personal gain, the amount could have been much more significant.
Moreover, the stolen coins remained intact. Their resting place was the seventh-largest bitcoin address in the world, which was worth a staggering $5.2 billion at the peak of bitcoin in 2021.
Either the thief has permanently lost access to this address, or he is afraid that spending coins will lead to its identification. But this is not the story that led to the collapse of Mt. Gox. After the disappearance of these coins, Mt. Gox, with its 3,000 users, was already on the verge of bankruptcy. It turns out that if everyone tried to withdraw their deposits, the site would be at a loss.
It is believed that the beginning of the project was unsuccessful, but despite these initial difficulties, Mark continued to work, and now Mt. Gox was completely under his control.
In just three months, the value of bitcoin has grown from less than $ 1 to $ 16, and the number of users has increased to 60,000. And it was then that the platform underwent its first public hack.
25,000 bitcoins, which at that time were estimated at $ 400,000, were stolen from 500 accounts. Four days later, the crash happened again. The Mt. Gox database, which includes email addresses, usernames, and encrypted passwords, has been put up for sale on Pastebin.
While everyone was still grappling with the consequences of these hacks, the hacker managed to break into the administrator account, which still belonged to Jed, so that he could conduct an audit and receive a percentage of the income. Having gained access to the account, the hacker, although he appropriated a large number of bitcoins, still encountered problems.
On Mt. Gox set a daily withdrawal limit of no more than a thousand dollars, so without being able to transfer the entire million-dollar amount, they came up with an idea. If they managed to crash the bitcoin price, they would be able to withdraw more funds from the site, so they organized a giant sell order.
Hundreds of thousands of coins flooded the market, dropping its value from $ 17.50 to 1 cent within 30 minutes.
BitcoinChannel
Mt. Gox shows a collapse at the level of -1.8.At such a low price, the thief was able to make a larger withdrawal of funds, taking about 2,000 coins with him.
This was huge news, and the entire cryptocurrency world heard about it. The event led to a temporary shutdown of the site for several days to repair the damage caused by the giant sell order. Mark stated that they plan to recover the lost coins, that users ' balances are not affected, and there is no need to worry.
Then he criticized the hacker, actually calling him inexperienced, and, frankly, he is somewhat right. Whoever this person was, they were being greedy. If he was just withdrawing small amounts every day, how long would it take for someone to notice?
In conclusion, Mark apologized for the chaos of the last week.
You might think that everything that happened together destroyed the reputation of Mt. Gox, but in reality this is not the case. Two years later, bitcoin reached the $1,000 mark, and the number of users of the exchange grew to 2 million.
In 2013, Mt. Gox held a leading position. On average, people used the platform to trade 150,000 coins per day, which at that time was almost $40 million per day.
At the time, they handled 70% of all bitcoin transactions in the world, but this year was supposed to be the worst in the company's history. Mt. Gox really wanted to enter the US market, but the infamous dark network market Silk Road spoiled the opinion of state regulators.
This currency was associated with crime, and the fact that the company was based in Japan only made the situation more difficult from a legal point of view.
Therefore, when the American company CoinLab approached Mark with an offer to conduct all transactions in North America, he thought that this was too favorable an offer to refuse it. Mt. Gox allocated them $5 million to launch its activities. However, just a few months after the contracts were signed, this plan was disrupted by FinCEN classifying bitcoin exchanges as a money transfer company. The fact is that to conduct any financial business, you need to get a license, because FinCEN is concerned about such things as money laundering, fraud and other financial crimes. Getting such a license, especially for a bitcoin exchange in 2013, is quite difficult. It wasn't meant to be.
First thing Mt. Gox contacted CoinLab and asked what they thought about it and what their plan was to meet the requirements. At first, they answered that, they say, licensing for startups is not required.
CoinLab's management was quite categorical on this issue, and Mt. Gox wasn't sure about CoinLab's words. They suggested that they continue working, but that CoinLab provide a schedule of how they plan to meet the requirements of the reglator, and after a few months they filed a lawsuit against Mt. Gox.
Mt. Gox did not allow them to start working without a license, and this was fair, given the high risk. However, CoinLab was not satisfied with this. They decided to file a lawsuit against Mt. Gox, accusing it of breach of contract, demanding $75 million and keeping the original $5 million.
Then, in the summer, the exchange ran into difficulties in providing liquidity. Users experienced significant delays when trying to withdraw funds in dollars, which caused a lot of talk about the financial stability of Mt. Gox.
But users of Mt. Gox was used to such situations, so they did not lose hope and did not pack up. The exchange team attributed these delays to difficulties in banking relations with the US, as the US Department of Homeland Security had just confiscated Mt. Gox received another $5 million, accusing them of providing false information.
In the midst of this chaos, insiders began spreading rumors of mismanagement, claiming that the company's internal workings, including the code governing Mt. Gox, were in complete disarray.
While his company was going through a crisis, Mark was passionate about creating a bitcoin cafe, drawing inspiration from a classic French bistro. An insider reported that Mark has already invested $1 million in the project, but given the state of Mt. Gox at the time, it seemed more of a distraction than a viable business.
The cafe was supposed to open in March 2014, but this never happened.
February 7, 2014 was the perfect day for cryptocurrency enthusiasts.
Bitcoin recently broke the thousand-dollar mark and was already on an uptrend again. Even the most dedicated BTC supporters couldn't resist entering Mt. Gox and sell some coins to get a taste of the profit.
But there was a problem-they couldn't do it. Mt. Gox suddenly froze all withdrawal operations.
The news report claimed that this was done in order to:"get a clear technical understanding of the processes going on with the currency by stating that the instability of bitcoin has affected withdrawal operations."
One person wrote on Twitter: "This is a bug in their payment processing system, not in Bitcoin."
Another Twitter user: "That means they lost a lot of money."
10 days have passed, and with withdrawals still frozen, Mt. Gox has issued another statement. They are ostensibly working to address security issues, but they don't say when or even if withdrawals will resume. Meanwhile, the value of cryptocurrencies is plummeting.
For many, Mt. Gox was the face of Bitcoin. Trust in it was undermined, and the very concept of BTC as a real currency became questionable. News outlets were buzzing, and Mt. Gox, with its questionable security history, was the center of attention.
But then it was February 23, and things took an even stranger turn. Mark abruptly gave up his role at the company, and then the entire company's Twitter history was erased.
But all this seemed like a small thing compared to the upcoming sensation. An internal document has been leaked, revealing that almost 750,000 bitcoins belonging to customers and another 100,000 personal coins of the company have disappeared. Almost 7 % of all bitcoins in circulation at that time disappeared from the company's accounts, and no one knew who stole them. The value of the missing cryptocurrency at that time was $450 million. At today's prices, that's a staggering $50 billion. This is by far one of the largest amounts of cryptocurrency ever stolen.
The situation for Mt. Gox couldn't get any worse. Not only did the exchange become insolvent, but thanks to the recent rise of the cryptocurrency market, hundreds of users who became cryptomillionaires were desperately trying to get their money back from the platform. The first person to be held responsible for the theft will be Mark, and he will need an army to fend off angry creditors.
Back on the cold streets of Tokyo, Colin Burgess flew in from London to personally find out if he can withdraw his bitcoins from Mt. Gox.
"They didn't respond to any support requests. It looks like they just took people's money, they took my money. It really annoys me, so I decided to come here, try to find out what's going on, hopefully talk to the CEO or someone who knows what's going on," says Colin Burgess in the video.
Screenshot from the video.
The video with Colin quickly went viral. He became the face of a wave of outrage on the Internet — people accused Mark Karpeles of everything from embezzlement of funds to complete incompetence, and some even began to threaten lynching.
But despite the noise, no one really knew what had happened and who now owned the missing coins worth about half a billion dollars.
As March rolled around and sakura blossomed, offering hope for a new era in Japanese culture, Mt. Gox hit the news again, this time making headlines by filing for bankruptcy protection in both Japan and the United States.
A court in Tokyo has appointed lawyer Nobuaki Kobayashi as the property manager of Mt. Gox. The first thing Kobayashi did was launch an investigation into the missing bitcoins. Little did he know that he would start a global hunt that would last for several years. Meanwhile, it was a golden time for Mt. Gox's competitors. Users who were looking for a new exchange were plentiful.
Many switched to BTC-e, an exchange that was almost as old as Mt. Gox itself. This has created problems for law enforcement agencies around the world. Unlike other platforms, BTC-e was known for ignoring the industry's anti-money laundering standards, thus providing a safe haven for those who sought to circumvent the law.
Numerous illegal payments often passed through this exchange-from drug deals on the Dark Web to extortion payments. Even the location of the company's management was a complete mystery.
The website hinted at Chinese origin, but listed a Russian phone number. The company's domains were traced to shell companies in France, New Zealand, Singapore and other countries.
For law enforcement agencies, Mt. Gox has always been a "friend" that linked the cryptocurrency with its pseudo-anonymous properties to real people, but unlike Mt. Gox, BTC-e did not respond to requests for user information.
It was a "black hole". This was a big problem for the FBI, because in October 2013, immediately after the Silk Road liquidation, it became known that two agents used their official position to steal bitcoins.
Sean Bridges transferred about 2,000 coins to BTC-e, which at that time was estimated at $350,000. Karl Force embezzled more than $700,000 worth of coins, some of which were cashed out through this mysterious exchange.
But because it was impossible to get any information about these transactions out of court, it was difficult for the FBI to build a case against its werewolf agents.
The situation helped to focus attention on the investigation directly in the direction of who is behind BTC-e, but it took a long time to get the results.
Meanwhile, the Kraken exchange was hoping to build a more respectable reputation.
Many criminals choose Bitcoin because they think it's a super-private, super-anonymous technology. But in fact, it is one of the simplest and most transparent currencies.
Literally every transaction that has ever been made is located on the blockchain and is available to anyone who wants to.
Kraken founders Jesse Powell and Michael Gronager believed that helping with the Mt. Gox can be their ticket to gaining public trust and, ultimately, to the emergence of a new leading exchange.
Therefore, at the end of November 2014, they met with representatives of the Japanese law firm that is now responsible for Mt. Gox, and committed to finding the missing coins worth half a billion dollars.
But Michael Gronager was no longer actually part of the Kraken team. A month earlier, he stepped down as chief operating officer to become the founder of the first-of-its-kind forensic analytics tool for blockchain.
Due to the negative link between Bitcoin and Silk Road and the Mt. Gox hack, Kraken faced difficulties in finding partner banks. Transaction monitoring was required, which Kraken could not provide. Many banks viewed bitcoin as a risky asset, due to its supposed anonymity, but Michael saw this as a long-term prospect.
He was aware that the architecture behind bitcoin actually provides unique transparency, as every bitcoin transaction is publicly recorded on the blockchain.
Michael realized that in certain situations, it becomes possible to deanonymize and get to know the real participants behind Bitcoin transactions. Michael planned that the Mt. Gox will be the first test for its software to track down stolen coins on a voluntary basis and find out who exactly is behind the robbery.
After that, he received a flash drive from Japanese lawyers, on which all the financial records of Mt. Gox were stored, including every transaction made on the exchange during its four years of operation. After reviewing the data, Michael found several disturbing inconsistencies. Many transactions were incomplete or appear to have been completely erased. Just a few months after the investigation began, he arranged to meet Mark in person to investigate the situation, but Mark's response was not very convincing.
He claimed that during the hacking in 2014, an unknown attacker broke into the server part and apparently deleted important data and then disappeared with the coins. Michael sensed that Mark might not be telling the whole truth. The Japanese police had already expressed the opinion that they believed the theft was the result of Mark's own actions, but Michael was not sure that Mark was really guilty of stealing the coins.
However, he was well aware of the rumors that Mt. Gox used bots to manipulate large-volume transactions, which probably contributed to the eventual rise in the price of bitcoin. Such fake transactions, if proven, would be illegal, and it was assumed that they could be related to lost funds.
By the time this meeting took place, Mark had taken a step that few would have expected from a bitcoin exchange owner. He found an old-format wallet that held 200,000 coins that were initially considered lost. Mark claims that he did not notice this wallet earlier, because it was not used by the exchange and was stored on another server.
This is a lot of coins that cannot be forgotten, and some considered it a dubious version. In any case, this circumstance reduced the total number of bitcoins missing from Mt. Gox to 650,000, but it was not enough to justify Mark's name to the Japanese police, and now, more than ever before, Mark's fate was in Michael's hands, because on August 1, he was put behind bars.
If he was going to help Mark get out, Michael would have to prove his innocence with the basic information contained in the blockchain.
Michael started using his software to build two graphs. The first one, based on the records of the exchange itself, showed an increase in the number of coins over time. The second, based on unquestionable blockchain data, painted a much more disturbing picture. Starting in October 2011, after minor hacks that occurred during Mark's reign, the blockchain-based graph seemed to fall due to a mysterious outflow of money, while the records provided by Mt. Gox never seemed to account for them.
Michael could clearly see on the blockchain that the thefts seemed to be automated. As soon as new coins arrived at Mt. Gox addresses, they were immediately redirected to hackers ' wallets.
The deficit increased steadily until the summer of 2013. Surprisingly, the difference reached 650,000 bitcoins.
This seems like madness, Mark just never checked this cold wallet, didn't check the exact balance. He completely trusted his own reporting system, relying solely on figures from the exchange's database, never making any attempt to check with real bitcoin wallets to compare the figures.
Mt. Gox has been "trading phantom bitcoins" almost since its inception. Figures that only existed in their database were transferred from one user account to another, not backed up by any real coins."
Michael noticed that at regular intervals, hackers manually opened wallets, moving them from different addresses, preparing them for sale.
At the beginning of the hack, the stolen funds were immediately sent to the American cryptocurrency exchange TradeHill. A large number of bitcoins passed through the exchange, accounting for more than a quarter of all funds traded on the platform. However, when the Hark attack was coming to an end in 2012, TradeHill was shut down, forcing hackers to look for new ways to cash out stolen bitcoins. While watching the money flow, Michael noticed that the stolen coins were coming back to Mt. Gox, which made sense for those who were looking to cash out the stolen bitcoins.
Why not sell them on the world's largest stock exchange?
But then a new trend emerged in cash flows: bitcoin began to pass through BTC-e. Although his program had worked, Michael still didn't know who was behind the attack. Deciding to determine the approximate location of the criminals, he analyzed the time and transaction data of hackers. If his calculations were correct, the Mt. Gox hacker could be located in Russia, the only country impenetrable to Western law enforcement agencies and a safe zone for cybercrime.
It was time for Michael to tell the uniformed men about his discovery.
In the case of Force and Bridges, tax investigator Tigran Gambaryan carefully traced the funds stolen by the werewolf agents to the exchanges, analyzing the blockchain manually — a time-consuming process.
During Michael's first-ever visit to US law enforcement to talk about his blockchain tracking software, he found himself in the same room as Tigran. To verify the capabilities of his software, Tigran asked Michael to check out his own investigation.
Even at the betaversion stage, his instrument confirmed Tigran's results in a matter of seconds. Force and Bridges were guilty. This was the beginning of Michael's close cooperation with US law enforcement agencies. The topic of BTC-e and the problems it created with tracking money transactions has been relevant to both of them ever since. At the time of this meeting, neither of them was officially conducting an investigation to determine who was behind it.
But that was about to change. Almost at the same time that Michael began working on his investigation of the missing coins, Tigran was assigned to investigate the activities of foreign exchanges, such as BTC-e, which were subject to US money laundering laws. The first step to exposing BTC-e for Tigran was to determine the location of the server where it was hosted.
Surprisingly, the only barrier hiding this was CloudFlare, an American security service that protected the exchange's IP address from prying eyes.
It was a big mistake. Given the American origin of CloudFlare, they immediately agreed to cooperate on Tigran's legal request. The exchange's servers were located in Northern Virginia, which is very close to Tigran's Washington office.
That didn't surprise him, though. In order for BTC-e to provide high-speed services to its American customers, the presence of servers in the United States was almost a matter of course.
After carefully going through complex legal procedures to get confidential access from the hosting company, he was able to copy the data from the server.
After analyzing them, he identified three administrators and the corresponding IP addresses that they used to access the server in order to perform regular maintenance. But when these IP addresses were analyzed, it turned out that they only point to proxy machines. Administrators have taken care of security to hide their actual location and ensure anonymity even for those who have access to the server.
They were quite resourceful. It was almost a dead end, but when Tigran's work began to overlap with the Mt. Gox investigation, the situation became a little clearer.
Simultaneously with Michael and Tigran, a New York group of FBI and IRS agents was involved in the loss of money from Mt. Gox. They consulted Kim Nilsson, a Tokyo-based investigator, who came to the same conclusion as Michael. 650,000 stolen bitcoins mostly ended up in BTC-e. Agents from New York found out that Tigran had gained access to the BTC-e backend and asked for help.
They sought to get information about the user who sold these coins. What they found exceeded all their expectations. The IP address of the account that traded the stolen coins coincided with the IP address of one of the administrators.
Could there be a more ingenious way to launder a huge amount of bitcoins than creating your own bitcoin exchange? The hypothesis seemed improbable.
To check this version, Tigran called Michael in the evening. Michael had previously sent him information that some of the stolen coins sold back on Mt. Gox pointed to Russian IP addresses.
Tigran asked Michael to double-check this information, and when he realized that it was absolutely correct, Tigran told him what it meant. Michael, who was one of the founders of Kraken, was well aware that having hundreds of thousands of bitcoins makes it much easier to launch a new exchange.
Now they have a compelling reason to believe that the person behind the destruction of Mt. Gox's vast fortune was actually the BTC-e administrator. The only information about this person was the name he used — WME. Three letters on the screen that could hide the face of the largest cryptocurrency thief in history. But despite how elusive the man seemed, something strange was discovered for someone who could steal half a billion dollars.
WME has been registered and active on the Bitcoin Talk forum since October 2011, just a month after funds began being secretly withdrawn from Mt. Gox. His username stood for Web Money Exchanger — the name of the exchange he opened in the early 2000s.
His first posts advertised the business. Interestingly, on one of his sites, he seems to have put up for sale a large amount of Liberty Reserve funds.
It may have something to do with the 50 grand stolen while Jed was still in control of the business, but that's just speculation. In any case, the investigators were interested in a larger scam.
The rhetoric of his messages quickly changed. He had accumulated a significant amount of bitcoins, and his desire to sell them became obvious. After analyzing the history of his messages, the investigators found exactly the kind of error they could only dream of.
In 2012, he made a post claiming that an Australian exchange cheated him out of more than $100,000 worth of coins. He posted dozens of screenshots showing a recording of a Skype conversation about a failed deal.
More than a month after this event, he made an update to this story. The WME account posted two photos of a statement from its lawyer requesting a refund. Being not in the best mood and apparently for this reason, he made a mistake that turned out to be decisive for his future fate.
Not forgetting to cover up his bank details, he overlooked his name.
Investigators are now sure that Alexander Vinnik is hiding under a pseudonym. After studying his background, they found out that the guy was previously under investigation for carding, a form of credit card fraud often associated with hacker groups.
This fact allowed them to almost confidently assume that he was behind the most criminal bitcoin exchange in the world. But since Alexander is a Russian citizen, it would be almost impossible to charge him, let alone arrest him, without additional information.
For several months, the virtual currency crime investigation team, led by Tigran, actively searched the web for any personal information that could be linked to Vinnik. The problem was that he didn't leave much of a trace. Not a single photo, not a single social network, and all digital traces were cleverly disguised using VPNs and proxy servers.
After six months, they finally found one sign-in to one of his known accounts that didn't have a VPN enabled to hide the real IP address. This connection was instantly traced to an international luxury hotel, from where they obtained a copy of his passport by court order.
Now they had a picture of the face of the 36-year-old possible organizer of the hacker group. But even so, Vinnik was still a Russian citizen living in Russia. If investigators wanted to arrest him,they needed to make him feel safe, hoping that eventually he would go abroad, to a country more amenable to American law enforcement.
In order for everything to go smoothly, all the information found by the team had to remain completely secret. Michael even agreed to hide this fact from the Mt. Gox liquidation managers, who initially assigned him to investigate the case. Tigran and Michael thought they had solved the biggest mystery in the cryptocurrency world, but they had to keep it a secret.
More than three years have passed since the collapse of Mt. Gox, and investigators finally received a signal that Vinnik had left Russia. He has booked a luxury villa in Halkidiki for himself, his wife and two young children, with a Mediterranean garden, private beach and optional yacht excursions.
But while Vinnik was enjoying his vacation, the US authorities were working hard on a plan to arrest him as part of a joint operation. On a hot summer morning, Greek agents dressed as tourists discreetly positioned themselves around the beach where Vinnik and his family were relaxing. At the same time, on the other side of the globe, the feds were disabling the BTC-e website.
The detention operation went off without any problems. Vinnik was now in the custody of the Greek authorities. As soon as the information became publicly available, the entire cryptocurrency world finally recognized the face of the organizer of the billion-dollar theft.
This was great news for Mark. He was recently released on bail after spending his 31st birthday in jail, and now this detention should have greatly affected the outcome of the trial in Japan. But for Vinnik, everything was just beginning.
Now he is facing extradition requests from the US, Russia and, unexpectedly, even France, each of them making completely different charges related to his involvement in BTC-e. However, Vinnik insisted on his innocence, demanding extradition back to Russia. Alexander claimed that his role was limited only to a technical specialist who was engaged in servicing the site's wallets and servers.
In addition, to explain why the United States is so insistent on his arrest, he claimed that he was the victim of a political conspiracy. Questions have been raised about the true motives of the United States. Did they really pursue him for illegal money transactions, or was there another reason?
In such an important case involving new technologies and potentially useful government intelligence, his defense required not just an outstanding lawyer, but also someone with political influence.
In this case, his defense in Greece was handled, in particular, by Zoya Konstantopoulou, a well-known Greek lawyer and politician, but even with her experience and influence, she could not protect Vinnik from the pitfalls of the Greek judicial system. As the weeks turned into months and the months turned into years, Vinnik remained in limbo, not tried or extradited, trapped without formal charges, awaiting a decision on his extradition request.
To make matters worse, shortly after his arrest, attempts on his life began to take place one after another, some by his cellmates and others, the details of which were kept secret by the Greek authorities.
News of such events has given rise to a lot of speculation about what kind of critical intelligence Vinnik might have and who wouldn't want him to talk. In November 2018, he received an unexpected video call from his wife.
She looked frail and weak, but her smile lit up when he appeared in front of the camera. She was diagnosed with brain cancer. Feeling desperate, Vinnik decided to protest against his detention by going on a hunger strike, hoping that he would be pitied and extradited to Russia, taking into account family circumstances.
Three months after the hunger strike began, he was so exhausted that he had to be hospitalized. It made headlines all over Greece, and this time there was a video from the man himself. Looking noticeably weak, speaking softly and kindly to the camera, he talks about the injustice of his detention.
In an attempt to draw attention to the difficulties faced by Vinnik, Zoya even organized a press conference on the issue of his extradition. At the event, she said that this is the first time in history when one person is extradited to three countries at once. She argued that this was not justice, but a political move by the Minister of Justice to win the favor of Greece's creditors, in particular the United States.
After three years in prison, Vinnik continued to maintain his innocence. Even prosecutors have begun to criticize the Greek government for keeping him in detention for so long, saying it violates his human rights. So, in January 2020, the pressure increased. Greece had to make a decision.
Taking into account the requirements of the United States and Russia, the authorities decided to extradite Vinnik to France. The French authorities wanted to charge him with distributing the Locky ransomware. Since most of the illegal proceeds from this program were processed through BTC-e, there were suspicions that it was linked to the group behind this malware.
In the summer of the same year, while Vinnik was still awaiting trial, the New Zealand police announced the confiscation of $90 million from WME Capital Management, a company registered to Vinnik. Vinnik's French lawyer, Frédéric Belot, did not give up, but disputed the charges, describing Alexander as just an ordinary BTC-e employee who did not know the true identities of the top-level management in the Mt. Gox theft.
But a month before the trial, a tragedy occurred. Vinnik's wife died at the age of 34.
Although the accused pleaded with the French authorities to allow him to attend his wife's funeral in Russia, his request was rejected. Perhaps this is one of the saddest episodes of this story, as Vinnik, regardless of whether he is guilty or not, could not say goodbye to his wife, and now his two young children are growing up without parents.
On December 7, the court issued its verdict. The court acquitted Mr. Vinnik of crimes related to cyber attacks related to Locky, but found him guilty of organized money laundering. He was sentenced to five years, but he was not tried for hacking Mt. Gox, and the US still wanted him. Vinnik was supposed to be released in July 2022.
Given his pre-trial detention, the French considered his sentence fully executed. Formally, Vinnik could return to Russia, especially since the Russian authorities had their own package of charges for him. But France had other plans. The Greek authorities approved the request for his extradition to the United States, and instead of Russia, the French were going to send him back to Greece.
Despite the efforts of Vinnik's legal team, the decision was uncontested. After grueling court sessions that lasted more than five years, on August 4, 2022, Alexander Vinnik's worst fears came true. He was extradited to America to stand trial for managing BTC-e.
Vinnik is currently facing 21 charges in the US, not only for profiting from the Mt. Gox hack, but also for managing BTC-e. They claim that more than $ 4 billion worth of bitcoin transactions were conducted on its platform, most of which were obtained from criminals who laundered funds, from extortion, hacking, fraud, drug trafficking and much, much more.
But of course, Vinnik wasn't running this whole operation alone. After nearly a year in Santa Rita prison, the Justice Department is making an announcement: two new names — Alexey Bilyuchenko and Alexander Werner-are accused of stealing and laundering about 647,000 bitcoins from the Mt.Gox exchange.
This is the Mastermind trio behind the hack, but unlike Vinnik, these two appear to have been charged in absentia. According to the BBC, Alexey was together with Vinnik in Greece, but stopped at another resort. After learning of Vinnik's arrest, he smashed his laptop, threw it into the ocean, and hurriedly boarded a plane to Moscow.
After returning to Russia and closing BTC-e by decision of the US authorities, he tried to return it under the new name WEX, promising users that their lost balances on BTC-e wallets would be transferred, but a year later the exchange was closed, and the cryptocurrency assets of the new exchange in the amount of $450 million disappeared without a trace.
According to Coinbase, Alexey is currently being held in a Moscow prison, but the source of information is not very reliable. As for Alexander Werner, his whereabouts are unknown. Now Vinnik is still in the Santa Rita prison. His request for bail was denied, and the Justice Department objects to the prisoner exchange.
He faces up to 55 years in prison, but the trial is likely to be very long, and we may not see a final verdict for many years.
As for the missing fortune stolen from Mt. Gox, almost all of the funds were sold off as quickly as they were stolen, mostly before bitcoin had time to grow to any meaningful value. It is estimated that they received only about $ 20 million, which is a drop in the bucket compared to the $50 billion that these coins could have earned at the peak of their value.
Fortunately, for the tens of thousands of people who lost money in the Mt. Gox crash, the 200,000 coins Mark found in an old wallet skyrocketed and were worth more than the dollar value of all the coins lost at the time of the hack.
This meant that Mark could theoretically return to everyone the dollar value of what they lost in 2014, and keep the rest for himself, earning billions.
He decided not to, instead planning to recoup the value of the coins, leaving no profit for himself. The trust managers were going to finally pay the exchange's creditors their well-deserved share by the end of 2023, although creditors are not sure about this, since this deadline was repeatedly postponed in the past.
In 2019, Mark was acquitted of most of the charges, which is an amazing achievement considering 99.8 % of convictions in Japan.
Today, he runs a small IT services business and stays away from the crypto industry. After the events on Mt. Gox I would like to say that exchanges have tightened up their security, but they haven't, and that's a story for another day.
Beginning
"I thought Mt. Gox will really benefit the bitcoin ecosystem, and I think it was, you know, up to a certain point .. " - Jed McCaleb describes Mt. Gox as the worst project of his life.
And it's not just that this has led to numerous lawsuits against him. Jed was used to it now. His first company, which was engaged in peer-to-peer file sharing, paid $30 million out of court in favor of a large music company.
Mt. Gox was worse, because this time its reputation and freedom were at stake. After managing the company for seven years, Jed turned it over to management, after which it grew into a huge business with dozens of employees renting one of the most expensive offices in Japan.
According to a certain circle of people, the rapid growth of the company after his departure caused him to doubt the correctness of his action. He became one of the first suspects in the theft of the missing millions of dollars. After the value of bytecoin skyrocketed, the amount of stolen coins was estimated in the billions, which increased the anger of thousands of customers who demanded answers.
When in early 2014 Mt. Gox stopped trading, it wasn't surprised. Signs of problems became apparent in the summer of 2010, when its founder Jed started its activities.
Sometimes some people blamed Jed's inexperience in the first few months for the company's eventual collapse. But back then, bitcoin was just a toy.
"It's hard for you to imagine how we felt about cryptocurrency in those days, knowing what bitcoin is today. None of us could have predicted its huge success, except for that small group of 2,000 people on the forums. Creating Mt. Gox was mostly a game for me. Almost a game, because I wanted to go deeper into understanding how bitcoin works, " says Jed in an interview.
It was a far cry from the idea of creating a huge business or anything like that. It all started out as a weird side project. Jed even used the domain of one of his long — defunct projects, Magic: The Gathering Online EXchange, to trade cards for the popular fantasy game.
But despite its strange start, the site immediately became popular in the small bitcoiner community. It was a centralized and convenient place to exchange coins for fiat currency. In one of the interviews, Jed was asked if he remembers what the price of bitcoin was when he started working in this direction?
Jed replied that when bitcoin first appeared on Mt. Gox, its price was around 6 cents or something like that, and it was at this price that the first transactions were made.
This model laid the foundation for modern cryptocurrency exchanges. Before that, it was difficult to get bitcoins. You could either mine them or find someone willing to exchange them, and you had to deal with some difficulties.
Mt. Gox has simplified this task by removing barriers. However, over time, as the popularity of BTC grew, more and more people registered on the exchange.
But such rapid growth brought its own problems. At first, Jed added PayPal to the site as the main payment system, but there was a huge amount of chargeback fraud with this system.
PayPal, of course, didn't like it. Just a few months later, they permanently banned Mt. Gox use their services. Thus, Liberty Reserve remained the main payment tool for buying and selling bitcoins on the site, but there was a problem with the setup.
Hackers have discovered that when requesting a withdrawal, they can manipulate data sent to Liberty Reserve by exploiting a vulnerability in the Mt. Gox API integration method.
The Mt. Gox code did not perform any validation checks. Like changing the amount on a bank check after it was issued, but before it was cashed out, attackers could enter fake amounts for withdrawals, and the system blindly trusted them, making transactions and allowing them to withdraw more money than was actually on their balance.
By the time Jed discovered and fixed the bug, Mt. Gox had already been robbed of $50,000, and then he realized that he needed help.
"I managed it for about six months before I handed it over to Mark, unfortunately. It was becoming clear that security was becoming an increasingly serious issue, and we needed more specialists involved in this area. This is one of the reasons I handed over the manual to Mark. I became the target of a considerable number of threats and almost completely lost my trust when I was running Mt. Gox, " Jed says in an interview.
Mark Karpeles
On a cold January morning in Tokyo, Marc Karpeles, a French developer, woke up to an email from his client. Jed asked that its contents be kept secret as he was about to sell Mt. Gox didn't want the news to cause a panic. In his email, Jed asked if Mark was interested in buying the company, given their previous collaboration on implementing complex banking APIs and his long-standing connection to the BTC community.
Mark replied that although he was intrigued by the offer, he had a small hosting company, and his income would not allow him to buy Mt. Gox. It was predicted that the exchange will bring about a hundred thousand dollars of profit per year.
He expected this to be the end of the conversation, but to his surprise, Jed soon wrote back with a lucrative offer that would change their lives: buy Mt. Gox at no additional cost.
They agreed that they would share the income for six months, and after that Jed would keep 12% of the income indefinitely. Mark was taken aback, but part of the reason the deal was so lucrative was because he was supposed to inherit a site with a $ 50,000 debt owed to Liberty Reserve.
The agreement was supposed to start transferring rights in February 2011, and at the end of this process, when Mark took full control of the site, a disaster occurred. The first bitcoins were stolen from the site.
"We both had a two-week period when we had access to the server, which is the real site where Mt. Gox was running, so I could show it how it worked, and during that time someone hacked us and stole bitcoins," says Jed.
80,000 user Bitcoins from the Mt. Gox server were transferred to an external address. Jed noticed this first and sent Mark a Skype message telling him the bad news.
The coins disappeared at the end of the transfer period, around the same time that Jed sent Mark the password to the server. Stolen coins accounted for almost a third of all customer deposits.
At that time, their cost was about $68,000. It was a significant blow, and the worst part was that they couldn't find out who did it. It doesn't matter who it was, but someone carefully deleted the server logs.
Information about the hack was not made public. Jed suggested that Mark buy back the lost coins, relying on the site's future earnings from transaction fees, and immediately take out a loan, the essence of which was to convert the debt in bitcoins into more stable dollar debt.
Some believe that Jed betrayed Mark by taking the coins after signing the contract. This is because the damage clause in the contract made him fully responsible for such incidents. But when analyzing their chat logs from the moment of theft, this assumption is not confirmed.
At that time, Jed still fully controlled the deposits of other clients, which was about 160,000 coins. If the robbery was organized for personal gain, the amount could have been much more significant.
Moreover, the stolen coins remained intact. Their resting place was the seventh-largest bitcoin address in the world, which was worth a staggering $5.2 billion at the peak of bitcoin in 2021.
Either the thief has permanently lost access to this address, or he is afraid that spending coins will lead to its identification. But this is not the story that led to the collapse of Mt. Gox. After the disappearance of these coins, Mt. Gox, with its 3,000 users, was already on the verge of bankruptcy. It turns out that if everyone tried to withdraw their deposits, the site would be at a loss.
It is believed that the beginning of the project was unsuccessful, but despite these initial difficulties, Mark continued to work, and now Mt. Gox was completely under his control.
In just three months, the value of bitcoin has grown from less than $ 1 to $ 16, and the number of users has increased to 60,000. And it was then that the platform underwent its first public hack.
Even more problems
25,000 bitcoins, which at that time were estimated at $ 400,000, were stolen from 500 accounts. Four days later, the crash happened again. The Mt. Gox database, which includes email addresses, usernames, and encrypted passwords, has been put up for sale on Pastebin.
While everyone was still grappling with the consequences of these hacks, the hacker managed to break into the administrator account, which still belonged to Jed, so that he could conduct an audit and receive a percentage of the income. Having gained access to the account, the hacker, although he appropriated a large number of bitcoins, still encountered problems.
On Mt. Gox set a daily withdrawal limit of no more than a thousand dollars, so without being able to transfer the entire million-dollar amount, they came up with an idea. If they managed to crash the bitcoin price, they would be able to withdraw more funds from the site, so they organized a giant sell order.
Hundreds of thousands of coins flooded the market, dropping its value from $ 17.50 to 1 cent within 30 minutes.
Mt. Gox shows a collapse at the level of -1.8.At such a low price, the thief was able to make a larger withdrawal of funds, taking about 2,000 coins with him.
This was huge news, and the entire cryptocurrency world heard about it. The event led to a temporary shutdown of the site for several days to repair the damage caused by the giant sell order. Mark stated that they plan to recover the lost coins, that users ' balances are not affected, and there is no need to worry.
Then he criticized the hacker, actually calling him inexperienced, and, frankly, he is somewhat right. Whoever this person was, they were being greedy. If he was just withdrawing small amounts every day, how long would it take for someone to notice?
In conclusion, Mark apologized for the chaos of the last week.
You might think that everything that happened together destroyed the reputation of Mt. Gox, but in reality this is not the case. Two years later, bitcoin reached the $1,000 mark, and the number of users of the exchange grew to 2 million.
In 2013, Mt. Gox held a leading position. On average, people used the platform to trade 150,000 coins per day, which at that time was almost $40 million per day.
At the time, they handled 70% of all bitcoin transactions in the world, but this year was supposed to be the worst in the company's history. Mt. Gox really wanted to enter the US market, but the infamous dark network market Silk Road spoiled the opinion of state regulators.
This currency was associated with crime, and the fact that the company was based in Japan only made the situation more difficult from a legal point of view.
Cooperation
Therefore, when the American company CoinLab approached Mark with an offer to conduct all transactions in North America, he thought that this was too favorable an offer to refuse it. Mt. Gox allocated them $5 million to launch its activities. However, just a few months after the contracts were signed, this plan was disrupted by FinCEN classifying bitcoin exchanges as a money transfer company. The fact is that to conduct any financial business, you need to get a license, because FinCEN is concerned about such things as money laundering, fraud and other financial crimes. Getting such a license, especially for a bitcoin exchange in 2013, is quite difficult. It wasn't meant to be.
First thing Mt. Gox contacted CoinLab and asked what they thought about it and what their plan was to meet the requirements. At first, they answered that, they say, licensing for startups is not required.
CoinLab's management was quite categorical on this issue, and Mt. Gox wasn't sure about CoinLab's words. They suggested that they continue working, but that CoinLab provide a schedule of how they plan to meet the requirements of the reglator, and after a few months they filed a lawsuit against Mt. Gox.
Mt. Gox did not allow them to start working without a license, and this was fair, given the high risk. However, CoinLab was not satisfied with this. They decided to file a lawsuit against Mt. Gox, accusing it of breach of contract, demanding $75 million and keeping the original $5 million.
Then, in the summer, the exchange ran into difficulties in providing liquidity. Users experienced significant delays when trying to withdraw funds in dollars, which caused a lot of talk about the financial stability of Mt. Gox.
But users of Mt. Gox was used to such situations, so they did not lose hope and did not pack up. The exchange team attributed these delays to difficulties in banking relations with the US, as the US Department of Homeland Security had just confiscated Mt. Gox received another $5 million, accusing them of providing false information.
In the midst of this chaos, insiders began spreading rumors of mismanagement, claiming that the company's internal workings, including the code governing Mt. Gox, were in complete disarray.
While his company was going through a crisis, Mark was passionate about creating a bitcoin cafe, drawing inspiration from a classic French bistro. An insider reported that Mark has already invested $1 million in the project, but given the state of Mt. Gox at the time, it seemed more of a distraction than a viable business.
The cafe was supposed to open in March 2014, but this never happened.
February 7, 2014 was the perfect day for cryptocurrency enthusiasts.
Bitcoin recently broke the thousand-dollar mark and was already on an uptrend again. Even the most dedicated BTC supporters couldn't resist entering Mt. Gox and sell some coins to get a taste of the profit.
But there was a problem-they couldn't do it. Mt. Gox suddenly froze all withdrawal operations.
The news report claimed that this was done in order to:"get a clear technical understanding of the processes going on with the currency by stating that the instability of bitcoin has affected withdrawal operations."
But many knowledgeable users did not believe in this version.
One person wrote on Twitter: "This is a bug in their payment processing system, not in Bitcoin."
Another Twitter user: "That means they lost a lot of money."
10 days have passed, and with withdrawals still frozen, Mt. Gox has issued another statement. They are ostensibly working to address security issues, but they don't say when or even if withdrawals will resume. Meanwhile, the value of cryptocurrencies is plummeting.
For many, Mt. Gox was the face of Bitcoin. Trust in it was undermined, and the very concept of BTC as a real currency became questionable. News outlets were buzzing, and Mt. Gox, with its questionable security history, was the center of attention.
But then it was February 23, and things took an even stranger turn. Mark abruptly gave up his role at the company, and then the entire company's Twitter history was erased.
But all this seemed like a small thing compared to the upcoming sensation. An internal document has been leaked, revealing that almost 750,000 bitcoins belonging to customers and another 100,000 personal coins of the company have disappeared. Almost 7 % of all bitcoins in circulation at that time disappeared from the company's accounts, and no one knew who stole them. The value of the missing cryptocurrency at that time was $450 million. At today's prices, that's a staggering $50 billion. This is by far one of the largest amounts of cryptocurrency ever stolen.
The situation for Mt. Gox couldn't get any worse. Not only did the exchange become insolvent, but thanks to the recent rise of the cryptocurrency market, hundreds of users who became cryptomillionaires were desperately trying to get their money back from the platform. The first person to be held responsible for the theft will be Mark, and he will need an army to fend off angry creditors.
Back on the cold streets of Tokyo, Colin Burgess flew in from London to personally find out if he can withdraw his bitcoins from Mt. Gox.
"They didn't respond to any support requests. It looks like they just took people's money, they took my money. It really annoys me, so I decided to come here, try to find out what's going on, hopefully talk to the CEO or someone who knows what's going on," says Colin Burgess in the video.
Screenshot from the video.
The video with Colin quickly went viral. He became the face of a wave of outrage on the Internet — people accused Mark Karpeles of everything from embezzlement of funds to complete incompetence, and some even began to threaten lynching.
But despite the noise, no one really knew what had happened and who now owned the missing coins worth about half a billion dollars.
As March rolled around and sakura blossomed, offering hope for a new era in Japanese culture, Mt. Gox hit the news again, this time making headlines by filing for bankruptcy protection in both Japan and the United States.
A court in Tokyo has appointed lawyer Nobuaki Kobayashi as the property manager of Mt. Gox. The first thing Kobayashi did was launch an investigation into the missing bitcoins. Little did he know that he would start a global hunt that would last for several years. Meanwhile, it was a golden time for Mt. Gox's competitors. Users who were looking for a new exchange were plentiful.
BTC-e
Many switched to BTC-e, an exchange that was almost as old as Mt. Gox itself. This has created problems for law enforcement agencies around the world. Unlike other platforms, BTC-e was known for ignoring the industry's anti-money laundering standards, thus providing a safe haven for those who sought to circumvent the law.
Numerous illegal payments often passed through this exchange-from drug deals on the Dark Web to extortion payments. Even the location of the company's management was a complete mystery.
The website hinted at Chinese origin, but listed a Russian phone number. The company's domains were traced to shell companies in France, New Zealand, Singapore and other countries.
For law enforcement agencies, Mt. Gox has always been a "friend" that linked the cryptocurrency with its pseudo-anonymous properties to real people, but unlike Mt. Gox, BTC-e did not respond to requests for user information.
It was a "black hole". This was a big problem for the FBI, because in October 2013, immediately after the Silk Road liquidation, it became known that two agents used their official position to steal bitcoins.
Sean Bridges transferred about 2,000 coins to BTC-e, which at that time was estimated at $350,000. Karl Force embezzled more than $700,000 worth of coins, some of which were cashed out through this mysterious exchange.
But because it was impossible to get any information about these transactions out of court, it was difficult for the FBI to build a case against its werewolf agents.
The situation helped to focus attention on the investigation directly in the direction of who is behind BTC-e, but it took a long time to get the results.
Meanwhile, the Kraken exchange was hoping to build a more respectable reputation.
Many criminals choose Bitcoin because they think it's a super-private, super-anonymous technology. But in fact, it is one of the simplest and most transparent currencies.
Literally every transaction that has ever been made is located on the blockchain and is available to anyone who wants to.
Kraken founders Jesse Powell and Michael Gronager believed that helping with the Mt. Gox can be their ticket to gaining public trust and, ultimately, to the emergence of a new leading exchange.
Therefore, at the end of November 2014, they met with representatives of the Japanese law firm that is now responsible for Mt. Gox, and committed to finding the missing coins worth half a billion dollars.
But Michael Gronager was no longer actually part of the Kraken team. A month earlier, he stepped down as chief operating officer to become the founder of the first-of-its-kind forensic analytics tool for blockchain.
Due to the negative link between Bitcoin and Silk Road and the Mt. Gox hack, Kraken faced difficulties in finding partner banks. Transaction monitoring was required, which Kraken could not provide. Many banks viewed bitcoin as a risky asset, due to its supposed anonymity, but Michael saw this as a long-term prospect.
He was aware that the architecture behind bitcoin actually provides unique transparency, as every bitcoin transaction is publicly recorded on the blockchain.
Michael realized that in certain situations, it becomes possible to deanonymize and get to know the real participants behind Bitcoin transactions. Michael planned that the Mt. Gox will be the first test for its software to track down stolen coins on a voluntary basis and find out who exactly is behind the robbery.
After that, he received a flash drive from Japanese lawyers, on which all the financial records of Mt. Gox were stored, including every transaction made on the exchange during its four years of operation. After reviewing the data, Michael found several disturbing inconsistencies. Many transactions were incomplete or appear to have been completely erased. Just a few months after the investigation began, he arranged to meet Mark in person to investigate the situation, but Mark's response was not very convincing.
He claimed that during the hacking in 2014, an unknown attacker broke into the server part and apparently deleted important data and then disappeared with the coins. Michael sensed that Mark might not be telling the whole truth. The Japanese police had already expressed the opinion that they believed the theft was the result of Mark's own actions, but Michael was not sure that Mark was really guilty of stealing the coins.
However, he was well aware of the rumors that Mt. Gox used bots to manipulate large-volume transactions, which probably contributed to the eventual rise in the price of bitcoin. Such fake transactions, if proven, would be illegal, and it was assumed that they could be related to lost funds.
Nakhodka 200,000 BTC
By the time this meeting took place, Mark had taken a step that few would have expected from a bitcoin exchange owner. He found an old-format wallet that held 200,000 coins that were initially considered lost. Mark claims that he did not notice this wallet earlier, because it was not used by the exchange and was stored on another server.
This is a lot of coins that cannot be forgotten, and some considered it a dubious version. In any case, this circumstance reduced the total number of bitcoins missing from Mt. Gox to 650,000, but it was not enough to justify Mark's name to the Japanese police, and now, more than ever before, Mark's fate was in Michael's hands, because on August 1, he was put behind bars.
If he was going to help Mark get out, Michael would have to prove his innocence with the basic information contained in the blockchain.
Michael started using his software to build two graphs. The first one, based on the records of the exchange itself, showed an increase in the number of coins over time. The second, based on unquestionable blockchain data, painted a much more disturbing picture. Starting in October 2011, after minor hacks that occurred during Mark's reign, the blockchain-based graph seemed to fall due to a mysterious outflow of money, while the records provided by Mt. Gox never seemed to account for them.
Michael could clearly see on the blockchain that the thefts seemed to be automated. As soon as new coins arrived at Mt. Gox addresses, they were immediately redirected to hackers ' wallets.
The deficit increased steadily until the summer of 2013. Surprisingly, the difference reached 650,000 bitcoins.
This seems like madness, Mark just never checked this cold wallet, didn't check the exact balance. He completely trusted his own reporting system, relying solely on figures from the exchange's database, never making any attempt to check with real bitcoin wallets to compare the figures.
Mt. Gox has been "trading phantom bitcoins" almost since its inception. Figures that only existed in their database were transferred from one user account to another, not backed up by any real coins."
Michael noticed that at regular intervals, hackers manually opened wallets, moving them from different addresses, preparing them for sale.
At the beginning of the hack, the stolen funds were immediately sent to the American cryptocurrency exchange TradeHill. A large number of bitcoins passed through the exchange, accounting for more than a quarter of all funds traded on the platform. However, when the Hark attack was coming to an end in 2012, TradeHill was shut down, forcing hackers to look for new ways to cash out stolen bitcoins. While watching the money flow, Michael noticed that the stolen coins were coming back to Mt. Gox, which made sense for those who were looking to cash out the stolen bitcoins.
Start of investigation of law enforcement agencies
Why not sell them on the world's largest stock exchange?
But then a new trend emerged in cash flows: bitcoin began to pass through BTC-e. Although his program had worked, Michael still didn't know who was behind the attack. Deciding to determine the approximate location of the criminals, he analyzed the time and transaction data of hackers. If his calculations were correct, the Mt. Gox hacker could be located in Russia, the only country impenetrable to Western law enforcement agencies and a safe zone for cybercrime.
It was time for Michael to tell the uniformed men about his discovery.
In the case of Force and Bridges, tax investigator Tigran Gambaryan carefully traced the funds stolen by the werewolf agents to the exchanges, analyzing the blockchain manually — a time-consuming process.
During Michael's first-ever visit to US law enforcement to talk about his blockchain tracking software, he found himself in the same room as Tigran. To verify the capabilities of his software, Tigran asked Michael to check out his own investigation.
Even at the betaversion stage, his instrument confirmed Tigran's results in a matter of seconds. Force and Bridges were guilty. This was the beginning of Michael's close cooperation with US law enforcement agencies. The topic of BTC-e and the problems it created with tracking money transactions has been relevant to both of them ever since. At the time of this meeting, neither of them was officially conducting an investigation to determine who was behind it.
But that was about to change. Almost at the same time that Michael began working on his investigation of the missing coins, Tigran was assigned to investigate the activities of foreign exchanges, such as BTC-e, which were subject to US money laundering laws. The first step to exposing BTC-e for Tigran was to determine the location of the server where it was hosted.
Surprisingly, the only barrier hiding this was CloudFlare, an American security service that protected the exchange's IP address from prying eyes.
It was a big mistake. Given the American origin of CloudFlare, they immediately agreed to cooperate on Tigran's legal request. The exchange's servers were located in Northern Virginia, which is very close to Tigran's Washington office.
That didn't surprise him, though. In order for BTC-e to provide high-speed services to its American customers, the presence of servers in the United States was almost a matter of course.
After carefully going through complex legal procedures to get confidential access from the hosting company, he was able to copy the data from the server.
After analyzing them, he identified three administrators and the corresponding IP addresses that they used to access the server in order to perform regular maintenance. But when these IP addresses were analyzed, it turned out that they only point to proxy machines. Administrators have taken care of security to hide their actual location and ensure anonymity even for those who have access to the server.
They were quite resourceful. It was almost a dead end, but when Tigran's work began to overlap with the Mt. Gox investigation, the situation became a little clearer.
Simultaneously with Michael and Tigran, a New York group of FBI and IRS agents was involved in the loss of money from Mt. Gox. They consulted Kim Nilsson, a Tokyo-based investigator, who came to the same conclusion as Michael. 650,000 stolen bitcoins mostly ended up in BTC-e. Agents from New York found out that Tigran had gained access to the BTC-e backend and asked for help.
They sought to get information about the user who sold these coins. What they found exceeded all their expectations. The IP address of the account that traded the stolen coins coincided with the IP address of one of the administrators.
Could there be a more ingenious way to launder a huge amount of bitcoins than creating your own bitcoin exchange? The hypothesis seemed improbable.
To check this version, Tigran called Michael in the evening. Michael had previously sent him information that some of the stolen coins sold back on Mt. Gox pointed to Russian IP addresses.
Tigran asked Michael to double-check this information, and when he realized that it was absolutely correct, Tigran told him what it meant. Michael, who was one of the founders of Kraken, was well aware that having hundreds of thousands of bitcoins makes it much easier to launch a new exchange.
Now they have a compelling reason to believe that the person behind the destruction of Mt. Gox's vast fortune was actually the BTC-e administrator. The only information about this person was the name he used — WME. Three letters on the screen that could hide the face of the largest cryptocurrency thief in history. But despite how elusive the man seemed, something strange was discovered for someone who could steal half a billion dollars.
WME has been registered and active on the Bitcoin Talk forum since October 2011, just a month after funds began being secretly withdrawn from Mt. Gox. His username stood for Web Money Exchanger — the name of the exchange he opened in the early 2000s.
His first posts advertised the business. Interestingly, on one of his sites, he seems to have put up for sale a large amount of Liberty Reserve funds.
It may have something to do with the 50 grand stolen while Jed was still in control of the business, but that's just speculation. In any case, the investigators were interested in a larger scam.
The rhetoric of his messages quickly changed. He had accumulated a significant amount of bitcoins, and his desire to sell them became obvious. After analyzing the history of his messages, the investigators found exactly the kind of error they could only dream of.
In 2012, he made a post claiming that an Australian exchange cheated him out of more than $100,000 worth of coins. He posted dozens of screenshots showing a recording of a Skype conversation about a failed deal.
More than a month after this event, he made an update to this story. The WME account posted two photos of a statement from its lawyer requesting a refund. Being not in the best mood and apparently for this reason, he made a mistake that turned out to be decisive for his future fate.
Not forgetting to cover up his bank details, he overlooked his name.
Investigators are now sure that Alexander Vinnik is hiding under a pseudonym. After studying his background, they found out that the guy was previously under investigation for carding, a form of credit card fraud often associated with hacker groups.
This fact allowed them to almost confidently assume that he was behind the most criminal bitcoin exchange in the world. But since Alexander is a Russian citizen, it would be almost impossible to charge him, let alone arrest him, without additional information.
For several months, the virtual currency crime investigation team, led by Tigran, actively searched the web for any personal information that could be linked to Vinnik. The problem was that he didn't leave much of a trace. Not a single photo, not a single social network, and all digital traces were cleverly disguised using VPNs and proxy servers.
After six months, they finally found one sign-in to one of his known accounts that didn't have a VPN enabled to hide the real IP address. This connection was instantly traced to an international luxury hotel, from where they obtained a copy of his passport by court order.
Now they had a picture of the face of the 36-year-old possible organizer of the hacker group. But even so, Vinnik was still a Russian citizen living in Russia. If investigators wanted to arrest him,they needed to make him feel safe, hoping that eventually he would go abroad, to a country more amenable to American law enforcement.
In order for everything to go smoothly, all the information found by the team had to remain completely secret. Michael even agreed to hide this fact from the Mt. Gox liquidation managers, who initially assigned him to investigate the case. Tigran and Michael thought they had solved the biggest mystery in the cryptocurrency world, but they had to keep it a secret.
Arrest of the main suspect
More than three years have passed since the collapse of Mt. Gox, and investigators finally received a signal that Vinnik had left Russia. He has booked a luxury villa in Halkidiki for himself, his wife and two young children, with a Mediterranean garden, private beach and optional yacht excursions.
But while Vinnik was enjoying his vacation, the US authorities were working hard on a plan to arrest him as part of a joint operation. On a hot summer morning, Greek agents dressed as tourists discreetly positioned themselves around the beach where Vinnik and his family were relaxing. At the same time, on the other side of the globe, the feds were disabling the BTC-e website.
The detention operation went off without any problems. Vinnik was now in the custody of the Greek authorities. As soon as the information became publicly available, the entire cryptocurrency world finally recognized the face of the organizer of the billion-dollar theft.
This was great news for Mark. He was recently released on bail after spending his 31st birthday in jail, and now this detention should have greatly affected the outcome of the trial in Japan. But for Vinnik, everything was just beginning.
Now he is facing extradition requests from the US, Russia and, unexpectedly, even France, each of them making completely different charges related to his involvement in BTC-e. However, Vinnik insisted on his innocence, demanding extradition back to Russia. Alexander claimed that his role was limited only to a technical specialist who was engaged in servicing the site's wallets and servers.
In addition, to explain why the United States is so insistent on his arrest, he claimed that he was the victim of a political conspiracy. Questions have been raised about the true motives of the United States. Did they really pursue him for illegal money transactions, or was there another reason?
In such an important case involving new technologies and potentially useful government intelligence, his defense required not just an outstanding lawyer, but also someone with political influence.
In this case, his defense in Greece was handled, in particular, by Zoya Konstantopoulou, a well-known Greek lawyer and politician, but even with her experience and influence, she could not protect Vinnik from the pitfalls of the Greek judicial system. As the weeks turned into months and the months turned into years, Vinnik remained in limbo, not tried or extradited, trapped without formal charges, awaiting a decision on his extradition request.
To make matters worse, shortly after his arrest, attempts on his life began to take place one after another, some by his cellmates and others, the details of which were kept secret by the Greek authorities.
News of such events has given rise to a lot of speculation about what kind of critical intelligence Vinnik might have and who wouldn't want him to talk. In November 2018, he received an unexpected video call from his wife.
She looked frail and weak, but her smile lit up when he appeared in front of the camera. She was diagnosed with brain cancer. Feeling desperate, Vinnik decided to protest against his detention by going on a hunger strike, hoping that he would be pitied and extradited to Russia, taking into account family circumstances.
Three months after the hunger strike began, he was so exhausted that he had to be hospitalized. It made headlines all over Greece, and this time there was a video from the man himself. Looking noticeably weak, speaking softly and kindly to the camera, he talks about the injustice of his detention.
In an attempt to draw attention to the difficulties faced by Vinnik, Zoya even organized a press conference on the issue of his extradition. At the event, she said that this is the first time in history when one person is extradited to three countries at once. She argued that this was not justice, but a political move by the Minister of Justice to win the favor of Greece's creditors, in particular the United States.
After three years in prison, Vinnik continued to maintain his innocence. Even prosecutors have begun to criticize the Greek government for keeping him in detention for so long, saying it violates his human rights. So, in January 2020, the pressure increased. Greece had to make a decision.
Taking into account the requirements of the United States and Russia, the authorities decided to extradite Vinnik to France. The French authorities wanted to charge him with distributing the Locky ransomware. Since most of the illegal proceeds from this program were processed through BTC-e, there were suspicions that it was linked to the group behind this malware.
In the summer of the same year, while Vinnik was still awaiting trial, the New Zealand police announced the confiscation of $90 million from WME Capital Management, a company registered to Vinnik. Vinnik's French lawyer, Frédéric Belot, did not give up, but disputed the charges, describing Alexander as just an ordinary BTC-e employee who did not know the true identities of the top-level management in the Mt. Gox theft.
But a month before the trial, a tragedy occurred. Vinnik's wife died at the age of 34.
Although the accused pleaded with the French authorities to allow him to attend his wife's funeral in Russia, his request was rejected. Perhaps this is one of the saddest episodes of this story, as Vinnik, regardless of whether he is guilty or not, could not say goodbye to his wife, and now his two young children are growing up without parents.
On December 7, the court issued its verdict. The court acquitted Mr. Vinnik of crimes related to cyber attacks related to Locky, but found him guilty of organized money laundering. He was sentenced to five years, but he was not tried for hacking Mt. Gox, and the US still wanted him. Vinnik was supposed to be released in July 2022.
Given his pre-trial detention, the French considered his sentence fully executed. Formally, Vinnik could return to Russia, especially since the Russian authorities had their own package of charges for him. But France had other plans. The Greek authorities approved the request for his extradition to the United States, and instead of Russia, the French were going to send him back to Greece.
Despite the efforts of Vinnik's legal team, the decision was uncontested. After grueling court sessions that lasted more than five years, on August 4, 2022, Alexander Vinnik's worst fears came true. He was extradited to America to stand trial for managing BTC-e.
Vinnik is currently facing 21 charges in the US, not only for profiting from the Mt. Gox hack, but also for managing BTC-e. They claim that more than $ 4 billion worth of bitcoin transactions were conducted on its platform, most of which were obtained from criminals who laundered funds, from extortion, hacking, fraud, drug trafficking and much, much more.
But of course, Vinnik wasn't running this whole operation alone. After nearly a year in Santa Rita prison, the Justice Department is making an announcement: two new names — Alexey Bilyuchenko and Alexander Werner-are accused of stealing and laundering about 647,000 bitcoins from the Mt.Gox exchange.
This is the Mastermind trio behind the hack, but unlike Vinnik, these two appear to have been charged in absentia. According to the BBC, Alexey was together with Vinnik in Greece, but stopped at another resort. After learning of Vinnik's arrest, he smashed his laptop, threw it into the ocean, and hurriedly boarded a plane to Moscow.
After returning to Russia and closing BTC-e by decision of the US authorities, he tried to return it under the new name WEX, promising users that their lost balances on BTC-e wallets would be transferred, but a year later the exchange was closed, and the cryptocurrency assets of the new exchange in the amount of $450 million disappeared without a trace.
According to Coinbase, Alexey is currently being held in a Moscow prison, but the source of information is not very reliable. As for Alexander Werner, his whereabouts are unknown. Now Vinnik is still in the Santa Rita prison. His request for bail was denied, and the Justice Department objects to the prisoner exchange.
He faces up to 55 years in prison, but the trial is likely to be very long, and we may not see a final verdict for many years.
As for the missing fortune stolen from Mt. Gox, almost all of the funds were sold off as quickly as they were stolen, mostly before bitcoin had time to grow to any meaningful value. It is estimated that they received only about $ 20 million, which is a drop in the bucket compared to the $50 billion that these coins could have earned at the peak of their value.
Fortunately, for the tens of thousands of people who lost money in the Mt. Gox crash, the 200,000 coins Mark found in an old wallet skyrocketed and were worth more than the dollar value of all the coins lost at the time of the hack.
This meant that Mark could theoretically return to everyone the dollar value of what they lost in 2014, and keep the rest for himself, earning billions.
He decided not to, instead planning to recoup the value of the coins, leaving no profit for himself. The trust managers were going to finally pay the exchange's creditors their well-deserved share by the end of 2023, although creditors are not sure about this, since this deadline was repeatedly postponed in the past.
In 2019, Mark was acquitted of most of the charges, which is an amazing achievement considering 99.8 % of convictions in Japan.
Today, he runs a small IT services business and stays away from the crypto industry. After the events on Mt. Gox I would like to say that exchanges have tightened up their security, but they haven't, and that's a story for another day.
