Security Lessons Learned from Mt. Gox

In Cryptocurrency

Over the last couple of weeks, a serious technical issue was exploited at Mt. Gox, one of the largest and most influential cryptocurrency exchanges in the world.

According to a recent article from Silicon Angle, the technical issue is nothing new, having been identified as early as 2011. Known as “transaction malleability,” it allowed exchange members who were aware of the glitch—and had the electronic savvy to take advantage of it—to trick the system into allowing them make withdrawals more than once, yet only be “charged” for it one time. Where were the other withdrawals coming from? They were being randomly pulled from investor accounts that were stored in online wallets at the exchange. Ironically, it may not have been such a large issue if Mt. Gox had not announced the software glitch publicly.

The resultant ripple effects have been enormous. Mt. Gox initially froze withdrawals of Bitcoins being stored there, which created an uproar. Investors rushed to move their Bitcoin accounts to safer—and potentially more profitable—exchanges, only to find they could not do so. The most current developments in this situation are ominous, as things appear to be moving from bad to worse. The exchange's Tokyo offices—now being protested by angry investors—are empty, their website has vanished, and its Twitter feed has been erased. Worst of all, if Mt. Gox goes under—and industry insiders are predicting just that—the Bitcoins there could be lost forever. The digital currency community—which has long taken pride in being unregulated—has nothing like the FDIC to protect deposits.

So what are investors to do? It's a Catch-22. Exchanges like Mt. Gox have to have at least some of the Bitcoins stored online so investors can have access to them. But that leaves them vulnerable to hackers, too. Unfortunately, investors who had accounts at Mt. Gox may be out of luck. But there is a silver lining: the hard lessons being learned today could benefit future investors.

First and foremost, investors should take the security of their cryptocurrency accounts into their own hands. Protect your investment. Don't count on others to do it for you. The two best-tested methods of doing so are as follows:

Keep Your Currency Offline. “Online” cryptocurrency is stored on a computer or a remote server that is continually connected to the Internet. It offers the convenience of instant access to currency, but—even with rigorous security safeguards in place—that access is also wide open to hackers and thieves. Exchanges often advertise “80% offline storage” or something similar—but if your Bitcoins are part of the 20% that are online, they are vulnerable. Taking your currency offline—where there is no Internet access to it—removes that threat entirely.

One way to ensure offline account protection is to make a modest investment in an external hard drive. It can be connected to your PC or laptop quickly and easily, and when you need to make a cryptocurrency transaction, it can just as easily be connected to the Internet. The important feature here is: when you are done with your transaction, you can disconnect the hard drive—and your digital currency information—barring access to all outside parties.

A “paper wallet” is another secure suggestion. All cryptocurrency has unique codes that identify each individual coin (or fraction of a coin, as the case may be). These can be printed out, and the hard copies of your investment can be stored in a fireproof safe or safety deposit box until they are needed.

Use More Than One Exchange. This is simple and straightforward “don't put all your eggs in one basket” advice. Exchanges can be an easy and headache-free way to store your digital currency accounts—and almost all exchanges insist on investors maintaining a balance with them in order to trade there. Avoiding exchanges altogether is not very feasible, at least at this point in the industry. We never know if or when there's going to be another Mt. Gox. It's best to hedge your bets and spread your investment over several exchanges.

Mt. Gox seems likely to become little more than an unpleasant memory—and, perhaps, an object lesson—in the world of digital currency exchanges worldwide. Ultimately it is hoped that its all-but certain demise will lead to stronger and more effective security measures.

Discuss this topic and others on SliceFeeds, Coin Pursuit's Cryptocurrency network for miners, traders and enthusiasts. Register today and begin Slicing!


  1. Not a member? Get started today! You can post comments here and join in the discussion over at out forums.
    Login or Register