Business Crypto News

Transaction Malleability- Everything You Need to Know About the Mt. Gox Attack

If you have read the news over the past few years, you have seen a lot of high profile cryptocurrency exchange hacks reported. There are a lot of attacks, but we are going to cover the most important hack that shook the cryptocurrency world. We are going to examine what made the Mt. Gox hack possible and why these attacks happened.

The Japan-based company Mt. Gox (Magic The Gathering Online Exchange) was the largest bitcoin exchange and largest bitcoin intermediary in the world. It handled 70% of the world’s bitcoin exchanges. While it was large and experience a lot of mainstream success, there were a lot of problems with Mt. Gox before the 2014 hack.


The first sign of a problem with Mt. Gox’s security was in 2011. On June 19, 2011, Mt. Gox experienced a hack. The value of Bitcoin dropped all the way down to one cent. That is a HUGE drop in value.

How did this happen and why did the price drop so low?

The hackers broke into Mt. Gox auditor’s computer and used it to transfer a large number of Bitcoins to themselves. They then wanted to sell all of the Bitcoins they stole on the exchange all at once, and this caused a considerable strain on the exchange and caused the price of Bitcoin to drop drastically.


The Bitcoin price was only that low for a few minutes, but a lot of the damage was done.  Accounts with the approximate value of $8,750,000 were affected by this incident. Mt. Gox did manage to crawl back from this hacker attack, but nothing could salvage their reputation from the 2014 disaster they were about to experience.

The 2014 Hack- The $473 Million Robbery

In 2014 Mt. Gox users were complaining about long delays in service. It was so bad that the US banking system froze funds to Mt. Gox due to regulatory problems.

Mt. Gox stopped all bitcoin withdrawals on the 7th of February in 2014, to thoroughly examine the technical processes in their system and to understand why the delays were happening.


During their investigation, they discovered that they had experienced a transaction malleability attack.

Isn’t blockchain supposed to be secure?

The blockchain technology was created to be completely immutable, which it achieves through cryptographic technology. This essentially means that once data has been put inside the blockchain, you cannot tamper with it. Just this quality alone gives blockchain based cryptocurrencies immense security.

Is there a loophole around this security?

There is a loophole around the permeability of blockchain technology if data tampering happens before the data is entered in the blockchain. Even if the alteration gets noticed after it’s on the blockchain, no one can do anything about reversing the transaction.

This phenomenon of altering data before it’s entered into the blockchain is called transactional malleability. It turns out that the signature that is entered with the input data can be manipulated. If the signature is manipulated, it will change the transaction ID. If this happens the manipulation can make it seem like the transaction didn’t happen at all.

For example:

Let’s say Krishna wants Alicia to send him 3 BTC. Alicia initiates a 3 BTC transaction to Krishna’s public address. She then sends it over to the miners for approval. While the transaction is waiting in the queue, Krishna uses transaction malleability to alter Alicia’s signature and change the transaction ID.

There is slight a chance that this tampered transaction will be approved before Alicia’s gets approved. If this transaction is approved, it overwrites Alicia’s transaction. When Krishna receives his 3 BTC, he can tell Alicia that he didn’t receive the 3 BTC that she tried to send him.

Alicia will see that her transaction didn’t go through and most likely resend it to Krishna. After this transaction malleability, Krishna will have 6 BTC instead of the 3 BTC he was owed.

Transaction malleability is what is said to have happened during the Mt. Gox hack. This prevailed because of mismanagement and a lack of a contingency plan with Mt. Gox’s system. A total of around $473 million worth of Bitcoins was stolen from Mt. Gox’s exchange. The total amount stolen from Mt. Gox was approximately 7% of the world’s supply of Bitcoins.



The timing of the Mt. Gox attack was terrible, and it was during the time Bitcoin was becoming mainstream. This attack made it a lot harder for exchanges to have fiat onramps approved. This attack arguably set cryptocurrency back 4-5 years from becoming truly mainstream. Immediately following the crash, the value of BTC fell drastically as well.

Mt. Gox declared bankruptcy and is out of business. It was later discovered that the stolen money was being laundered through BTC-e, another exchange. Alexander Vinnik was the owner of this exchange, and he was arrested in Greece. The Greek court cleared his extradition to the US where he faces up to 55 years in prison if accused.

Ultimately cryptocurrency exchange security is a very important issue that needs to be addressed by exchange companies. When security is tighter, this will lead to more institutional funds and interest in the cryptocurrency market.

If you enjoyed learning more about the Mt. Gox attack please check our blog as we launch the worlds most robust cryptocurrency ecosystem

Credits: HybridBlock