The Biggest Bitcoin Heist in History
In February 2014, the world’s largest Bitcoin exchange went dark. Mt. Gox handled over 70% of all Bitcoin trading. It announced it had lost approximately 850,000 BTC. At the time, that was worth around $473 million.
The collapse became Bitcoin’s defining cautionary tale. It shaped how exchanges operate, how governments regulate them, and how Bitcoiners think about self-custody.
How Mt. Gox Failed
Mt. Gox started as a website for trading Magic: The Gathering cards. The name stands for “Magic: The Gathering Online eXchange.” Programmer Jed McCaleb registered the domain in 2007 and repurposed it as a Bitcoin exchange in July 2010.
In March 2011, McCaleb sold the site to Mark Karpeles, a French developer living in Tokyo. Under Karpeles, Mt. Gox grew rapidly. By early 2013, it handled the majority of global Bitcoin trades. For many people, Mt. Gox was Bitcoin.
The company later blamed its losses on a software bug called “transaction malleability.” But this was mostly a distraction. In 2015, security firm WizSec published research showing the real cause. In September 2011, someone had copied the exchange’s wallet file, which contained its private keys. At the time, Bitcoin wallet files were not encrypted by default.
The thief drained coins slowly over nearly two years. Every time users deposited bitcoin, the thief could spend it using the stolen keys. By mid-2013, most of the bitcoin was already gone.
Mt. Gox was technically insolvent for years without knowing it. On February 7, 2014, it halted all Bitcoin withdrawals. On February 24, the website went completely offline. Four days later, Mt. Gox filed for bankruptcy in Tokyo.
The total losses came to about 850,000 BTC. About 200,000 BTC were later recovered from an old wallet. In 2023, the U.S. Department of Justice unsealed charges against two Russian nationals. They allegedly laundered approximately 647,000 BTC stolen from Mt. Gox.
Not Your Keys, Not Your Coins
Every user who had bitcoin on Mt. Gox lost access to their funds. They did not hold their own private keys. They trusted an exchange to hold their bitcoin for them, and that trust was broken.
This experience gave weight to one phrase above all others: “Not your keys, not your coins.” It became the rallying cry of the Bitcoin self-custody movement. If you do not control your private keys, you do not truly own your bitcoin.
Mt. Gox is not the only exchange that has failed its users. But it remains the most powerful example of why keeping bitcoin on someone else’s platform carries real risk.
The Aftermath
The collapse forced change across the entire industry. Japan became the first major country to formally regulate cryptocurrency exchanges. Other countries followed with their own rules.
Exchanges adopted better security practices. Cold storage, regular audits, and proof-of-reserves systems became standard. The industry built today’s standards largely in response to what went wrong at Mt. Gox.
As for creditors, the repayment process has stretched over a decade. In mid-2024, the bankruptcy trustee began distributing recovered bitcoin to former users. About 142,000 BTC was set aside for tens of thousands of creditors. The process continues, with the deadline now set for October 2026.
What’s Next
Mt. Gox proved that even the biggest exchange can fail. The lesson is simple: if your bitcoin matters to you, learn to hold your own keys.
To understand how self-custody works, read Self-Custody: Your Keys, Your Bitcoin. To learn how to protect your bitcoin from threats, read Bitcoin Security: How to Protect Your Bitcoin.