The exchange that accidentally deleted its 17K Bitcoin wallet file
A spooky story about the importance of self-custody
Sergii Gnatiuk/Shutterstock and Adobe modified by Blockworks
This is a segment from the Supply Shock newsletter. To read full editions, subscribe.
When it comes to Bitcoin mantras, “not your keys, not your coins” is as pure as it gets.
But there are levels to it. Sure, you might be self-custodying, but you might still be required to trust a wallet explorer, for example, to tell you your BTC balance.
Run your own full node, however, and you’ll only ever need to trust your own copy of the Bitcoin ledger.
So here’s one of Bitcoin’s oldest cautionary tales about why the above still matters, a decade and a half later.
Picture this: It’s mid-2011, and there are two major exchanges to buy and sell bitcoin: Mt. Gox, operating out of Japan with about 80% global market share, followed by TradeHill, based in California.
Eastern Europe had its own primary venue: Bitomat from Poland.
Bitomat’s trading volume was small compared to Mt. Gox, only about 17,000 BTC per month — far below Mt. Gox’s 1 million BTC (worth $7.5 million at the time). But it was still enough for Bitomat to be considered the third-largest bitcoin trading platform in the world.
Until trouble struck.
On August 1, 2011, Bitomat’s admins disclosed the worst had happened: They had accidentally deleted the wallet.dat file for the platform’s hot wallet, immediately losing access to its users’ bitcoin, which coincidentally amounted to 17,000 BTC.
The exchange itself had been paused for about a week by that point. Bitomat’s administrator, Bartek Szabat, had noticed that the main server — powered by an Amazon EC2 virtual machine — had been running at full capacity, and opted to boost its allocation of RAM.
That would’ve required the virtual machine instance to be rebooted.
But the admin had forgotten to enable persistent storage in the cloud server’s configuration settings. So, when the server was rebooted after adding more RAM, the local storage of the virtual-machine instance itself, which contained the exchange’s only wallet.dat file, was wiped, taking the private keys of Bitomat’s users along with it.
Amazon Web Services was unable to recover the file.
In an open letter to the Bitcoin community, Szabat asked for help in investigating the situation (the post has been automatically translated and edited for clarity):
“At the moment, I am unable to clearly determine the cause of crashes. I suppose that it is the result of actions of third parties, which are causing the server to crash to hide their illegal activities, or intentionally wanting the website to disappear,” he wrote.
“If my suspicions are confirmed, I will tell the police and prosecutors, [and] at the same time, take possible action through which it would be possible to recreate lost data. But I need to interact with the server’s owner [Amazon Web Services], and that, as I mentioned above, is difficult…
“At the same time, I am counting on your help in solving the problem. I realize that the situation is very difficult, and you fear for the fate of your BTC. We are constantly working on a solution to the crisis, and I’m open to your suggestions.”
Hacker News users had the right idea in July 2011 — only keep bitcoin in exchanges for as long as you need to.
Szabat then offered to sell Bitomat the euro equivalent of 17,000 BTC ($220,000 then, $1.95 billion today), in an overt effort to make users whole.
“I wish to inform you that I had several conversations with potential investors from home and abroad,” he said, and directed anyone interested to reach out via email.
It was actually Mark Karpeles and Mt. Gox that answered the call. The deal meant Bitomat would shut down altogether and its domain would instead forward existing users to a Polish-language localized version of Mt. Gox, where they could log in as normal and trade bitcoin via a new Polish złoty pair.
“The acquisition of Bitomat.pl is a windfall for its users, especially in the wake of such a sudden and unsettling event. Also, for the first time ever on a bitcoin exchange, users are now able to access a substantially larger market with their local currency, so we think it’s a happy ending all around,” Karpeles said at the time.
Mt. Gox had only months earlier suffered through two of its many hacking incidents, one for 80,000 BTC ($~65,000) when a thief was able to copy the platform’s own wallet.dat file, and another for 300,000 BTC ($~1.5 million) two months later, with the hacker eventually returning all but 3,000 of the stolen coins.
Of course, Mt. Gox would go completely belly-up nearly three years later, potentially affecting any Bitomat users who had migrated over for a second time.
There’s no question that modern day crypto exchanges, at least the top-tier ones, are different beasts compared to the earliest platforms like Bitomat and Mt. Gox. But for all their assurances, we can never really know for sure how well exchanges are storing user bitcoin.
This is both the coolest and hardest part of using Bitcoin: It takes trust to trade bitcoin and significant operational security to store it yourself (although multi-sigs do help). Anything else is just managing exposure.
If it were easy, everyone would do it. Until then, in exchanges we trust.
Get the news in your inbox. Explore Blockworks newsletters:
- The Breakdown: Decoding crypto and the markets. Daily.
- 0xResearch: Alpha in your inbox. Think like an analyst.
- Empire: Crypto news and analysis to start your day.
- Forward Guidance: The intersection of crypto, macro and policy.
- The Drop: Apps, games, memes and more.
- Lightspeed: All things Solana.
- Supply Shock: Bitcoin, bitcoin, bitcoin.
