The exchange that accidentally deleted its 17K Bitcoin wallet file

A spooky story about the importance of self-custody

article-image

Sergii Gnatiuk/Shutterstock and Adobe modified by Blockworks

share

This is a segment from the Supply Shock newsletter. To read full editions, subscribe.


When it comes to Bitcoin mantras, “not your keys, not your coins” is as pure as it gets.

But there are levels to it. Sure, you might be self-custodying, but you might still be required to trust a wallet explorer, for example, to tell you your BTC balance.

Run your own full node, however, and you’ll only ever need to trust your own copy of the Bitcoin ledger.

So here’s one of Bitcoin’s oldest cautionary tales about why the above still matters, a decade and a half later.

Picture this: It’s mid-2011, and there are two major exchanges to buy and sell bitcoin: Mt. Gox, operating out of Japan with about 80% global market share, followed by TradeHill, based in California.

Eastern Europe had its own primary venue: Bitomat from Poland. 

Bitomat’s trading volume was small compared to Mt. Gox, only about 17,000 BTC per month — far below Mt. Gox’s 1 million BTC (worth $7.5 million at the time). But it was still enough for Bitomat to be considered the third-largest bitcoin trading platform in the world.

Until trouble struck. 

On August 1, 2011, Bitomat’s admins disclosed the worst had happened: They had accidentally deleted the wallet.dat file for the platform’s hot wallet, immediately losing access to its users’ bitcoin, which coincidentally amounted to 17,000 BTC.

The exchange itself had been paused for about a week by that point. Bitomat’s administrator, Bartek Szabat, had noticed that the main server — powered by an Amazon EC2 virtual machine — had been running at full capacity, and opted to boost its allocation of RAM. 

That would’ve required the virtual machine instance to be rebooted. 

But the admin had forgotten to enable persistent storage in the cloud server’s configuration settings. So, when the server was rebooted after adding more RAM, the local storage of the virtual-machine instance itself, which contained the exchange’s only wallet.dat file, was wiped, taking the private keys of Bitomat’s users along with it. 

Amazon Web Services was unable to recover the file.

In an open letter to the Bitcoin community, Szabat asked for help in investigating the situation (the post has been automatically translated and edited for clarity): 

“At the moment, I am unable to clearly determine the cause of crashes. I suppose that it is the result of actions of third parties, which are causing the server to crash to hide their illegal activities, or intentionally wanting the website to disappear,” he wrote. 

“If my suspicions are confirmed, I will tell the police and prosecutors, [and] at the same time, take possible action through which it would be possible to recreate lost data. But I need to interact with the server’s owner [Amazon Web Services], and that, as I mentioned above, is difficult… 

“At the same time, I am counting on your help in solving the problem. I realize that the situation is very difficult, and you fear for the fate of your BTC. We are constantly working on a solution to the crisis, and I’m open to your suggestions.”

Hacker News users had the right idea in July 2011 — only keep bitcoin in exchanges for as long as you need to.

Szabat then offered to sell Bitomat the euro equivalent of 17,000 BTC ($220,000 then, $1.95 billion today), in an overt effort to make users whole. 

“I wish to inform you that I had several conversations with potential investors from home and abroad,” he said, and directed anyone interested to reach out via email.

It was actually Mark Karpeles and Mt. Gox that answered the call. The deal meant Bitomat would shut down altogether and its domain would instead forward existing users to a Polish-language localized version of Mt. Gox, where they could log in as normal and trade bitcoin via a new Polish złoty pair.

“The acquisition of Bitomat.pl is a windfall for its users, especially in the wake of such a sudden and unsettling event. Also, for the first time ever on a bitcoin exchange, users are now able to access a substantially larger market with their local currency, so we think it’s a happy ending all around,” Karpeles said at the time. 

Mt. Gox had only months earlier suffered through two of its many hacking incidents, one for 80,000 BTC ($~65,000) when a thief was able to copy the platform’s own wallet.dat file, and another for 300,000 BTC ($~1.5 million) two months later, with the hacker eventually returning all but 3,000 of the stolen coins. 

Of course, Mt. Gox would go completely belly-up nearly three years later, potentially affecting any Bitomat users who had migrated over for a second time. 

There’s no question that modern day crypto exchanges, at least the top-tier ones, are different beasts compared to the earliest platforms like Bitomat and Mt. Gox. But for all their assurances, we can never really know for sure how well exchanges are storing user bitcoin. 

This is both the coolest and hardest part of using Bitcoin: It takes trust to trade bitcoin and significant operational security to store it yourself (although multi-sigs do help). Anything else is just managing exposure. 

If it were easy, everyone would do it. Until then, in exchanges we trust.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates.png

Research

Pipe Network is a decentralized content delivery network (dCDN) that replaces the sparse, capital intensive data center footprint of traditional CDNs with a permissionless mesh of independent node operators. By orchestrating under-utilized resources that already exist at the edge, rather than purchasing or leasing thousands of servers, Pipe slashes capital intensity while letting supply expand autonomously in the places where bandwidth is scarcest and most expensive.

article-image

Despite two governor dissents for the first time in 30 years, Powell remained sternly hawkish

article-image

Rarity, exclusivity, and community are key tenets of NFTs — how did Labubus execute them so much better?

article-image

ETH’s “breakout marks a significant structural shift and clears the path towards…$4,000,” Kraken’s OTC desk noted

article-image

Fiscal dominance isn’t about interest rates and it isn’t about Trump, either

article-image

Firestarter Storage brings decentralized storage and delivery to Solana