The former Mt. Gox CEO Mark Karpelès probably wished he had access to artificial intelligence today when he bought Mt. Gox from its founder, Jed McCaleb, in 2011.
That’s because Karpelès is only feeding an early version of the claude of Mt. Gox to Anthropic’s Claude AI. What he got was an analysis that broke down the key vulnerabilities that led to the first major hack of the Defunct Exchange, while chalking it up to “critical uncertainty.”
In a Sunday x post, Karpelès said he uploaded the 2011 Codebase of Mt. Gox to Claude, along with various data, including GitHub history, access logs and data “dumps released by” hackers.
A review from Claude AI said the 2011 codebase of Mt. Gox represents a “feature rich but critically insecure bitcoin exchange.”
“The developer (Jed McCaleb) demonstrated strong software engineering capabilities in terms of architecture and feature implementation, creating a sophisticated trading platform in just 3 months,” the review reads, adding, however, that:
“The codebase contained multiple critical security vulnerabilities that were targeted in the June 2011 hack. Security improvements made between the ownership transfer and the attack partially mitigated the impact.”
Karpelès took the reins of the Japan-based exchange in March 2011 after buying the exchange from founder and developer Jed McCaleb. The exchange then suffered a hack around three months later that saw 2,000 bitcoins (BTC) drained from the platform.
“I didn’t look at the code before hiring; it was thrown at me as soon as the contract was signed (I know now, due diligence goes a long way),” added a comment on his X post.
The post-mortem of Claude Ai of Mt. Gox
According to Claude AI, the main vulnerabilities consisted of a mix of code flaws, a lack of internal documentation, weak admin and user passwords and retained account access by previous admins after the new ownership handover.
The hack was sparked by a major data breach after Karpelès’ WordPress blog account and some of his social media accounts were compromised.
“Contributing factors include: Insecure original platform, undocumented WordPress installation, retained admin access for ‘auditing’ after ownership transfer, and a weak password for a critical admin account,” the review read.
The review also described that some pre- and post-hack changes “mitigate some attack vectors,” preventing the attack from being worse than before.
Those changes include an update to a salted hashing algorithm to provide more password protection, fixing a SQL injection hacking code in the core application, and implementing “proper locking around the fallback.”
“Salted hashing prevents mass compromise and forced individual hashing, but no hashing algorithm can protect weak passwords. Locking has prevented the more extreme outcome of tens of thousands of BTC being drained through the $0.01 withdrawal limit,” the analysis read, adding:
“This codebase was targeted in a sophisticated attack in June 2011. Security improvements were made in the 3 months since the transfer of ownership, which affected the outcome of the attack. This incident demonstrates the severity of the vulnerabilities of the original codebase and the partial effectiveness of remediation efforts.”
Related: The ghost of Mt. Gox will stop entertaining bitcoin this Halloween
While the analysis suggests AI can help shore up specific coding flaws, the core of the breach was the result of poor internal processes, weak passwords, and a critical lack of a network segment that allowed the blog breach to threaten the entire exchange.
Unfortunately, AI cannot prevent human error.
The Mt. Gox is still affecting the market a decade later
Despite being Defunct for more than a decadeMt. Gox has continued on have had an impact on the market over the past few years, as a large sum of bitcoin (BTC) was paid to creditors. While many fear this will result Selling pressure In the market, the payments did not have an apparent impact on the price of Bitcoin.
Ahead of the October 31 payment deadline later this month, the exchange is holding around 34,689 BTC.
Magazine: Mysterious Mr Nakamoto Author: Finding Satoshi will hurt Bitcoin
