The Painful Maturation of the Bitcoin Exchange Market

By: David Marc
Updated: May 19, 2018

In February 2014, bitcoin’s most popular exchange Mt. Gox imploded in spectacular fashion, taking with it approximately $450 million in customer funds. CEO Mark Karpeles was quick to blame a large hack for the theft, but subsequent investigation revealed that the missing bitcoin had been stolen over the course of many years, with most bitcoins already gone mid-2013. Mt. Gox, despite its claims to the contrary, had been operating on fractional reserves since 2011. The company famously “found” 200,000 bitcoins in cold storage after the collapse, demonstrating the degree of Mt. Gox’s mismanagement and neglect.  And of course, Mt. Gox was not an isolated episode.  To cite one additional example, just two months later the exchange Flexcoin was robbed of $620,000 worth of bitcoin from its hot wallets, and was forced to close its doors.

However, it was the magnitude of the Mt. Gox disaster provided the industry a watershed moment. Until that point the bitcoin exchange marketplace was in start up phase. There was little transparency. Many operations were run by nameless individuals or groups offering little insight into financial health or solvency. There was no real cooperation with regulatory agencies. While some might pine for the pre-KYC exchange days, lack of cooperation meant there was little impetus to implement best customer protection practices. It was fragmented. Many small exchanges with various levels of security, solvency and operational efficiency did not deserve the clients they attracted.

And then Bitstamp’s hot wallets were hacked, and $5 million was stolen in January 2015. Did the industry not internalize the lessons of Mt Gox? How could it be that a top three exchange could lose such a staggering amount of customer funds? Who would be next?

And yet, Bitstamp seemed prepared to handle the breach. In the aftermath of Mt. Gox, Bitstamp had demonstrated 100% customer reserves, and kept a relatively small amount in hot wallets to ensure operational liquidity. While the heist accounted for approximately 12% of BitStamp’s overall reserves, the exchange was able to honor the losses to customers and remains a top six exchange by trading volume five months later. Moreover, Bitstamp learned from its own security failings, quickly working, together with wallet security agency Bitgo, to implement an industry-best multisig hot wallet solution in the aftermath of the hack. Had the solution been there previously, the hack would have been avoided.

Conversely, exchanges unable to keep up have disappeared, either by choice or due to dried up consumer interest. The first half of 2015 alone has seen Crypto-Trade and Melotic both fold due to the cost-prohibitive nature of security operations, while Allcrypt and Cryptoine closed down after minor security breaches. These exchanges were all marginal within the bitcoin marketplace, but their closures point to decreasing fragmentation within the market.

The influx of capital into the bitcoin industry has offered a lifeline to a few struggling exchanges that, while proving ill-equipped to deal with the myriad of security risks, have value in terms of player databases and product technology. Chinese exchange BTER suffered two hacks, one for $1.65 million the other for $1.75 million, within a six month period. While initially planning to liquidate holdings to pay back customers, the exchange was bailed out by security firm Jua, who took over responsibility for the platform’s cold wallet security while offering a 100,000 interest-free bitcoin loan used to maintain solvency and pay back users.

Canada’s first Bitcoin exchange Cavirtex made the decision in February 2015 to close its doors due to an inability to cope with a sustained hacking threat. Customer funds, while safe, could not be guaranteed to remain so, and arrangements were made to facilitate withdrawals on all deposits by March 25th. However, New York-based exchange Coinsetter negotiated the purchase of Cavirtex in early April, implementing a number of security protocols that allowed the resumption of trading.

Early stage market consolidation

We would argue that these painful and public implosions have served to increase the velocity with which the exchange market is consolidating, a process characteristic of most early-stage industries, but comparatively fast-paced in bitcoin. Weak exchanges are disappearing, mergers and acquisitions are bolstering fledgling but innovative products, and the larger exchanges are using a massive influx in venture capital – alongside perhaps the most talented cadre of motivated developers ever gathered behind one project since the rise of the internet – to address a heretofore fundamental weakness in the market, security.

And the solutions being deployed have implications for internet security in general. The multisignature hot wallet solutions and offline cold storage hardware that have or are being deployed by many of the exchanges will most likely be utilized outside of the bitcoin market. Indeed, the carbanak malware, which resulted in approximately $1 billion dollars in stolen online banking funds, would most likely have been prevented if multisig technology was being used. It is no coincidence that mainstream insurance providers now feel safe enough to insure, for instance, Coinbase, Gemini, and Xapo. This is an impressive stamp of approval for an industry that has been painted as woefully inefficient in protecting consumer funds.

We anticipate that as the industry further consolidates behind reputable exchanges and wallet security features deploy more widely, exchange heists will become much rarer and insurance coverage will expand amongst reputable exchanges. This is a crucial step for assuaging the concerns of non-early adopters scared off by the headline grabbing heists that have been so common in the industry. Additionally, increased security will have great impact on the value of bitcoin, whose price has proven extremely sensitive to security events.

Mt. Gox destroyed the lives and livelihoods of many of its clients, but perhaps some good has been salvaged from the debacle if it has served to speed up market consolidation and bitcoin’s maturation process.