Former Mt. Gox CEO Mark Karpelès might wish he could have used today's artificial intelligence technology when he sought to acquire Mt. Gox from founder Jed McCaleb in 2011.
This is because Karpelès has just input the early version of Mt. Gox's codebase into Anthropic's Claude AI. The analysis he received detailed the key vulnerabilities that led to the exchange's first major hacking incident, marking them as "extremely insecure."
In a post on X on Sunday, Karpelès stated that he uploaded the 2011 codebase of Mt. Gox to Claude, along with various data, including GitHub history, access logs, and data dumps "released" by hackers.
Claude AI's analysis indicated that the 2011 codebase of Mt. Gox represented a "feature-rich but extremely insecure Bitcoin exchange."
"The developer (Jed McCaleb) demonstrated strong software engineering capabilities in architecture and functionality implementation, creating a complex trading platform in just three months," the analysis report stated, but also added:
Karpelès took over the Japan-based Mt. Gox after acquiring the exchange from founder and developer Jed McCaleb in March 2011. The exchange was subsequently hacked about three months later, resulting in the loss of 2,000 Bitcoins (BTC) from the platform.
"I had no opportunity to review the code before taking over; the contract was signed and it was thrown at me (I know more now, due diligence is important)," he added in the comments of his X post.
According to Claude AI's analysis, key vulnerabilities included code defects, lack of internal documentation, weak administrator and user passwords, and retaining access for former administrators after the new ownership transfer.
The hack was triggered by a significant data breach following the compromise of Karpelès's WordPress blog account and some of his social media accounts.
"Contributing factors included: an insecure original platform, undocumented WordPress installations, administrator access retained for 'audit' purposes after ownership transfer, and weak passwords for key administrator accounts," the analysis report stated.
The analysis also outlined some changes made before and after the hack that "mitigated some attack vectors," preventing the attack from becoming worse than it could have been.
These changes included updates to salted hash algorithms for stronger password protection, fixing SQL injection hacker code in the main application, and implementing "appropriate withdrawal locks."
"Salted hashes prevented mass breaches and forced individual brute-force cracking, but no hash algorithm can protect weak passwords. Withdrawal locks prevented more severe consequences from thousands of BTC being stolen through a $0.01 withdrawal limit exploit," the analysis report stated, adding:
While the analysis suggests that AI could help patch specific coding flaws, the core leak was due to improper internal processes, weak passwords, and a severe lack of network segmentation, which allowed the blog leak to threaten the entire exchange.
Unfortunately, AI cannot prevent human error.
Despite being defunct for over a decade, Mt. Gox has continued to impact the market in recent years, as a large amount of Bitcoin (BTC) has been repaid to creditors, creating significant potential selling pressure on the market, although this situation has not occurred as many feared.
Before the repayment deadline on October 31 later this month, the exchange holds approximately 34,689 BTC.
Related: Iran's large private bank Ayandeh goes bankrupt, affecting 42 million customers
Original article: “Mt. Gox's security flaws cost millions—Could AI have spotted them?”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
