Mt. Gox’s Ex-CEO Uses Claude AI to Uncover 2011 Code Flaws That Led to Exchange Hack

Quick Breakdown 

• Mark Karpelès used Claude AI to analyze Mt. Gox’s 2011 code, uncovering major security flaws.
• The AI blamed weak passwords, retained admin access, and a lack of segmentation for the hack.
• Mt. Gox still holds over 34,000 BTC as creditor repayments continue with minimal market impact.

Karpelès revisits Mt. Gox code with AI

Former Mt. Gox CEO Mark Karpelès has revisited the early days of the ill-fated crypto exchange—this time with the help of artificial intelligence. In a recent X post , Karpelès revealed that he fed the 2011 Mt. Gox codebase into Anthropic’s Claude AI for an in-depth review. The AI’s verdict was clear: the Bitcoin exchange was “feature-rich but critically insecure.”

So I tried feeding MtGox’s 2011 codebase and various data (git history, access logs, dumps released by hacker, etc) to @AnthropicAI ‘s Claude, and let it analyze its way through all the stuff.

The result:

— Mark Karpelès (@MagicalTux) October 26, 2025

Karpelès, who bought the exchange from its founder, Jed McCale,b in March 2011, admitted he never had the chance to review the code before finalizing the purchase. Just three months later, the platform suffered a hack that drained around 2,000 Bitcoin, worth over $232 million at today’s prices.

AI exposes Mt. Gox’s core vulnerabilities

Claude AI’s post-mortem analysis described Mt. Gox’s original code as technically impressive but dangerously fragile. It pointed to a combination of issues, including unpatched code flaws, weak passwords, poor documentation, and lingering admin access even after ownership changed hands.

The AI linked the June 2011 hack to a chain reaction triggered by the compromise of Karpelès’ WordPress blog and social media accounts. It found that the lack of network segmentation allowed a single breach to threaten the entire exchange.

Among the vulnerabilities, Claude highlighted the retained admin access from prior ownership, weak passwords on critical accounts and poorly secured WordPress installations

However, it also noted that Karpelès’ security improvements, such as implementing salted hashing for password protection and fixing SQL injection flaws, prevented a far more devastating outcome.

Human error still the weakest link

While the AI audit revealed technical loopholes, it ultimately concluded that human missteps—weak security practices and lax operational processes—were the real culprits. The incident, according to Claude, underscored how early crypto exchanges lacked the cybersecurity frameworks now standard in the industry.

Over a decade after its collapse, Mt. Gox continues to influence the Bitcoin market. The defunct exchange still holds roughly 34,689 BTC as part of creditor repayments, due by October 31. Despite concerns of sell-offs, these repayments have so far had little effect on Bitcoin’s price, which remains steady around $116,045.