On October 20, 2014, cryptocurrency exchange mcxNOW announced that it had lost 350 million Dogecoins, worth about $85,000 today. According to the website, the reason was a “small delay in updating DOGE 1.7 to DOGE 1.8”. This appears to be an understatement, given that Dogecoin 1.8 was released already two months ago.
During this update the Dogecoin blockchain forked to make enable merged mining with Litecoin. A blockchain is public ledger built on “blocks” of transactions. The Dogecoin blockchain adds a new completed block about every minute, which happens in a chronological order with every new block containing a hash of the previous block. In traditional terms, it is like a full history of banking transactions. When a blockchain forks it means that the transaction log is split in two, hence the name. Clients will always accept the longest valid chain, meaning there can only be one. The length of a chain is determined by the sum of the difficulty on its blocks, being the side that has the majority of the network’s computational power on it. The majority of the Dogecoin network switched to version 1.8, leaving those that did not update on an invalid chain. Nevertheless, these invalid coins were still accepted by mcxNOW, as they did not update and allowed the coins to be traded against valid Bitcoins. It is the equivalent of trading $85,000 against thin air, resulting in a loss for the exchange.
It is obviously a painful mistake for mcxNOW, which blames the Dogecoin developers for not informing them of the update. At the same time, the Dogecoin developers claim they have contacted any involved party including mcxNOW. Whatever the case, mcxNOW clearly failed one of the general security best practices to rapidly deploy the latest updates to its operating systems. When controlling almost $4 million in user funds it makes little sense to rely on external sources for optimal security quality. It also raises concerns on the security quality of other coins, as these could obviously be at risk as well if the security policy is not sufficiently set up or enforced.
Currently about 7.5M DOGE has been donated by users and mcxNOW, still leaving about 343M DOGE unaccounted. This means roughly 15% of DOGE users hold here is valid on the 1.8 network. An exact number for the “haircut” will be given in the next day or so but it’s obviously going to have to be drastic so that balances here match the real balances.
If only 15 percent of the Dogecoin deposits are valid, the math is pretty simply as a haircut would amount to the number of invalid coins or 85 percent of all Dogecoin deposits. Alternatively, mcxNOW could apply a little over a two percent haircut to all other cryptocurrency deposits to compensate Dogecoin deposits. In the former case, a single Dogecoin traded at mcxNOW would only be worth 15 percent of a valid coin. It should thus be no surprise that Dogecoin buyers at the exchange are placing their bids 35 percent below the current market rate of 70 Satoshi. With the haircut still to be implemented, this still seems relatively high given the announcement that explicitly focused on Dogecoin deposits.
In any case, the exchange does not seem to be willing to pay for their own mistake. As a cryptocurrency exchange without fiat markets it operates outside of any legal framework, so it leaves users at the mercy of mcxNOW’s decision. Surprisingly, the exchange seems to be proud of this fact given that it markets itself as the “digital equivalent of a swiss bank account” in its terms. Users should be aware that if little compliance is demanded from an exchange this typically translates to low compliance standards, including security policies, resulting in increased risks of a loss of deposited funds.