Slashdot Mirror
The Tangled Tale of Mt. Gox's Missing Millions
jfruh writes "What went wrong to produce the spectacular implosion of bitcoin repository Mt. Gox? Well, according to some preliminary investigation from the IDG News Service, pretty much everything. There was a lack of management oversight and 'culture,' the code running the site was a mess, and the CEO seemed more concerned about his plans for a 'Bitcoin cafe' than he was about his Japanese bank closing the company's account."
Really?
Greylisting is to SMTP as NAT is to IPv4
Stop relying on your spelchekker, people. It's like everyone sees your lips moving while you read.
Oh, my soar eyes.
...that all scrip currencies are going to find themselves subject to attack from all sides? Wasn't it obvious that governments are going to have a problem with it due to a lack of ability to regulate/tax, banking systems are going to have a problem with it due to their not having a role in something that could be lucrative, and criminals are going to be interested in exploiting the lack of government oversight in order to either profit through its use or through outright theft?
A coworker previously had sang the praises of Bitcoin, but it sounded like he was approaching it from a stock market speculation angle, as in the more it grows the more he was interested. This wasn't long before it started making the news big-time, and like all bubbles, once everyone is involved it usually means that it's time to get out. And also like other bubbles, it has started experiencing the bursting that kills value.
Bitcoin is interesting, but for something so libertarian requires way too much third-party interaction in order to practically use it, and those third-party gatekeepers are the perfect targets.
Do not look into laser with remaining eye.
On "INVISO-POWER"...
The editors have a ruff job. Them have two get those articles up in time for us too sea abd meat there quota. Working four Dice must bee really hard considering that there job cold be sent oversees at anytime!
the code running the sight was a mess,
is particularly irritating.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I believe it was the Medici family which first documented the need for bank regulation in the 1500s, although it is possible that other civilizations with extensive merchant activity may have realized that earlier but not left records. Bank and banking system failures in the 1600s, 1700s, 1800s, and early 1900s led all nations with large merchant, industrial, and financial economies to pass and implement banking regulation, oversight, and auditing requirements.
Bitcoin? "Freedom!"
sPh
Presiding over it all was CEO Mark Karpeles, who uses the online moniker MagicalTux. The attendant image of Karpeles as a stage magician may now inflame Mt. Gox customers who suspect their losses are due to sleight of hand, not sloppiness or outside thieves.
I make exchange sight .... .. POOF .. it's all gone ..
I get beetcoin
I get more beetcoin
I get some more beetcoin
some more
and
Thank you come again
Bitcoin can't and won't survive without regulation, and all (most) countries have said they won't, so... Many a fool and his money shall soon part. ; ) it'll be interesting to watch. 500 million dollars go missing, and the funny thing is governments don't really seem to care that anti-government investors lost their ass. LOL
Does anyone else find it ironic that THIS messed up sight is posting an article about another messed up sight?
Timothy, you're not literate. Don't be hypocritical. Yeah, Mt. Gox was screwed up. So is Slashdot. And /. beta. And you.
The only anonymity the users have is the notion, these bitcoin wallets exist only in the bitcoin universe and it can not be linked to real life entities. This is a big assumption to make. Whenever bitcoin universe intersects real universe there is potential for the anonymity to be broken. A vendor delivering goods maintaining records like "bitcoin wallet xxx placed order for yyy delivered to address zzz" will link the wallets to real identities and clues.
I thought "These blocks go well into the past, so people who have conducted illicit transactions in the past also have their wallets linked to the transactions. These can not be erased or modified. Multiple copies of the blocks exist. So the law enforcement can catch them years from now". More informed slashdotters explained that those "expired" blocks have been purged from most miners. Only their final checksums were carried forward. So past transactions to buy drugs or something can not be decrypted.
But NSA and other agencies have been sucking up internet traffic like a giant vacuum. They know more about the value of the blocks being validated (Mining is a misleading term. Mining is repeatedly validating the block till the checksum meets a criterion). Those blocks exist in the vault.
So yes, every time a drug dealer or a hired assassin gets nabbed and his/her bitcoin wallet gets decoded, all the wallets that dealt with him will be recovered. The web will grow. There is potential for a very large number of people to be caught by the law years after their "illegal" activity happened. If it is a time bound offense they might be lucky. But there is no statuette of limitation for murder and other higher felonies. Bitcoin blocks might turn out to be a huge law enforcement tool after all.
But most likely to catch illegal downloads than drug dealing, given the tenacity and connections of MPAA and RIAA.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
who has lost real money by "investing" in Bitcoins than I have for anyone who lost real money by "investing" in beany babies. Like my momma always told me, "stupid is as stupid does".
Mt. Gox was run by a drug-addled manchild. How is this outcome surprising at all?
The drug culture is fundamentally incompatible with responsible adult life, and especially banking. Just look at what our coke-addled bankers did in the US! Nothing new here..
Buy all you can. :)
The only thing that cannot be fudged is that we cannot make. Gold keeps it's spending power over long stretches of time.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Turns out those evil corporate bankers with their evil statist money turn out to have some useful skills. Like, they know how to prevent the theft of a good chunk of all the money in their world. Apparently it involves boring stuff like spreadsheets and regulations and corporate hierarchy rather than algorithms, so that's kind of a drag, but so it goes.
Trick question. There are no missing "millions", because BTC is a completely artificial construct with no actual value.
The only "millions" that came out of BTC is all the extra revenue hardware manufacturers came up with with everyone decided to buy half a dozen video cards to cram into their PC for mining.
"Tokyo police are now scratching their heads. "The National Police Agency seems to lack the ability to analyze the bitcoin trading history of Mt. Gox," a government official told a source probing the investigation."
that's not a bug, it a feature.
never bring a twinkie to a food fight.
Hey, what a coincidence! My company is doing poorly because it's run by incompetent idiots too! Small world, huh?
Now, I'm reasonably technologically proficient, but I couldn't ever wrap my head around it. So, there's this virtual currency that can be "mined"? What exactly is being mined? Cryptographic calculations? What gives it its value? Simply that it's a new calculation? It all seems like trying to making something out if nothing, which inevitably ends up being nothing.
The value of real money is in being a by-currency for minerals and materials with actual, practical utility. Where is the practical utility for bitcoin?
around July 2013, Bitcoin entrepreneur Roger Ver visited Mt. Gox's Tokyo headquarters. He published a video saying he believed the company's withdrawal problems were caused by the "traditional banking system, not because of a lack of liquidity at Mt. Gox."...
In an email interview last week, Ver recalled his meeting with Mt. Gox: "I watched him [Karpeles] log into his online bank account in real time and saw the balances with my own eyes. They had a huge amount of U.S. dollar liquidity at that time."
Yea, that's how a CPA would conduct an audit. No chance of anything sketchy going on with that kind of oversight.
"Spaghetti code" is what developers say when they're confronted by code that exceeds their capacity to understand complexity.
Idiots.
01/01/01
The main problem with Mt. Gox was not that the code was a mess. It was a lack of basic financial controls. Mt. Gox lacked a chief financial officer, a controller, inside auditors, outside auditors, a board of directors, an audit committee, and a compliance officer. Yet they were doing a billion dollars of transactions a year. It's not even clear that they have a general ledger listing all transactions. Lack of financial controls is usually considered an indicator of fraud. I've been making this point on bitcointalk for the last year. None of the "Bitcoin exchanges" have proper financial controls. None have an outside auditor and published audits. Yet they're handling far too much money to operate that way.
As for "The National Police Agency seems to lack the ability to analyze the bitcoin trading history of Mt. Gox", that seems to be correct. One would think that the Japanese National Police Agency would have a cyber-crime division, but they don't. In 2013, they were trying to beef up their capabilities in the computer area. This is embarassing for a developed country. Today, any sizable financial mess involves computers, and Tokyo is a major financial center. Untangling any business collapse requires computer forensics and forensic accountants.
The Tokyo police have a backup option - putting Mark Karpeles through one of their standard 23-day interrogation sessions. That's probably going to happen at some point.
Mt. Gox didn't have that high a transaction rate. They only did two or three money transactions a minute on average. They had a lot of traffic from people querying their site for market info, but that's all read-only traffic, and they had nginx and Amazon AWS to help with that.
Their use of PHP wasn't the real problem. From the leaked code, a big part of the problem seems to have been that the front-end system that talked to web users also handled the money. Banks have a separation between the front-end web system and the money system, with standard-format transaction items flowing between them. All those transaction items are logged, often by a third system that just does logging. This allows auditing. It's separation of function that's important, not the language. As far as anyone can tell, Mt. Gox had nobody on staff who understood this.
This all screams "inside job". If you're running a business that handles a lot of money and you lack financial controls, you're scared that someone will rip you off. Unless you're the one doing the ripping off.
That is quite a good description of spaghetti code. However, there comes a point where complexity exceeds the ability to test and validate.
Having seen the Mt Gox source code, I can verify that spaghetti is quite a good description:
Everything from web rendering, to trade matching, to wallet management, support, database management in a single class
Multi-thousand line procedures which perform complex disparate operations requiring dynamic SQL generation, string processing, input validation, business logic, wallet management, etc. and which might contain over 100 branches and a dozen function exit points
Switch statements that approach 500 lines in length
Large chunks of code commented out as a method of version control
I do not do bitcoin, i have neither the bandwidth to waste or the gpu hardware to mine and also not run microsoft windows that seems to scream btc fan.
I do need bitcoin not much per year (under 100 dolars) , and so tried to open an account with mtgox.
I got the governental forms [months pass], that got me a updated drivers license and passport and submitted them to magic the gathering exchange to verify my id. but I kept getting rejected. I had no value in the account.
So three months after i start this and still getting nowhere with the identity verification i email them and say please cancel the account.
Oddly that means approve in magic speak.
Somehow that concerns me and this was last year so i do not anything with this thing, and spend some time getting an independent wallet which takes a couple of months to download. Then mtgox go bankrupt.
I have a btc wallet, it has no money in it, and i have not spent money to do anything with bitcoin so far.
Maybe i got lost in translation but i am glad i never had any further dealings with mtgox
The blockchain is currently about 15GB, and grows every time there's a transaction. That's a problem. Most phones don't have 15GB of free space. You'd have to get an SD card, just to hold it and that is only a temporary solution, since it'll keep growing.
Also this would be a real problem if BTC was actually used like a major currency and not just played with by speculators as the number of transactions would be orders of magnitude higher, and thus so would the growth.
So it would be totally unrealistic to just store it on mobile devices, which is something you'd probably want to do if you were going to use it as a general purpose kind of payment system, security issues aside and those are not minor.
I hate the notion that one would need a chief financial officer, a controller, inside auditors, outside auditors, a board of directors, an audit committee, and a compliance officer. Having any of those wastes would not have made any difference whatsoever to the current outcome of bitcoin. I'm so proud of those guys for not going that route.
All of those positions are a bunch of useless parasites who bring absolutely no talent to the table and suck any free flowing capital right into their own salaries and stock options.
If you are reading this and are one of those said positions in real life, then I suggest you get a rope and hang yourself. Engineers have no respect for you, as you've never conceived one original thought of value in your entire existence. All you are to the world are useless top feeders who contribute nothing of value at all to a company or society.
Glad we cleared that all up.
I think he robed himself (in other words his customers). I am not buying the incompetence claim. Did you guys know it was MtGox that reported the malleability bug?
Spelling isn't their strong point. Nor is grammar.
Probably 50% of Americans who post online write 'more THEN' or even 'more THAT' instead of 'more THAN'.
They also commonly write 'women' instead of 'woman', how stupid do you have to be to do that?
They also commonly write 'an' instead of 'a'.
America is almost lost, and the stupidity of most of its inhabitants is now evident for all to see.
what the FFFFF didnt this bets crap die already??
It's elaborate window dressing and sexy crypto bait for geeks to hide the underlying ponzi scheme.
If you can understand it enough to ask such questions as those above then you are not the sucker they are looking for.
I'm wearing beer goggles but look; like anything, the only way you will ever get it 'accepted' is to use it. Once it becomes ubiquitous it's hardly as profitable as it was in the beginning. That is the reward the early adopters get for taking a risk on something better. I've never just used it as an investment instrument I just like it as currency. Fuck it's hard to type buzzed.
Nothing went wrong.
Half a BILLION dollars went "missing" because it was SUPPOSED to eventually go missing.
Nothing went wrong. A handful of people got extraordinarily wealthy and uncounted idiots who chose to put their money into an unaccountable source run by anonymous strangers with no track record of prior legitimacy or accountability - went bust.
Bitcoin is like online poker but for more "intelligent" users (not enough hand-quotes in the world ...) - seriously what could possibly go wrong?
>. All the transactions of all the people are public and is verified by multiple entities
Oh really? So you know *all* the principle entities of Mt. Gox? You know just where they were storing/investing that HALF A BILLION DOLLARS ? You know the names of the independent accounting agency that oversaw that HALF A BILLION DOLLARS ?
You know none of that and very little else.
Why who ever would have thought that when you give have a f!@kig BILLION dollars to a more than less anonymous source(s) by anonymous means and with no oversight - why who every would have thought that maybe - just maybe - someone would be tempted to just walk the hell away with Half a BILLION??
You know who didn't think that way? Some chump wanna-be geeks with too much disposable income and too little common sense.
----- In Your Cubicle No One Can Hear You Scream...
For those who need an overview of the rise and fall of Mt Gox, I made a handy timeline
The supposed nicety of BitCoin is Decentralization. There is no central directory which keeps records. The Block chain is distributed.
But as we have seen, BitCoin does not properly scale. In effect, the traditional Bank principle (one institution managing records) has so far triumped over the BitCoin idea.
MtGox was trying to be a bank and (allegedly !) got bankrobbed. But why did we need the MtGox Bank in the first place.
Guys, here is the challenge: develop a massively scalable Crypto Currency. Post via TOR, sign using GNUpg to protect yourself.
It was an audacious scheme on top of a pyramid scheme, and it worked.
Really? Please sight your sources for that claim.
If you can't tell the difference it's your problem.
However it's very clear that you are just spinning a tale to bring in the marks instead of not actually being able to see the very large number of differences that you'd know of just growing up in a western society.
This lying bullshit of yours is tedious.
You are clearly pretending to be too stupid to be able to tell the difference - then calling others stupid who don't fall for your bluff.
To make it worse you are trying to pretend that you haven't written the comments you have.
If I want to hear "just try it you'll like it" stuff from slimy pieces of shit I can visit a prison and ask a drug dealer to let me hear his spiel.
To make it worse you are trying to pretend that you haven't written the comments you have.
Hmmm... still can't cite any actual words of mine to support your allegations, I see. We know from your past comments that you know how to quote. Cut and paste keys broken? LOL
it's very clear that you are just spinning a tale to bring in the marks . . . "just try it you'll like it"
And here, as unlikely as it might seem, your shrill irrationality reaches a whole new level. I've not breathed even a suggestion that you or anyone else should try BitCoin, and you can point to none. But you knew that -- it's clear now that you're just frothing at the mouth for reasons that even you may not understand.
Here's the bottom line, my friend: after reading through a number of your past comments, it's abundantly clear that (1) you despise BitCoin with a passion; (2) you can't present a cogent argument why you do (hint: "look at the definition of Ponzi scheme and look at BitCoin -- DERP" isn't a cogent argument); and (3) when asked to justify your rhetoric, you lash out at the questioner on a personal level and declare them to be part of the conspiracy you imagine to exist.
Given that you're doing exactly the same thing here, it's clear there's no productive discussion to be had (and shame on me, perhaps, for not realizing that from your very first post in this thread, where you broke into the middle of a discussion that didn't involve you and lobbed out one of your classic one-line insults). I think we'll both best be served by you getting back to counting black helicopters and finding another target for your rants. Please do have as good of a life as your angry, irrational, conspiratorial life perspective will allow.
The time to be polite about bitcoin stopped when the perpetrators started actively targeting people on this site for their scam a couple of years ago. Other reasons can now be found even in mainstream newspapers. So do I really need to put up a polite 5000 word essay in every bitcoin thread to gently point out what should be incredibly fucking obvious by now - and if I did would anyone pay attention?
I think not, it's time to be blunt and use crowbars to get between these scum and their potential victims.