The Tangled Tale of Mt. Gox's Missing Millions

jfruh writes "What went wrong to produce the spectacular implosion of bitcoin repository Mt. Gox? Well, according to some preliminary investigation from the IDG News Service, pretty much everything. There was a lack of management oversight and 'culture,' the code running the site was a mess, and the CEO seemed more concerned about his plans for a 'Bitcoin cafe' than he was about his Japanese bank closing the company's account."

"Sight"? On slashdot?

[mikael_j]

Really?

Re:"Sight"? On slashdot?

[Jeslijar]

Slashdot has turned into a great web sight

Re:"Sight"? On slashdot?

Eye have a spelling chequer,
It came with my Pea Sea.
It plane lee marks four my revue
Miss Steaks I can knot sea.

Eye strike the quays and type a whirred
And weight four it two say
Weather eye am write oar wrong
It tells me straight a weigh.

Eye ran this poem threw it,
Your shore real glad two no.
Its vary polished in its weigh.
My chequer tolled me sew.

A chequer is a bless thing,
It freeze yew lodes of thyme.
It helps me right all stiles of righting,
And aides me when eye rime.

Each frays come posed up on my screen
Eye trussed too bee a joule.
The chequer pours o'er every word
Two cheque sum spelling rule.

Re:"Sight"? On slashdot?

[WallaceAndGromit]

You have great incite.

Re:"Sight"? On slashdot?

[Opyros]

Also, it isn't "Mt. Gox". It's "Magic, the Gathering online exchange".

The Sight?

Oh, my soar eyes.

Shouldn't it be understood...

[TWX]

...that all scrip currencies are going to find themselves subject to attack from all sides? Wasn't it obvious that governments are going to have a problem with it due to a lack of ability to regulate/tax, banking systems are going to have a problem with it due to their not having a role in something that could be lucrative, and criminals are going to be interested in exploiting the lack of government oversight in order to either profit through its use or through outright theft?

A coworker previously had sang the praises of Bitcoin, but it sounded like he was approaching it from a stock market speculation angle, as in the more it grows the more he was interested. This wasn't long before it started making the news big-time, and like all bubbles, once everyone is involved it usually means that it's time to get out. And also like other bubbles, it has started experiencing the bursting that kills value.

Bitcoin is interesting, but for something so libertarian requires way too much third-party interaction in order to practically use it, and those third-party gatekeepers are the perfect targets.

Re:Shouldn't it be understood...

[gmuslera]

And if you don't want to rely in third-party gatekeepers, how most people will use it? In your phone? in your (for the majority, windows) pc? You can't use gatekeepers because a lot got hacked or just run with the coins, and you can't have them yourself because the most used platforms are ripe for external exploit, either making the user do something or just making popular good looking trojans.

And if that insecurity is not enough, having over that government sponsored weakened encryption algorythms and mandated backdoors don't help a lot.

We are still not ready for a distributed digital money in those terms.

Re:Shouldn't it be understood...

[zippthorne]

Wasn't it obvious that governments are going to have a problem with it due to a lack of ability to regulate/tax,

No, just the opposite in fact, because of the block chain. It's clearly more trackable than regular money. Governments might oppose it, but not for this reason.

banking systems are going to have a problem with it due to their not having a role in something that could be lucrative

Yes, this is obvious. The problem with bitcoin for banks is that inflation is mathematically defined - they can't just print more on a whim, they have to actually do something to generate more.

I imagine it is possible that a bank-designed crypto currency could have properties that are favorable to the banks in this way, but I think those might have a hard time gaining adoption. We've already got a currency that robs its holder of 2% of its value every year by design, why would we need another?

criminals are going to be interested in exploiting the lack of government oversight in order to either profit through its use or through outright theft?

Did you not already mention bankers? Non-banker criminals who are wise will stay well away from anything that has a list of all transactions ever associated to it by design. I think that we probably want criminals to choose crypto currency because they will be easier to prosecute!

Wise criminals probably just go into banking.

There doing they're best!

The editors have a ruff job. Them have two get those articles up in time for us too sea abd meat there quota. Working four Dice must bee really hard considering that there job cold be sent oversees at anytime!

Bit coin is highly misunderstood by many

[140Mandak262Jamuna]

Most people think bitcoin is an anonymous digital cash, totally untraceable. But the basic fact is, bitcoin is the very opposite of anonymity. All the transactions of all the people are public and is verified by multiple entities. Bit coin blocks are like pages of a bank ledgers and multiple copies of are floating around the world, copied and replicated.

The only anonymity the users have is the notion, these bitcoin wallets exist only in the bitcoin universe and it can not be linked to real life entities. This is a big assumption to make. Whenever bitcoin universe intersects real universe there is potential for the anonymity to be broken. A vendor delivering goods maintaining records like "bitcoin wallet xxx placed order for yyy delivered to address zzz" will link the wallets to real identities and clues.

I thought "These blocks go well into the past, so people who have conducted illicit transactions in the past also have their wallets linked to the transactions. These can not be erased or modified. Multiple copies of the blocks exist. So the law enforcement can catch them years from now". More informed slashdotters explained that those "expired" blocks have been purged from most miners. Only their final checksums were carried forward. So past transactions to buy drugs or something can not be decrypted.

But NSA and other agencies have been sucking up internet traffic like a giant vacuum. They know more about the value of the blocks being validated (Mining is a misleading term. Mining is repeatedly validating the block till the checksum meets a criterion). Those blocks exist in the vault.

So yes, every time a drug dealer or a hired assassin gets nabbed and his/her bitcoin wallet gets decoded, all the wallets that dealt with him will be recovered. The web will grow. There is potential for a very large number of people to be caught by the law years after their "illegal" activity happened. If it is a time bound offense they might be lucky. But there is no statuette of limitation for murder and other higher felonies. Bitcoin blocks might turn out to be a huge law enforcement tool after all.

But most likely to catch illegal downloads than drug dealing, given the tenacity and connections of MPAA and RIAA.

I have no more sympathy for anyone

[oscrivellodds]

who has lost real money by "investing" in Bitcoins than I have for anyone who lost real money by "investing" in beany babies. Like my momma always told me, "stupid is as stupid does".

Re:Get your popcorn ready!

[arth1]

Bitcoin can't and won't survive without regulation, and all (most) countries have said they won't, so... Many a fool and his money shall soon part. ; ) it'll be interesting to watch. 500 million dollars go missing, and the funny thing is governments don't really seem to care that anti-government investors lost their ass. LOL

What's important to realize is that the dollars won't go missing. They're still around - they have just changed hands. And that seems to be the real purpose of Bitcoin - have real money change hand, and mostly to the early adopters and those who get out in time.

In itself, bitcoins have no value. The only value comes from what other values people exchange bitcoins for. It's a parasite economy that depends on non-bitcoin money for backing.

And it's irrelevant. Can we forget it soon, like we've forgotten other ponzi/pyramid/tulip schemes? It's not worth mentioning - let fools and crooks shift real money around between themselves. The losers will deserve it, and while the winners don't, they're not worth losing sleep over.

Total lack of controls

[Animats]

The main problem with Mt. Gox was not that the code was a mess. It was a lack of basic financial controls. Mt. Gox lacked a chief financial officer, a controller, inside auditors, outside auditors, a board of directors, an audit committee, and a compliance officer. Yet they were doing a billion dollars of transactions a year. It's not even clear that they have a general ledger listing all transactions. Lack of financial controls is usually considered an indicator of fraud. I've been making this point on bitcointalk for the last year. None of the "Bitcoin exchanges" have proper financial controls. None have an outside auditor and published audits. Yet they're handling far too much money to operate that way.

As for "The National Police Agency seems to lack the ability to analyze the bitcoin trading history of Mt. Gox", that seems to be correct. One would think that the Japanese National Police Agency would have a cyber-crime division, but they don't. In 2013, they were trying to beef up their capabilities in the computer area. This is embarassing for a developed country. Today, any sizable financial mess involves computers, and Tokyo is a major financial center. Untangling any business collapse requires computer forensics and forensic accountants.

The Tokyo police have a backup option - putting Mark Karpeles through one of their standard 23-day interrogation sessions. That's probably going to happen at some point.

Mt. Gox didn't have that high a transaction rate. They only did two or three money transactions a minute on average. They had a lot of traffic from people querying their site for market info, but that's all read-only traffic, and they had nginx and Amazon AWS to help with that.

Their use of PHP wasn't the real problem. From the leaked code, a big part of the problem seems to have been that the front-end system that talked to web users also handled the money. Banks have a separation between the front-end web system and the money system, with standard-format transaction items flowing between them. All those transaction items are logged, often by a third system that just does logging. This allows auditing. It's separation of function that's important, not the language. As far as anyone can tell, Mt. Gox had nobody on staff who understood this.

This all screams "inside job". If you're running a business that handles a lot of money and you lack financial controls, you're scared that someone will rip you off. Unless you're the one doing the ripping off.

Also with a phone size is an issue

[Sycraft-fu]

The blockchain is currently about 15GB, and grows every time there's a transaction. That's a problem. Most phones don't have 15GB of free space. You'd have to get an SD card, just to hold it and that is only a temporary solution, since it'll keep growing.

Also this would be a real problem if BTC was actually used like a major currency and not just played with by speculators as the number of transactions would be orders of magnitude higher, and thus so would the growth.

So it would be totally unrealistic to just store it on mobile devices, which is something you'd probably want to do if you were going to use it as a general purpose kind of payment system, security issues aside and those are not minor.