Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Allege Mt. Gox Still Controls "Stolen" Bitcoins

Posted by timothy on from the other-side-of-anonymity dept.

The Verge reports that "Tokyo-based Bitcoin exchange Mt. Gox lost $400 million worth of bitcoins in February. Its management said the amount was stolen after hackers exploited a transaction bug to divert the funds, but some of Mt. Gox's users are not so sure, suggesting instead that the exchange's owners pocketed the cash. Now, facing silence from those owners about the fate of the money and the methods by which 6 percent of all of the Bitcoin in the world could have been stolen, a group of hackers claims it has broken into the bankrupted Bitcoin exchange's network to get answers. ... Forbes reports that the group gained access to the personal blog and Reddit account of Mark Karpeles, Mt. Gox's CEO. The hackers used the platforms to post a message that claimed Karpeles still had access to some of the bitcoins that he'd reported stolen. In support of the claim, they uploaded a series of files that included a spreadsheet of more than a million trades, Karpeles' home addresses, and a screenshot purportedly confirming the hackers' access to the data." (The Forbes article on which the Verge report is based.)

6 of 228 comments (clear)

  1. Anonymous cryptocurrency, who to trust? by Rick+in+China · · Score: 4, Interesting

    Given how easily it would be to get away with the theft of anonymous cryptocurrency, I am surprised there aren't far more 'hacks' where exchanges rob all they can from their customers then close up shop. I know it has happened in China on much smaller scales, and I'm sure it will happen many more times, the question is who can you possibly trust with something that can be so easily disappeared.

    1. Re:Anonymous cryptocurrency, who to trust? by gox · · Score: 4, Interesting

      the question is who can you possibly trust with something that can be so easily disappeared.

      The answer is to never assign trust in a single point. That's the whole reason Bitcoin was designed for, and these thefts really show how backwards we are with regards to the technology we have.

      Surprisingly few people actually know this, but Bitcoin addresses are actually little programs that calculate the required criteria to move money out of the "address". It's purposefully Turing incomplete. The simplest defense against malevolent or incompetent parties is to require multiple signatory entities. For instance, one could be the deposit institution itself, another party for dispute resolution (e.g. a lawyer), and finally the customer. You can require only two of three signatures to move the amount so that the customer can extract the money with the help of the arbiter even if the deposit institution disappears.

      Other, more sophisticated solutions are also possible, and some of the businesses themselves can even become transparently automated. However, it seems like it won't be that easy to get there, even though the crucial technology is already available.

    2. Re:Anonymous cryptocurrency, who to trust? by Gunboat_Diplomat · · Score: 4, Interesting
      Nearly 150 Breeds Of Bitcoin-Stealing Malware In The Wild, Researchers Say
      .

      From the article:

      "To steal the coins of users who encrypt their private keys with passwords, many of the Bitcoin stealing programs also included keyloggers designed to eavesdrop on users’ typing. Even more tricky are malware types that wait for users to copy a Bitcoin address they want to send bitcoins to into their clipboard. When the user tries to paste the address, the malware replaces it with a different string, irreversibly sending the currency to the malware operator’s wallet. That last method never sends data to a remote server, so it can be much harder to detect, SecureWorks’ researchers say. In fact, they tested a range of antivirus scanners on their malware samples and found that roughly 50% went unnoticed."

  2. The article is full of errors by pantaril · · Score: 4, Interesting

    The reporter probably doesn't understand what's going on at all.

    1) the leaked data contains not only the mt.gox DB dump (which seems to be legit) but also the TibanneBackOffice.exe binary which is actualy malware which steals bitcoin wallets. So i wouldn't trust the hackers at all, they are scammers. See http://www.reddit.com/r/Bitcoi... for more details.
    2) The article/the hackers claim that the mt.gox database dump shows that mt.gox should be in control of over 900k bitcoins and that it is an evidence that mt.gox is lying. Well it is evidence that the article/hackers don't understand anything. From the start, mt.gox is saying that because of a transaction malevability bug, their ballances in DB and their balances on their actual accounts were ouf of sync. This is the reason they didn't notice sooner. Their DB was showing everything was ok but in reality, their money was silently siphoned out of their accounts.
    3) Karpeles (mt.gox owner) is probably staing silent because his lawayers told him so. Nothing unusual here.

  3. Sitting on a stack of traceable coins by Alarash · · Score: 5, Interesting

    There's something I don't understand. If they 'stole' the coins, they can't really trade them can they? Anyone I mean. As I understand every single transaction is tracked, so you can't really spend them without people knowing so right? Ok so you can hide your identity and whatnot, but wouldn't people know the instant these BTC are back on the market?

  4. Re:Stills seems like it has to be an inside job by rmdingler · · Score: 4, Interesting
    Interesting. Missing 1/1000th of the annual billion+ transactions every quarter can be found by a manual audit , but not detected by programmed oversight?

    Wait, it's those damn programmers, huh?

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway