- Spitfire List - http://spitfirelist.com -

FTR #785 Bit[coin]burg, Part 4: Fool’s Gold, Part 2

 Dave Emory’s entire life­time of work is avail­able on a flash drive that can be obtained here. [1] (The flash drive includes the anti-fascist books avail­able on this site.)

Listen: MP3

Side 1 [2]  Side 2 [3]

[4]Introduction: The fourth of our programs about Bitcoin, this broadcast further documents the predictable chaos and malfeasance resulting from a valuable monetary entity that is totally unregulated and open to all of the vagueries and criminality to which internet business is subject. (The previous shows on the subject are: FTR #’s 760 [5], 764 [6], 770 [7].)

After discussing the suspicious death [8] of Autumn Radke, CEO of a Bitcoin startup exchange, the broadcast underscores the rampant fraud and criminal behavior that characterizes every facet of the Bitcoin operations and landscape.

Much of the program focuses on the collapse of the Mt. Gox exchange [9] in Japan, one of the world’s largest Bitcoin marketplaces. Blamed initially on hackers, it may well be that the operators [10] of Mt. Gox were engaged in deliberate malfeasance, as were anonymous hackers [11] who called attention to the sins of the company’s management.

The glitch that appeared to have left Mt. Gox open to hacking has led to the temporary shutdown [12] of the successor to the Silk Road site, as well as opening the way for “bots” to begin attacking [13]the entire Bitcoin financial landscape!

In the past, we have discussed the profound links between the advocates and users of Bitcoin and the Austrian school of economics. Those advocates include Patrick Byrne [14], the CEO of Overstock.com, the largest retail outlet to begin accepting Bitcoins as currency.

The program concludes with another look at the concentration of economic ownership [15] affecting Bitcoin.

Program Highlights Include: Discussion of the “transaction malleabilty” that brought down Mt. Gox; the vacancy of leadership [16] in the Bitcoin Foundation, due to the indictments and legal troubles of the top advocates and users of the troubled online currency; review of Silk Road and its criminal transactions; the fact that the top .01 percent of Bitcoin owners control %50 percent of Bitcoins; Mt. Gox’s claim that it “discovered” [17] roughly $16 million in Bitcoins in a wallet that it had “forgotten about;” allegations that Silk Road’s administrators actually stole the missing Bitcoins themselves; the discovery that the communications from hackers alleging that Mt. Gox’s administrators were engaged in deliberate theft contained malware permitting the theft of Bitcoins from anyone opening the files about the firms alleged malfeasance; hackers’ denial of service attacks on startup tech companies, demanding Bitcoins in ransom in exchange for ceasing the attacks.

1a. At the conclusion of FTR #772 [18], we wryly suggested that, with the epidemic of suspicious deaths plaguing the financial industry of late, Bitcoin enthusiasts should develop their own online currency for murdering each other, named “Hitcoin.” Perhaps that suggestion is not as remote as it might appear to be at first glance.

“Head of Online Cur­rency Exchange Found Dead in Singapore” by Javier E. David; NBC News; 3/5/2014. [8]

Autumn Radtke, the CEO of an upstart online currency exchange, died last week under mysterious circumstances at her home in Singapore.

Radtke, the U.S.-born head of First Meta, was found dead by local police Feb. 28, with the cause of death yet to be deter­mined. In a state­ment on its web­site, First Meta said the com­pany “was shocked and sad­dened by the tragic loss of our friend and CEO Autumn Radtke.”

In an inter­view with The Wall Street Jour­nalthe company’s direc­tor and nonex­ec­u­tive chair­man, Dou­glas Abrams, said the exact cause of Radtke’s death was “still under investigation.”

Prior to tak­ing the reins at First Meta in 2012, the 28-year-old Radtke had once closely worked with tech­nol­ogy giant Apple, to bring cloud-computing soft­ware to Johns Hop­kins Uni­ver­sity, Los Alamos Labs and the Aero­space Corp., accord­ing to her biog­ra­phy. She then took up busi­ness devel­op­ment roles at tech start-ups Xfire and Geo­delic Sys­tems, accord­ing to infor­ma­tion on her LinkedIn profile.

First Meta bills itself as a clear­ing­house for the pur­chase and exchange of vir­tual cur­ren­cies, includ­ing bitcoin.

Her death comes as trou­bles swirl around the nascent cryp­tocur­rency indus­try, and amid a rash of sui­cides in the finan­cial indus­try as a whole.

Last week, the world’s largest bit­coin exchange, Mt.Gox, imploded; mean­while, nearly $500 mil­lion in client funds van­ished overnight. Else­where, untimely demises unre­lated to bit­coin have claimed the lives of bankers at JPMor­gan, Deutsche Bank and Zurich Insur­ance Group.

1b. Encompassing all of the folly and deliberate malfeasance that characterizes Bitcoin, the Bitcoin Foundation has found itself leadersless, in the wake of the arrests of key players in the bitcoin milieu.

“Lead­er­less: Bit­coin Foun­da­tion Plagued by Alle­ga­tions of Self-Dealing and Embezzlement” by Michael Carn; Pando Daily [16]; 3/27/2014. [16]

What’s the role of an indus­try trade group and how much author­ity should com­pa­nies place in the hands of these unof­fi­cial leaders?

That’s the ques­tion much of the bit­coin com­mu­nity is ask­ing at the moment as the Bit­coin Foun­da­tion [19], the industry’s unof­fi­cial cus­to­dian and mouth­piece, faces alle­ga­tions of self-dealing and embezzlement.

Accord­ing to the Foundation’s own web­site, it exists to “stan­dard­ize, pro­tect, and pro­mote the use of Bit­coin cryp­to­graphic money for the ben­e­fit of users world­wide.” Sev­eral hun­dred bit­coin com­pa­nies are mem­bers of the Foun­da­tion and have donated heav­ily to fund its oper­a­tions. The orga­ni­za­tion is led by a board [20] of promi­nent crypto-currency entre­pre­neurs, investors, jour­nal­ists, and aca­d­e­mics, chiefly its Chair­man, Coin­Lab founder Peter Vessenes who has been the sub­ject of the most skep­ti­cism and scrutiny.

The spot­light was first shone on the Foundation’s lead­er­ship by con­tro­ver­sial bit­coin blog­ger Ryan Selkis, aka the Two-Bit Idiot [21]. On March 2nd, fol­low­ing the unrav­el­ing of Mt. Gox [22], Selkis wrote that Vessenes and Exec­u­tive Direc­tor Jon Mato­nis would be step­ping down prior to the con­clu­sion of their cur­rent terms, “[seem­ingly rec­og­niz­ing] the need for the Foun­da­tion to clean house in order to revi­tal­ize its image in the com­ing months.” Days later, when forced to retract [23] that pre­dic­tion, Selkis began an aggres­sive, and occa­sion­ally manic cam­paign call­ing for their imme­di­ate ouster due to a fail­ure of lead­er­ship [23].

At his most livid, Selkis called the cur­rent board “ille­git­i­mate” and demanded senior lead­ers across the bit­coin ecosys­tem stage a coup or kill the Foun­da­tion [24] alto­gether – a posi­tion from which he later backed down, but not before writing:

Peter Vessenes and Jon Mato­nis are not scape­goats. They are not inno­cent bystanders. And they are not eth­i­cally enti­tled to remain in their board seats through later this year.

Selkis then promised to reveal “damn­ing facts” if his demands were not met, includ­ing the those relat­ing to: the Foun­da­tion ignor­ing warn­ing signs of Mt. Gox’s fail­ure as early as April 2013; Foun­da­tion direc­tors exploit­ing their posi­tions to with­draw funds from a fail­ing Gox while the gen­eral pub­lic was los­ing their shirts; and con­flicts of inter­est between director’s roles within the foun­da­tion and their per­sonal bit­coin businesses.

After a sev­eral days of self-described back­lash from the bit­coin com­mu­nity, Selkis issued a con­ces­sion [25] and never pub­lished those damn­ing facts – despite main­tain­ing that his accu­sa­tions were “100% truthful.”

Selkis’ lightning-rod sta­tus can­not be denied and has made it easy for many to write off his claims as those of a man seek­ing atten­tion – he’s acknowl­edged on mul­ti­ple occa­sions plans to write a book about bitcoin’s recent scan­dals – and also hop­ing to enrich his own bit­coin insur­ance startup through spread­ing fear. But it bears not­ing that for all his blus­ter, Selkis has also been the source of a num­ber of accu­rate and impact­ful break­ing news sto­ries, not the least of which was pub­lish­ing Mt. Gox’s Cri­sis Strat­egy doc­u­ments [26] ahead of its even­tual bankruptcy.

Now, how­ever, it’s not just Selkis who’s beat­ing the drum for changes atop the Bit­coin Foun­da­tion. Blockchain.info [27] CSO Andreas Antonopou­los [28], who’s is held as close to a deity as any­one within the bit­coin com­mu­nity – a list on Red­dit once ranked him below Satoshi Nakamoto but above Mother Teresa and Jesus – has also called for lead­er­ship change. Speak­ing on the Lets Talk Bit­coin pod­cast yes­ter­day [29], Antonopou­los called the Foun­da­tion “rot­ten from the top” and said that he wouldn’t be sur­prised to see it implode due to embez­zle­ment:

They cer­tainly have received many funds. Where are those funds, who con­trols those funds, when were they last audited, are they actu­ally sol­vent, or have all of those funds dis­ap­peared into a big black hole? Just remem­ber who was in the lead­er­ship until recently, who is in lead­er­ship today, and what their track record with ethics has been.

And, I would sug­gest that I would be not sur­prised at all if the foun­da­tion implodes in a giant embez­zle­ment prob­lem some­time down the line or funds get stolen – within quotes or not within quotes – some­thing like that. It’s bound to hap­pen because these things hap­pen not because of tech­ni­cal fail­ures, they don’t hap­pen because of bad actors, they hap­pen because of fail­ures of lead­er­ship. And the foun­da­tion is the very def­i­n­i­tion of a fail­ure of leadership.

Those are incred­i­bly strong words and not the kind of accu­sa­tions to be taken lightly. It bears not­ing that Antonopou­los didn’t sug­gest any direct knowl­edge of embez­zle­ment or crim­i­nal wrong­do­ing, nor did he pro­vide any evi­dence to that effect. He sim­ply said that he views it as inevitable due to the char­ac­ter and com­pe­tence of the Foundation’s lead­er­ship – lead­er­ship that until recently included Mark Karpe­les, the CEO who led Mt. Gox into bank­ruptcy, and Char­lie Shrem, the bit­coin entre­pre­neur recently charged with money laun­der­ing [30], among other offenses. Antonopou­los’ state­ments are com­pli­cated by the fact that he is a vol­un­teer mem­ber of a Bit­coin Foun­da­tion work­ing group, a fact that he acknowl­edges within the podcast.

So where does this leave the Bit­coin Foun­da­tion, it’s cur­rent lead­er­ship, and the entirety of the bit­coin com­mu­nity as it fights for cred­i­bil­ity and legit­i­macy among reg­u­la­tors, investors, mer­chants, and every­day consumers?

2a. A software glitch that has permitted the looting of bitcoins has claimed the new Silk Road site as one of its victims. Correction: The Silk Road 2.0 shutdown was described as temporary. We are not aware of whether or not it has reopened.

“Drug Site Silk Road Wiped Out by Bit­coin Glitchby Jose Pagliery; CNNMoney; 2/14/2014. [12]

. . . The revived online black mar­ket Silk Road says hack­ers took advan­tage of an ongo­ing Bit­coin glitch [31] to steal $2.7 mil­lion from its customers.

The under­ground website’s anony­mous admin­is­tra­tor told users Thurs­day evening that attack­ers had made off with all of the funds it held in escrow. Silk Road serves as a mid­dle­man between buy­ers and sell­ers, tem­porar­ily hold­ing on to funds in its own accounts dur­ing a deal. Buy­ers put their money into Silk Road’s accounts, and sell­ers with­draw it.

At the time of the attack, here were about 4,440 bit­coins in Silk Road’s escrow account, accord­ing to com­puter secu­rity researcher Nicholas Weaver.

The news has shaken con­fi­dence in Bit­coin [32]. Prices dropped sharply overnight, though they’ve since bounced back to about $660.

Silk Road can only be accessed on the deep Web using Tor, a spe­cial pro­gram that hides your phys­i­cal loca­tion. The FBI shut down Silk Road [33] and arrested its alleged founder [34] in Octo­ber, but shortly there­after, tech-savvy out­laws started Silk Road 2.0 in its place.

It is pri­mar­ily used to buy and sell drugs. Bit­coins are the only kind of cur­rency accepted on the site, because they are traded elec­tron­i­cally and are dif­fi­cult to trace to indi­vid­u­als. But Bit­coin accounts also lack pro­tec­tions that most bank accounts have, includ­ing government-backed insurance.

That means the bit­coins stolen from the Silk Road users are gone forever.

The new site’s admin­is­tra­tor, a face­less per­sona known only as Def­con, posted a nerve-racking mes­sage Thurs­day night that began with, “I am sweat­ing as I write this.”

He said hack­ers took advan­tage of the same flaw in Bit­coin that knocked major exchanges Bit­stamp and Mt.Gox offline over the past two weeks. That glitch allowed Silk Road hack­ers to repeat­edly with­draw bit­coins from the site’s accounts until they were empty.

In detail­ing the alleged hack, Def­con listed the online iden­ti­ties of the three sup­posed attack­ers and shared records of the trans­ac­tions. And in an exam­ple of the kind of dark, dan­ger­ous world of ille­gal drug trade, Def­con called on the pub­lic to “stop at noth­ing to bring this per­son to your own def­i­n­i­tion of justice.”

“I failed you as a leader and am com­pletely dev­as­tated by today’s dis­cov­er­ies,” Def­con wrote, adding that the web­site should have fol­lowed the approach of other major Bit­coin exchanges and halted with­drawals [35] due to the Bit­coin sys­tem flaw. Silk Road has since tem­porar­ily shut down.

Many have accused the site’s admin­is­tra­tors of fak­ing the hack and steal­ing the money them­selves. But in a world where drugs are out­right ille­gal — and there’s lit­tle to no reg­u­la­tion of Bit­coin trans­ac­tions [36] — it’s dif­fi­cult to prove anything.

It’s just his kind of bad news that smears Bitcoin’s cred­i­bil­ity and keeps the cur­rency from going mainstream.

2b. Bit­coin exchanges are now suf­fer­ing a mas­sive denial-of-service attack, but with a twist: Someone’s bot­net is apply­ing the same “trans­ac­tion mal­leabil­ity” tech­nique that brought down MtGox [37], but instead of just hit­ting MtGox this bot net­work is mal­form­ing all sorts of bit­coin trans­ac­tions simul­ta­ne­ously! As a con­se­quence, we’re learn­ing that it wasn’t just MtGox that needed to update their soft­ware [13]:

“Bit­coin Exchanges Under ‘Mas­sive and Con­certed Attack’” by Emily Spaven; Coin­Desk; 2/11/2014. [13]

A “mas­sive and con­certed attack” has been launched by a bot sys­tem on numer­ous bit­coin exchanges, Andreas Antonopou­los has revealed.

This has lead to pop­u­lar exchange Bit­stamp putting a tem­po­rary halt on all bit­coin with­drawals, and BTC-e announc­ing pos­si­ble delays on trans­ac­tion crediting.

Antonopou­los, who is the chief secu­rity offi­cer of Blockchain.info, said a DDoS attack is tak­ing Bitcoin’s trans­ac­tion mal­leabil­ity [38] prob­lem and apply­ing it to many trans­ac­tions in the net­work, simultaneously.

“So as trans­ac­tions are being cre­ated, malformed/parallel trans­ac­tions are also being cre­ated so as to cre­ate a fog of con­fu­sion over the entire net­work, which then affects almost every sin­gle imple­men­ta­tion out there,” he added.

Antonopou­los went on to say that Blockchain.info’s imple­men­ta­tion is not affected, but some exchanges have been affected – their inter­nal account­ing sys­tems are grad­u­ally going out of sync with the net­work.

He empha­sised that this isn’t affect­ing with­drawals, because most exchanges are not pro­cess­ing them automatically.

Mt. Gox is the exchange that has suf­fered the most over the past few days [39], due to a num­ber of fac­tors, said Antonopou­los. One prob­lem is that it was using a cus­tom client (not the core Bit­coin soft­ware), on top of that there is the DDoS attack, plus it was using an auto­mated sys­tem to approve withdrawals.

“This is not hap­pen­ing to other exchanges because they’re not stu­pid enough to issue with­drawals with­out check­ing them out first,” he explained.

Antonopou­los said we will see a few exchanges sus­pend with­drawals tem­porar­ily while they re-work their account­ing sys­tems to ensure they are not con­fused by the attack.

“It’s impor­tant to note no funds have been lost. With­drawals have been halted to pre­vent funds from being lost or to pre­vent the bal­ances from going out of sync,” he stressed.

Indus­try action

An industry-wide coor­di­nated response has been put into action, with exchanges and core devel­op­ers col­lab­o­rat­ing actively to attack the prob­lem from mul­ti­ple angles.

Var­i­ous other groups within the ecosys­tem, includ­ing the big min­ing pools, are work­ing to stop the issue from prop­a­gat­ing across the network.

Bit­coin devel­oper Jeff Garzik said the core bit­coin block chain con­sen­sus mech­a­nism and pay­ment sys­tem are con­tin­u­ing to work as before, and are not directly impacted by trans­ac­tion malleability.

He added: “Web wal­lets and other ser­vices that build ser­vices on top of bit­coin are report­ing prob­lems sim­i­lar to MtGox, and are tak­ing safety mea­sures to ensure no fund loss, dur­ing this net­work disruption.

“Yesterday’s state­ment must be revised: we will likely issue an update fix­ing two edge cases exposed by this attack.”

Bit­stamp has issued a state­ment [40] explain­ing that it has tem­porar­ily halted BTC with­drawals. It begins:

Bitstamp’s exchange soft­ware is extremely cau­tious con­cern­ing Bit­coin trans­ac­tions. Cur­rently it has sus­pended pro­cess­ing Bit­coin with­drawals due to incon­sis­tent results reported by our bit­coind wal­let, caused by a denial-of-service attack using trans­ac­tion mal­leabil­ity to tem­porar­ily dis­rupt bal­ance check­ing. As such, Bit­coin with­drawal pro­cess­ing will be sus­pended tem­porar­ily until a soft­ware fix is issued.

The state­ment goes on to reveal that no funds have been lost, nor are any at risk.

Don’t panic

Antonopou­los was keen to stress that, although this is a seri­ous attack, it doesn’t spell the end of bit­coin. He believes the DDoS attack will be “thwarted” and exchanges will be run­ning as usual by Friday.

“I expect things will go back to nor­mal and the honey bad­ger of money can con­tinue show­ing its resilience,” he said.

“The death of bit­coin has been pre­ma­turely announced so many times already that the obvi­ous con­clu­sion is that bit­coin is far more resilient than its crit­ics would like to think. I am con­fi­dent that in a few days, those who pre­dicted the death of bit­coin will once again be proven wrong,” Antonopou­los concluded.

3a. One of the most prominent of the Bitcoin exchanges has gone down, amid claims of theft of $365 million worth of Bitcoins.

“Mt. Gox Bit­coin Exchange Down Amid $365 Mil­lion Theft Claim” by Carter Dougherty and Pavel Alpeyev; Bloomberg News; 2/25/2014. [41]

Mt. Gox, the Tokyo-based Bit­coin exchange that halted with­drawals this month, went offline as a doc­u­ment sur­faced alleg­ing long-term theft of about $365 mil­lion in the dig­i­tal currency.

A doc­u­ment posted online that appeared to be an inter­nal strat­egy paper said uniden­ti­fied thieves stole 744,408 Bit­coins from the exchange — about $365 mil­lion at cur­rent rates — and that the theft “went unno­ticed for sev­eral years.”

“The real­ity is that Mt. Gox can go bank­rupt at any moment, and cer­tainly deserves to as a com­pany,” accord­ing to the document.

The doc­u­ment, which out­lines plans for lead­er­ship changes, re-branding and a pos­si­ble move to Sin­ga­pore, was posted online by blog­ger Ryan Galt. A per­son briefed on the sit­u­a­tion at Mt. Gox, who asked to remain anony­mous because the doc­u­ment is pri­vate, said he believed it is authentic.

Bit­coin fell 5 per­cent to $517.71 at 4:48 p.m. Lon­don time, accord­ing to the Coin­Desk Bit­coin Price Index, which aver­ages exchange prices. That’s down from as high as $1,151 on Dec. 4.

Mt. Gox went offline to “pro­tect the site and our users,” accord­ing to a state­ment on its web­site. “We will be closely mon­i­tor­ing the sit­u­a­tion and will react accord­ingly,” it added.

‘Tragic Violation’

A group of Bitcoin-related com­pa­nies sought to dis­tance them­selves from Mt. Gox, and promised to pro­tect cus­tomer funds to pro­mote usage of the currency.

“This tragic vio­la­tion of the trust of users of Mt. Gox was the result of one company’s actions and does not reflect the resilience or value of Bit­coin and the dig­i­tal cur­rency indus­try,” San Francisco-based Coin­base said in a joint state­ment on its web­site with Kraken, Bit­Stamp, Cir­cle and BTC China, other promi­nent Bit­coin companies.

Is Bit­coin Real Money?

“As with any new indus­try, there are cer­tain bad actors that need to be weeded out, and that is what we are see­ing today,” the com­pa­nies said in the statement.

Efforts to reach the http://www.mtgox.com [42] web­site ear­lier today directed users to a blank white page, a day after Mt. Gox Chief Exec­u­tive Offi­cer­Mark Karpe­les resigned from the Bit­coin Foun­da­tion, an advo­cacy group for the dig­i­tal money. At one point today, the site read “put announce for mtgox acq here.”
‘Alleged Insolvency’

“We are shocked to learn about Mt. Gox’s alleged insol­vency,” the foun­da­tion said in an e-mailed statement.

Bit­coin was intro­duced in 2008 by a pro­gram­mer or group of pro­gram­mers under the name Satoshi Nakamoto and has since gained trac­tion with mer­chants around the world. The dig­i­tal money, based on a peer-to-peer soft­ware pro­to­col, has no cen­tral issu­ing author­ity, and uses a pub­lic ledger to ver­ify trans­ac­tions while pre­serv­ing users’ anonymity.

The Bit­coin Foun­da­tion said that, despite the trou­bles at Mt. Gox, the Bit­coin pro­to­col was func­tion­ing nor­mally. In recent days, Mt. Gox had stopped with­drawals, cit­ing an alleged flaw in the protocol.

Since at least 2011, enthu­si­asts have been trad­ing Bit­coins for dol­lars and other tra­di­tional cur­ren­cies, and in early 2013 Mt. Gox was one of the biggest exchanges. Mt. Gox said this month that it iden­ti­fied a bug that enables peo­ple to with­draw the same Bit­coins more than once, leav­ing it vul­ner­a­ble to hackers.

Prices quoted on the exchange plunged on spec­u­la­tion that account hold­ers wouldn’t be able to get their coins back.

The trou­bles at Mt. Gox are the lat­est set­back for Bit­coin after author­i­ties in Rus­sia, China and Israel sought to restrict the dig­i­tal money, while the U.S. seeks ways to pre­vent money-laundering and illicit sales with­out killing the new technology.

3b. Whereas the failure of Mt. Gox was blamed on the same software glitch that has subverted both “legitimate” and underground Bitcoin markets, hackers associated with Bitcoin are claiming deliberate malfeasance on the part of the Mt. Gox operators.

“Hackers Hit Mt. Gox Exchange’s CEO, Claim to Publish Evidence of Fraud” by Andy Greenberg; Forbes; 3/9/2014.  [10]

The Bitcoin community has been angrily pressing for details on what the Bitcoin exchange Mt. Gox has described as a massive hacker attack that stole hundreds of millions of dollars worth of its users’ bitcoins and left the company bankrupt. Mt. Gox’s staff isn’t talking. So another group of hackers say they’ve broken into the company’s servers to provide answers of their own.

On Sunday, hackers took over the Reddit account and personal blog of Mark Karpeles, Mt. Gox’s CEO, to post an angry screed alleging that the exchange he ran had actually kept at least some of the bitcoins that the company had said were stolen from users. “It’s time that MTGOX got the bitcoin communities wrath instead of [the] Bitcoin Community getting Goxed,” wrote the unidentified hackers, referring to the multiple occasions over its three year history when Mt. Gox has gone offline, delayed trades or suspended withdrawals, events so common that Bitcoin users coined the phrase to be “goxed”–to suffer from Mt. Gox’s technical glitches.

The hackers also posted a 716 megabyte file to Karpeles’ personal website that they said comprised stolen data from Mt. Gox’s servers. It appears to include an Excel spreadsheet of over a million trades, a file that purports to show the company’s balances in eighteen difference currencies, the backoffice application for some sort of administrative access to the databases of Mt. Gox’s parent company Tibanne Limited, a screenshot of the hackers’ access to those databases, a list of Mark Karpeles’ home addresses and Karpeles’ personal CV.

A screenshot posted by Mt. Gox’s hackers, seeming to show administrative access to the company’s database of trades.

Update: Users on Reddit are warning that the hackers’ files may contain malware designed to steal bitcoins. Other Reddit users have confirmed that they found their own account history in the data, indicating that it’s not fake. But for security reasons, I don’t recommend anyone download the collection of hacked files.

In the hackers’ summary of Mt. Gox’s balances in various currencies, they point to a claimed balance of 951,116 bitcoins, which they take as evidence that Mark Karpeles’ claim to have lost users’ digital currency to hackers is fraudulent. “That fat fuck has been lying!!” a note in the file reads.

I’ve reached out to Karpeles for comment, but haven’t yet heard back from him. Mt. Gox’s embattled chief executive has remained almost entirely mum as his company has imploded over the last weeks.

In a possibly related incident, a user on the BitcoinTalk forum posted a message–since deleted by the forum’s moderators–claiming to be offering for sale a 20 gigabyte stolen database from Mt. Gox, including the personal details of all its users and even scans of their passports. “This document will never be elsewhere published by us,” wrote the user, who went by the name nanashi____. “Selling it one or two times to make up personal loses from gox closure.” The hacker asked for a price of 100 bitcoins for the database, about $63,600 at current exchange rates.

‘I’ve reached out to nanashi____ via an email address he or she provided, and I’ll update this post if I hear back.
I couldn’t verify that Sunday’s database dump was real, or that it showed any of the “lying” that the hackers claimed. In fact, it may simply show how Mt. Gox’s accounting mismatched with its actual store of Bitcoins–that it was counting bitcoins as being safe in its coffers when they had already been stolen by thieves.

But as Bitcoin experts pore over the hacked files, they may yet offer clues to the mystery around Mt. Gox’s fate. The Bitcoin community has been puzzled by the apparent lack of movement of Mt. Gox’s bitcoins since the company declared bankruptcy last month. Despite stating that it lost 850,000 bitcoins in total in its bankruptcy filing, Bitcoin experts haven’t seen the movement of those coins in the Bitcoin blockchain, the public ledger of transactions that prevents fraud and forgery in the Bitcoin economy.

Moderators on the Bitcoin subforum on Reddit deleted the hackers’ post a few hours after it first appeared, stating that posting stolen content violated the forum’s etiquette rules. But users on the forum didn’t hesitate to draw their own conclusions: the top post on the forum Sunday afternoon read “Mt. Gox scam was just exposed — MK [Mark Karpeles] officially stole our funds.”

“We’ve been goxed!” it added.

3c. The question suggests itself as to just “who’s zooming who” with regard to the Mt. Gox failure. It may well be that the entire leak of Mt. Gox records “leaked” by hackers may have been a gambit to steal Bitcoins. The leak contains malware that searches for, and steals, Bitcoin wallets! “. . . . It seems that the whole leak was invented to infect com­put­ers with Bitcoin-stealer mal­ware that takes advan­tage of people’s keen inter­est in the Mt. Gox topic,” Lozhkin said. . . .”

“Bitcoin-Stealing Mal­ware Hid­den in Mt. Gox Data Dump, Researcher Saysby Lucian Constantin; PC World; 3/17/2014. [11]

An archive con­tain­ing trans­ac­tion records from Mt. Gox that was released on the Inter­net last week by the hack­ers who com­pro­mised the blog of Mt. Gox CEO Mark Karpe­les [43] also con­tains bitcoin-stealing mal­ware for Win­dows and Mac.

Secu­rity researchers from antivirus firm Kasper­sky Lab ana­lyzed the 620MB file called MtGox2014Leak.zip and con­cluded that in addi­tion to var­i­ous Mt. Gox-related doc­u­ments and data, it con­tains mali­cious binary files.

The files mas­quer­ade as Win­dows and Mac ver­sions of a cus­tom, back-office appli­ca­tion for access­ing the trans­ac­tion data­base of Mt. Gox, a large bit­coin exchange that filed for bank­ruptcy in Japan in late Feb­ru­ary after claim­ing it had lost about 850,000 bit­coins to cyber thieves.

How­ever, they are actu­ally mal­ware pro­grams designed to search and steal Bit­coin wal­let files from com­put­ers, Kasper­sky secu­rity researcher Sergey Lozhkin said Fri­day in a blog post [44].

Both the Win­dows and Mac bina­ries are writ­ten in Live­Code, a pro­gram­ming lan­guage for devel­op­ing cross-platform applications.

When exe­cuted, they dis­play a graph­i­cal inter­face for what appears to be a Mt. Gox data­base access tool. How­ever, in the back­ground they launch a process—TibanneSocket.exe on Windows—that searches for bitcoin.conf and wallet.dat files on the user’s com­puter, accord­ing to Lozhkin. “The lat­ter is a crit­i­cal data file for a Bit­coin crypto-currency user: if it is kept unen­crypted and is stolen, cyber­crim­i­nals will gain access to all bit­coins the user has in his pos­ses­sion for that spe­cific account.”

The mal­ware, which Kasper­sky has named Trojan.Win32.CoinStealer.i (the Win­dows ver­sion) and Trojan.OSX.Coinstealer.a (the Mac ver­sion), uploads the stolen Bit­coin wal­let files to a remote server that used to be located in Bul­garia, but is now offline.

“It seems that the whole leak was invented to infect com­put­ers with Bitcoin-stealer mal­ware that takes advan­tage of people’s keen inter­est in the Mt. Gox topic,” Lozhkin said.

“Mal­ware cre­ators often using social engi­neer­ing tricks and hot dis­cus­sion top­ics to spread mal­ware, and this is great exam­ple of an attack on a focused tar­get audi­ence,” he said.

3d. Something that belongs in the “The dog ate my homework!” category: Mt. Gox claims that it found 200,000 Bitcoins in a “forgotten” digital wallet, worth $116 at current prices! If you believe that, we’ve got a great deal on the Brooklyn Bridge, payable only in Bitcoins! “The dog ate my Bitcoins!”

“Mt.Gox Finds 200,000 Bit­coins in Old Wal­let” by Charles Riley; CNNMoney; 3/21/2014. [17]

Embat­tled exchange Mt.Gox said Fri­day that it has found 200,000 bit­coins in a “for­got­ten” dig­i­tal wal­let — a haul worth $116 mil­lion at cur­rent prices.

Mt.Gox CEO Mark Karpe­les said in a state­ment that the bit­coins had been uncov­ered in an old-format wal­let that was thought to be empty. Bit­coin wal­lets allow users to store the dig­i­tal cur­rency and exe­cute transactions.

“On March 7, 2014, Mt.Gox Co., Ltd. con­firmed that an old-format wal­let which was used prior to June 2011 held a bal­ance of approx­i­mately 200,000 BTC,” the state­ment said.

Karpe­les said that the dis­cov­ery was reported to lawyers on March 8. The bit­coins were later moved to “offline” wallets.

Mt.Gox was one of the world’s largest Bit­coin exchanges until last month, when it stopped investors from with­draw­ing money and blamed the dis­rup­tion on tech­ni­cal issues and cyber attacks.

The Japan-based com­pany then filed for bank­ruptcy in Tokyo and the U.S., with debts total­ing $64 million.

At the time of its clo­sure, Mt.Gox said that it was unable to locate 850,000 bit­coins, the vast major­ity of which belonged to cus­tomers. The dis­cov­ery reduces the num­ber of lost bit­coins to 650,000, but also raises ques­tions about what really hap­pened to the miss­ing currency.

While the search for the miss­ing bit­coins will con­tinue, many investors har­bor lit­tle hope that all will be recov­ered. Japan­ese author­i­ties had not reg­u­lated the exchange, and no deposit insur­ance was offered.

Related: ‘I lost money with Mt.Gox’

Respond­ing to the wave of doubt gen­er­ated by the exchange’s fail­ure, sev­eral other exchanges and dig­i­tal wal­let providers have sought to reas­sure investors.

“This tragic vio­la­tion of the trust of users of Mt.Gox was the result of one company’s abhor­rent actions and does not reflect the resilience or value of Bit­coin and the dig­i­tal cur­rency indus­try,” an indus­try group said in February.

In related news, the team of vol­un­teer com­puter devel­op­ers who man­age the Bit­coin soft­ware pro­gram has fixed some of the tech­ni­cal issues that Mt.Gox ini­tially blamed for its trou­bles — a quirk in the way Bit­coin works called trans­ac­tion malleability.

3e. In a new twist, hackers have launched denial of service attacks on startup tech firms, and demanded ransom for ceasing those attacks–payable in Bitcoins!

“To Instill Love of Bitcoin, Backers Work to Make It Safe” by Nicole Perlroth; The New York Times; 4/02/2014. [45]

. . . Warren E. Buffett referred to the currency as a “mirage” in an interview last month and told people to “stay away.” Would-be adopters and investors have grown fearful as hackers develop new ways to steal Bitcoin and major Bitcoin exchanges shut down. . . .

. . . . Hackers have recently taken to mounting large scale denial-of-service attacks on tech startups–most recently, Meetup.org, a social meeting site; Vimeo, the video sharing service; and Basecamp, a project management software company–and demanding payments via Bitcoin as ransom to cease. . . .

4. Patrick Byrne, CEO of Overstock.com–the first retailer to accept Bitcoin as a payment vehicle–is a disciple of the Austrian school of economics. The Austrian school is a fundamental element of the Bitcoin milieu and is also central to the milieu of Edward Snowden and the “Paulistinian Libertarian Organization.” [46]

“Meet Patrick Byrne: Bitcoin Messiah, CEO of Overstock, Scourge of Wall Street” by Cade Metz; Wired.com; 2/10/2014. [14]

. . . . The problem with the modern economy, Byrne says, is that it rests on the whims of our government and our big banks, that each has the power to create money that’s backed by nothing but themselves. Thanks to what’s called fractional reserve banking, a bank can take in $10 in deposits, but then loan out $100. The government can make more dollars at any time, instantly reducing the currency’s value. Eventually, he says, laying down a classic libertarian metaphor, this “magic money tree” will come crashing down.

But bitcoin is different. It’s like online gold: The supply of the digital currency is controlled by software running across a worldwide network of computers, and its value is decided not by the feds or the big banks, but by the people. “It can make our country more robust,” says Byrne, a disciple of the Austrian school of economics, which holds that our economy should rest on the judgments of individuals, not a central authority. “We want a money that some government mandarin can’t just whisk into existence with a pen stroke.”

Zombies. Magic money trees. Mandarins. As Byrne admits, it’s a ten-dollar answer to my ten-cent question about his plans for the future of Overstock.com, and although I know the man well, I can’t help but wonder how much of this is just him calling attention to himself. But a week after this phone call, Byrne will make good on his promise, as Overstock becomes the first major online retailer to accept payments in bitcoin, letting you buy everything from patio furniture to smartphone cases with the fledgling digital currency. And the following month, during Overstock’s quarterly earnings call, he will reveal that he has personally converted millions of dollars into bitcoin. The Overstock CEO is placing more than one big bet on an unpredictable future, but Byrne has proven himself prescient before — about the internet and the media as well as the economy. . . .

5. Bitcoin is already demonstrating exactly the same concentration of wealth that plagues the very conventional economy it is supposed to replace. The difference is that bitcoin is already demonstrating a far more pronounced concentration than the conventional economy–the top one hundredth of one percent of bitcoin owners control 50% of the wealth.

“For­get the 1 Per­cent. In the Bit­coin world, Half the Wealth Belongs to the 0.1 Percent” by Brian Fung; The Wash­ing­ton Post; 3/3/2014. [15]

The fall of Mt. Gox has a lot of peo­ple say­ing Bit­coin is dead. Yes, the Tokyo-based exchange may be gone, but the vir­tual cur­rency has much more than a sin­gle exchange (which wasn’t even the largest at the time that it col­lapsed). There’s still a great deal of room [47]for Bit­coin to grow, par­tic­u­larly in the West: Mt. Gox’s col­lapse hasn’t done much to tem­per curios­ity among reg­u­la­tors and entre­pre­neurs [48].

Of course, the draw­back to con­sol­i­da­tion is that those ben­e­fits will be con­cen­trated in the hands of a rel­a­tive few. That dynamic is already play­ing out among indi­vid­ual hold­ers of Bit­coin, with a grow­ing gulf between the Bitcoin-rich and the Bitcoin-poor. Accord­ing to Risto Pietilä, a Finnnish entre­pre­neur, the over­whelm­ing share of Bit­coin wealth is held in just a few dozen wal­lets [49]. Half of all bit­coins belong to around 927 “indi­vid­u­als.” If those fig­ures are right, then half of the world’s 12 mil­lion or so bit­coins is held by a tenth of a per­cent of all accounts. That’s a stun­ning state­ment of inequal­ity, since in the real world 46 per­cent of the world’s wealth belongs to 1 per­cent of the global pop­u­la­tion [50]The Bit­coin world, then, is even less equal than the real world.