- Spitfire List - https://spitfirelist.com -

FTR #785 Bit[coin]burg, Part 4: Fool’s Gold, Part 2

Dave Emory’s entire life­time of work is avail­able on a flash dri­ve that can be obtained here. [1] (The flash dri­ve includes the anti-fas­cist books avail­able on this site.)

Lis­ten: MP3

Side 1 [2]  Side 2 [3]

Intro­duc­tion: The fourth of our pro­grams about Bit­coin, this broad­cast fur­ther doc­u­ments the pre­dictable chaos and malfea­sance result­ing from a valu­able mon­e­tary enti­ty that is total­ly unreg­u­lat­ed and open to all of the vagueries and crim­i­nal­i­ty to which inter­net busi­ness is sub­ject. (The pre­vi­ous shows on the sub­ject are: FTR #‘s 760 [4], 764 [5], 770 [6].)

After dis­cussing the sus­pi­cious death [7] of Autumn Rad­ke, CEO of a Bit­coin start­up exchange, the broad­cast under­scores the ram­pant fraud and crim­i­nal behav­ior that char­ac­ter­izes every facet of the Bit­coin oper­a­tions and land­scape.

Much of the pro­gram focus­es on the col­lapse of the Mt. Gox exchange [8] in Japan, one of the world’s largest Bit­coin mar­ket­places. Blamed ini­tial­ly on hack­ers, it may well be that the oper­a­tors [9] of Mt. Gox were engaged in delib­er­ate malfea­sance, as were anony­mous hack­ers [10] who called atten­tion to the sins of the com­pa­ny’s man­age­ment.

The glitch that appeared to have left Mt. Gox open to hack­ing has led to the tem­po­rary shut­down [11] of the suc­ces­sor to the Silk Road site, as well as open­ing the way for “bots” to begin attack­ing [12]the entire Bit­coin finan­cial land­scape!

In the past, we have dis­cussed the pro­found links between the advo­cates and users of Bit­coin and the Aus­tri­an school of eco­nom­ics. Those advo­cates include Patrick Byrne [13], the CEO of Overstock.com, the largest retail out­let to begin accept­ing Bit­coins as cur­ren­cy.

The pro­gram con­cludes with anoth­er look at the con­cen­tra­tion of eco­nom­ic own­er­ship [14] affect­ing Bit­coin.

Pro­gram High­lights Include: Dis­cus­sion of the “trans­ac­tion mal­leabilty” that brought down Mt. Gox; the vacan­cy of lead­er­ship [15] in the Bit­coin Foun­da­tion, due to the indict­ments and legal trou­bles of the top advo­cates and users of the trou­bled online cur­ren­cy; review of Silk Road and its crim­i­nal trans­ac­tions; the fact that the top .01 per­cent of Bit­coin own­ers con­trol %50 per­cent of Bit­coins; Mt. Gox’s claim that it “dis­cov­ered” [16] rough­ly $16 mil­lion in Bit­coins in a wal­let that it had “for­got­ten about;” alle­ga­tions that Silk Road­’s admin­is­tra­tors actu­al­ly stole the miss­ing Bit­coins them­selves; the dis­cov­ery that the com­mu­ni­ca­tions from hack­ers alleg­ing that Mt. Gox’s admin­is­tra­tors were engaged in delib­er­ate theft con­tained mal­ware per­mit­ting the theft of Bit­coins from any­one open­ing the files about the firms alleged malfea­sance; hack­ers’ denial of ser­vice attacks on start­up tech com­pa­nies, demand­ing Bit­coins in ran­som in exchange for ceas­ing the attacks.

1a. At the con­clu­sion of FTR #772 [17], we wry­ly sug­gest­ed that, with the epi­dem­ic of sus­pi­cious deaths plagu­ing the finan­cial indus­try of late, Bit­coin enthu­si­asts should devel­op their own online cur­ren­cy for mur­der­ing each oth­er, named “Hit­coin.” Per­haps that sug­ges­tion is not as remote as it might appear to be at first glance.

“Head of Online Cur­rency Exchange Found Dead in Sin­ga­pore” by Javier E. David; NBC News; 3/5/2014. [7]

Autumn Radtke, the CEO of an upstart online cur­ren­cy exchange, died last week under mys­te­ri­ous cir­cum­stances at her home in Sin­ga­pore.

Radtke, the U.S.-born head of First Meta, was found dead by local police Feb. 28, with the cause of death yet to be deter­mined. In a state­ment on its web­site, First Meta said the com­pany “was shocked and sad­dened by the trag­ic loss of our friend and CEO Autumn Radtke.”

In an inter­view with The Wall Street Jour­nalthe company’s direc­tor and nonex­ec­u­tive chair­man, Dou­glas Abrams, said the exact cause of Radtke’s death was “still under inves­ti­ga­tion.”

Pri­or to tak­ing the reins at First Meta in 2012, the 28-year-old Radtke had once close­ly worked with tech­nol­ogy giant Apple, to bring cloud-com­put­ing soft­ware to Johns Hop­kins Uni­ver­sity, Los Alam­os Labs and the Aero­space Corp., accord­ing to her biog­ra­phy. She then took up busi­ness devel­op­ment roles at tech start-ups Xfire and Geo­delic Sys­tems, accord­ing to infor­ma­tion on her LinkedIn pro­file.

First Meta bills itself as a clear­ing­house for the pur­chase and exchange of vir­tual cur­ren­cies, includ­ing bit­coin.

Her death comes as trou­bles swirl around the nascent cryp­tocur­rency indus­try, and amid a rash of sui­cides in the finan­cial indus­try as a whole.

Last week, the world’s largest bit­coin exchange, Mt.Gox, implod­ed; mean­while, near­ly $500 mil­lion in client funds van­ished overnight. Else­where, untime­ly demis­es unre­lated to bit­coin have claimed the lives of bankers at JPMor­gan, Deutsche Bank and Zurich Insur­ance Group.

1b. Encom­pass­ing all of the fol­ly and delib­er­ate malfea­sance that char­ac­ter­izes Bit­coin, the Bit­coin Foun­da­tion has found itself lead­er­s­less, in the wake of the arrests of key play­ers in the bit­coin milieu.

“Lead­er­less: Bit­coin Foun­da­tion Plagued by Alle­ga­tions of Self-Deal­ing and Embez­zle­ment” by Michael Carn; Pan­do Dai­ly [15]; 3/27/2014. [15]

What’s the role of an indus­try trade group and how much author­ity should com­pa­nies place in the hands of these unof­fi­cial lead­ers?

That’s the ques­tion much of the bit­coin com­mu­nity is ask­ing at the moment as the Bit­coin Foun­da­tion [18], the industry’s unof­fi­cial cus­to­dian and mouth­piece, faces alle­ga­tions of self-deal­ing and embez­zle­ment.

Accord­ing to the Foundation’s own web­site, it exists to “stan­dard­ize, pro­tect, and pro­mote the use of Bit­coin cryp­to­graphic mon­ey for the ben­e­fit of users world­wide.” Sev­eral hun­dred bit­coin com­pa­nies are mem­bers of the Foun­da­tion and have donat­ed heav­ily to fund its oper­a­tions. The orga­ni­za­tion is led by a board [19] of promi­nent cryp­to-cur­ren­cy entre­pre­neurs, investors, jour­nal­ists, and aca­d­e­mics, chiefly its Chair­man, Coin­Lab founder Peter Vessenes who has been the sub­ject of the most skep­ti­cism and scruti­ny.

The spot­light was first shone on the Foundation’s lead­er­ship by con­tro­ver­sial bit­coin blog­ger Ryan Selkis, aka the Two-Bit Idiot [20]. On March 2nd, fol­low­ing the unrav­el­ing of Mt. Gox [21], Selkis wrote that Vessenes and Exec­u­tive Direc­tor Jon Mato­nis would be step­ping down pri­or to the con­clu­sion of their cur­rent terms, “[seem­ingly rec­og­niz­ing] the need for the Foun­da­tion to clean house in order to revi­tal­ize its image in the com­ing months.” Days lat­er, when forced to retract [22] that pre­dic­tion, Selkis began an aggres­sive, and occa­sion­ally man­ic cam­paign call­ing for their imme­di­ate ouster due to a fail­ure of lead­er­ship [22].

At his most livid, Selkis called the cur­rent board “ille­git­i­mate” and demand­ed senior lead­ers across the bit­coin ecosys­tem stage a coup or kill the Foun­da­tion [23] alto­gether – a posi­tion from which he lat­er backed down, but not before writ­ing:

Peter Vessenes and Jon Mato­nis are not scape­goats. They are not inno­cent bystanders. And they are not eth­i­cally enti­tled to remain in their board seats through lat­er this year.

Selkis then promised to reveal “damn­ing facts” if his demands were not met, includ­ing the those relat­ing to: the Foun­da­tion ignor­ing warn­ing signs of Mt. Gox’s fail­ure as ear­ly as April 2013; Foun­da­tion direc­tors exploit­ing their posi­tions to with­draw funds from a fail­ing Gox while the gen­eral pub­lic was los­ing their shirts; and con­flicts of inter­est between director’s roles with­in the foun­da­tion and their per­sonal bit­coin busi­ness­es.

After a sev­eral days of self-described back­lash from the bit­coin com­mu­nity, Selkis issued a con­ces­sion [24] and nev­er pub­lished those damn­ing facts – despite main­tain­ing that his accu­sa­tions were “100% truth­ful.”

Selkis’ light­ning-rod sta­tus can­not be denied and has made it easy for many to write off his claims as those of a man seek­ing atten­tion – he’s acknowl­edged on mul­ti­ple occa­sions plans to write a book about bitcoin’s recent scan­dals – and also hop­ing to enrich his own bit­coin insur­ance start­up through spread­ing fear. But it bears not­ing that for all his blus­ter, Selkis has also been the source of a num­ber of accu­rate and impact­ful break­ing news sto­ries, not the least of which was pub­lish­ing Mt. Gox’s Cri­sis Strat­egy doc­u­ments [25] ahead of its even­tual bank­rupt­cy.

Now, how­ever, it’s not just Selkis who’s beat­ing the drum for changes atop the Bit­coin Foun­da­tion. Blockchain.info [26] CSO Andreas Antonopou­los [27], who’s is held as close to a deity as any­one with­in the bit­coin com­mu­nity – a list on Red­dit once ranked him below Satoshi Nakamo­to but above Moth­er Tere­sa and Jesus – has also called for lead­er­ship change. Speak­ing on the Lets Talk Bit­coin pod­cast yes­ter­day [28], Antonopou­los called the Foun­da­tion “rot­ten from the top” and said that he wouldn’t be sur­prised to see it implode due to embez­zle­ment:

They cer­tainly have received many funds. Where are those funds, who con­trols those funds, when were they last audit­ed, are they actu­ally sol­vent, or have all of those funds dis­ap­peared into a big black hole? Just remem­ber who was in the lead­er­ship until recent­ly, who is in lead­er­ship today, and what their track record with ethics has been.

And, I would sug­gest that I would be not sur­prised at all if the foun­da­tion implodes in a giant embez­zle­ment prob­lem some­time down the line or funds get stolen – with­in quotes or not with­in quotes – some­thing like that. It’s bound to hap­pen because these things hap­pen not because of tech­ni­cal fail­ures, they don’t hap­pen because of bad actors, they hap­pen because of fail­ures of lead­er­ship. And the foun­da­tion is the very def­i­n­i­tion of a fail­ure of lead­er­ship.

Those are incred­i­bly strong words and not the kind of accu­sa­tions to be tak­en light­ly. It bears not­ing that Antonopou­los didn’t sug­gest any direct knowl­edge of embez­zle­ment or crim­i­nal wrong­do­ing, nor did he pro­vide any evi­dence to that effect. He sim­ply said that he views it as inevitable due to the char­ac­ter and com­pe­tence of the Foundation’s lead­er­ship – lead­er­ship that until recent­ly includ­ed Mark Karpe­les, the CEO who led Mt. Gox into bank­ruptcy, and Char­lie Shrem, the bit­coin entre­pre­neur recent­ly charged with mon­ey laun­der­ing [29], among oth­er offens­es. Antonopou­los’ state­ments are com­pli­cated by the fact that he is a vol­un­teer mem­ber of a Bit­coin Foun­da­tion work­ing group, a fact that he acknowl­edges with­in the pod­cast.

So where does this leave the Bit­coin Foun­da­tion, it’s cur­rent lead­er­ship, and the entire­ty of the bit­coin com­mu­nity as it fights for cred­i­bil­ity and legit­i­macy among reg­u­la­tors, investors, mer­chants, and every­day con­sumers?


2a. A soft­ware glitch that has per­mit­ted the loot­ing of bit­coins has claimed the new Silk Road site as one of its vic­tims. Cor­rec­tion: The Silk Road 2.0 shut­down was described as tem­po­rary. We are not aware of whether or not it has reopened.

“Drug Site Silk Road Wiped Out by Bit­coin Glitchby Jose Pagliery; CNN­Money; 2/14/2014. [11]

. . . The revived online black mar­ket Silk Road says hack­ers took advan­tage of an ongo­ing Bit­coin glitch [30] to steal $2.7 mil­lion from its cus­tomers.

The under­ground website’s anony­mous admin­is­tra­tor told users Thurs­day evening that attack­ers had made off with all of the funds it held in escrow. Silk Road serves as a mid­dle­man between buy­ers and sell­ers, tem­porar­ily hold­ing on to funds in its own accounts dur­ing a deal. Buy­ers put their mon­ey into Silk Road’s accounts, and sell­ers with­draw it.

At the time of the attack, here were about 4,440 bit­coins in Silk Road’s escrow account, accord­ing to com­puter secu­rity researcher Nicholas Weaver.

The news has shak­en con­fi­dence in Bit­coin [31]. Prices dropped sharply overnight, though they’ve since bounced back to about $660.

Silk Road can only be accessed on the deep Web using Tor, a spe­cial pro­gram that hides your phys­i­cal loca­tion. The FBI shut down Silk Road [32] and arrest­ed its alleged founder [33] in Octo­ber, but short­ly there­after, tech-savvy out­laws start­ed Silk Road 2.0 in its place.

It is pri­mar­ily used to buy and sell drugs. Bit­coins are the only kind of cur­rency accept­ed on the site, because they are trad­ed elec­tron­i­cally and are dif­fi­cult to trace to indi­vid­u­als. But Bit­coin accounts also lack pro­tec­tions that most bank accounts have, includ­ing gov­ern­ment-backed insur­ance.

That means the bit­coins stolen from the Silk Road users are gone for­ev­er.

The new site’s admin­is­tra­tor, a face­less per­sona known only as Def­con, post­ed a nerve-rack­ing mes­sage Thurs­day night that began with, “I am sweat­ing as I write this.”

He said hack­ers took advan­tage of the same flaw in Bit­coin that knocked major exchanges Bit­stamp and Mt.Gox offline over the past two weeks. That glitch allowed Silk Road hack­ers to repeat­edly with­draw bit­coins from the site’s accounts until they were emp­ty.

In detail­ing the alleged hack, Def­con list­ed the online iden­ti­ties of the three sup­posed attack­ers and shared records of the trans­ac­tions. And in an exam­ple of the kind of dark, dan­ger­ous world of ille­gal drug trade, Def­con called on the pub­lic to “stop at noth­ing to bring this per­son to your own def­i­n­i­tion of jus­tice.”

“I failed you as a leader and am com­pletely dev­as­tated by today’s dis­cov­er­ies,” Def­con wrote, adding that the web­site should have fol­lowed the approach of oth­er major Bit­coin exchanges and halt­ed with­drawals [34] due to the Bit­coin sys­tem flaw. Silk Road has since tem­porar­ily shut down.

Many have accused the site’s admin­is­tra­tors of fak­ing the hack and steal­ing the mon­ey them­selves. But in a world where drugs are out­right ille­gal — and there’s lit­tle to no reg­u­la­tion of Bit­coin trans­ac­tions [35] — it’s dif­fi­cult to prove any­thing.

It’s just his kind of bad news that smears Bitcoin’s cred­i­bil­ity and keeps the cur­rency from going main­stream.


2b. Bit­coin exchanges are now suf­fer­ing a mas­sive denial-of-ser­vice attack, but with a twist: Someone’s bot­net is apply­ing the same “trans­ac­tion mal­leabil­ity” tech­nique that brought down MtGox [36], but instead of just hit­ting MtGox this bot net­work is mal­form­ing all sorts of bit­coin trans­ac­tions simul­ta­ne­ously! As a con­se­quence, we’re learn­ing that it wasn’t just MtGox that need­ed to update their soft­ware [12]:

“Bit­coin Exchanges Under ‘Mas­sive and Con­certed Attack’” by Emi­ly Spaven; Coin­Desk; 2/11/2014. [12]

A “mas­sive and con­certed attack” has been launched by a bot sys­tem on numer­ous bit­coin exchanges, Andreas Antonopou­los has revealed.

This has lead to pop­u­lar exchange Bit­stamp putting a tem­po­rary halt on all bit­coin with­drawals, and BTC‑e announc­ing pos­si­ble delays on trans­ac­tion cred­it­ing.

Antonopou­los, who is the chief secu­rity offi­cer of Blockchain.info, said a DDoS attack is tak­ing Bitcoin’s trans­ac­tion mal­leabil­ity [37] prob­lem and apply­ing it to many trans­ac­tions in the net­work, simul­ta­ne­ous­ly.

“So as trans­ac­tions are being cre­ated, malformed/parallel trans­ac­tions are also being cre­ated so as to cre­ate a fog of con­fu­sion over the entire net­work, which then affects almost every sin­gle imple­men­ta­tion out there,” he added.

Antonopou­los went on to say that Blockchain.info’s imple­men­ta­tion is not affect­ed, but some exchanges have been affect­ed – their inter­nal account­ing sys­tems are grad­u­ally going out of sync with the net­work.

He empha­sised that this isn’t affect­ing with­drawals, because most exchanges are not pro­cess­ing them auto­mat­i­cal­ly.

Mt. Gox is the exchange that has suf­fered the most over the past few days [38], due to a num­ber of fac­tors, said Antonopou­los. One prob­lem is that it was using a cus­tom client (not the core Bit­coin soft­ware), on top of that there is the DDoS attack, plus it was using an auto­mated sys­tem to approve with­drawals.

“This is not hap­pen­ing to oth­er exchanges because they’re not stu­pid enough to issue with­drawals with­out check­ing them out first,” he explained.

Antonopou­los said we will see a few exchanges sus­pend with­drawals tem­porar­ily while they re-work their account­ing sys­tems to ensure they are not con­fused by the attack.

“It’s impor­tant to note no funds have been lost. With­drawals have been halt­ed to pre­vent funds from being lost or to pre­vent the bal­ances from going out of sync,” he stressed.

Indus­try action

An indus­try-wide coor­di­nated response has been put into action, with exchanges and core devel­op­ers col­lab­o­rat­ing active­ly to attack the prob­lem from mul­ti­ple angles.

Var­i­ous oth­er groups with­in the ecosys­tem, includ­ing the big min­ing pools, are work­ing to stop the issue from prop­a­gat­ing across the net­work.


Bit­coin devel­oper Jeff Garzik said the core bit­coin block chain con­sen­sus mech­a­nism and pay­ment sys­tem are con­tin­u­ing to work as before, and are not direct­ly impact­ed by trans­ac­tion mal­leabil­i­ty.

He added: “Web wal­lets and oth­er ser­vices that build ser­vices on top of bit­coin are report­ing prob­lems sim­i­lar to MtGox, and are tak­ing safe­ty mea­sures to ensure no fund loss, dur­ing this net­work dis­rup­tion.

“Yesterday’s state­ment must be revised: we will like­ly issue an update fix­ing two edge cas­es exposed by this attack.”

Bit­stamp has issued a state­ment [39] explain­ing that it has tem­porar­ily halt­ed BTC with­drawals. It begins:

Bitstamp’s exchange soft­ware is extreme­ly cau­tious con­cern­ing Bit­coin trans­ac­tions. Cur­rently it has sus­pended pro­cess­ing Bit­coin with­drawals due to incon­sis­tent results report­ed by our bit­coind wal­let, caused by a denial-of-ser­vice attack using trans­ac­tion mal­leabil­ity to tem­porar­ily dis­rupt bal­ance check­ing. As such, Bit­coin with­drawal pro­cess­ing will be sus­pended tem­porar­ily until a soft­ware fix is issued.

The state­ment goes on to reveal that no funds have been lost, nor are any at risk.


Don’t pan­ic

Antonopou­los was keen to stress that, although this is a seri­ous attack, it doesn’t spell the end of bit­coin. He believes the DDoS attack will be “thwart­ed” and exchanges will be run­ning as usu­al by Fri­day.

“I expect things will go back to nor­mal and the hon­ey bad­ger of mon­ey can con­tinue show­ing its resilience,” he said.

“The death of bit­coin has been pre­ma­turely announced so many times already that the obvi­ous con­clu­sion is that bit­coin is far more resilient than its crit­ics would like to think. I am con­fi­dent that in a few days, those who pre­dicted the death of bit­coin will once again be proven wrong,” Antonopou­los con­clud­ed.

3a. One of the most promi­nent of the Bit­coin exchanges has gone down, amid claims of theft of $365 mil­lion worth of Bit­coins.

“Mt. Gox Bit­coin Exchange Down Amid $365 Mil­lion Theft Claim” by Carter Dougher­ty and Pavel Alpeyev; Bloomberg News; 2/25/2014. [40]

Mt. Gox, the Tokyo-based Bit­coin exchange that halt­ed with­drawals this month, went offline as a doc­u­ment sur­faced alleg­ing long-term theft of about $365 mil­lion in the dig­i­tal cur­ren­cy.

A doc­u­ment post­ed online that appeared to be an inter­nal strat­egy paper said uniden­ti­fied thieves stole 744,408 Bit­coins from the exchange — about $365 mil­lion at cur­rent rates — and that the theft “went unno­ticed for sev­eral years.”

“The real­ity is that Mt. Gox can go bank­rupt at any moment, and cer­tainly deserves to as a com­pany,” accord­ing to the doc­u­ment.

The doc­u­ment, which out­lines plans for lead­er­ship changes, re-brand­ing and a pos­si­ble move to Sin­ga­pore, was post­ed online by blog­ger Ryan Galt. A per­son briefed on the sit­u­a­tion at Mt. Gox, who asked to remain anony­mous because the doc­u­ment is pri­vate, said he believed it is authen­tic.

Bit­coin fell 5 per­cent to $517.71 at 4:48 p.m. Lon­don time, accord­ing to the Coin­Desk Bit­coin Price Index, which aver­ages exchange prices. That’s down from as high as $1,151 on Dec. 4.

Mt. Gox went offline to “pro­tect the site and our users,” accord­ing to a state­ment on its web­site. “We will be close­ly mon­i­tor­ing the sit­u­a­tion and will react accord­ingly,” it added.

‘Trag­ic Vio­la­tion’

A group of Bit­coin-relat­ed com­pa­nies sought to dis­tance them­selves from Mt. Gox, and promised to pro­tect cus­tomer funds to pro­mote usage of the cur­ren­cy.

“This trag­ic vio­la­tion of the trust of users of Mt. Gox was the result of one company’s actions and does not reflect the resilience or val­ue of Bit­coin and the dig­i­tal cur­rency indus­try,” San Fran­cis­co-based Coin­base said in a joint state­ment on its web­site with Krak­en, Bit­Stamp, Cir­cle and BTC Chi­na, oth­er promi­nent Bit­coin com­pa­nies.

Is Bit­coin Real Mon­ey?

“As with any new indus­try, there are cer­tain bad actors that need to be weed­ed out, and that is what we are see­ing today,” the com­pa­nies said in the state­ment.

Efforts to reach the http://www.mtgox.com [41] web­site ear­lier today direct­ed users to a blank white page, a day after Mt. Gox Chief Exec­u­tive Offi­cer­Mark Karpe­les resigned from the Bit­coin Foun­da­tion, an advo­cacy group for the dig­i­tal mon­ey. At one point today, the site read “put announce for mtgox acq here.”
‘Alleged Insol­ven­cy’

“We are shocked to learn about Mt. Gox’s alleged insol­vency,” the foun­da­tion said in an e‑mailed state­ment.

Bit­coin was intro­duced in 2008 by a pro­gram­mer or group of pro­gram­mers under the name Satoshi Nakamo­to and has since gained trac­tion with mer­chants around the world. The dig­i­tal mon­ey, based on a peer-to-peer soft­ware pro­to­col, has no cen­tral issu­ing author­ity, and uses a pub­lic ledger to ver­ify trans­ac­tions while pre­serv­ing users’ anonymi­ty.

The Bit­coin Foun­da­tion said that, despite the trou­bles at Mt. Gox, the Bit­coin pro­to­col was func­tion­ing nor­mally. In recent days, Mt. Gox had stopped with­drawals, cit­ing an alleged flaw in the pro­to­col.

Since at least 2011, enthu­si­asts have been trad­ing Bit­coins for dol­lars and oth­er tra­di­tional cur­ren­cies, and in ear­ly 2013 Mt. Gox was one of the biggest exchanges. Mt. Gox said this month that it iden­ti­fied a bug that enables peo­ple to with­draw the same Bit­coins more than once, leav­ing it vul­ner­a­ble to hack­ers.

Prices quot­ed on the exchange plunged on spec­u­la­tion that account hold­ers wouldn’t be able to get their coins back.

The trou­bles at Mt. Gox are the lat­est set­back for Bit­coin after author­i­ties in Rus­sia, Chi­na and Israel sought to restrict the dig­i­tal mon­ey, while the U.S. seeks ways to pre­vent mon­ey-laun­der­ing and illic­it sales with­out killing the new tech­nol­o­gy.

3b. Where­as the fail­ure of Mt. Gox was blamed on the same soft­ware glitch that has sub­vert­ed both “legit­i­mate” and under­ground Bit­coin mar­kets, hack­ers asso­ci­at­ed with Bit­coin are claim­ing delib­er­ate malfea­sance on the part of the Mt. Gox oper­a­tors.

“Hack­ers Hit Mt. Gox Exchange’s CEO, Claim to Pub­lish Evi­dence of Fraud” by Andy Green­berg; Forbes; 3/9/2014.  [9]

The Bit­coin com­mu­ni­ty has been angri­ly press­ing for details on what the Bit­coin exchange Mt. Gox has described as a mas­sive hack­er attack that stole hun­dreds of mil­lions of dol­lars worth of its users’ bit­coins and left the com­pa­ny bank­rupt. Mt. Gox’s staff isn’t talk­ing. So anoth­er group of hack­ers say they’ve bro­ken into the company’s servers to pro­vide answers of their own.

On Sun­day, hack­ers took over the Red­dit account and per­son­al blog of Mark Karpe­les, Mt. Gox’s CEO, to post an angry screed alleg­ing that the exchange he ran had actu­al­ly kept at least some of the bit­coins that the com­pa­ny had said were stolen from users. “It’s time that MTGOX got the bit­coin com­mu­ni­ties wrath instead of [the] Bit­coin Com­mu­ni­ty get­ting Goxed,” wrote the uniden­ti­fied hack­ers, refer­ring to the mul­ti­ple occa­sions over its three year his­to­ry when Mt. Gox has gone offline, delayed trades or sus­pend­ed with­drawals, events so com­mon that Bit­coin users coined the phrase to be “goxed”–to suf­fer from Mt. Gox’s tech­ni­cal glitch­es.

The hack­ers also post­ed a 716 megabyte file to Karpe­les’ per­son­al web­site that they said com­prised stolen data from Mt. Gox’s servers. It appears to include an Excel spread­sheet of over a mil­lion trades, a file that pur­ports to show the company’s bal­ances in eigh­teen dif­fer­ence cur­ren­cies, the back­of­fice appli­ca­tion for some sort of admin­is­tra­tive access to the data­bas­es of Mt. Gox’s par­ent com­pa­ny Tibanne Lim­it­ed, a screen­shot of the hack­ers’ access to those data­bas­es, a list of Mark Karpe­les’ home address­es and Karpe­les’ per­son­al CV.

A screen­shot post­ed by Mt. Gox’s hack­ers, seem­ing to show admin­is­tra­tive access to the company’s data­base of trades.

Update: Users on Red­dit are warn­ing that the hack­ers’ files may con­tain mal­ware designed to steal bit­coins. Oth­er Red­dit users have con­firmed that they found their own account his­to­ry in the data, indi­cat­ing that it’s not fake. But for secu­ri­ty rea­sons, I don’t rec­om­mend any­one down­load the col­lec­tion of hacked files.

In the hack­ers’ sum­ma­ry of Mt. Gox’s bal­ances in var­i­ous cur­ren­cies, they point to a claimed bal­ance of 951,116 bit­coins, which they take as evi­dence that Mark Karpe­les’ claim to have lost users’ dig­i­tal cur­ren­cy to hack­ers is fraud­u­lent. “That fat fuck has been lying!!” a note in the file reads.

I’ve reached out to Karpe­les for com­ment, but haven’t yet heard back from him. Mt. Gox’s embat­tled chief exec­u­tive has remained almost entire­ly mum as his com­pa­ny has implod­ed over the last weeks.

In a pos­si­bly relat­ed inci­dent, a user on the Bit­coinTalk forum post­ed a message–since delet­ed by the forum’s moderators–claiming to be offer­ing for sale a 20 giga­byte stolen data­base from Mt. Gox, includ­ing the per­son­al details of all its users and even scans of their pass­ports. “This doc­u­ment will nev­er be else­where pub­lished by us,” wrote the user, who went by the name nanashi____. “Sell­ing it one or two times to make up per­son­al los­es from gox clo­sure.” The hack­er asked for a price of 100 bit­coins for the data­base, about $63,600 at cur­rent exchange rates.

‘I’ve reached out to nanashi____ via an email address he or she pro­vid­ed, and I’ll update this post if I hear back.
I couldn’t ver­i­fy that Sunday’s data­base dump was real, or that it showed any of the “lying” that the hack­ers claimed. In fact, it may sim­ply show how Mt. Gox’s account­ing mis­matched with its actu­al store of Bitcoins–that it was count­ing bit­coins as being safe in its cof­fers when they had already been stolen by thieves.

But as Bit­coin experts pore over the hacked files, they may yet offer clues to the mys­tery around Mt. Gox’s fate. The Bit­coin com­mu­ni­ty has been puz­zled by the appar­ent lack of move­ment of Mt. Gox’s bit­coins since the com­pa­ny declared bank­rupt­cy last month. Despite stat­ing that it lost 850,000 bit­coins in total in its bank­rupt­cy fil­ing, Bit­coin experts haven’t seen the move­ment of those coins in the Bit­coin blockchain, the pub­lic ledger of trans­ac­tions that pre­vents fraud and forgery in the Bit­coin econ­o­my.

Mod­er­a­tors on the Bit­coin sub­fo­rum on Red­dit delet­ed the hack­ers’ post a few hours after it first appeared, stat­ing that post­ing stolen con­tent vio­lat­ed the forum’s eti­quette rules. But users on the forum didn’t hes­i­tate to draw their own con­clu­sions: the top post on the forum Sun­day after­noon read “Mt. Gox scam was just exposed — MK [Mark Karpe­les] offi­cial­ly stole our funds.”

“We’ve been goxed!” it added.

3c. The ques­tion sug­gests itself as to just “who’s zoom­ing who” with regard to the Mt. Gox fail­ure. It may well be that the entire leak of Mt. Gox records “leaked” by hack­ers may have been a gam­bit to steal Bit­coins. The leak con­tains mal­ware that search­es for, and steals, Bit­coin wal­lets! “. . . . It seems that the whole leak was invent­ed to infect com­put­ers with Bit­coin-steal­er mal­ware that takes advan­tage of people’s keen inter­est in the Mt. Gox top­ic,” Lozhkin said. . . .”

“Bit­coin-Steal­ing Mal­ware Hid­den in Mt. Gox Data Dump, Researcher Saysby Lucian Con­stan­tin; PC World; 3/17/2014. [10]

An archive con­tain­ing trans­ac­tion records from Mt. Gox that was released on the Inter­net last week by the hack­ers who com­pro­mised the blog of Mt. Gox CEO Mark Karpe­les [42] also con­tains bit­coin-steal­ing mal­ware for Win­dows and Mac.

Secu­rity researchers from antivirus firm Kasper­sky Lab ana­lyzed the 620MB file called MtGox2014Leak.zip and con­cluded that in addi­tion to var­i­ous Mt. Gox-relat­ed doc­u­ments and data, it con­tains mali­cious bina­ry files.

The files mas­quer­ade as Win­dows and Mac ver­sions of a cus­tom, back-office appli­ca­tion for access­ing the trans­ac­tion data­base of Mt. Gox, a large bit­coin exchange that filed for bank­ruptcy in Japan in late Feb­ru­ary after claim­ing it had lost about 850,000 bit­coins to cyber thieves.

How­ever, they are actu­ally mal­ware pro­grams designed to search and steal Bit­coin wal­let files from com­put­ers, Kasper­sky secu­rity researcher Sergey Lozhkin said Fri­day in a blog post [43].

Both the Win­dows and Mac bina­ries are writ­ten in Live­Code, a pro­gram­ming lan­guage for devel­op­ing cross-plat­form appli­ca­tions.

When exe­cuted, they dis­play a graph­i­cal inter­face for what appears to be a Mt. Gox data­base access tool. How­ever, in the back­ground they launch a process—TibanneSocket.exe on Windows—that search­es for bitcoin.conf and wallet.dat files on the user’s com­puter, accord­ing to Lozhkin. “The lat­ter is a crit­i­cal data file for a Bit­coin cryp­to-cur­ren­cy user: if it is kept unen­crypted and is stolen, cyber­crim­i­nals will gain access to all bit­coins the user has in his pos­ses­sion for that spe­cific account.”

The mal­ware, which Kasper­sky has named Trojan.Win32.CoinStealer.i (the Win­dows ver­sion) and Trojan.OSX.Coinstealer.a (the Mac ver­sion), uploads the stolen Bit­coin wal­let files to a remote serv­er that used to be locat­ed in Bul­garia, but is now offline.

“It seems that the whole leak was invent­ed to infect com­put­ers with Bit­coin-steal­er mal­ware that takes advan­tage of people’s keen inter­est in the Mt. Gox top­ic,” Lozhkin said.

“Mal­ware cre­ators often using social engi­neer­ing tricks and hot dis­cus­sion top­ics to spread mal­ware, and this is great exam­ple of an attack on a focused tar­get audi­ence,” he said.


3d. Some­thing that belongs in the “The dog ate my home­work!” cat­e­go­ry: Mt. Gox claims that it found 200,000 Bit­coins in a “for­got­ten” dig­i­tal wal­let, worth $116 at cur­rent prices! If you believe that, we’ve got a great deal on the Brook­lyn Bridge, payable only in Bit­coins! “The dog ate my Bit­coins!”

“Mt.Gox Finds 200,000 Bit­coins in Old Wal­let” by Charles Riley; CNN­Money; 3/21/2014. [16]

Embat­tled exchange Mt.Gox said Fri­day that it has found 200,000 bit­coins in a “for­got­ten” dig­i­tal wal­let — a haul worth $116 mil­lion at cur­rent prices.

Mt.Gox CEO Mark Karpe­les said in a state­ment that the bit­coins had been uncov­ered in an old-for­mat wal­let that was thought to be emp­ty. Bit­coin wal­lets allow users to store the dig­i­tal cur­rency and exe­cute trans­ac­tions.

“On March 7, 2014, Mt.Gox Co., Ltd. con­firmed that an old-for­mat wal­let which was used pri­or to June 2011 held a bal­ance of approx­i­mately 200,000 BTC,” the state­ment said.

Karpe­les said that the dis­cov­ery was report­ed to lawyers on March 8. The bit­coins were lat­er moved to “offline” wal­lets.

Mt.Gox was one of the world’s largest Bit­coin exchanges until last month, when it stopped investors from with­draw­ing mon­ey and blamed the dis­rup­tion on tech­ni­cal issues and cyber attacks.

The Japan-based com­pany then filed for bank­ruptcy in Tokyo and the U.S., with debts total­ing $64 mil­lion.

At the time of its clo­sure, Mt.Gox said that it was unable to locate 850,000 bit­coins, the vast major­ity of which belonged to cus­tomers. The dis­cov­ery reduces the num­ber of lost bit­coins to 650,000, but also rais­es ques­tions about what real­ly hap­pened to the miss­ing cur­ren­cy.

While the search for the miss­ing bit­coins will con­tinue, many investors har­bor lit­tle hope that all will be recov­ered. Japan­ese author­i­ties had not reg­u­lated the exchange, and no deposit insur­ance was offered.

Relat­ed: ‘I lost mon­ey with Mt.Gox’

Respond­ing to the wave of doubt gen­er­ated by the exchange’s fail­ure, sev­eral oth­er exchanges and dig­i­tal wal­let providers have sought to reas­sure investors.

“This trag­ic vio­la­tion of the trust of users of Mt.Gox was the result of one company’s abhor­rent actions and does not reflect the resilience or val­ue of Bit­coin and the dig­i­tal cur­rency indus­try,” an indus­try group said in Feb­ru­ary.

In relat­ed news, the team of vol­un­teer com­puter devel­op­ers who man­age the Bit­coin soft­ware pro­gram has fixed some of the tech­ni­cal issues that Mt.Gox ini­tially blamed for its trou­bles — a quirk in the way Bit­coin works called trans­ac­tion mal­leabil­i­ty.

3e. In a new twist, hack­ers have launched denial of ser­vice attacks on start­up tech firms, and demand­ed ran­som for ceas­ing those attacks–payable in Bit­coins!

“To Instill Love of Bit­coin, Back­ers Work to Make It Safe” by Nicole Perl­roth; The New York Times; 4/02/2014. [44]

. . . War­ren E. Buf­fett referred to the cur­ren­cy as a “mirage” in an inter­view last month and told peo­ple to “stay away.” Would-be adopters and investors have grown fear­ful as hack­ers devel­op new ways to steal Bit­coin and major Bit­coin exchanges shut down. . . .

. . . . Hack­ers have recent­ly tak­en to mount­ing large scale denial-of-ser­vice attacks on tech startups–most recent­ly, Meetup.org, a social meet­ing site; Vimeo, the video shar­ing ser­vice; and Base­camp, a project man­age­ment soft­ware company–and demand­ing pay­ments via Bit­coin as ran­som to cease. . . .

4. Patrick Byrne, CEO of Overstock.com–the first retail­er to accept Bit­coin as a pay­ment vehicle–is a dis­ci­ple of the Aus­tri­an school of eco­nom­ics. The Aus­tri­an school is a fun­da­men­tal ele­ment of the Bit­coin milieu and is also cen­tral to the milieu of Edward Snow­den and the “Paulis­tin­ian Lib­er­tar­i­an Orga­ni­za­tion.” [45]

“Meet Patrick Byrne: Bit­coin Mes­si­ah, CEO of Over­stock, Scourge of Wall Street” by Cade Metz; Wired.com; 2/10/2014. [13]

. . . . The prob­lem with the mod­ern econ­o­my, Byrne says, is that it rests on the whims of our gov­ern­ment and our big banks, that each has the pow­er to cre­ate mon­ey that’s backed by noth­ing but them­selves. Thanks to what’s called frac­tion­al reserve bank­ing, a bank can take in $10 in deposits, but then loan out $100. The gov­ern­ment can make more dol­lars at any time, instant­ly reduc­ing the currency’s val­ue. Even­tu­al­ly, he says, lay­ing down a clas­sic lib­er­tar­i­an metaphor, this “mag­ic mon­ey tree” will come crash­ing down.

But bit­coin is dif­fer­ent. It’s like online gold: The sup­ply of the dig­i­tal cur­ren­cy is con­trolled by soft­ware run­ning across a world­wide net­work of com­put­ers, and its val­ue is decid­ed not by the feds or the big banks, but by the peo­ple. “It can make our coun­try more robust,” says Byrne, a dis­ci­ple of the Aus­tri­an school of eco­nom­ics, which holds that our econ­o­my should rest on the judg­ments of indi­vid­u­als, not a cen­tral author­i­ty. “We want a mon­ey that some gov­ern­ment man­darin can’t just whisk into exis­tence with a pen stroke.”

Zom­bies. Mag­ic mon­ey trees. Man­darins. As Byrne admits, it’s a ten-dol­lar answer to my ten-cent ques­tion about his plans for the future of Overstock.com, and although I know the man well, I can’t help but won­der how much of this is just him call­ing atten­tion to him­self. But a week after this phone call, Byrne will make good on his promise, as Over­stock becomes the first major online retail­er to accept pay­ments in bit­coin, let­ting you buy every­thing from patio fur­ni­ture to smart­phone cas­es with the fledg­ling dig­i­tal cur­ren­cy. And the fol­low­ing month, dur­ing Overstock’s quar­ter­ly earn­ings call, he will reveal that he has per­son­al­ly con­vert­ed mil­lions of dol­lars into bit­coin. The Over­stock CEO is plac­ing more than one big bet on an unpre­dictable future, but Byrne has proven him­self pre­scient before — about the inter­net and the media as well as the econ­o­my. . . .

5. Bit­coin is already demon­strat­ing exact­ly the same con­cen­tra­tion of wealth that plagues the very con­ven­tion­al econ­o­my it is sup­posed to replace. The dif­fer­ence is that bit­coin is already demon­strat­ing a far more pro­nounced con­cen­tra­tion than the con­ven­tion­al econ­o­my–the top one hun­dredth of one per­cent of bit­coin own­ers con­trol 50% of the wealth.

“For­get the 1 Per­cent. In the Bit­coin world, Half the Wealth Belongs to the 0.1 Per­cent” by Bri­an Fung; The Wash­ing­ton Post; 3/3/2014. [14]

The fall of Mt. Gox has a lot of peo­ple say­ing Bit­coin is dead. Yes, the Tokyo-based exchange may be gone, but the vir­tual cur­rency has much more than a sin­gle exchange (which wasn’t even the largest at the time that it col­lapsed). There’s still a great deal of room [46]for Bit­coin to grow, par­tic­u­larly in the West: Mt. Gox’s col­lapse hasn’t done much to tem­per curios­ity among reg­u­la­tors and entre­pre­neurs [47].


Of course, the draw­back to con­sol­i­da­tion is that those ben­e­fits will be con­cen­trated in the hands of a rel­a­tive few. That dynam­ic is already play­ing out among indi­vid­ual hold­ers of Bit­coin, with a grow­ing gulf between the Bit­coin-rich and the Bit­coin-poor. Accord­ing to Ris­to Pietilä, a Finnnish entre­pre­neur, the over­whelm­ing share of Bit­coin wealth is held in just a few dozen wal­lets [48]. Half of all bit­coins belong to around 927 “indi­vid­u­als.” If those fig­ures are right, then half of the world’s 12 mil­lion or so bit­coins is held by a tenth of a per­cent of all accounts. That’s a stun­ning state­ment of inequal­ity, since in the real world 46 per­cent of the world’s wealth belongs to 1 per­cent of the glob­al pop­u­la­tion [49]The Bit­coin world, then, is even less equal than the real world.