
Fraud caused disappearance of 99% of Mt. Gox Bitcoins - jpatokal
http://the-japan-news.com/news/article/0001825662
======
drcode
From all the theories I've seen, the most likely to me is that this was a
business that slowly drifted into a whirlpool of fraud and insolvency,
probably starting with good intentions.

Most likely, they had a hard time maintaining the right ratio of
bitcoin/yen/USD to match the reality of their customer's deposits (through
incompetency) and got hit hard when the "wrong" price fluctuations occurred...
when this happened, and in which direction the fluctuation happened, I cannot
say.

After that, they were deeply into a fractional reserve situation and thought
"hey, we own a large part of the Bitcoin market, we can probably play the
price a bit to make our customers whole again, without anyone knowing what had
happened."

In this way, they gradually drifted from "cutting corners and doing the ugly
things required to keep a business afloat" (aka mild, veiled fraud) into
outright fraud.

~~~
Pyxl101
Your theory seems reasonable to me, and I know you're not defending them, but
...

How difficult is it to keep the right amount of bitcoin and USD in deposit? It
seems pretty simple to me. Customer deposits $1.00, then I keep $1.00 in
deposit in my business account. Customer deposits 1 bitcoin, I keep one
bitcoin. The account for customer deposits will only ever be touched by
automated systems processing these transactions.

If I'm charging fees as part of depositing/withdrawing/trading currencies or
BTC, then those fees are immediately swept into a separate account, the
entirety of which is revenue. Kept strictly separate from deposits. I'd
regularly audit both accounts to confirm that the dollar amounts of each
deposit/withdrawal, as well as total, match the records of actions in my
systems.

Mt Gox only ever handled about 40 trades per second. Seems like you could keep
everything balanced with a typical database, using transactions to implement
atomic trades / deposits / withdrawals. Perhaps interfacing with money
transmission systems is slightly more difficult, but once a transaction has
reached the point of having probably-completed, you initiate the transaction
to modify the customer's balance of bitcoin and currency.

So I guess I'm agreeing with you that if they failed in this way, they must
have been incompetent.

P.S. I'm just making all this up. I've never worked in payments or accounting.
I expect a good security or finance auditor could suggest much better
controls. I'd pick up an "accounting for dummies" book and learn about the
basic control principles used in accounting to prevent fraud. Perhaps I
periodically download statements from my bank, print them out (or receive them
in the mail) and audit those records against my own systems, by hand. Do the
same electronically on a continuous basis. Set up an off-site write-only
logging system to capture all transactions, and regularly audit to ensure that
the system logs match bank transaction logs.

~~~
Animats
_How difficult is it to keep the right amount of bitcoin and USD in deposit?
... P.S. I 'm just making all this up. I've never worked in payments or
accounting._

Mt. Gox had a financial control problem less complex than that faced by the
typical supermarket. A supermarket has cash going in and out, multiple cash
registers, multiple cashiers on different shifts, credit cards, checks,
benefit cards, and automated checkout lanes. That's just the front side -
there's a comparable operation at the back, where merchandise comes in and is
accounted for. A big supermarket has a higher transaction rate than Mt. Gox
did.

If a $10 bill goes missing in a supermarket, the management will know at the
end of the day, and will probably be able to figure out where it went. This is
routine cash control. It's a solved problem.

Mt. Gox had no financial controls; we know that from press reports. None. They
don't even seem to have had a general ledger. This is rare in real businesses,
but it's common in fraud schemes. Fraudsters don't want accounting controls,
with everything they're stealing on the record.

Anyway, on Jan 3, we'll hear more. That this story came from the Tokyo
Metropolitan Police is significant. The police haven't said anything until
now, except that they were investigating. That silence has ended. Arrests may
be announced. There's a good chance that Mark Karpeles is about to experience
the standard 21-day interrogation used in Japan.

~~~
slashink
Just curious, searched and couldn't find anything meaningful, what is the
"standard 21-day interrogation"?

~~~
patio11
To make a long story short: the general standard of Japanese policing at
present is quite similar to the prevailing standard of US policing in the
1950s. The primary investigative tactic is coercing confessions, and I do not
use the word "coercing" lightly. Japanese cops can jail someone on suspicion
of wrongdoing for 20-something days prior to having to bring a magistrate into
the picture, during which time they're routinely physically and emotionally
abused and made to think that signing whatever the cops put in front of them
will be the quickest way to end the ordeal.

~~~
nebula
Doesn't this get abused heavily?

~~~
dragonwriter
It is systematic abuse; I'm not sure it makes sense to talk about it being
abused...

~~~
hga
Indeed. Japan is a police state. A remarkably polite one, but things at this
level are done for the convenience of the police, prosecutors and judges (at
least prior to adding juries to the system, but I'm quite skeptical how
that'll turn out for quite a while). Closing cases is more important than
finding the real criminal, and atrocities like their handling of the Aum
Shinrikyo cult suggest they're not so good when put to serious test.

~~~
jpatokal
"Atrocities like their handling of the Aum Shinrikyo cult"? Are you referring
to the guy falsely blamed for the Matsumoto attack? The police are indeed
likely to blame for leaking his name to the media, but he was never even
formally charged, much less convicted:

[https://en.wikipedia.org/wiki/Yoshiyuki_Kouno](https://en.wikipedia.org/wiki/Yoshiyuki_Kouno)

The investigation of the Tokyo sarin attacks, on the other hand, seems to have
been carried out pretty much by the book and I'm not aware of anybody outside
the tinfoil hat brigade who contests that they got the right people.

~~~
hga
_After_ the sarin attacks, they did a good job. I'm referring to the multiple
times they dropped the ball prior to that point, which among other things
allowed the sarin attacks to happen. Their screwup on the Matsumoto attack is
an obvious example; they they harmed an innocent in an incorrect focus on him
is in a way much less important than letting the culprits later do _much_
worse.

------
bigbugbag
Well this could be interesting if it's more than hype to sell more paper.

Karpelès having quite a trail of fraud and misconduct, I'm curious to learn
the results of the Magic The Gathering Online Exchange investigation.

For those who don't know yet about the past of Karpelès, he started his career
when over a disagreement with his employer he moved some of the company's
clients' data over to his own servers, redirected a company domain towards one
of his then resigned from the company. When the company confronted him, he
refused to give back what he took and offered to buy the domain he stole, so
the company went to court with Karpelès admitting he did it to the police but
telling a different story on his blog [1]. With Karpelès not appearing at the
audience because he had left the country he got sentenced in 2010 to 1 year of
prison and 45 000€ in damage [2].

This is only part of a trail of lies, deception and fraud from Karpalès for
his personal profit that has started to surface, we know have a blog he made
in 2006 where he confessed of getting caught for a youth error of doing bad
things with online payment systems for 2 years[3] or how he used lies to get
money for a job he didn't do[4].

Of course that doesn't mean he did stole the coins, that's why I want to know
about the investigation.

[1]:
[https://web.archive.org/web/20070630213730/http://www.magica...](https://web.archive.org/web/20070630213730/http://www.magicaltux.net/blog/2006/11/23/105-le-
point-sur-2006-eurocenter-portha-ff-st-etc)

[2]:
[https://www.documentcloud.org/documents/1238981-img-20140720...](https://www.documentcloud.org/documents/1238981-img-20140720-0001.html)

[3]:
[http://web.archive.org/web/20140302234940/http://blog.magica...](http://web.archive.org/web/20140302234940/http://blog.magicaltux.net/2006/02/12/pensees-
nocturnes/)

[4]: [https://www.cryptocoinsnews.com/exclusive-tibanne-co-ltd-
sen...](https://www.cryptocoinsnews.com/exclusive-tibanne-co-ltd-
sentenced-2013-mark-karpeless-lies-new/)

~~~
btown
It's astonishing that financially minded people, used to doing due diligence
for potential investments in their day jobs, would trust a company with their
own personal money without digging into its founder's backstory!

~~~
gwern
Most (all?) of that material was in French, which seems to have been a
surprisingly effective barrier. (French proficiency is not terribly common in
the US or Japan; and how many people are _so_ paranoid about random
counterparties that they will hire translators to go through everything any of
the counterparties have ever written looking for red flags? Have you ever done
that?)

I don't recall even the Mtgox haters bringing up any of the French backstory
until not long before the end.

------
patio11
I'll try to find a print copy when the Yomiuri hits news stands on the 3rd and
post the gist of it, but don't get your hopes up on this shedding a lot of
light on the story.

~~~
sillysaurus3
Please, and thank you! I've been avidly following every piece of news about
Mt. Gox, so it would be great to hear a translation of the news story. It
probably won't have any new details, but I'm very interested to know how Japan
feels about the situation. A translation of a printed story might not be the
best way to find that out, but at least it's something.

------
jnaglick
It's almost like people with no education or training and a history filled
with criminal activity can't be trusted to run financial institutions.

It's almost like there is a great irony in the fact that people who mistrusted
government run banks sought an anonymous unregulated cryptocurrency and then
immediately got ripped off because it's anonymous and unregulated.

~~~
sparkie
> government run banks

What's one of these? It's the other way round - banks run governments.

~~~
mercurial
Should probably be read as government-regulated instead. For some value of
"regulated", anyway.

------
butwhy
This is still a mystery? I thought it was widely accepted that Karpeles stole
the money for himself to buy Starbucks.

