

Non-official MtGox investigation update and preliminary release - sdouglas
http://blog.wizsec.jp/2015/02/mtgox-investigation-release.html

======
akerl_
I heard that Karpeles wasn't even running the site when things went down. He'd
sold the site to Ross Ulbricht, and then Ulbricht tricked him into taking over
Mt. Gox again right before everything hit the fan.

~~~
majke
Citation needed.

~~~
eli
I'm pretty sure it's a joke.

~~~
hellbanner
Pretty sure that was too.

~~~
reddytowns
Ah... danielson, you must learn... do not insult one with more than 500 karma.

~~~
hellbanner
I thought this was a democracy!

------
Michael_Murray
I have no inside information, but the pattern suggests to me a plausible
explanation. And I'm typing on my phone, so I might not explain fully.

Suppose I were wanting to overinflated the value of my business to show to
investors or for another reason - I could create an account that had within it
a large additional amount of fiat (by entering that value in the DB).

Then, I have an idea... Using that fake deposit, I can start buying BTC. And,
as long as the price of BTC is going up, I'm actually printing money and
making real fiat out of the initial fake deposit.

This works as long as the price continues to increase and people continue to
trade - if either of those factors trends down, the fake fiat will be noticed.

Unwinding this becomes tricky - if you sell too fast, you cause the price
decrease. And if anybody gets wind of it, they'll abandon ship.

In some ways, this has an analogue in what happened at Lehman and AIG. The CDO
market worked as long as the default assumptions were right and the value of
the underlying assets continued to appreciate - as soon as they didn't, the
margin requirements wiped out all of their reserve capital.

It also reminds me a bit of QE - the "printed" fiat was inserted in to the
market and used to purchase assets in a way that supported the market. When he
easing stops, if the value of the assets can't be supported by continuing
market pressure, the market for those assets crashes.

~~~
steve_taylor
> Unwinding this becomes tricky - if you sell too fast, you cause the price
> decrease. And if anybody gets wind of it, they'll abandon ship.

My thoughts exactly. There are far less risky ways for an exchange to rip off
its customers with out their knowledge, such as front running. That is, the
insider can use lag to effectively trade with advance knowledge of the market.
(Remember those long bouts of massive lag?) This doesn't require market
manipulation and every single pair of trades is profitable.

~~~
orclev
Another piece of this puzzle might be shenanigans early on in the history of
MtGox. There's been some speculation that something happened early on and
MtGox lost a lot of BTC (either a hack, a glitch, or possibly a HD failed with
a wallet that didn't have a backup). From that point on they basically
scrambled to make up the deficit in BTC through various shady means, one of
which might be this bot. There's an oblique reference to that theory early on
in the report when they mention trading a BTC deficit for a fiat deficit.
Basically they traded cash they didn't have for BTC they didn't have but
needed in order to prop up the orders they had outstanding.

------
Animats
Most of that was known. This "investigation" doesn't have access to Mt. Gox's
internal logs.

The actual police investigation has been unimpressive. The Tokyo Metropolitan
Police are quite new at computer crime investigation. Their computer crime
unit was established in May 2013, about two months before Mt. Gox started
tanking.[1] Still, it's amazing that this case hasn't been cracked yet. It has
to be an inside job, and the number of insiders is small.

[1] [http://antifraudintl.org/threads/tokyo-police-sets-up-
cyber-...](http://antifraudintl.org/threads/tokyo-police-sets-up-cyber-crime-
squad.77064/)

------
mikekchar
I only skimmed the article. It is very interesting and I want to go back to it
later, but the one obvious explanation (to me) is that Willy was money
laundering. It was buying up bitcoins using USD in accounts that didn't seem
to exist. I'm assuming that the bitcoins existed and the trades actually
happened -- it would be straight forward to tell from the block chain. The
simplest explanation is that someone had a lot of USD that they wanted to
launder and they were buying up Bitcoin. This money was put in non-public
accounts. At some point they wanted to cash in. This caused BTC to crash.

One could speculate that a naive person might offer a BTC money laundering
service without understanding basic economics. The bot is buying up BTC,
causing the price to skyrocket. The naive operator is thinking, "Awesome, I'll
pocket a cut of this!". Then the very nasty people who were offering the USD
to launder suddenly said, "OK, please return it all right now". The naive
operator is thinking, "No problem, the price is so high" but then crashes the
currency. In fact, once could speculate that said operator ended up with a
shortfall and had to make a choice between stealing BTC from other accounts or
living with 3 less legs than he was born with.

I'm not saying that's necessarily how it happened, but it doesn't seem that
implausible to me...

~~~
kaoD
> I only skimmed the article.

Bad idea. You should read the whole article and the linked ones too. There's a
lot of information there and it's really important to understand what's going
on (as well as understanding how MtGox operated).

> I'm assuming that the bitcoins existed and the trades actually happened --
> it would be straight forward to tell from the block chain.

That's a big assumption. You can't tell from the blockchain since trades were
done within MtGox's database, while the blockchain was only used for BTC
withdrawals.

In fact, AFAIK we can't even tell if the data is real, since this is a leaked
log dump and could be altered to frame someone.

------
zzleeper
So was it Karpeles or one of his employees?

~~~
jonknee
It seems like he would have been the only one in the position to do it (the
employees were kept in the dark about a lot of things).

~~~
dagw
Most employees at most companies have pretty good grasp of things they're
officially "kept in the dark" about.

------
zamalek
I don't understand why a bot is so suspicious. It could have simply been
algorithmic trading.[1]

[1]:
[http://en.wikipedia.org/wiki/Algorithmic_trading](http://en.wikipedia.org/wiki/Algorithmic_trading)

~~~
Cthulhu_
It's suspicious because the money didn't seem to come from anywhere, the BTC
didn't seem to go anywhere, and most importantly, it was doing trades while
MtGox was offline for everyone else - which implies it was running internally
at MtGox, which hints at it being used to artificially drive up the price of
BTC.

~~~
zamalek
Thanks, that explains it clearly.

