Ask HN: Where are the 750k Bitcoins lost by Mt. Gox? - pmcpinto
======
deweller
In November of 2011 Mt. Gox demonstrated control of 500k BTC.

I followed the 500,000 BTC for a bit beginning at
[https://blockchain.info/tx/b269bf1b82dae8a61f7f91dbf7a9d807e...](https://blockchain.info/tx/b269bf1b82dae8a61f7f91dbf7a9d807e30963c1ae00ddd95a8faebea6d0a007).

The coins move around and small amounts are sent away, but the majority ends
up back in Mt. Gox's main (hot) wallet. This repeats a few times until the
majority is paid back to the main Mt.Gox address.

Here is the transaction where it starts to get interesting:

[https://blockchain.info/tx/478ea915aa3a2e54503c43e1c5659722b...](https://blockchain.info/tx/478ea915aa3a2e54503c43e1c5659722b42a784412423a05394c83a44affb805)

What's left of the 500,000 (429.9k) is split into roughly half and sent to 2
new address. And then each of those address splits the coins in half and sends
to two new address.

The end result is that the 429k was split again and again until the funds are
split into many addresses, each of which now contain less than 1,000 BTC each.
I stopped following the transactions there.

Why take 429k and split it into many addresses each containing less than 1,000
BTC each?

I'd like to see someone trace all of these coins and see if they end up coming
together somewhere or show a pattern.

~~~
chevreuil
I'm a bit new to bitcoins, but is it technically possible for the bitcoins
community as a whole to make a blacklist of bitcoins addresses and "ban" the
stolen bitcoins ? Such blacklist would daunt robbers and enforce public trust
in bitcoins.

~~~
the_watcher
Well, the supply of BTC is finite, so simply excluding stolen BTC's has some
additional problems. May be better than not addressing it, but while BTC
provides a mechanism for following them through the transaction chain, it's
not that simple to ID what addresses contain "stolen" BTC. What if the thieves
are able to launder them through unwitting proxies? For example, steal a bunch
of BTC, sell them on another exchange immediately, and now, how do you
blacklist those "stolen" bitcoins without screwing over an innocent bystander?

~~~
digikata
Because transactions are recorded in a public blockchain, couldn't that be a
big downside for anyone accepting bitcoin whether or not the coins appear on a
blacklist/warning list. If a sending wallet address is associated with some
contested activity (e.g. someone getting sued, or indited), I could imagine
that those BTC could easily get swept up in the legal actions to unwind or
resolve the activity.

This vs accepting cash which is fungible, and would need some other evidence
associating the buyers money with the contested activity. At least the
resolution activity there would likely be stopped at one level from receiving
the cash, but with BTC, you happen to be able to track that one specific coin
right through multiple layers of transactions. I can see lawyers tracking all
the way out to the current holder of a given BTC.

edit: Upon a bit more side reading, I think the tracability of a given BTC is
a bit overstated here.

~~~
the_watcher
That is assuming you can "blacklist" addresses before the transaction takes
place. Or they could just create a new BTC address.

------
brudgers
I suspect that the bitcoins have been exchanged for something else and are
back circulating around. The beauty of the heist is that any bitcoin in
circulation invariably passes through transactions where the parties have a
compelling interest in not being attached to the transaction.

After finding a stolen bitcoin, unravelling its history back to the Mt. Gox
Heist is likely to meet a wall of resistence - e.g. if it passed through Silk
Road the parties on both sides will be reluctant to come forward and provide
information.

In terms of a tort, is it civil or criminal? Was the loss of the coins by Mt.
Gox simply an unsatisfactory business transaction? Supposing there was a
theft, how should the bitcoins be valued? By the amount of storage space they
consume, by the cost of the resources required to create them? If by some
market price, which one - some average at the time of their creation, at the
time of their loss, at the time of their recovery, or at the time of the
prosecution? Many of those values are zero.

Finally, how many of Mt. Gox's customers are going to come forward and claim
ownership if such claims are accompanied by a risk of being asked "And how
came you to acquire these bitcoins?"

Unlike fiat currency, no government has an interest in supporting the agreed
upon fiction that bitcoins are not a fiction. Stealing cash is a crime because
the government has an interest in cash being an asset.

The problem with cryptocurrency is the proportion of black and grey market
interests it attracts. With bitcoin, they were there first and good citizens
second. Separating good citizens from their money was always going to be an
attractive option, probably more attractive than separating participants in
the black and grey markets from theirs given the greater potential for more
serious reprisals which might accompany theft.

It's been over since the first Bitcoin story on NPR.

------
sillysaurus3
Some info here:
[http://www.reddit.com/r/Bitcoin/comments/1z37zw/mt_gox_has_a...](http://www.reddit.com/r/Bitcoin/comments/1z37zw/mt_gox_has_at_least_200k_btc/)

"MtGox still has at least 200k BTC"

Here are the possibilities, as far as I can tell:

1) That information is inaccurate.

2) MtGox lost their private keys.

3) The private keys were kept in a bank vault, which was seized by a foreign
entity like the US government at some earlier time.

4) MtGox stole the coins.

The management of MtGox knows which of these is correct, but they probably
aren't going to say.

~~~
bachback
5) they were stolen

~~~
raphaelj
Which is the same as 2) and 3).

~~~
shawabawa3
No, could have been stolen through bugs in their software (e.g. transaction
maleability), not directly from stealing the keys

------
bushido
With the possibility of getting down voted into oblivion.

The BTC lost/stolen are all available within blockchain/public ledger.
Depending on who stole them, it would probably be distributed within multiple
very smaller transaction.

It my be traceable, but likely unrecoverable, because this is a feature of
Bitcoin. In other words authorities and forensic enthusiasts can find the BTC
but they are most likely lost at the same time.

~~~
loceng
This is the issue. It can become a never-ending wild-goose chase. The thieves
can continue to move the funds around until they're no longer tracked, or far
enough ahead that from the trackers (assuming there's any enforcement or
penalties or laws relating to accepting stolen Bitcoin - which there aren't
currently) or just spend them if they're not being tracked or if there's no
enforcement in place.

The thieves will move funds around at little cost in order to try to gain the
value from the Bitcoin they stole.

The problem with Bitcoin is that because there's no fee associated with them,
there's no money or resources being made available or directed towards
policing and following of these thieves.

Edit: And it's not particularly fair to use the rest of society's resources to
do this policing, when they're not contributing to the system - they're
avoiding contributing, to a partially corrupt and currently inefficient
system, yes - but it'd be better to fix these inefficiencies and deal with the
corruption.

~~~
d0ugie
Wouldn't, in this high profile clustereff, somehow tracking down those
bitcoins cause bitcoin in general more harm than good? Would it not highlight
that one way or another, either by fault of bitcoin or human error, that like
Tor it is not bulletproof in terms of anonymity and susceptibility to being
taken back from someone, whether that someone is a good or bad guy?

~~~
loceng
Taken back? Finding a person is one thing - you need a lot of resources to
track a person down - then trying to find where they may have hidden the keys
needed to use the Bitcoin is another. People who have stolen millions of real
dollars are still able to just hide the cash or money in off-shore accounts.
Similar problems exist, though it doesn't start off anonymously. It's not
really good or bad, it just is. We need to manage for best case scenario, and
structure systems to provide best case scenarios. Controlled or rather fully-
manageable ecosystems are the best, though they have the ability to be badly
managed and through political lobbying, etc. cause a whole series of problems
in a society.

------
yread
Why doesn't Mt. Gox just publish the ID of the wallet(s) from which they were
stolen?

1\. They weren't stolen - lost in cold storage harddisk failure for example

2\. Revealing it would show something extremely embarrassing - they only used
a single wallet?

3\. They still have them - yay?

4\. They were stolen by Mt. Gox - _gulp_

~~~
drcode
MtGox may just have larger problems right now and can't get around to the
actuarial work involved.

Though I agree a cold storage failure is still a good possibility, given the
poor communication.

------
davidw
"The Lost BitCoins of Mt Gox" sounds like a good Scooby Doo episode. Or Hardy
Boys?

~~~
colinbartlett
_Velma yanks off mask._

 _Daphne gasps_

"Mr. Karpeles!"

Fred: "Mark Karpeles was the thief all along!"

Karpeles: "And I would have gotten away with it, too, if it hadn't been for
you meddling kids!"

~~~
terranstyler
Velma didn't even say Jinkies yet :(

------
fredgrott
Here s an idea..

Feds sized silk road and the Bitcoin wallets

If any was stored or transacted at MTGox this might be some of the amount of
losses MTGOX is now showing but NOT ALL OF The lOSSeS obviously

~~~
jnbiche
Bingo. The Feds seized their cold wallet somehow.

Mark has said repeatedly that Mt. Gox is under investigation and that he can't
talk about it. There's a supposed IRC log from two days ago where he let it
slip that he's under a gag order, saying two days ago "le gouv US ne veut pas
qu'on disclose" (the US gov. doesn't want us to say anything)[0]. And he's
said in public that he can't discuss the matter since he's under
investigation.

So my guess is that the feds have seized his cold wallet as part of the Silk
Road investigation, or even as part of the case against Mt. Gox itself, which
was probably in a safety deposit box. They've already seized 5 million USD
last year from Gox, why wouldn't they go after the Bitcoins, too?

And yes, the seized Bitcoins would not equal the number owed, but my guess is
that they're the majority of them, say 80%.

If that's the case, account holders would have to petition the USD to prove
they're not drug dealers and or tax evaders to get their money back.

~~~
mtlolx
This is an unusually silly conspiracy theory.

I find it extremely unlikely that MtGox would falsely claim that they suffered
a theft due to transaction malleability (a real point of possible error) if
the actual issue was a US Government seizure. It just strikes me as utterly
unbelievable that they would actively cover up (rather than simply failing to
disclose) a government seizure.

It's far, far more likely that Karpales is either grossly incompetent or a
thief than it is that he's making up complicated stories to cover up a
government action.

~~~
kordless
You can't disclose if you are under a gag order. If Mark was running a
fractional reserve because the coins were seized, and they got hit with the
transaction mailability issue, that could set the stage for what we're seeing
today.

I agree Occam's Razor applies here. That said, we still don't know a lot about
what happened.

~~~
oijaf888
Would a gag order from a US court apply to a Frenchman in Japan?

~~~
Crito
In theory, or in reality? There could be explicit, implied, or even naively
assumed 'underhanded compliance encouragement' going on.

I wouldn't put my money on explicit, but if it was, it wouldn't be the first
time.

------
eterm
This is another possibility people are overlook, that perhaps they never had
them. Perhaps they simply built up a liability of 800k bitcoins by trading on
their own exchange and making some bad calls.

~~~
drcode
If I had to venture a guess, I'd bet that not even Mark Karpeles knows what
happened to the money.

------
junto
Whilst the numbers quoted in US dollar terms are quite staggering, I would be
interested to know what the actual losses are based on the initial investment
dollar amount.

I'm guessing many of these coins were mined or bought before the astronomical
price rises.

Of course I understand that that is irrelevant to people who have perceived
millions of USD, but interesting nevertheless.

~~~
danudey
This is an interesting point. This value is all speculative until the it's
resolved by conversion to another currency. The entirety of my LTC holdings
are from mining coins, trading out to USD before it dropped, then 'buying' in
again. I ended up with around five hundred bucks worth, mostly due to just
smart trading, costing me nothing.

The value has recently dropped, and I'm sad that I didn't cash out before, but
I didn't actually lose anything. I'm still up the entire value of my
portfolio, I'm just not up as much as I was before (and could have cashed out
at).

I do feel bad for the people who bought in and then lost it all.

------
uslic001
Any truth to the claims made on this website?

[http://www.doctrackr.com/blog/bid/376566/409-Million-in-
Bitc...](http://www.doctrackr.com/blog/bid/376566/409-Million-in-Bitcoin-
Stolen-Who-is-to-Blame?utm_source=hacker-
news&utm_medium=social&utm_term=post&utm_content=ddos-
attacks&utm_campaign=Blog-Post-2-28)

"The Pony botnet attack was an ambitious data collection program. TrustWave
reported staggering data loss statistics from the event the following
sensitive information was stolen.

1,580,000 website login credentials 320,000 email account credentials 41,000
FTP account credentials 3,000 Remote Desktop credentials 3,000 Secure Shell
account credentials Pony’s attack on the Bitcoin community took down the
worlds largest Bitcoin exchange, and caused the price of Bitcoin to plummet.
The attack reinforced security concerns over the currency. Can confidence in
Bitcoin recover?"

------
aroch
"In the blockchain".

Assuming they weren't lost because someone forgot a password, all of the BTC
lost / stolen in transaction malleability _are_ traceable. Whether or not its
feasible to check every transaction from Gox over the last few years and add
up all the partial BTC is something I can't comment on.

~~~
knodi
there are top men working on this very thing.

------
oskarth
Here's what I would do if I stole 750k Bitcoins.

1\. Split the wallet up into as many wallets as possible. Preferably by
transferring them through a couple hundred compromised (but not emptied)
accounts.

2\. Sell each individual wallet of say, 100-1000 BTC, on the black market.
Make sure the transaction happens outside the transaction chain (i.e. either
in real life or using other wallets with some kind of alternative trust
system).

3\. Be prepared to lose 5-20% of the value, in exchange for turning the money
"white".

If the money was stolen and the people who took it aren't stupid, I don't see
how someone is ever going to find it.

~~~
bdevine
Of course, the more wallets you create and sell, the higher the probability
that at least one of their buyers is stupid.

------
zacinbusiness
So if the bitcoins are seized by some government entity....wouldn't that make
the total value of bitcoin go up? Supply and demand and all that...

Again, I know very, very little about bitcoin or economics in general.

~~~
zeidrich
Bitcoins have no intrinsic value. They only have value in trade.

If I started my own currency called a superdollar, and I had the only
superdollar in existence, it would be worthless, despite the fact that it was
very rare.

If a foreign entity can make the bitcoins you have disappear, that leads to
less confidence in your ability to use the bitcoins for trade. The fact that
there's fewer out there doesn't mean yours are more valuable. The number of
bitcoins has been constantly increasing, yet the price has been going steadily
up as well. That's because they've become more trusted, more usable. More
places will accept them in trade, and more exchanges exist.

When places like Mt. Gox fail, or fear that foreign entities have the ability
to essentially rob the banks with impunity, it makes the currency less
trusted.

Consider this. The government issues a currency called digibux. They are
matched to the USD, you can buy one digibuck for 1 USD, but they are limited
in volume, only so many are offered. Looking at this naively, digibux has the
same value as USD. Now consider the following happens, the government takes
down a giant drug operation, and invalidates all of the digibux that were
involved in the operation. A friend of yours who was a pizza delivery guy has
hundreds of dollars removed from his digital wallet because they were tips
from people who had participated in the drug trade.

Now you're sitting with 10,000 digibux, and you know that the government is
pleased with the results of the previous sting and wants to set up more
operations like that. Someone offers you 8,000 USD for your 10,000 digibux.
You know that the 8,000 USD can never just vanish.

The number of digibux in circulation went down. But did that make the total
value of digibux go up?

~~~
zacinbusiness
That's an excellent explanation and I appreciate it. I'm sure you've
simplified some, but it makes sense to me.

------
jackgavigan
There have been hints that MtGox's losses were due exploitation of the
transaction malleability issue.

I don't know if it's possible to identify (from the blockchain) transactions
that have been altered in a way that exploits the malleability issue but it
should certainly be possible to identify pairs of transactions with identical
startpoints, endpoints and sizes (i.e. number of bitcoins).

If it turned out that pairs of such transactions turned out to come from
MtGox's wallets to third-party wallets, that would probably be a good starting
point.

~~~
colinbartlett
I would be surprised if that was simply a ploy by Mt. Gox to deflect blame
from their own ineptitude.

------
rikacomet
So what happens next?

-The government has no inclination to interfere (even though many US citizens lost their money) as they were against it (if not outright criminalizing it).

\- The lost money, even if recovered in full, would not be the same. The time
lost is money lost. Besides the emotional shock and pain people had to take.

\- Someone somewhere is sitting on that money, and it will have value, because
people won't stop trading Bitcoin even now.

I know people are not ready to take any criticism of bitcoin, but here it is,
what needs to be fixed about it.

------
the_watcher
Since the story seems to be that this has been going on for years without
anyone investigating, I'd guess that most of them are long since laundered and
distributed between various innocent bystanders. Even if we could trace every
single uBTC to it's current location, the percentage actually held by those
responsible has got to be very small.

------
dirktheman
Somewhere in the blockchain, probably divided into smaller chunks. The way
Bitcoin is set up, you can follow transactions, but it's very hard to track
buyers/sellers. It's a paradox: Bitcoin's strength is that it's untraceable
and unregulated, but in cases like this those exact strengths are pitfalls at
the same time.

~~~
jarek
That is not a paradox at all. Bitcoin as a system is performing exactly as
designed here (barring possible wibbly wobbly "malleability" bugs).

------
nickmolnar2
Wouldn't the sheer number of coins involved make tumbling services almost
useless. What is the volume that a single tumbler gets per day? If you put in
tens of thousands of coins, and there are only a few dozen coins in the Tumblr
that day, your coins are going to be most of what comes back.

~~~
dragonwriter
> Wouldn't the sheer number of coins involved make tumbling services almost
> useless.

Sure, if they were all stolen and tumbled at once. The descriptions of a cold
storage "leak" suggest that if the loss was due to theft, it was a gradual
over an extended period.

------
ryanSrich
They are most likely being held by the U.S. Government.

[http://www.reddit.com/r/BitcoinMarkets/comments/1z2xo5/specu...](http://www.reddit.com/r/BitcoinMarkets/comments/1z2xo5/speculation_the_us_government_has_control_of_goxs/)

------
tjaerv
[http://falkvinge.net/2014/02/28/the-gox-crater-crowd-
detecti...](http://falkvinge.net/2014/02/28/the-gox-crater-crowd-detectives-
reveal-billion-dollar-heist-as-inside-job/)

------
elif
Instead of a blacklist which is tantamount to centralized regulation, there
can be a concerted effort by the community to publicly shame people using
these coins, or tumblers, merchants, services, etc. which accept them.

------
gremlinsinc
Wouldn't it be funny if the lost bitcoins---were all the result of someone
forgetting where they put the key? So not stolen, just literally lost? Talk
about a major 'oops' moment.

------
bitcoinlive
Crypto currency news @
[http://cryptocurrencylive.com/newest](http://cryptocurrencylive.com/newest)

------
tudorizer
"Lost" is such a harsh word. They are still here, in the blockchain.

------
zerocored
Things like these are bound to fall. People should have predicted this risk.

------
k3oni
I have to go with the following answer: in someone's pocket.

~~~
Piskvorrr
A pocket of someone who had means, opportunity, and motive? Hmmm...

~~~
shawabawa3
If you're thinking Mark Karpeles, he doesn't really have motive as he's likely
going to go to jail.

However, an employee or contractor at mtgox who figured he could cover his
tracks could have stolen them

------
corresation
To reply to a recurring line of thought, Bitcoins are not atomic entities with
serial numbers like dollar bills. You can't say "Bitcoin #AE472b was stolen"
and then trace it through its life, or blacklist it.

Instead Bitcoin is a ledger that details wallets and accounts. The origin of
balances came from mining, and then people made transactions that, on the
official ledger, transferred some or all of those amounts to other wallets.
And on, and on, and on.

Hypothetically, if the community were foolhardy enough to trust someone's list
of "recipients of mislaid money" wallet ids, you could blacklist those
wallets, or even, through group agreement, force transfers back. But that's
where tumblers come in: Tumblers are group wallets that take transactions in
from all sorts, and then distribute them anonymously to new wallets you
control (after a service fee, of course). Anyone hiding their tracks will of
course have used a tumbler, often anonymously run on the Tor network. Do you
blacklist or reclaim from every wallet that took an output from a tumbler?

Bitcoin would be toast. Tumblers are something that legitimate users of the
currency make use of. You won't get the cooperation of tumbler operators
because they are themselves engaged in a very serious crime.

So the trace-ability claim repeatedly being made just doesn't hold when you
have legitimate and illegitimate transactions by the millions all intermixed.
When bitcoins are transferred...game over. Give up on that thought.

~~~
wpietri
In this particular case, are tumblers viable? If I understand rightly, the
stolen coins here are a significant percentage of the amount of bitcoins
outstanding.

~~~
corresation
Supposedly this looting went on for years, death by a thousand transfers. It
will have dissolved into the sea by now.

------
badman_ting
Does it matter?

Edit: Not "does it matter that they are lost", but rather " _since they are
lost_ , does it matter where they are".

~~~
aurumpotest
Well, yes, to a lot of people - both those who lost money in the affair (some
people vast amounts), and also to anyone interested in following the
development of BTC - if this was theft, how can we prevent repeat incidents to
reassure potential Bitcoin buyers; if it was a failure in the technology, what
can we do to repair that to make Bitcoin more secure, or if there was some
government or official organisations involved, why did they interfere and
what're they up to?

~~~
badman_ting
Too glib I suppose, I just meant that if the coins are "out there" they're not
actually recoverable, are they? If a bunch of sand falls out of my hand on the
beach, those grains didn't disappear but I'm never getting them back again.
Then there's the very real question of whether it actually is theft. I would
argue no, in the sense that downloading a song isn't theft.

You play in dirt, you get dirty. You want an unregulated purely digital
currency with irrevocable transactions, you know it's going to sting if you
lose some of it.

------
ZeWaren
What if Satoshi Nakamoto stole them?

