

Mt. Gox trades rolled back, thief only got away with $1K in BTC - mcantelon
https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback

======
wccrawford
The hacker wasn't trying to get money. He was trying to undermine the system.
And it's working.

The $1000 was a bonus on top of all the doubt he has now instilled in anyone
who has bitcoins.

~~~
hugh3
_The hacker wasn't trying to get money. He was trying to undermine the
system._

What makes you think that?

Heck, I've been undermining bitcoin for weeks just for fun, but I'd much
rather have a thousand dollars.

~~~
bobwebb
Not to sound paranoid, but if the hacker had a vested interest in bitcoin
being undermined (government agent?) then money wouldn't be his main motive.

~~~
hugh3
_Not to sound paranoid... (government agent?)_

Uh, sorry, that's pretty much textbook paranoia.

~~~
mcantelon
It's a possibility. States do work to undermine things that threaten them. The
Liberty Dollar project, for example, was recently shut down by the US
government: <http://en.wikipedia.org/wiki/Liberty_Dollar> . Bitcoin is a
potential threat to the state because it provides an ideal instrument for tax
avoidance and competition in the drug/force trade.

~~~
hugh3
_It's a possibility. States do work to undermine things that threaten them.
The Liberty Dollar project, for example, was recently shut down by the US
government:<http://en.wikipedia.org/wiki/Liberty_Dollar> _

Sure, and they shut it down openly using the hammer and anvil of the FBI and
the judicial system. If and when the US Government decides to act against
bitcoin, they'll do it loudly and openly... not by some complicated, difficult
and illegal scheme that doesn't really achieve anything.

Currency issues fall into the jurisdiction of the US Secret Service, an agency
not known for subtlety.

~~~
mcantelon
Yeah, if legal and open is more cost effective, they'll likely go that route.
Otherwise, they may revert to skullduggery (as they have in the past:
<http://en.wikipedia.org/wiki/COINTELPRO>).

~~~
tedunangst
I think it's a big leap to go from illegal wiretaps to hacking and stealing.

~~~
mcantelon
COINTELPRO included "extralegal violence and assassination" according to
Wikipedia. So it's weird to think that the authorities would rule out a bit of
hacking to protect their interests.

------
DavidSJ
Homework assignment: what's $1k in BTC at $0.01/BTC?

~~~
ebaysucks
That $1K stolen represents the first trades at the starting price of the
crash, i.e. 50 or so Bitcoins.

Given the profits MtGox is making, it wouldn't surprise me the exchange buys
$1K in Bitcoins for the account holder so he has his 500K coins again.

~~~
mcantelon
Hopefully they'll hire some security consultants as well.

~~~
hugh3
For a currency invented by a bunch of cryptography geeks, it's astonishingly
insecure.

~~~
mcantelon
Mt. Gox is an exchange, not the currency. The currency is secure. This is
analogous to a bank getting robbed.

~~~
bermanoid
That's right, and let's be clear here: Mt. Gox has been kind of a mess from
the beginning. They've never appeared to have a clue about security, and
performance has been a complete and utter mess for quite a while now. To give
you some idea, the trade that blew through the entire buy-side took over 30
minutes to execute, and the exchange essentially slowed to a standstill during
that time. I realize that there are a lot of orders on any exchange at any
moment, but 30 minutes of downtime in response to a single order? Come
on...that's not even to mention the complete lack of sanity checks or
catastrophe reporting that you'd expect in any system like this that touches
people's money - it should _not_ have required people directly tracking down
the site owner to get a human looking at this stuff!

That type of thing is maybe acceptable from a lean startup that's learning as
it goes, but when you're transacting over a million dollars in trades per day,
there's an expectation that you'll figure out what you need to do to get
things running smoothly.

This might not be totally fair, but when I saw the .php extension on all the
trade API URLs and noticed that there was a dynamically generated price chart
on the front page (apparently not cached, based on how long it took to load) I
was immediately suspicious of the competence of the Mt. Gox devs to handle the
scale of what they'd created (or rather, AFAIK, the scale of the system that
they purchased from the original creator)...I'm not really that surprised that
security was completely botched, this has seemed like a very amateur operation
from the beginning.

------
tlrobinson
Does the $1000/day limit apply to withdrawing to the Bitcoin network in
addition to the bank options? If not the thief could have just send the 500K
BTC to one of his Bitcoin addresses, and laundered the money and traded if for
real currency at his leisure. Mt Gox can only roll back trades within their
system, not transactions involving the Bitcoin network once they're in the
block chain.

~~~
ebaysucks
Good point, it would make much more sense to just run away with the Bitcoins
rather than dumping them.

~~~
tlrobinson
Looks like he might have done just that:
[http://blockexplorer.com/tx/84f96975ea88d317676771a482c71f39...](http://blockexplorer.com/tx/84f96975ea88d317676771a482c71f39ff53beda790c89c07ae82e427b4d090f)

Impossible to know without confirmation from MtGox though.

------
cjg
Mt. Gox are now accepting claims to recover accounts.

