
Mt. Gox Finds 200,000 Missing Bitcoins - byoogle
http://on.wsj.com/1fL9Lqf
======
antonius
In case paywall is blocking the text:

 _TOKYO—Major bitcoin exchange Mt. Gox announced Thursday it had discovered
200,000 missing bitcoins in a wallet that the company no longer uses, reducing
the total number of bitcoins still missing to 650,000 from 850,000.

"We believed there were no bitcoins left in old wallets, but found 199,999.99
bitcoins on March 7," Mt. Gox chief executive Mark Karpelès said in a document
released Thursday.

Mt. Gox said it reported the discovery of the bitcoins to its lawyers on March
8, and moved the discovered bitcoins to offline storage between the March 14
and 15.

The exchange filed for court protection on Feb. 28. At the time, Mr Karpeles
told a news conference it had lost 750,000 bitcoins owned by users and 100,000
held by the company, citing the possibility the bitcoins had been withdrawn
without authorization.

The exchange was shut down Feb. 25. _

~~~
Springtime
Thanks. There really should be some rule on HN against posting links that hide
the text, although I've heard it's not obvious to those who post the links as
apparently coming from Google it displays the full article.

~~~
bunderbunder
Seems like if it were irritating enough to people, lack of upvoting might
naturally take care of the issue.

~~~
foldor
The problem is most people upvote based on the title without reading the
article.

~~~
bunderbunder
Yeah, exactly. Meaning it's probably not irritating at all to a lot of people.

Not my ideal situation, but HN is gonna be HN.

------
lkrubner
I am borderline speechless in the face of the incomprehensible carelessness.
The lack of records is amazing. The lack of accounting is amazing. The lack of
professional standards is amazing. The lack of common sense is amazing.

If you'll excuse me, I have to go to the bank. I just realized that I left a
million dollars in the pockets of the jeans that I just washed. I suppose I
should dry them out and deposit them, along with the $100,000 I just found
fallen between then cushions of my couch.

~~~
eschaton
This is why there is regulation of the finance sector, and exactly what
happens when companies and individuals try to pretend the regulation doesn't
apply to them.

If you want to start an online financial services business, the first thing to
do is start researching the legal requirements for doing so, both where your
business is located and where most of your likely customers will be. Not
looking at them doesn't mean the rules don't apply, it's just
grossly—potentially criminally—negligent.

In fact, that's the case for anyone starting almost any business. You need to
examine the legal and regulatory environment in which you'll be operating as
the very first step of your due diligence. Anything else is negligent.

~~~
wyager
>This is why there is regulation of the finance sector

This is why there are bailouts of the finance sector. A bank loses this kind
of money, they get it back for free.

~~~
simonh
Except that taken as a whole, the bailout money was already been paid back in
full, with interest over 2 years ago.

But that doesn't stop this old sore being rolled out regularly. Who need the
truth when you've got Truthiness on your side, eh?

[http://www.politifact.com/new-
hampshire/statements/2012/oct/...](http://www.politifact.com/new-
hampshire/statements/2012/oct/25/barack-obama/barack-obama-says-banks-paid-
back-all-federal-bail/)

~~~
work_account_2
Paying it back is great and all, but it shouldn't have had to be done in the
first place.

~~~
Mikeb85
It shouldn't have. But the pain the economy would have felt would have been
10X worse.

Banks supply capital to firms, the government bailed them out (and the
automakers) because no one else was willing to supply capital to get the
economy rolling.

------
FatalLogic
Although it's taken Mt. Gox two weeks to report this, amazingly, it was public
knowledge as soon as it happened on March 7/8, because the movement of over
$100,000,000 was instantly visible on the public Blockchain. Reddit noticed it
immediately: [http://redd.it/1zshct](http://redd.it/1zshct)

Most of it was in this transaction of 180,000 bitcoins -

[https://blockchain.info/tx/4ee89f7cf824a85ad5f11d52604ffdebe...](https://blockchain.info/tx/4ee89f7cf824a85ad5f11d52604ffdebe9f01302bcea8ddec0af450f9185ddf1)

From that evidence alone, it wasn't clear who had control of the money. Mt.
Gox, or a hacker, but the Mt.Gox API was still up, and the API confirmed that
this was a Mt.Gox-controlled transaction. Reddit saw that, too:
[http://redd.it/1zswul](http://redd.it/1zswul)

------
dperfect
Many people are expressing surprise by the events that have unfolded here with
Mark Karpeles and Mt. Gox, but I'm not surprised in the least.

I've known several web developer "enthusiasts" over the years who know just
enough PHP (usually it's PHP, but this applies to other technologies as well)
to build things that _mostly work_ and feel confident that they can solve
anything with "a little PHP." Working mostly alone, these people prefer to
spend their time building constantly, and little time learning or keeping up
with current best practices (or in this case, cryptography).

There are a large number of companies (many of them doing very well) built by
people like this, and even when they bring on other developers, no one has the
courage to tell the original developer (who is often CEO) that their code
sucks and needs to be scrapped completely. They keep throwing more crap onto
the pile because the machine "works" and customers are demanding new features.
The original (incompetent) developer feels a sense of pride for his or her
work, and nothing short of _total failure_ (in this case, spectacular failure)
will convince them that their work is anything less than genius.

It's unfortunate that some companies thrive in situations like this (it sets
them up for failure), but it happens all the time.

I don't know Mark personally, but from everything I've read from him over the
years, he seems to fit the description above. It doesn't necessarily mean he's
a terrible person or a thief (he could be that as well, but I have no
knowledge to prove one way or the other). It just means he got in over his
head, and kept the site running on deeply flawed assumptions and
implementations (e.g., no standard accounting, little understanding of
security, etc). It's a shame that people kept coming back to Mt. Gox and
entrusted the site with their money, even after those behind Mt. Gox proved
themselves to be incompetent _over and over again_.

Is it sad? Yes. Is it surprising? The only surprising thing is how people
_kept going back_.

As for the missing and suddenly reappearing coins, I honestly think they just
had absolutely no idea where everything was. I've heard people describe Mt.
Gox's infrastructure as a hodgepodge of random scripts and servers duct-taped
together, and it's easy to imagine a dozen hard drives filled with an
unorganized mess of Bitcoin wallets, private keys, database dumps, etc. I
believe they're honestly trying to pick up the pieces, but the pieces are
scattered everywhere.

~~~
tomasien
We're definitely in that position, except we know our stuff is shit and we're
rebuilding it and hiring furiously to rebuild it. 99% percent of life is
knowing the difference isn't it?

~~~
WoodenChair
There's a big difference between making an app that loops an MP3 (no offense -
certainly well done and well marketed) and one that handles millions of
financial transactions. Don't feel bad - if something goes wrong with yours,
nobody loses their life savings.

~~~
logicchains
I think it's fair to say at this point that if somebody placed all their life
savings in Mt Gox, they themselves probably deserve at least some of the blame
for their loss.

------
sillysaurus3
It seems unlikely that Karpeles randomly stumbled across 200,000 missing
bitcoins. It seems at least plausible that he attempted to steal them and is
now backpedaling since people aren't buying his malleability story.

This is the first ray of hope regarding customers recovering any of their
missing bitcoin though.

~~~
Blahah
_> It seems at least plausible that he attempted to steal them and is now
backpedaling since people aren't buying his malleability story._

Or that they lost the keys to some wallets and have managed to crack one.

~~~
smtddr
_> >Or that they lost the keys to some wallets and have managed to crack one._

No cracking. They just found a wallet.dat somewhere, that's all. If they lost
the keys(as in, lost the wallet.dat with the keys in it) and were able to
generate a valid private key given only a public bitcoin address... bitcoin is
dead, game over, pack it up.

Now instead, if we're talking about a passphrase to a wallet.dat...

~~~
saraid216
> If they lost the keys(as in, lost the wallet.dat with the keys in it) and
> were able to generate a valid private key given only a public bitcoin
> address... bitcoin is dead, game over, pack it up.

Yeah. This wouldn't be a fail on the MTGox league; this would be a "Satoshi
Nakamoto _and all the cryptographers who took a look at the code_ failed".
Cracking a wallet is supposed to be something that requires the resources of a
state-sized entity.

~~~
FatalLogic
>Cracking a wallet is supposed to be something that requires the resources of
a state-sized entity.

A _galaxy-sized_ entity, maybe? The only known way to find a private key from
a public key is brute force. That's way beyond the abilities of a state,
unless they've made a massive breakthrough in quantum computing.

[http://i.imgur.com/fYFBsqp.jpg](http://i.imgur.com/fYFBsqp.jpg)

~~~
nullc
Obpedantry: In theory rho allows you to recover private keys with work-factor
2^128 (times some small constant depending on how much storage you wish to
use), which is significantly less than the 2^256 you might expect from "brute
force".

Still completely infeasible.

~~~
teraflop
But first you have to obtain the public key by finding a preimage of the
SHA-256-hashed address. And SHA-256 (with the full number of rounds) currently
has no known preimage attacks that are even marginally better than brute
force.

------
mrb
FWIW, no paywall:
[https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&c...](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CC0QqQIwAA&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702303802104579452062699281046.html&ei=iLArU630DpbmoASEtQI&usg=AFQjCNE_4tYG_o0DALZLIwnVrkpq_3ewoQ&sig2=fITbQe8Rn1zsQLeWxMSlwg&bvm=bv.63316862,d.cGU)

------
gumballhead
That lends some more plausibility to this theory:
[http://chrispacia.wordpress.com/2014/02/28/this-is-what-
most...](http://chrispacia.wordpress.com/2014/02/28/this-is-what-most-likely-
happened-to-mtgox/)

~~~
keypusher
This is the most plausible theory I have heard yet.

tl;dr: Wallets were in cold storage at Japanese bank, US govt seized them
while investigating Silk Road.

------
oznathan
Their official announcement is even more ridiculous.
[https://www.mtgox.com/img/pdf/20140320-btc-
announce.pdf](https://www.mtgox.com/img/pdf/20140320-btc-announce.pdf)

The have more coins and there is evidence for that in the blockchain. Many
people know about that for weeks. After they figured people were on to them
they released this lie.

Nobody just forgets about 200,000 btc.

------
downandout
"Oh there's that $116 million I was looking for!". I suppose that given the
level of incompetence and/or malfeasance at Mt.Gox, this shouldn't be that
suprising. What is actually more surprising is that they ever became the
primary BTC exchange in the first place.

I first wrote them off as a scam years ago when I read a Bitcointalk thread
wherein Gox tried to explain away their aggressive "tainted" coin confiscation
policy. They essentially explained that they were confiscating all coins that
they deemed to be tied to theft or illegal activity at any point in the
blockchain - in their sole discretion. Yet somehow, with that and many more
very public red flags, they just kept growing.

------
fuddle
MtGox: We lost all the coins! We have no idea were they are...

Random person: Have you tried looking in your wallet?

MtGox: Found it!

~~~
FireBeyond
Kinda:

MtGox: We lost all the coins! What must have happened is a very complex
sequence of events where people were able to take money from us without
noticing. We complained to the wallet manufacturer. But it's very complex, and
umm, we're sorry, and umm, bye.

Random person: Have you tried looking in your wallet?

MtGox: Found it!

------
riffraff
I would suggest people to try to avoid the "regulation = 1% bailouts"
equation.

It would be more useful to think of regulation for bitcoin actors more in the
sense of required car insurance, or not being allowed to sell food with
poisonous chemicals in it.

There can be a certain amount of regulation that helps avoiding incompetent or
fraudolent actors even without a money-emitting FED or a socialize-losses-
privatize-gains government.

------
Scorponok
Every new story about this makes Mt. Gox look worse. Now they're not even
competent enough to steal them or have them stolen, they just _lost_ a hundred
million dollars?

~~~
Aqueous
"You know, I think you're missing the point, man. They found them again, man."

------
salgernon
Since they are in receivership, what will happen when the adjudicator
liquidates th to pay off debts? What will happen to the exchange rate when
these get dumped on the market?

~~~
technotony
It's a good question, but they would be obligated to seek the best return they
can which means recognizing that they can't just sell them on the open market.
It's unclear to me whether the BTC liabilities or the hard currency
liabilities rank higher (my guess the hard currency) in which case maybe they
can just sell to a big investor like the guy who offered to buy the FBI's
coins: [http://www.businessinsider.com/falcon-global-capital-
offers-...](http://www.businessinsider.com/falcon-global-capital-offers-to-
buy-the-fbis-bitcoins-2014-2)

------
heinrich5991
Can someone post a full version of the article? I only get the first two
lines...

~~~
evv
The easiest way to get around this is by googling the headline and clicking on
the article from the google results.

It almost always works for some reason.. my best guess is that sites allows
these crawled links to see the full content because doing otherwise would harm
their SEO.

~~~
hrjet
Not only that, people who use this tactic are helping improve the pay-walled
article's page ranking, because most search engines will record that click and
account it as a good search result.

So from publisher's perspective, they are getting more SEO by pay-walling!

------
NicoJuicy
Old trick, giving customers false hope:
[http://cryptopic.tumblr.com/post/80210959301/cryptopic-003](http://cryptopic.tumblr.com/post/80210959301/cryptopic-003)

------
roberjo
Just like finding a $20 in your laundry!

~~~
garrettgrimsley
Mark: Honey, I was cleaning out the couch and found 117,000,000 USD!

One a serious note: How do they not have a program that monitors all wallets
they control? This seems beyond ridicule.

~~~
DrStalker
Or even a text file with the all their public keys listed, so they could
verify where their money was without giving access to move it.

I take better care of my dogecoins, and they are only worth a few hundred at
best.

~~~
garrettgrimsley
Yes, that would be the safest option! This level of incompetence is
astounding.

------
davyjones
All of us who look down upon Accountants take a hard look in the mirror (I am
one of them who used to). Most of us are like..."meh...its just +'s and -'s
with some tax component here and there, how hard can it be. I will get to it
when I get to it."

Turns out all those tough exams and practices are in place to mitigate this
exact scenario.

The above assuming no malicious intent on part of MtGox and the recent
revelation was pure stupidity.

~~~
mantrax
Actually there's no solid evidence how much help an accountant is with regards
to safely using Bitcoins.

Would an accountant know enough to safely store "wallets", to monitor
"blockchains". Is this in their training? No. You can have perfect accounting
and still turn out you lost the wallets.

Bitcoin's problem is that there's no other asset in human history so easily
misplaced, lost, or stolen. A bunch of numbers on a bunch of vulnerable
computers.

------
jeffdavis
Imagine telling this story to someone that time travelled from the time Magic:
The Gathering first appeared in the mid-nineties.

MtGox: "Funny story ... internet ... website to trade Magic cards ... digital
currency ... so that's how we found the $100,000,000 that we accidentally
misplaced. Still looking for the other $300,000,000 or so -- must be around
here someplace."

~~~
dTal
Apparently MtGox, despite the name, was never used for anything other than
bitcoin. It was just a domain the owner had.

~~~
saalweachter
Sidebar: I know the motivations of people who post in every single goddamn
thread that MtGox stands for "Magic the Gathering: Online eXchange" (ie, "tee-
hee! giggle giggle! laugh!").

However, there is also someone in every thread who replies to this assertion
to say that they never actually traded Magic cards. My question is, what is
your motivation for this? I could think of three off the top of my head:

    
    
      a.  Emotional need to defend MtGox
      b.  Intellectual need to correct misinformation
      c.  Refocusing; it's an ad hominem and detracts from the real problems with MtGox

~~~
dTal
I appreciate the directness of the question. Can't speak for others, but in my
case, it's (b) - I was one of the gigglers until I read one of the rebuttals
you mention. Just trying to help the meme flow.

------
coreymgilmore
This story keeps getting more ridiculous. First, Gox loses a huge amount of
BTC...now all of a sudden they have found some of it?

I assume this wasn't stolen and isn't already in the blockchain somehow. I do
not believe that Gox was this blind to the problem in their systems. Something
seems very, very fishy about this.

------
doktrin
This might as well be a comedy sketch. Can someone explain how this is even
remotely possible?

~~~
logicchains
Truth is sometimes funnier than fiction.

------
matt__rose
Let me guess, they were under the couch cushions, with some Lego pieces and
stale Cheetos.

------
wellboy
This is what happens when you only have contractors in your company and no one
with equity. No one cares about the business and the founder ends up with 87%
equity of nothing.

------
pilif
Being limited to reading the first paragraph of the linked article (paywall)
and the other comments here, I can't resist to point out for those Pratchett
fans among us, that this feels like the stunt Moist von Lipwig pulled in
"Going Postal" in order to pay for the reconstruction of the post office.

While I feel really bad for those who lost money with MtGox, there were so
many signs pointing at such an outcome: Unexperienced programmer asking all
the wrong questions, background in "Magic the Gathering" card trading, zero
background in banking or security.

None of that sounded particularly trustworthy and look where it went.

------
cl8ton
In other shocking news it was also revealed by MtGox the first 100k BTC in the
old wallet were actually the ones owned by MtGox and were thought stolen.

------
dholowiski
Sadly, I would have to pay $1 a week for 12 weeks to read the story. I think
it would probably be old news by then.

~~~
ghshephard
WSJ stories are 100% of the time available by doing a google search for the
headline.

~~~
cpncrunch
It's ridiculous that we should have to do that.

~~~
eropple
If you've got a better way for them to keep the lights on, there are
wheelbarrows of money waiting for you.

~~~
gargarplex
What about the Netflix/Spotify model? Pay a monthly subscription for "premium
news" and then let the content providers divvy up the monies based on
pageviews.

~~~
nknighthb
That would simply accelerate existing trends. All the money would go toward
pumping out more celebrity gossip because that's what gets eyeballs. There
would be no remaining incentive to engage in actual journalism.

Profit-based news is irretrievably broken.

~~~
cpncrunch
There's nothing wrong with profit news. That is how all news generally works -
journalists generally don't work for free. However they should rely on adverts
like the other online news sources.

~~~
nknighthb
Journalists get paid, that doesn't mean the news organization that pays them
must be a for-profit entity.

------
llamataboot
Hold on. They just LOST over 100 million dollars? Give me back my 5 bitcoins
now!

------
easy_rider
These amounts are lost all the time in governments in conventional currency..

------
Siecje
How were you able to trigger the double spend on mtgox anyways?

------
anigbrowl
Never mind that, where do I get one of those big sofas?

------
ebbv
I can't help laughing at all this shit. I was saying for years people
shouldn't be trusting their money to Mt Gox, and constantly got mocked for it.
Common sense wins again.

------
elwell
Current market value of about $116M. Wow.

------
cjunky
Anyone that believes they "simply found" those coins should PM me about a
bridge I have for sale.

------
jheriko
any versions of this article that i don't have to pay for?

------
zobzu
loginwalled article.

~~~
sdfjkl
Same. Google cache:
[https://webcache.googleusercontent.com/search?q=cache:o7jSx_...](https://webcache.googleusercontent.com/search?q=cache:o7jSx_DEvKgJ:online.wsj.com/news/articles/SB10001424052702303802104579452062699281046+&cd=5&hl=en&ct=clnk)

------
aceperry
Great jokes, keep them coming! :-)

------
jokoon
bitcoin advertising and promoting operation: success !

------
mantrax
I actually envy Mark Karpeles' ability to not give a fuck throughout this
whole situation.

In fact, I think it's some sort of super power.

~~~
saalweachter
Hyperbole and a Half has a interesting monologue on this sort of superpower:

[http://hyperboleandahalf.blogspot.com/2013/05/depression-
par...](http://hyperboleandahalf.blogspot.com/2013/05/depression-part-
two.html)

