There are at least seven jaw dropping moments in it. One is explaining how Bitcoin wallets pre-cache the next 100 change addresses the wallet will use, so that if someone steals your wallet without you noticing it and continues to use it you will determinisically share the same change addresses on your next 100 transactions each, which both leaves a forensic trail and also resulted in Gox continuing to send money into accounts controlled by the attacker.
Also, for bonus points: Gox allocated the new addresses as deposit addresses for new customers. So when the attacker moved stolen coins, their change appeared to be deposited on Gox into the accounts of hithertofore innocent people. (The attacker retained custody of it and Mt. Gox appears to not have swept it into e.g. offline storage, which we have fairly persuasive evidence did not really exist.)
This being the Bitcoin community, what would you expect someone who suddenly has 1,000 BTC credited to their exchange account to do?
It was impossible to know the details of this exact bug - but it was possible to know that something was wrong at MtGox before the takedown.
Of the two-dozen or so people I know who held Bitcoin at the time only one lost funds on MtGox - the rest had long left Gox or were never comfortable using it.
The main administrative issues were withdrawal delays, MtGox not being able to prove their reserves satisfactorily and having accounts seized. ID verification was slow, and support was almost non-existent.
If you read the forums in the ~12-18 months before MtGox went down there was a lot of conversation about what was wrong at MtGox.
The tech issues were horrible code (read the description of that repo and tell me if you would trust it with bitcoin), previous hacks, many more hack claims and the internal trading bot being traced by outside researchers.
I don't blame anybody for not seeing these issues - there was a lot of FUD at the time and many who saw attacks on MtGox as attacks on Bitcoin. Nobody really wrote a good and concise "this is why you shouldn't use MtGox" post anywhere. Hearing after it was taken down that someone knew it was bad is useless and only self-serving.
I don't think it is possible for a third party to hold your bitcoins for you in a secure way that is also convenient. You can pick any bitcoin company or exchange and claim its insecure and you'll eventually be right for many users.
One of the only ways to avoid the problems and store your bitcoins safely but also still be able to use them is with a hardware wallet. There has been a lot of improvement since MtGox with "vault" products, better multisig implementations, better auth, and offline signing etc. but still some way to go.
I'm shocked, absolutely shocked that the Magic The Gathering Online Exchange wasn't suitable dealing with hundreds of millions of dollars.
The signs were obvious that it was being run by amateurs for anyone that spend five minutes doing a google search.
When I heard a friend had deposited more money than he could afford to lose on MtGox, I immediately jumped in the car and drove 2 hours to his house. I convinced him, basically at the point of physical violence to take his BTC out of MtGox and store them in a wallet on his computer, encrypted and backed up on several cloud sites.
One month later MtGox was hacked. I received an apology and a very nice bottle of whiskey from my friend.
I've been threatened by inlaws for subscribing to practices that will end in my damnation -- something much more significant than losing savings. They genuinely believe this. And I still don't think that's right, and it wouldn't be right if everything they said turned out to be true.
I may revise my opinion if I start seeing cryptocoin exchanges founded by people whose LinkedIn profiles include job titles like "VP for Regulatory Affairs" or "Head of Risk and Compliance". Right now, I'm mainly seeing CS grads and people who spent a couple of years on a trading desk.
We know it can be done, and we k ow that none of the exchanges do it anymore.
As hopeful as I am, I know that scaling number of users is much more important for exchanges than advancing security through cryptography that users can verify.
Early in our history, we thought once-a-day withdrawal would be a problem customers would be quite vocal about. Instead, we found many of them appreciate what it means - that the keys aren't hooked up to a hackable webserver, but are actually protected. Accessing funds should be difficult and should require human interaction.
This counts for a lot IMO. Of course there are still questions of whether and how the insurance comes through. But it's a big step to make such a declaration, and the implications on security are significant.
When trading on their platform you always trade directly with one other customer. The funds are transfered directly from your Fidor bank account.
Of course, the BTC/BCH will still be on the marketplace until you remove them.
Common wisdom these days is: The only safe place for crypto coins are paper wallets (and, arguably, hardware wallets).
A bitcoin exchange really isn't all that different from a metals exchange, if you substitute "physical delivery of gold" for "emit an actual on chain bitcoin transaction".
If cryptocoin startups can't recruit the right talent, then I think that's a strong indicator of their fundamental business value.
May 2, 2013: CoinLab sues MtGox, says MtGox promised to let CoinLab operate its North American branch. This makes no sense -- why would MtGox surrender its most valuable territory to a virtual unknown? -- but MtGox doesn't explain what's going on and simply shrugs their shoulders. They will be doing this a lot.
May 15, 2013: US Government seizes $5 million from a bank account held by MtGox. MtGox shrugs their shoulders.
June 20, 2013: MtGox stops USD withdrawals; bitcoin and JPY withdrawals continue to operate normally. People ask when they'll be restored, MtGox shrugs their shoulders.
July 4, 2013: MtGox says USD withdrawals are back to normal. This is a lie. When people ask why USD withdrawals are still not going through, MtGox.. well, you guessed it. They shrug their shoulders and just repeat the lie.
By this point, alarm bells should have been blaring in people's heads. Anyone who claims that this kind of crap was the norm for the bitcoin world should keep in mind that Coinbase had launched in 2012 and was running a much tighter ship.
By this point, people still had more than 6 months to get their bitcoins out.
August ~13th, 2013: CEO blames issues on Mizuho bank; claims that Mt. Gox was greater than 50% of Mizuho's SWIFT volume (!) and DOSed their banking systems multiple times (!!); also says that Mizuho has limited them to ~10 outgoing wires per day.
When Tux's #2 told me he couldn't do it because Mark was asleep (time zones! etc), it became pretty clear they didn't have a clue about what they were doing.
Some people have tried telling me in the past that I'm full of shit for pointing out the delays and what they meant. I moved my coin away about a month or so before the big hack.
Stay sharp, friend.
The presence of a persistent arb premium was what made me back off Gox. As a quant trading guy it just seemed too fishy that a one-way arb could persist. I wrote an arb engine to take advantage of the price difference but I concluded there was too much credit risk in it. Which turned out to be correct. At best the arb was explicable as slow operations getting money out of the bank, but that would in the very best case be total incompetence. Plus the forums were saying a lot of not nice things about the management, so definitely failed the sniff test. Remember it's not the balance of probabilities that matters; it's the worst case.
Coinbase, by contrast, has VC backing that you would think means they'd find someone who understood regulatory issues. They'd also have links to proper tech people who understood security and exchange coding, a pretty small subset of coders since it's quite specialised. They may not have started with everything required but chances are they've found the money to buy it by now.
A few months before the big collapse, I lucked into some money and started looking at arbitrage opportunities on bitcoin exchanges.
Want to know what stopped me? The cost benefit vs. risk ratio. Here's an exchange with a really dodgy past, and the price is just shooting up, and people are shouting, and damn this seems too good to be true!
(edit: I did some trial runs, and had gone through their painful verification process - the above decision came about when I was starting with the "big boy" sums of money)
Funnily enough, I have the exact same thoughts about the crypto ecosystem right now.
I think it's probably unwise to hold coins right now, and whether the scam unfolds this year or not, I'm experiencing that very same spidey-sense this seems to good to be true worry from the Mt. Gox days.
Especially for ICOs and Eth more generally, but also for Bitcoin, Litecoin, Dash, etc.
We use our financial system to combat international crime. Why on earth would governments allow unregulated blockchains and currency transfers to circumvent their controls?
> Because MtGox is a money black hole, absorbing all your money and refuse to pay back. The only way to exit is to buy bitcoins there and sent them elsewhere, this explains the consistent buying pressure there. An arbitrage is meaningless if your money cannot leave, right?
People including me saw the signs and exited.
Note the date. I only posted that after I was sure I could beat the libel suit; was pretty sure much earlier.
> It was not impossible to tell this was going on.
How do you tell, though? The comment you replied to was about the lack of signs, so claiming that signs existed doesn't really help anyone.
Mt. Gox said lots of things, including some things which were, ahem, very effing improbable and yet which alleged very specific facts about people outside of the building. "We're totes solvent; all of our assets are on deposit at Mizuho", "All of our problems are due to banking partners", "The Financial Services Agency said we're compliant with all their regulations", "Japanese banks can't send more than 10 wire transfers per day; it's physically impossible because they're technologically backward", etc etc.
This is sort of similar to "But how do you know that their application is vulnerable, $SECURITY_RESEARCHER?" The answer "I bothered to look" might be unsatisfying, but it is not inaccurate.
Writing on-dead-tree letters is a flowery way of describing what you did, but it gives no actionable signal.
I cannot agree that you had insufficient notice from me regarding my opinions of Bitcoin or operations in the Bitcoin economy. That tweet went as close to the line as I could without risking arrest, contemporaneously. It was preceded by probably a few hundred comments on HN and Twitter about Bitcoin and businesses in the ecosystem.
I appreciate that you want a list of steps you can take in the future. I have described a way to reproduce the unpaid, unpublished original research project which I did, in sufficient detail for any competent researcher to reproduce it.
You think that that series of steps is not actionable. I respectfully submit that you are not capable of reproducing it; these are two different things. You are illiterate in the language that the research was conducted in. I'm sorry; that is true, and it is the nicest possible way to phrase it unambiguously.
You should, in the future, not make investments which you are incompetent to evaluate the risk factors of. If you must, you should secure the advice of competent professional advisors. If you believed yourself competent to evaluate the risks of doing business with Mt. Gox or believed the quality of the advice you had to be adequate, you should be skeptical of your self-assessments of your competence or your ability to evaluate competence in a professional advisor, and apply this skepticism to your reasoning process about future investments.
Patrick, I respect your writing. But your answers are rarely straightforward. Even now, when you risk nothing, you refuse to reveal precisely what you knew and how you came to know it. I'm skeptical that you knew anything of consequence, and I think this is a way for you to appear prescient. But if you say you discovered something, we have no choice but to believe you on reputation alone. I wish you'd share with us what the Great Sages know, but who can blame you for wanting to stay a member of their ranks? It's only through secrecy and obfuscation that you can maintain the aura.
> you refuse to reveal what precisely
> you knew and how you came to know it
> Mt. Gox said lots of things, including
> some things which were, ahem, very effing
> improbable and yet which alleged very
> specific facts about people outside of the
The simplest answer is "nothing," but we're meant to believe otherwise.
We could go through each item on that list and try to reverse engineer which entity he wrote and what he asked, but this indicates he isn't being straight with us. That's fine; it's his right. But it's a little odd. If someone performed some badass investigative journalism that could've blown the whistle on the Gox case long before anyone knew about it, who wouldn't want to brag about it after the fact? Especially when it'd be so easy to illustrate the steps taken.
We're talking basic questions like "What did you write?" and "What did they say?" But we're meant to guess.
If a big-name bank operated a bitcoin exchange that was repeatedly hacked, came up with a mountain of excuses about why people can't withdraw, made nonsensical claims about doing business (e.g. 10 wires/day, not trading in the USA etc.), no-one would use them.
(edit: in The Real World, I imagine they'd have been shut down in seconds flat thanks to regulations, but for the sake of convenience let's pretend regulations don't exist)
Instead, we had a plucky new underdog that people wanted to believe was creating history.
Bitstamp, Bitfinex, Cryptsy, more I've forgotten, were the competitors really more reliable?
I've been in a position to see some absolutely insane stuff happen on exchanges [most of it gets quietly buried), and I really don't think MtGox was anything remarkably different.
what if the answer you're looking for is, "he called up someone at mizuho, went and got a beer, and the guy let it slip that that gox is broke."
then what? hmm? haha what are you going to do about that? that's how the vast majority of insider information (note i didn't say insider trading) is passed. are you going to replicate that the next time around on a specific asset that's about to crash, or a specific company that's going to go insolvent? good luck, friend. this is how the world works; you clearly were not in on it, none of us were, that's why a bunch of people were left holding their dicks in one hand and an empty wallet in the other (i don't deal in bitcoin because i'm too dumb to comprehend it, but i saw the carnage online).
at the end of the day he believed something differently than most. it's not any more complicated than that. that's how people generally make a bunch of money, or in this case, prevent from losing a bunch of money.
also, he lived or lives in japan and speaks japanese, so that's probably going to be the major hurdle for you to grasp his process - he has a lot more day to day context of how all this stuff works in that country. unless of course, you live there too, in which case, that's even worse for you. sorry pal.
Then... That's the answer. Obviously. The point is, he's given no answer yet made grandiose claims.
I suppose it's lucky he doesn't feel like telling tall tales. He could cook up something convincing.
People who say that are people who don't understand fiat money's ONLY purpose is to track who owes what. It's debt-based. If Alice pays 1 unit of currency to Bob is because Bob gave her a product or service worth 1 unit of currency. Bitcoin is great at tracking "debt": universal, electronic, decentralized, robust, inflation-proof.
I don't understand how someone can hold the opinion that Bitcoin has no value. At the very least, it enables a lot of crime, which is valuable to criminals.
The problem is that most of us can't wait until time -> infinity.
Here's me telling someone not to build a BitCoin trading platform on September 11th, 2011: https://news.ycombinator.com/item?id=2974770
Here's how that went over the next couple of years: https://en.bitcoin.it/wiki/Bitcoinica https://www.dailydot.com/business/bitcoin-exchange-bitcoinic...
In a way, the issue here is that if you want to operate in this space, you do need to take the discussion about BitCoin being money seriously. (Even if you don't think it's "money", it's still definitely a money-like asset.)
I remember how amateurish Coinbase was in the early days, and you can look up a lot of the controversy on HN. People have been coming out saying they haven't processed $5k deposits, that they haven't responded to support claims in months, and on and on. If you're looking for "This exchange is run by amateurs," look no further than Coinbase.
Yet it's not that simple. Coinbase has somehow managed to become the #1 exchange to go to if you're a US citizen that needs an easy way to convert BTC into USD. So I just don't get this line that if an exchange is run by amateurs, it's a sign of insolvency. We have evidence that demonstrates that's not true.
If you bought the line that traditional banks were simply unable to process more than 10 wires a day, rather than it being that Mt Gox was so risky that they refused to process 10 wires a day, then you need to work on critical thinking. Likewise, exhortations that banks were placing restrictions on exchanges because "they were scared of Bitcoin" rather than being because these partners were shady and didn't have sufficient controls should have been met with suspicion.
And yes, Coinbase was also risky. The fact that things worked out doesn't mean it wasn't risky to begin with. I didn't give them any money for the first several years they were in business specifically because I saw them as high risk.
In hindsight, Coinbase had the benefit of having backing by VCs with real business experience and subsequently hiring people with experience in the space, which reduced risk.
I don't have any particular knowledge or experience with CB or BTC in general. Just pointing out that it's possible success was despite great risk, and the advice to avoid may have been entirely correct given the evidence at the time.
Real banks are also not trusted blindly; they get audited a lot by central banks and other regulators. And they still mess up and get flamed to hell for it. The chance that amateurs in a completely unregulated field do it better is very unlikely.
Having said that bankers would be part of the inexperienced group.
Really, memories of the alleged $20,000 per week consulting gigs which were miraculously abandoned surface again.
Edit: just saw that other comments say the same thing with more detailed informations, at least it add a data point that even an amateur saw it
I moved my coin from Mt.Gox about a month before the last major hack because just the thought of using it made the hairs on the back of my neck stand up. Something was amiss and I felt it.
The most glaring issue was that of inexplicable server load. When you are dealing with a service that handles money or valuable assets, things like this are very bad omens and should never be brushed off. It was clear that either A) the website was experiencing unusual traffic (in this case, I believe what came out was that the one of the attackers were testing their method.. supposedly this same method was used in the Silk Road hack) or B) the staff was not equipped to properly and securely run a server and were an attack to take place, they would not be ready to handle it. One bad security practice with such a critical service is indicative of generally bad security practices and lack of accountability.
You have to pay attention to your gut. If something feels amiss, and the service is critical, you have to assume that something is indeed amiss.
It'd be akin to buying up a bond fund vs. keeping a stack of treasury notes in your house. Only here the broker or whatever who is running the bond fund has only been up and running for <10 years, has basically no SEC oversight, and when your funds don't show up in the right amount of time your official method of recompense is "yea just wait awhile longer, we're going through a massive growth phase and are having difficulty dealing with the scale". Oh and in this hypothetical world, this is also the #1 broker in the world who handles >50% of all trades.
If Mt. Gox successfully manipulated the price of Bitcoin using bots how do we know other exchanges aren't doing the exact same thing right now?
> The story of how this works begins in 27 industrial warehouses in the Detroit area where a Goldman subsidiary stores customers’ aluminum. Each day, a fleet of trucks shuffles 1,500-pound bars of the metal among the warehouses. Two or three times a day, sometimes more, the drivers make the same circuits. They load in one warehouse. They unload in another. And then they do it again.
So all that mess with the deterministic change addresses is simply due to the laziness of the developers, who didn't bother to generate addresses and transactions using relatively simple crypto, and instead chose to use the existing software, which they didn't really understand.
On the other hand, if the servers were hacked, almost nothing would help them. They should have kept most of their deposits in cold storage.
hence why if your wallet is compromised you're supposed to move all of your existing funds to a new wallet. generating new keys every time sucks because it creates a problem of having to constantly back up your wallets (every time you make a transaction), which sucks from a usability point of view.
But by default, non-deterministic wallets have the next 100 addresses pre-generated. That's a lot for people not making a lot of bitcoin transactions. The "protection" that non-deterministic wallets give in case you're hacked is probably no use to most people.
If you ever notice funds from your wallet are stolen, even if you were using a non-deterministic wallet, your thought should be to reinstall your OS and move any remaining funds to a fresh new wallet. Not to keep using that wallet while the attacker keeps grabbing from it and telling yourself the problem will go away 100ish transactions later.
I guess there's attack vectors where an attacker gets hold of an ancient backup of yours that a non-deterministic wallet could have helped. If you think that type of attack is likely against you, you should just manually swap out to a new wallet (synced up to your backup schedule) instead of depending on the non-deterministic wallet's keypool being depleted occasionally.
I find your presumption that a Bitcoin wallet's balance should be immune to an attacker who gets a copy of it to be surprising and unfair. It's the same situation with any cryptographic keys: if an attacker steals your PGP keys, then they can use them to decrypt data or sign data for all time. If you want to protect against the situation of an attacker getting your old data, then it's up to you to rotate your keys (/wallet) and update your backups.
Besides recovering user wallets using the exact same procedure as mentioned there, it was also possible to connect wallets to user email addresses. It only works for accounts in the 2011 leak, as the latter doesn't contain email addresses.
So if you were using Mt. Gox at some point, especially before 2012, you should assume your Bitcoin addresses can be linked back to your identity. Assume this includes all your addresses, not just the Mt. Gox one, as it is often possible to link addresses from the same user together.
In another experiment, I did a simple clustering on WikiLeak's public donation address. There's a button there to generate a 'unique anonymous donation address'. The clustering found about 200 of these supposedly anonymous donation addresses. At this point I had email addresses linked to 'anonymous' Wikileaks donations — Bitcoin doesn't offer privacy.
These are just two examples out of a list of discoveries. I decided not to commercialize this work on moral grounds, but other companies do offer 'blockchain intelligence' services.
But if you ever want to set up a challenge I'll pay for something anonymously to prove my point. It's not impossible, it's just annoying.
Indeed it is not impossible. It does requires a tremendous amount of expert knowledge. (And people with such knowledge usually have successful careers not requiring this sort of privacy).
The Bitcoin client got a lot better over the years as more privacy-enhancing features were added, but it's still far from perfect. For example, traffic analysis on the peer-to-peer network will still give you IP addresses.
Creating an anonymous wallet is easy: Create a wallet on an air-gapped computer, send any transaction from a public computer over TOR to https://blockchain.info/pushtx. Make sure your transactions look average and uncorrelated in all dimensions.
Now you need to fund this account without revealing your identity. This is much harder. Mining your own block would be the most anonymous way.
I very much agree with you, although for some amounts it isn't too hard to get a wallet funded without resorting to block mining. For example, meet up in person and buy with cash. Not tenable for hundreds of thousands or millions of dollars in a hurry, but certainly possible for tens of thousands, which is what most unaffiliated low level drug dealers want (so they can buy drugs via Tor and resell them in person for cash).
The thing is, most people fail to appreciate that security and privacy is a continuum. Just because the NSA could figure out who you are if they were highly motivated to do so, doesn't mean that Immigration Germany can, and when you have prostitutes getting human trafficked through employment visa programs, Bitcoin is a whole lot more private than banking. And if you know you are on the other side of an NSA level attacker, then it is still possible to maintain privacy, it's just exceptionally unpleasant and slow.
But once you have the private nodes set up, it's the easiest way of moving hundreds of millions of dollars across boarders. This is why I think it's going to be made illegal. Big gangs have some smart enough cyber guys and they'll use Bitcoin as a shadow banking system. But right now what gives Bitcoin its intrinsic value is greed: People think it might be the currency of the future and they rightly deduce that it will dramatically increase in value if it is. If governments uniformly ban transactions with cryptocurrencies this will collapse like beanie babies.
This is what I think will probably happen, although it is possible that governments try to get in and semi-regulate it enough to stop its usefulness by organized crime.
Probably because this bit here:
> I personally choose not to take the offer because I don't do anything illegal
Seems to be implying that those who do choose to "take the offer" and pay for things anonymously _are_ doing something illegal. (E.g. The "nothing to hide" argument.)
Obviously that statement wasn't central to your point, but it likely rubbed a few people the wrong way regardless.
Currently the easiest way to regulate is at the entry and exit points, i.e. the exchanges. Taxes need to be payed in fiat and you will need to explain where that fiat came from. No need for governments to do anything on the blockchain.
In my limited experience with regulators (mostly in Europe), I found that they actually rather like the idea of a more democratic financial system. Their primary concerns are human trafficking, protecting citizens from scammers and collecting taxes. I was honestly pleasantly surprised by their progressive attitude.
I don't anymore. Not to the libertarian extreme that most people associated with Bitcoin mean. Maybe in the European context (right to be forgotten) where you functionally have privacy, but law enforcement can issue court ordered warrants to stop crime.
I've seen too many evil people do evil things with their money. I'm not allowed to talk about the specifics, but I've advised some organizations on how to deal with organized crime and when you're on the other side of it you really see how weak most of our law enforcement really is against real crime and how the only thing slowing these guys down is that they can't access our banking / investment systems and that they are generally pretty unsophisticated with technology. If all of that changes I don't know how we stop them.
Privacy will always be an arms race, but I don't think that unregulated crytpocurrencies are going to be a force for good consequences in the world. Maybe blockchains for international settlements between banks, where a newly multipolar world makes a unified global order harder, but I'm not even sure we need them there either.
To me the best thing to come out of cryptocurrencies is that there is now a profit motive for companies to prioritize cybersecurity. I'm already seeing it make a huge difference. Giving that up would be a tough pill to swallow for FVEY because we're the most vulnerable to cyber attack.
But once politicians start getting assassinated or ransomed for BTC, I doubt that cryptocurrencies will survive. It might be the very flaws in the usability of Bitcoin that allow us enough privacy for normal actions, without the extreme privacy that would enable cyber criminals to operate with impunity.
Just route a transaction through zcash's private ledger?
* Anonymous cash is difficult and illegal to scale.
* 'private sites' can not be trusted (they will be subpoenaed, hacked, wiretapped, etc.).
* Sellers will learn your identity, and can not be trusted.
* You or the seller may be followed.
1. Your IP address can often be associated with the Bitcoin transactions you create.
2. TOR can make this harder, but fingerprinting a particular Bitcoin wallet between TOR and clearnet is very possible.
3. Almost all tumblers in current use must be trusted not to violate your privacy, that is they know who is who and must be trusted to not tell third parties. I would suspect that some tumblers are run by LEOs. Even if a tumbler is keeping your secrets they may not offer that much protection against blockchain analysis. It is hard to tell that a tumbler is actually providing any on-blockchain privacy.
Bitcoin and cryptocurrency privacy is likely to dramatically improve over the next five years, but right now there isn't much actually deployed.
B.) If you look closely the privacy here is not just defined by using the right tools. It's also usage patterns. For instance drawing money from two accounts for the same transaction gives people high confidence that the same person controls both accounts. So it's a lot tougher than "just taking the offer".
I didn't know that part. Puts things in a different light. I always assumed McCaleb was gone before any of the shenanigans happened.
Of course it was way too late at that point. The whole place had already been robbed blind. Still, it seems like if he had gotten there sooner maybe that weird arbitrage bot could have made up the difference somehow and actually bailed out the company.
I disagree wholeheartedly. Karpeles bought an insolvent exchange, and specifically chose not to invest the money necessary to bring it back to solvency. He could have simply bought 80,000 BTC in order to make the exchange solvent (Bitcoin was trading at less than a dollar per coin at that time). Instead, he chose to defraud his customers by attempting to make up the missing money by front-running trades and other dishonest tactics.
In addition, he failed to implement basic accounting measures which resulted in him not even being aware of the fact that he would go on to be hacked multiple more times.
> Still, it seems like if he had gotten there sooner maybe that weird arbitrage bot could have made up the difference somehow and actually bailed out the company.
The "weird arbitrage bot" was fraud, plain and simple. If it had worked, it would have worked by effectively stealing value from active traders on Mt. Gox. Of course, Karpeles was too incompetent to even implement this fraud correctly, and he ended up inadvertently subsidizing traders rather than stealing from them.
But seriously, if you care about this at all, watch the video. It is one of the best conference presentations I've ever seen.
I hope you also have time to reply to the comments from Sillysaurus3 and several others, regarding the reasoning and sources behind your impressive early prediction of MtGox's failure.
This is the biggest worry. How could they have not known about their books? This shows the fundamental flaw in cryptocurrencies. There will always be highly motivated and very technical people (Russia and China looking at you) willing to spend hours, days, months attacking or searching for exploits and vulnerabilities to extract coins. This differs from traditional banks which requires a physical bank robbery.
Ultimately the incentives for illegal activities, theft, and fraud is just to high without oversight and a central trusted authority.
You're missing a word: "...flaw in cryptocurrency-centralization entities". Actually cryptocurrencies are achieving the opposite: they're decentralizing security.
Exchanges are just a bridge to that world.
I think nodesocket's point was that to expect the run of the mill computer user, who barely understands what a browser is, to have the security chops to withstand constant attacks from people who not only know what a browser is, but have also devoted substantial time to understanding as many exploits to the crypto-currency systems as they can and who have monetary incentive to continue refining that understanding in pursuit of most likely consequence free(apart from their soul) illicit monetary gains, to look at the dynamics at play here, it is not a stretch to assume that expecting widespread adoption in any form is likely to be a losing proposition.
What does "decentralizing security" mean? Everyone with any currency to protect will have to implement the digital equivalent of 36 inch fortified walls? Why would they want to do that when most people are satisfied with outsourcing this to service providers who specialize in such things?
For some scenarios there is a case to be made for "user defined security" or some-such, possibly even a few legitimate ones that aren't socially hostile. But it's hard to make any convincing case(without using any "semantic sugar," "empty calorie" buzzword-laden phrases like "decentralizing security") against nodesocket's point that the lay of the land of crypto-currency seems hopelessly tilted towards those who would like to exploit it in these ways.
Yes, people will still refuse to back up their wallets by writing down the 12- or 24-word seed phrase, and others will get phished. They'll lose their funds, just as they already do with their Steam and eBay accounts. Your point is valid that Bitcoin allows a tremendous amount of control that many people will use first and foremost to shoot off their own limbs. But brain-wallet crackers are no longer a threat.
Stupid question here, but what is wrong with doing that?
Bitcoin addresses are (usually) based on ECDSA public keys. When you send Bitcoin to someone, you're saying "send this to whoever can sign for the following public key [XYZ]. Signed, [ABC]." You had private key [abc] for [ABC], and you got the bitcoin you sent from someone else who said "send this to whoever can sign for the following public key [ABC]. Signed, [MNO]." ("said" means published to the global blockchain ledger.)
Back in the bad old days, the Bitcoin app would generate a new private/public key pair for every address. This meant that if you didn't back up wallet.dat frequently, you were screwed because your old backup might have only the old keys in it, not the new ones since the last backup.
The BIP32 scheme works kind of like this (simplified):
24 words -> 256-bit secret, called [defghi].
[defghi-44/0/0/1] -> [jklm]
So what's nice about this is that the 24 words are the only thing you need to reconstruct your whole wallet. You no longer have to keep on backing up your Bitcoin wallet except for the very very very first time when you first create it.
But if you don't write down that list of words, and something happens to your phone/PC, goodbye bitcoin.
That's why we invented hardware wallets, which physically separate coins from the computer. You don't need to be tech savvy to use one. And to date, there hasn't been a single case of bitcoins stolen from a hardware wallet.
As someone trying to get into blockchain stuff, this is kinda wild.
Also, what exactly is a wallet? If the coins are really just outputs in a hashed block how do you 'access' them?
A wallet is a userland abstraction where it groups together all of your keypairs.
With each keypair (ECDSA) you have a public and private key. The address is derived from a hash and encoding of the public key. The private key is used to sign a script that unlocks the transaction outputs you have access to.
For this reason, your balance is also a userland abstraction. A balance is the sum of all the outputs you have the ability to unlock by signing the input.
Whats important to understand about transactions is that you need to spend the entire input. If you have 10 coin sitting in an output and want to send 7 to someone, you need to structure the transaction so that the 3 change goes back to you as well
The way fees work is that the miner picks up any difference between the outputs and the input, for ex.
10 input => output 1 = 7btc to address1 (recipient)
=> output 2 = 2.9btc to address2 (change)
=> diff 0.1 btc transaction fee
There is no reason why the change address cannot be the same as the input, but it means a loss of privacy since you can then see the 2.9 btc was change, thus output1 was the recipient, and you link the future transaction back to yourself as well.
If you then want to send 11 coin to someone, you can combine other inputs:
2.9btc input => output 1 = 11btc to address3 (recipient)
10btc input => output 2 = 1.89btc to address4 (change)
=> diff 0.1 btc transaction fee
What the original wallets did, and what OP explains, is they would pre-generate the next 100 keypairs and add them to the end of the list, and with each transaction that requires change it would move the pointer for next change address up one
All of your addresses start as either receive addresses, or as change addresses, and end up becoming your balance addresses until they are spent
To backup these wallets you had to backup every key pair, which is why most modern wallets use deterministic keys usually derived from a mneumonic. HD wallets use a master key pair, where the private key is usually derived from a mneumonic. That key pair is then used to generate the key chains that are used as receive and change addresses. It means you only need to backup your master keypair or your master mnemonic and can then generate and check all the key chains
The new wallet format is defined in bip32  while the mnemonic to generate seeds is defined in bip39 - which you can test using a browser client app (don't store coin using these - generate them securely)
Most wallets now support these deterministic wallets, including bitcoin core
The three main wallet types are full node, thin node (SPV) or web wallet
The most popular SPV clients are Electrum cross-platform, breadwallet for ios/android. SPV uses block headers and peer queries (sometimes using bloom filters for privacy) to query your unspent transaction outputs and to verify transactions (there are variations of the architecture). The bcoin project also allows you to run an SPV client in the browser or via node (i'm really starting to like this project - they were the first to implement p2p authentication and encryption which is specified in bip150/bip151)
Electrum supports Trezor and hardware wallets, multisig wallets, 2FA wallets and have their own mnumonic and deterministic wallet format (but it also just involves saving a seed for the master key)
Web wallets store your wallet (usually) encrypted on their server and then unpack and decrypt in your browser client, then making HTTP API queries to verify transactions, get your unspents, broadcast transactions etc. The most popular are Blockchain.info (disclaimer: I worked for them) and GreenAddress - you can use blockchain.info via a tor hidden service at blockchainbdgpzk.onion
Good ways of getting started if you're more interested in the tech is Electrum (web wallets tend to obfusacte a lot of what is going on to make them easy to use), a full node with Bitcoin Core or running bcoin - and running them on testnet so you can build and broadcast your own transactions without fear of losing funds (the scripting language has also evolved a lot).
Most people refuse to invest in Bitcoin because of the possibility of a crash, so this is a completely pointless challenge.
I was simply explaining that many crypto-currency systems are demonstrably more adversarial and user-hostile environments than most other currencies. Not only are they more adversarial, they are more adversarial in a way that most computer users aren't equipped to comprehend.
Or are you talking about other cybercurrencies that use different schemes to maintain consensus?
For centuries, banks have partnered with the state to monopolize their rents and profits at the expense of competitors. The ultimate example of this is central banking cartels.
> small group of miners
There is a small group of mining pools that together can block certain upgrades to the system. A couple of those pools combine to more than 50% of the hashpower. But they are pools, and pools are made up of lots of contributing miners, who may leave for another pool at any moment.
> small group of developers that choose what to implement
Relative to the total number of Bitcoin miners, company employees, or wallet users, the number of developers is the smallest group. Developers choose what code they wish to write, unless someone is paying them to write certain things. But developers cannot force anyone to run their code. Hence, the ultimate power of consensus is with the node operators of the system.
But all of this is beside the point that parent comments were making about the danger of centralized bank-like services such as exchanges. The decentralized, trustless nature of Bitcoin is such that you can download the client and verify your funds from the Genesis block until today, without needing to trust anyone.
A traditional bank is still susceptible from similar attacks. Difference being, at banks they're just balance sheets in a database, so forensics and backups can be used to restore balances. Traditional banks also have decades of experience protecting their data.
Not really. Recent example: http://www.telegraph.co.uk/news/uknews/crime/11414191/Hacker...
Hardly... but if it did, it doesn't mean they're still not worth using and developing.
And traditional banks don't require a physical robbery to be hacked.
An uninsured Bitcoin exchange, once the first few coins have been stolen, becomes a secret game of musical chairs to see who gets left without the coins they deposited.
Not everybody here is an anarcho-capitalist.
Incidentally, I believe that there is also a considerable amount of private insurance involved in banking.
In the UK there is deposit insurance provided by the government as the last stop and that's an amount per financial institution.
Luckily the audio is fine.
Is there a better version somewhere?
It was a very interesting (and pathetic, for MtGox) talk. Went way faster than I expected because it was so interesting. Presenter did a great job.
Use it for what it's good at - buy or trade. As soon as transaction is over - move it to fully deterministic offline wallet.
Seed could be a sequence of words (this thing needs to be backed up and stored safe!)
Huge advantage is that you can save the seed in safety deposit box in a bank, written on paper - totally non electronic way.
Then you can recreate wallet from seed at any time and manage your funds.
If your bitcoin private key only exists on a piece of paper and not on any networked computers, then there's no way that malware or a company being hacked or an exchange going down is going to affect its balance.
But no amount of identity verification can prevent exchanges from being hacked or from defrauding their own customers.
This is the same guy who infamously wrote:
>"PHP can do anything, what about some ssh?" -Mark Karpelès
>"quick'n'dirty bitcoin signing lib because too lazy to reimplement ECDSA in pure PHP" -Mark Karpelès
The Dunning Kruger effect runs deep in that that one. It's no surprise he was drawn to PHP, given Rasmus Lerdorf's disdainful anti-intellectual attitude about computer science, programming, security, and unit testing. Birds of a feather!
If you didn't already know about the inventor and lead developer of PHP's anti-intellectual attitude, here are some classic quotes:
"There are people who actually like programming. I don't understand why they like programming." -Rasmus Lerdorf
"I'm not a real programmer. I throw together things until it works then I move on. The real programmers will say "Yeah it works but you're leaking memory everywhere. Perhaps we should fix that." I’ll just restart Apache every 10 requests." -Rasmus Lerdorf
"I do care about memory leaks but I still don't find programming enjoyable." -Rasmus Lerdorf
"I don't know how to stop it, there was never any intent to write a programming language [...] I have absolutely no idea how to write a programming language, I just kept adding the next logical step on the way." -Rasmus Lerdorf
"I was really, really bad at writing parsers. I still am really bad at writing parsers." -Rasmus Lerdorf
"I really don't like programming. I built this tool to program less so that I could just reuse code." -Rasmus Lerdorf
"I actually hate programming, but I love solving problems." -Rasmus Lerdorf
"For all the folks getting excited about my quotes. Here is another - Yes, I am a terrible coder, but I am probably still better than you :)" -Rasmus Lerdorf
Then there was the time that Rasmus Lerdorf cut an official but fatally flawed public release of PHP 5.3.7 without bothering to run the unit tests, which would have caught his sloppy bug he just checked in that broke crypt().
This guy who thinks he's "probably still better than you" had to admit that maybe he "went a bit too fast" when he didn't actually bother to run any of the unit tests first before releasing a new version of PHP with a terrible security flaw in crypt(), because so many of the tests produced error messages, and even though the tests caught his bug, he didn't feel it was worth the hassle of wading through all those pesky error messages to see if he'd introduced yet another security related bug.
I sure hope no online banks depend on the crypt() function!
> 5.3.7 upgrade warning: [22-Aug-2011] Due to unfortunate issues with 5.3.7 (see bug#55439) users should postpone upgrading until 5.3.8 is released (expected in a few days).
>r314434 (rasmus): Make static analyzers happy
>r315218 (stas): Unbreak crypt() (fix bug #55439) # If you want to remove static analyser messages, be my guest, but please run unit tests after
>+Lorenz H.-S. We do. See http://gcov.php.net
>You can see the code coverage, test case failures, Valgrind reports and more for each branch.
>The crypt change did trigger a test to fail, we just went a bit too fast with the release and didn't notice the failure. This is mostly because we have too many test failures which is primarily caused by us adding tests for bug reports before actually fixing the bug. I still like the practice of adding test cases for bugs and then working towards making the tests pass, however for some of these non-critical bugs that are taking a while to change we should probably switch them to XFAIL (expected fail) so they don't clutter up the test failure output and thus making it harder to spot new failures like this crypt one.
"I throw together things until it works then I move on." -Rasmus Lerdorf
Content around it is just filler to promote the author's book.
The Wayback Machine has copies of the front page from May to September 2007.
Edit to add: 'neotek has a better answer :)