Hacker News new | comments | show | ask | jobs | submit login
MtGox.com is offline (mtgox.com)
587 points by cjbarber 1332 days ago | hide | past | web | 521 comments | favorite



It's really easy in all of this to pile a bunch of hatred on Mark Karpeles, but please, everybody remember that he is a human being, with real human emotions, and that those things really do hurt.

--

MtGox was (past tense is probably appropriate here, but for the sake of anybody who had coins there, I hope not) a startup that failed spectacularly, and publicly, and took a TON of peoples' money with it.

The transaction malleability thing was poor programming on the part of gox. Remember that we have ALL fucked up at some point, just luckily for most of us, "fucking up" doesn't mean losing than much of other peoples' money.

Mark, I doubt you read hacker news, but if you do: it's alright, dude. You bastard.


There is no fucking way 700,000 BTC disappears with nobody noticing. This must have been building for a long time.

Was there never any attempt to compare BTC in wallets to customer balances?

Or did MtGox know about this problem, and hope to cover it up over time?

Either case is at least gross negligence if not criminal fraud.

Yes, we all fuck up at some point. But I don't pretend to be a surgeon and perforate a patient's aorta. Pretending to be competent to gain people's trust is fraud.

I sympathize with those who lost money in this clusterfuck.

No sympathy for Karpeles.


Most people who've been around bitcointalk and bitcoin-otc know not to use MtGox since circa 2011 when their stunning incompetence was at it's height. Sadly there were plenty of media shill articles when Btc skyrocketed to $1,000 last year who were promoting them as the "Biggest Bitcoin exchange" without pointing people to relevant bitcointalk threads on what a nightmare that site has been over the years.

If you read MagicalTux's personal blog you'd know to never trust anything he's coded too. http://blog.magicaltux.net/2010/06/27/php-can-do-anything-wh...


I clicked through and thought you were being too harsh. I mean, it can be fun to make toy implementations of things as an exercise. Doing an SSH server in PHP would be entertaining if you liked PHP. You'd learn something.

And then I read that his hacked-together-in-3-days ssh server was for use in production. In a hosting service.

Wow. Just wow.


> And then I read that his hacked-together-in-3-days ssh server was for use in production. In a hosting service.

That sounds like a brilliant technical guy, capable of running with a daft idea to completion (unlike me, with my collection of at-best-half-built personal projects), who should have some layers of protection between him and Real World Production...


That reminds me:

"Now, people who Get Things Done but are not Smart will do stupid things, seemingly without thinking about them, and somebody else will have to come clean up their mess later. "

http://www.joelonsoftware.com/articles/fog0000000073.html


I think it's different.

Inexperienced (young) programmers don't know what's been tried, and what's available. I've been dealing with this a lot at work recently, where we ended up doing poor reimplementations of off-the-shelf stuff due to a mix of ignorance, and honestly, a bit of hubris.

It's a good attitude to have in academia/non-production critical work, but the GP is right, production demands a more conservative approach, especially when money/safety is at stake.

The type of ignorance Joel writes about (see parent) is different, it's more like "slavishly following design patterns" and "writing copy-and-pasted, improperly factored code". Both are ignorance, but the first is better called "NIH", whereas Joel's is, "writing bad code".


The part of "running a SSH server that you wrote in PHP in production" that is scary is not the "in PHP" part.

It's the "that you wrote" part.

No matter what language you write it in, you are going to mess something up. The OpenSSH guys have messed up working a lot smarter and more diligently and with more time than you have.


This is so very true, OpenSSH is probably one of the most secure pieces of software around. It has extremely high value to attackers, yet has had extremely few remote security holes in its lifetime.

They've invested years and many talented people in developing such a piece of software.

If you want to write your own ssh server in php, you should probably consider your motivation and how you can re-use their code or operate through it instead if your purpose if anything other than experimentation.


Yeah, thats what I thought too, until I read this little gem, suggesting that OpenSSL was written by monkeys: http://www.peereboom.us/assl/assl/html/openssl.html

Its kinda hard to disagree with that conclusion.


You shouldn't be using OpenSSL unless you are an expert in crypto and software development. It's not easy to use and it shouldn't be.

I can't say those difficulties he had in using the library were put there on purpose to keep people like him out, but it seems to be a good effect here.


OpenSSH is not OpenSSL.


Dang, guess that joke's on me. Wouldn't have realized it, thx for the correction.


Omg, I nearly missed that:

    What did I create a ssh server for? The same thing I created a DNS server for fun and for KalyHost.
I'm not sure "disbelief" is sufficient to describe how I feel right now.


Yeah, I'm still trying to figure all that out myself.

There was some allusion to needing some kind of database backend for the SSH server, but there are multiple solutions for that now (like LDAP).

I'd love to have this guy work for me in a junior role (because he can really crank out the code), but all his work would need to be reviewed, and I wouldn't want him to be making architectural decisions on his own.


well, is it better to have a hacked MVP released in production, or spend forever making it and never actually releasing it and then missing the window?


I can tell you absolutely, without question, that when it comes to security and people's funds, there is nothing courageous about a hacked MVP in production. There's a difference between someone's to-do app one weekend, and this case. If you are handling people's money directly or indirectly, you need to care about that and take it seriously. Or don't ship.


Well I would argue that the "M" in MVP would necessitate never losing anyone's money. If I were going to create a trading platform, I'd probably start with one that only accepted Play Money.


Well when mtgox started off btc was play money, it was always play money until perhaps 12 months ago when it became serious money. And I base play and serious on the value, at $10 a coin it was still fun, at $100 a coin I had to seriously consider how much I should keep on my phone or any other single place.


Putting on my Lean Startup hat for a sec, I would even say that the M could allow for losing money. If it's early on and your customers are all in the 2 1/2% of innovators, they will put up with a little of that. Certainly if you make them whole, but probably even without.

That said, "flawless accounting" would be very high up on my feature list. I think the failure here isn't launching without perfection; it's operating at scale without perfection.


I've been wondering whether the "M" in "MVP" is for minimum quality, or minimum feature scope.

I think minimum feature scope doesn't necessitate poor-quality software, just solutions that don't do everything for everybody. It's much better to ship a small feature set with very high quality, IMO, than a big feature set with low quality.


Great thing to wonder about!

In the Lean Startup sense, the M is about minimum effort, and the V is about viability with customers. You're basically playing Battleship trying to discover where those two Venn circles overlap.

Different aspects of quality map to both those circles. There's build quality, which relates to the sustainability of the code base. There, you have to consider both short- and long-term quality. [1]

There's also quality as users perceive it. That varies widely by domain by market, and by how far you are along the adopter curve.

My general answer is the same as yours: minimal features with highly sustainable code. But for experiments, I think you can get away with terrible code as long as you a) throw it away quickly, and b) you are on it so even if you have a bad MTBF, your MTTR is really good.

I also think that you can tactically discard certain kinds of user-side quality. E.g., if I'm making a product for early-adopter financial traders, I'm not going to worry about quality of visual design, and I might inflict hard-to-learn interfaces on them. But I'd be rigorous about accounting and about UI issues that might lead to mistaken trades.

[1] I wrote some about that here: http://agilefocus.com/2009/06/22/the-3-kinds-of-code/


Minimum viability?


He did. It was called Bitcoin


Cute, but they also traded and held USD.


Oh, that's easy. The best thing is to use the off-the-shelf SSH server, one that has been written by experts and carefully reviewed by a lot of people.

Or do you mean this as a metaphor for MtGox? In that case, I would say that I would rather miss the window than be the famous asshole who -- oopsie! -- lost $500 million of other people's money.


The problem is less with a minimum viable product, and more with a far-from-viable product, in ways that aren't immediately obvious. The security FFVP is especially dangerous.


Depends on what the product itself is and from which perspective you're asking the question. At any rate, those are almost never the only two choices...


what if the hacks you used to build your MVP result in unrecoverable real world damage to your self, your investors, and your customers?


One way to look at ordering features in early products is as risk reduction.

One of the biggest risks is, "nobody gives a fuck", which is why MVPs are so valuable. It lets you test market hypotheses.

But if you're building something handling real money, then a pretty obvious risk is, "The system will lose money beyond our capacity to absorb losses." Their failure to address that risk here is at best negligence.

But given the size of the loss, I don't think we should rule out fraud. The interesting question is, "When did they know they had a problem?" Sometimes shitty accounting systems are just naiveté. But when they persist over a long period of time in a way that just happens to cover up loss, embezzlement, or theft, then it's worth asking: did they keep the shitty accounting because better accounting would have forced them to admit something they were hoping to cover up?


Would you want to fly in a hacked together MVP plane released to production? A similarly made bike in a park? Maybe.


I wouldn't today, but the wright brothers did, because if they hadn't, someone else would've done it instead. If you wanted to be trail blazers like the wright brothers were, you might have to put up with a hacked together MVP. I m just saying that anyone who lost their money did so knowing the risks (or should have known the risks).


>Most people who've been around bitcointalk and bitcoin-otc know not to use MtGox since circa 2011 when their stunning incompetence was at it's height.

And still, even 2 weeks ago, tons of people defended MtGox in HN threads, and said how it's a temporary glitch and they are very good exchange and such.

Even when it was pointed to them that it's a service build by a guy with no actual knowledge of exchanges and no prior experience at finance services whatsoever -- a mere PHP developer (not to knock the language) that had done nothing spectacular before (no Carmack, or Fitzpatrick or your favorite coder hero).

People trusted their money to a guy that literary calls himself "MagicalTux" -- which to me seems like investing to the hobo on the corner, people call Crazy Bob.


Does this mean we shouldn't trust "coldtea" to develop anything?

I'm the last person to defend Karpeles' competency, but his internet alias has nothing to do with it.


>Does this mean we shouldn't trust "coldtea" to develop anything?

Of course you shouldn't.

If you were to here him (well, me) you'd ask for my CV -- if not an interview also.

And if it was like "developed some random toy stuff" you wouldn't hire me to develop a money exchange playing with other people's millions of dollars.

And if you were to assess if you will put $10,000 in a financial online service made by me, my past work in the area, my general competence would be quite important.

Else, don't be surprised if you lost it all. The chances were way higher than if you had put that money in Citibank, you just ignored the signs.

And for me, not giving the impression I'm a 20-something script kiddie with a fancy handle would also be quite important. I mean, it might be prejudice, but "Ives, Rockefeller and Berstein" as a financial service just feels more secure than "$uper7eetMoneyMakah", "LuvFlamingoes" or "MagicalTux".


> I mean, it might be prejudice, but "Ives, Rockefeller and Berstein" as a financial service just feels more secure than "$uper7eetMoneyMakah", "LuvFlamingoes" or "MagicalTux".

How do you feel about "Bear Stearns" or "Lehman Brothers"?


Much more comfortable than MagicalTux. For one they have the clout to get trillion dollar bailouts from the government.


Oi!


I don't know, investors don't seem too put off by this Crazy Bob's name.

http://techcrunch.com/2011/03/28/square-cto/


Yes, maybe because they didn't ignore all the context of my email, and did checked that he has serious credentials, like:

"he had been leading the core library development of Android while at Google".

And that he is just but one of the players at Square, including guys like a well known VC and Twitter's cofounder.

If "CrazyBobs" was an unknown in the industry guy and his CV was like "I have done some fun projects, like a PHP mailer" and he was the major person behind the company, no investor would have touched it with a barge pole.


people who've been around bitcointalk and bitcoin-otc know not to use MtGox

There are a lot of forums on the Internet. It's not confidence-building, at all, to tell people "if you hang out on the right forum you know what's safe." Especially because "the right forum" is not written in stone.


That's what makes it fun..


Oh lawdy [1]:

    Of course normal frameworks are a no-go. Using
    someone else’s framework will make your world
    slightly better, but until you create your own
    full framework, you won’t understand what I mean.

    The next step is to build applications with your
    framework. The kind of applications that will
    change the world...
Should have tagged the post with NIH.

[1] http://blog.magicaltux.net/2009/09/19/striving-for-a-better-...


The worst thing is he still runs multiple other companies:

https://www.autovps.net

https://www.kalyhost.com

https://www.tibanne.com

http://blog.magicaltux.net/2009/12/22/incorporation-in-japan...

If he was not dealing with other people's real money and data this experimentation and shotgun approach would be fine.


What you wrote made me think, "What would anyone in their right mind write on their blog that would make people think something like that?" So I clicked through, and read the first four words, that struck me in the face like a four layer wedding cake: You were right. Then I read the rest of the sentence, and that was like a ton of frosting being poured on the cake from a dump truck. Point well taken, sir!


I've been around. What is bitcoin?, and who cares about whatever the hell 'Mount Gox' is?? Can we all get back to work on something meaningful to the future, family, or nature... someone we don't know about made up a currency, and some other company we also don't know about made up an 'exchange' of this 'currency' and now we still don't know what's going on and some 'bitcoins' are missing... the most it's all worth is a laugh


> I've been around. What is bitcoin?

From https://bitcoin.org/bitcoin.pdf‎:

Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.

Of course, the coins are only yours if you hold the private keys. A promise of some Japanese exchange to send you an amount of Bitcoin in the future is not the same as owning a Bitcoin.

It's pretty interesting, you should read it.


I think you had the only decent reply. Thank you. I know bitcoin, and was really just fishing for others that may share my view on the current state of affairs for the digital crypto currency. Some of us have been around just long enough to be aware that the field of technology doesn't create a buffer from unclean people and business characters. Also, that just because a lot of smart/clever people made something that a lot of people believe in, that at some point it passes the point of no return or is immune to failure. I think bitcoin failing may be good, could wake a lot of people up, many mistakes won't be made a second time, and the freed up focus and brainpower will go towards a better generation of technology to benefit humanity.


Currently, this event looks like about the third or fourth-largest crisis of the currency and has had very moderate on the valuation, although this might change in the coming weeks.

Many people in the field are very ethical and think that an improvement to the current financial system is of great benefit to humanity.


I mean, you are the one that decided to dive into the middle of a bitcoin discussion. I typically find it rather easy to ignore things that do not interest me, maybe you should work on that.


Maybe you should go back around to wherever you've been around, and not be around here, where you have nothing of value to contribute and no interest in the discussion at hand. The way things work, in case you didn't learn that by being around, is that you don't post messages complaining you're not interested in a topic to discussions about that topic. So stop being around here.


A laugh and a few good tens of millions of dollars that people actually do value and will pay that much for. Maybe cryptocurrencies aren't in your favor, but their value and growth isn't something to scoff at.


Bitcoin is a technological breakthrough, you are just being ignorant about it.


> There is no fucking way 700,000 BTC disappears with nobody noticing.

The history of Barings Bank is interesting, primarily because the main trader Nick Leeson was in the position to mask hundreds of millions of pounds of losses. In that case, no one noticed the roughly $1.3B loss because he was in a position where the internal controls didn't apply


At Barings, Leeson was trading futures contracts and he was also responsible for accounting for his own positions. There was no segregation of duties, no mark-to-market.

At MtGox, it should be much simpler to (1) add up all customer balances, (2) add up all BTC in hot and cold wallets, and (3) compare those two numbers.

If the numbers differ by more than timing differences, shut it down, debug it, and prevent a small problem from becoming a big problem.

The Barings backstory is that the billion-dollar loss started with a 20k bad trade, Leeson tried to cover it up, and it snowballed.

It wouldn't be surprising to learn that MtGox followed a similar trajectory.


>At MtGox, it should be much simpler to (1) add up all customer balances, (2) add up all BTC in hot and cold wallets, and (3) compare those two numbers.

Yes, considering Gox only had 2 bank accounts (and now are down to just 1 in Japan) I don't see how hard it is to compare balances and notice 744,000 coins are missing.

They claim that over time the cold wallet was cleaned out. If this is true then the first few customers would've complained hey I never got my coins, and he could've seen shenanigans happening due to his php wallet implementation and halted all trading. Then thousands more customers. I find it hard to believe 744,000 worth of coins disappeared over months and nobody noticed until recently


Which is just another aspect of the travesty - that someone responsible for routinely trading tens of millions of dollars per transaction should feel the need to cover up a $20,000 loss.


Leeson tried to cover it up because he wasn't supposed to be trading at all, he was supposed to a broker and he decided to try to make some extra money.


You also have to account for the insane levels of indirection in the management structure of an institution like Barings Bank, an exponential sneakernet.


The Wikipedia article is worth a read: https://en.wikipedia.org/wiki/Nick_Leeson#Downfall


Heh, I had only been on the internet for about 2 years when that went down and I spent that evening watching the world's gears seize up instead of finishing the book I was suppose to be writing; it was around this time that I started tog et interested in alternative currencies. I was just thinking that here I am doing the same thing 20 years later.


You must be new here... I have seen PLENTY of situations where internal controls are weak, NO people dont cross compare assets and liabilities.


> Either case is at least gross negligence if not criminal fraud.

To echo the original commenter: Yes, jail sounds like a reasonable end to this — but keep it restrained.

> No sympathy for Karpeles.

No, certainly not for hiding his incompetence, but I think the point was more: don't be too graphic in wishing him to discover what sex in jail can be. That’s an… understandable reaction, but inappropriate on a public forum. He’s got family who cares about his well-being, and the next days are going to be tough for them too. Imagine talking to his mother, or children: the facts, they are going to need them to understand, but nothing violent or tasteless (and I think you did a great job).

> But I don't pretend to be a surgeon and perforate a patient's aorta.

He didn't kill anyone; I'm sure one can save a lot of lives with that kind of money, but… I’d rather see you compare him to Kerviel (I'd disagree) or that Barings' trader (closer). The Head of security at Target, or Sony might be more accurate cases.


Especially if you are paying millions to accounts each year according to that document.

Where did those accountants get their degrees/licenses?


if there is no fucking way, then where is the news


People aren't hating Mark Karpeles because he messed up, but because of the completely absurd response to this situation.

Optimal response: A message to the customers as soon as the issue is noticed: "Due to a technical problem we lost X amount of Bitcoins, which means we currently can't cover all of the deposits. Trading has been disabled while this issue is investigated. [Some external financial company] is in charge of coordinating withdrawals of existing customer funds."

Actual response: Blaming the issue on the Bitcoin protocol. Trading stays active althought the price tanks. Customers can still deposit funds although it's clear that they won't be able to withdraw it. Released announcements try to hide information about insolvency and try to give hope to the customers.

I didn't have any deposits at MtGox. As a customer I would probably have forgiven them losing the funds (if it was a technical issue), but I wouldn't have forgiven them they way how they handle public communication. Such a behavior is not acceptable.


> People aren't hating Mark Karpeles because he messed up

I think they are hating Mark for losing their money, clearly a 'mess up'.


He's being ignorant about it and tries to blame others for the mess MtGox caused. On a speculative note, he'll propably walk out of this with millions in his pockets, while his customers lost tons of cash due to this mess.


I'm surprised nobody is posting detailed traces of all the Mt. Gox bitcoins. They can be traced through the system, right? It should be possible to figure out how many Mt Gox still had when it went down. It should be detectable when he transfers them to a different account or sells them.


Honestly, Mt. Gox users are not that bright (of course with exception).

Either that or their entire IRC channel is full of trolls because some of the statements being made there are completely insane.

It's almost like they've never done any research about what Bitcoin actually is and just ran to Mt Gox to buy up this magical currency that they were told would make them rich. Just to note; I'm not talking about the Doge trolls either.


I don't know much about Japanese law, but in the US, there are times when it's deemed necessary to "pierce the corporate veil". If he's got assets, I suspect people will go after them ... though it might take him 3 years to notice his personal accounts are empty.

The other possibility is that he's incompetent in his personal life too ... maybe his paychecks have all been spent? (I hear gaming cards are collectible!)


A bargain in Keyhole Downs is always too good to be true.


Today it's transaction malleability. Tomorrow it's something else. Bitcoin is an experiment. Those seeking to turn it into a ponzi scheme are pretending as if it's a reliable currency or investment.

Their is no accountability in the Bitcoin ecosystem.

If you transfer your coins anywhere you should consider them gone. The only "safe" coin is a cold storage coin. The second it goes hot it's at risk. The second you send it somewhere it's at risk.

Whether it's Silk Road or MtGox or whatever comes next, this will happen over and over again. People will spend their time either trying to exploit someone else's system or creating the illusion of trust in a system which they plan to exploit. The next MtGox is already out there.

This happens with dollars all the time too. But we hold people accountable. We have a number of ways to reverse transactions. We have insurance.


The only "safe" coin is a cold storage coin.

Even that is not safe, because the value ultimately depends on confidence in the currency as a whole. Money is a social construct; you can never safely hold it with no fear of loss, even in cold storage or under your mattress. As you say, this happens with every currency, but we introduce regulations to limit the fallout.

This is a lesson that many alternative currency fans are learning today.


> This happens with dollars all the time too. But we hold people accountable.

You mean like the bank bailouts, and all the money that "went missing" from that?


You mean like how we made a profit from them?[0]

[0]: http://projects.propublica.org/bailout/list


No matter how many times this is pointed out, people will continue to demonstrate their complete lack of understanding behind the "bail outs"; essentially asset swaps that earned the US Treasury a small profit.


Who is this "we" you speak of?


My thought exactly, why don't we call up Jon Corzine and ask him what kind of accountability he was held to after losing all MF Global's customers money.


Fiat currency can disappear as well. You can't get blood from a stone.

http://www.reuters.com/article/2014/02/11/us-mfglobal-corzin...


Ditto - it's a lesson to be learned for many young/youth that are deep in tech that sip the kool aid that all is fine in the land of 1's and 0's


Yes, if I have any schadenfreude here it's not for him. It's for all of the people who smugly told us for years that Bitcoin is superior to our "legacy" fiat managed and regulated monetary system system in every way, and anyone who can't see that is an idiot.


Don't equate Bitcoin the protocol with dodgy websites.

Unlike cash, radical transparency is entirely possible with Bitcoin.

Bitcoin the protocol is as strong as ever, but customers of other sites should demand proof that their exchanges and online wallets actually control 100% of the BTC they claim to have in their custody.


Yes, I think my schadenfreude is for you.


Generally not a good trait to have, particularly not with something that has a tendency to bounce back.

http://arstechnica.com/tech-policy/2011/10/bitcoin-implodes-...


Were you that guy in 1989?

"My schadenfreude is for all of the people who smugly told us for years that ARPANET is superior to our 'legacy' post office and ham radio in every way"


People in 1989 didn't exhibit a nearly religious devotion to ARPANET as perfect in every way, going so far as to say things like "Bitcoin cannot fail, it can only be failed" (do people realize how absurd this sounds?)

When every one of Bitcoin's characteristics (deflationary money supply, irreversibility of transactions, completely public record) is touted as an unmitigated advantage, it is irritating to those of us who see it as an interesting idea and cool technology with both plusses and minuses.

ARPANET isn't superior to post offices in every way; for example you can't send a package through ARPANET. And in fact one of the Internet's biggest winners Amazon.com built its success largely on being really good at shipping.


I understand a certain irritation with a lot of "Bitcoiners", but don't let contempt of Bitcoin extremists make you an anti-Bitcoin extremist.


Where did you get "anti-Bitcoin extremist" from any of what they wrote?


I didn't necessarily, it's just a precaution. I see a lot of vitriol directed at Bitcoin, and this sort of extremist overcompensation is really nothing new anyway. It's just a reminder to stay rational.


> People in 1989 didn't exhibit a nearly religious devotion to ARPANET as perfect in every way, going so far as to say things like "Bitcoin cannot fail, it can only be failed" (do people realize how absurd this sounds?)

I actually agree with you, but if you're talking about me, I was being wildly sarcastic and riffing off of an old Communist slogan. I'm not aware of anyone who's ever said that sincerely, but if someone did it would be hilarious.


That would be a good analogy if we couldn't transfer money online. But, you know, we can.

The whole point of Bitcoin that's been touted in pretty much every thread, hoisted up by Libertarians like a giant flag, is that it's unregulated. And now, they're all discovering why we regulated in the first place.


yes, and regulated banks/exchanges have never been the centre of financial disasters.


Not that there haven't been failures, but in the US, bank customers -- as opposed to bank shareholders or investors -- are a fairly protected class.

In 2008(?), Lehman investors were fucked, WaMu shareholders were fucked, but as a WaMu customer I was not inconvenienced in the slightest. My money was safe and I was able to freely access it every day during the transition to Chase ownership.

Now, I don't think that it is fair to compare MtGox to a bank. It was really an exchange for investors to speculate on fluctuations in exchange rates, so in the regulated financial industry you'd probably be just as fucked.

I think the take-home message from the failure of MtGox is that your risks don't just come from the volatility of the market you are investing in. You could lose your money through a crash in the market, yes, but you could also lose your money through the incompetence or malfeasance of your investment partners, through having your password stolen and your account hacked, through losing your private keys, ... If you only consider one type of risk, you will understate your total risk, and not hedge against it effectively.


It's this kind of thinking that really irks me. "Well, my $100 still adds up to $100, so it's all there."

Yeah, you money is there. Maybe it holds the same value as yesterday, or tomorrow. But over time, your taxes will go up, prices of things you buy will go up, inflation will rise, and the spending power of your $100 will become less and less.

Every bank failure, financial meltdown, and economic downturn robs your money of value. When a meltdown happens, and the FED has to prints more money to cover it up, your dollar loses value. When the price of merchandise goes up, because fees go up, because bank insurance premiums rise, because they keep losing your money, your dollar loses value.

It may happen slowly and indirectly, but make no mistake, you are losing you money. The best way to cook a frog is to do it slowly, so the frog doesn't jump out of the pot.


actually the latest banking disaster was largely due to a decade prior of deregulation, and the economies of other counties who came through it best had retained a lot of their regulation (Canada).


"Bitcoin cannot fail, it can only be failed."


Cash isn't really a reasonable analogy in this case, since it can't be transferred digitally and needs to remain in the custody of the owner. BTC held in exchanges is much more comparable to money in demand deposit or savings accounts.


Exactly how does this differ from the regular banking sector? I can demand 'proof' (whatever that might mean in this case) from Barclays that their books are balanced, but it doesn't mean they'll give it to me.


But they will give it to the regulators.


And that is the point. Bitcoin as an open system means we are ALL the regulators. Issue is we cant see their FIAT.


How are we regulators? How can we demand anything from any enxchange? How can we punish them if they violate the rules, or our trust?


If Mt Gox has a single deposit wallet for example, we could easily audit how many coins it has.

We couldn't enforce rules, but if some people decided to set up a sort of "best practices" website saying it's "SAFE compliant or something (Sure Against Forged Equalities), in which case beginners guide would be "ALWAYS GO FOR SAFE COMPLIANT EXCHANGES!"

We couldn't punish them but it would allow some sort of feeling of safety(if minimal).


I think that is the whole issue with this.

They are beholden to no one and there is no way to punish them if they violate the rules. (rules in the BTC world?! blasphemy!)


If we can regulate them, so can the government. AFAIU Bitcoin is designed to prevent exactly that, at least in general.

Fully resolving their books would require knowing identities of those entitled to receive Bitcoin from an exchange, as only one example, as otherwise an exchange could simply transfer the right amount to an account under their control and use those Silk Road-style money laundering schemes to transfer it to some wallet they actually care about.

To make sure the outlays went to the customers it's required to know which Bitcoin wallets belong to said customers. Are you going to sign up for an exchange that maps wallet IDs to customer identities for public transparency purposes?


> If we can regulate them, so can the government.

Even if we can't, the government still can if it really wants to. They can still demand access to the software, the wallets, and they can fine or imprison people.


Lots of people in the Bitcoin community have been saying for years to not touch MtGox with a ten foot pole.


The problem is they also say this about every exchange. It was enough for me to send half my btc to coinbase, but not enough to warrant any real urgency about it. Thus I lost about 7 btc due to this fiasco.


You should not leave your coins on any exchange. Store them locally - offline preferably.


Not loudly enough. I remember reading lots of stuff about how Mt. Gox was where it's at.


Did you really? I literally don't think I've ever seen anyone recommend MtGox outside of mass media reports, but I might be wrong. I remember seeing online conversations (I think it was either a forum or IRC) from 3 or 4 years ago where the people making MtGox were basically bragging about how incompetent they are, and everyone else was doing a collective facepalm. As far as I can tell, they got a first-mover advantage, which got them into basically every media mention of Bitcoin, which compounded and led to them being the largest exchange for a long time. But my honest impression is that the Bitcoin community has been wary of MtGox for essentially as long as it has existed.


Yes, the old Bitcoin community. But as you may have noticed, bitcoin got a lot of attention over the past year, and probably drew in a lot of users who weren't on that forum 3 or 4 years ago. All those mass media reports weren't immediately followed by warnings from the community to stay away from MtGox, so a lot of new Bitcoin users probably ended up at the biggest (and therefore presumably the most professional and reliable) exchange.

How could MtGox have been so big if everybody already knew for years that it was crap? The community failed to inform the new users about this very real danger.


{{weasel words}}{{whom}}



It's my genuine impression of the Bitcoin community, nothing more.


So "lots of people" suddenly became "My impression"


In this case, his impression of lots of people is correct. People that have been around bitcoin for long enough have seen ridiculous things happen at Mt Gox repeatedly.


Well, yes. All I have to go on is my own observations. I have observed a large number of people in the Bitcoin community disparage MtGox for a long time. Not sure what else you want me to say.


Plenty of threads on HN.


MtGox had to code custom software to interact with the bitcoin network because of their size. They coded it wrong and allowed a bug that could (and did) wipe them of their money.

How is it the bitcoin network's fault?


> How is it the bitcoin network's fault?

Because the protocol is broken with regards to tracking transactions and that has been acknowledged. Even the official implementation got it wrong. It needs to be fixed because the workaround just does not scale.


it's not broken at all. tx hashes are essential for looking up txs in the block chain, and can be used as addresses because they immutable once they are in the block chain.

before they are included in the blockchain, malleability aside, they aren't even necessarily valid (they could be double spend attempts, etc)


the workaround just does not scale.

That is nonsense.


Wait, so where are people's bitcoins and cash then? Lost in void?


Taken by other people. That's the more interesting note, IMO.

My understanding of the problem is that some people went to withdraw money and due to transaction malleability MtGox thought the transaction failed and resent repeatedly. But the first transaction didn't actually fail and they received their money multiple times.

Whether this happened to a lot of people a little or a few people a lot, and whether they were accidental beneficiaries or intentional instigators will probably never be known. But some number of people received a share of that missing 750k BTC, and I don't recall a one of them posting a "Hey, MtGox just sent me more BTC than it should have" blogpost that ended up here, so that's pretty interesting.

So the BTC aren't missing so much as illicitly redistributed.


This is basic failure of accounting. If you are running a bank, you need to get things to match up exactly.

In a lot of software engineering, Good Enough really is good enough. But a 5 cent discrepancy between what you actually have and what you thought you had need to be treated as seriously as a $5 million discrepancy.


Bingo. While growing up in the '70s, my parents were often small businessmen, or running the business affairs of e.g. groups of doctors. More than one I can remember them spending quite a while tracking down a less than $1 discrepancy in the books they necessarily kept manually, for just that reason. (They moved to doing by computer in the '80s, of course.)


That's what I thought. Something is afoul about it and it's not only incompetence. I think there was intent and malice here. It will be rather interesting to see where this goes.


Could bitcoin function as a viable replacement for today's money/monetary system without entities like MtGox ?

Not functioning technically but functioning pragmatically.

(honest question, I am an economic newbie)


Yes, trusting a third party with your money, whether MtGox or the US Fed, is a bad idea.


There is no such thing as money without trust of third parties. Transacting under the auspices of a neutral, trusted third party is what money means.

The Fed has the backing of a sovereign power with its own currency and is central to the largest national economy in the world, as well as a great deal of the international economy. If MtGox's earned trust was an apple, you could see the Fed's from space.


"Transacting under the auspices of a neutral, trusted third party is what money means."

Can you explain this a little more? How do I need to trust a 3rd party when I use, say, gold as money?


If you're using gold as money, then you are certainly trusting many third parties.

Consider; what does using gold as money mean? Are we trading notional gold? Certificates that claim to represent gold in some vault? Obviously you need to trust the issuer of the certificates. Are you using minted gold coins? Obviously you need to trust the mint and more generally the entire financial system that equates those coins with a certain value. (The history of coin clipping, adulteration of coinage, and the results of having multiple currencies circulating at once[1] should show why this is important.) In fact, the only way that you don't actually need to trust a 3rd part is if...

...you're trading a known quantity of gold to someone else strictly for its value as gold. In which case you are actually trading in gold as a commodity; the technical term is barter. It simply does not fit the definition of money.

[1]: Eg, Gresham's Law: http://en.wikipedia.org/wiki/Gresham's_law


Gold as in Au does not need any third party. Certificates... that is another thing.


> Gold as in Au does not need any third party.

Even that generally needs a third party, unless you happen to be one of the world's experts in distinguishing counterfeit coin or bullion from gold of a certified purity.


Ok, but Bitcoin doesn't need an expert to do that, just widely available open source software that's already been vetted by thousands of developers.


So now the trust devolves onto the designers of the Bitcoin protocol, the software programmers implementing said protocol, the programmers implementing the operating system kernel that said software runs on, etc. etc. etc.

Just ask the MtGox users about how completely ironclad that trust is. Sure, "transaction malleability" was identified in 2011, but that didn't help the users of MtGox, and the other exchanges had to take corrective action in 2014 as well.

If anything Bitcoin is even worse for the normal user; physical security is much much easier for most of us to grasp and implement. Is Aunt Tillie going to be able to ensure that she never gets too rich, so as to entice a cyberattack to steal all her Bitcoin wealth?


Are you a qualified assayer? You trust the other person is giving you gold, or you trust the individual who tests it. You trust the system that provides you with an understanding of the relative value of the gold you're holding so that you aren't massively overpaying.

There's a reason Jesus through the money changers out of the temple - they were abusing that 3rd party trust.


Ok, this is one area where Bitcoin is demonstrably better than pretty much any other form of money: it's cryptographically impossible to counterfeit.


You are relying on third parties to accept the gold you receive for approximately the same value you spent to obtain it.

You have some apples, and Alice has some oranges. You would like some oranges, but Alice doesn't want any apples. So you go to Bob and sell Bob some apples for gold. You give Bob a bushel of apples, Bob gives you a bar of gold. Now you go take this bar of gold to Alice and try to trade it to Alice for a bushel of oranges. Alice tells you to fuck off, she doesn't want a bar of gold any more than she wants an apple. Bob doesn't want his bar of gold back, no backsies. No one in town wants a bar of gold, in fact.


There's a big difference between trusting you'll be able to trade something which has historically been valued by a lot of people at a certain amount, and trusting someone won't steal your money, which is generally what people mean when referring to a "trusted third party".


If you do that, you need to store it on your own premises and hand-deliver it. You can't do internet transactions that way. Crucially you can't do credit, which is a practical requirement of most business.


My question wasn't suggesting gold was a good form of money, I was trying to understand why people believe all money requires a "trusted 3rd party".

Anyway, Bitcoin does not require a trusted 3rd party any more so than gold does.


Gold is not money... you should say "when I use dollars as money"


This brings up a point I've never really understood about the hoarding of gold. Why? Let's say there is some catastrophic meltdown of society and money is a thing of the past. What am I supposed to do with the bar of gold you trade me for goods? Rather than assume that everyone's still on board the "gold is valuable and not just rocks" train, isn't it far more sensible to trade goods or services for goods or services? I would think that, in that I am exchanging a thing that I cannot use just so I can later exchange it for something I Can use, I am using gold as money. (Same deal if I trade goods for shoes that are the wrong size or handfuls of scratch 'n sniff stickers.)


Under what definition of money is that? Gold is and has always been money.


Try telling that to the cashier at the local grocery store.

Gold is not generally accepted as payment for goods and services in any culture that I know of (excluding jewelry and metal stores, of course). I'd be genuinely interested to hear about places where you can still take a lump of gold to a store and pay with it.


You're confusing money with legal tender. But in any case, you can just travel to the Utah: http://www.nytimes.com/2011/05/30/us/30gold.html?pagewanted=...


> You're confusing money with legal tender.

I don't think I am. Something can be generally accepted as payment for goods and services without it being legal tender.

> But in any case, you can just travel to the Utah

That article is about coins produced by the US mint, not lumps of gold. And even so, the article says, "so far, it is hard to find anyone who is using gold or silver to buy anything."


Isn't your argument equivalent to saying that Latin isn't a language, because it's hard to find anyone who uses it to chat?

Gold is money, it just has been superseded for most uses. And even so, when dollars are harder to use, gold is still used for some large transactions: http://online.wsj.com/news/articles/SB1000142412788732435200...


You can read many Latin works, and find the language taught in many schools. Since it isn't spoken except in a handful of limited contexts, it gets the special qualifier "dead language." Gold is basically a "dead money." Hung onto by various people for historical and religious legacies, but not really suited for modern use.


Gold isn't money, it's an asset you can barter with.


the Fed is not a third party w.r.t USD. its the first party. the Fed is the entity in direct control of the monetary supply. the Fed is also the entity politically mandated to protect the money supply against inflation and deflation.


> the Fed is not a third party w.r.t USD. its the first party.

Its a trusted third party with regard to most use of USD as money -- that is, its use by market participants in exchange for goods and services.

> the Fed is also the entity politically mandated to protect the money supply against inflation and deflation.

Well, yeah, that official role (combined with its past history of performance in the role) is a big part of why its a trusted third party in the use of USD as money.


consumers don't interact directly with the Fed. from their point of view I guess you could call it a third party.

banks interact directly with the Fed though. to them it is a first party.


Equating MtGox with Bitcoin is like equating NASDAQ with the US Dollar.


... an apt comparison in many ways. If the former fails, the latter is going to be in trouble.

The value of bitcoin is in many ways dependent on the irrational response of people who invest their money in it. Mt.Gox fails and many people are going to lose faith (at least temporarily) and consequently, the value has dropped significantly.

We're talking about an entity which at some point has held more than 5% of the BTC out there.


It's a good thing that nobody has ever been massively fucked over by a regulated fiat system.


Funny thing about this argument is that we don't apply it to the rest of the world, and for good reason.

"God look at all the people killed by that airplane attack... let's get rid of skyscrapers and/or airplanes!"

"Man, alcohol sure does fuck over a lot of families, let's prohibit it!"

"That computer-based system led to millions of dollars being lost, we should stop using computers!"

Face it, now the same argument that you would use in support of still using Bitcoin exchanges (presumably run by more competent individuals?) would also work in support of regulated fiat systems (especially those run by more competent individuals!).


Getting rid of something is not necessarily the same thing as proposing an alternative that may provide new benefits.


Unregulated currency is only new to those who refused to stay awake in their history and humanities classes though.

Unregulated currency by cryptography is novel, but doesn't create an inherently new concept any more than digital cryptography did not innovate encipherment or authenticity checking.


Currency devaluation (not inflation) amounts practically to the same thing: money lose their value overnight. You go to sleep a millionaire and the next day you pay a million for half a bread.


I got mugged. Obviously the US Dollar is a failure.


Wouldn't a better analogy be "my bank got robbed, and now I'm broke"?


For the effect on a person, yes. For the implications for the platform, no.


Well you said "I" so that's what I assumed you meant. For the effect on you.


I lost my bitcoins by trusting MtGox. Therefore, Bitcoin is a failure.

I lost my USDs from a mugging. Therefore, the USD is a failure.


A couple of years ago a server management application called HyperVM had a 0day due to some questionable programming, hundreds of thousands of websites were lost along with a lot of money... the next day the creator took his own life. A lot of people are going to be in a very bad position right now (both customers and people inside mtgox), let's hope it doesn't come to that.


October 19, 1987 was "Black Monday" as US equity markets crashed. A number of Wall Street bankers defenestrated themselves because they lost so much money.

I hope that customers of MtGox don't do the same thing when they realize how much they've lost.

I also hope Karpeles doesn't harm himself, though we should have at least as much concern for the customers as we have for the proprietor.


There were no suicides associated with the 1987 Black Monday crash. You're thinking of Black Tuesday in 1929, a much bigger event. Even so, nobody jumped out any windows on Black Tuesday -- it was an urban legend. There were a handful of suicides but nothing statistically significant.


According to this[0] the HyperVM guy may have had a family history of suicide.

[0] http://www.itwire.com/business-it-news/security/25559-hyperv...


I'm having trouble understanding what you think the relevance of that might be. Obviously, when someone commits suicide, that decision ultimately rests on their shoulders and is borne of their experience/history/state/what-have-you. GP was trying to make a broader point about the difference in levels of significance between a catastrophic business fuck-up and the wasting of human life, a conflation that people without family histories of suicide make all the time.


On the general point my original parent was trying to make, I totally agree. People throwing away their lives over a business fuck-up is a waste.

I just wanted to search on the story and saw that point was made in the article I linked, and thought it was an interesting point to that specific case.


oh, well, that's alright then.


> HyperVM guy may have had a family history of suicide.

Seems so. http://www.theregister.co.uk/2009/06/09/lxlabs_funder_death/

But more than that, in his own words, he was a "man of excesses." Here is his archived blog (http://echoreply.us/ligesh.com/ligesh.com/about/index.html)


I have zero sympathy for Karpeles or anyone else who screws up like this. The reason this sort of thing happens is either because (a) the perpetrators deliberately set out to defraud their customers or (b) they got overconfident and sold a product/service that they simply weren't capable of delivering.

Operating a financial exchange is a serious business. In purporting to do so, you're taking people's money and promising them that you will operate the exchange honestly and competently. From what I've observed and from the private conversations I've had with people who've had first-hand dealings with them, many of the current batch of hot Bitcoin startups are run by people who don't have a fucking clue but have managed to delude themselves that they can build the Next Big Thing in financial technology by faking it 'til they make it. It's like a bunch of kids acting at being grown-ups - maybe one or two might actually blunder their way to success but the vast majority are going to crash and burn due to stupid, idiotic mistakes that could have been avoided had they been willing to listen to advice from people with more knowledge and experience. Of course, the downside of actually doing things properly is that they don't get the growth/traction that attracts investors' attention. The corrollary is that the startups who do achieve the sort of growth curves that attract investors probably aren't doing things properly, whether by cutting corners, failing to balance the books properly, not focusing enough on security or the 101 other things that can lead to an implosion/collapse/insolvency.

While the founders at least have the excuse of being young and foolish, I question the morals of investors who fund teams that clearly lack the appropriate skills/experience to provide proper financial products and services.

It's the same type of one-way bet that contributed to the 2008 financial crisis. If the startup is successful, the founders and investors exit for millions/billions. If it fails, the founders and investors get to walk away unscathed while the customers end up suffering the losses of the founders' incompetence and the investors' failure to properly supervise their investment.

I fully expect a Silicon Valley-based Bitcoin startup to implode at some point and I would not be at all surprised if the resulting clamour from customers who've lost money is loud enough that the authorities step in to begin regulating the space.


This is just life and death of a business and it is interesting to watch how these exchanges are being removed from the economy, by essentially a Darwinian survival of the fittest rule, the least secure get hacked and taken off line. We lost bitcoin-central, bitcoinica, mtgox on the way but BTC-E is going strong and so is Bitstamp, kraken are doing a good job and so are btcchina. The market does not need regulation. Gmaxwell has suggested exchanges provide an anonymised form of financial data to confirm their liquidity and I know BTC-E have suggested they will do something like that. Of course people may suffer losses along the way and that sucks but you can buy and store them locally and this sort of thing will never affect you.


I sympathize with him and sincerely hope that he comes through this and he finds some redemption.

This was a combination of criminal theft and not merely neglect. We must remember that the loss of these BitCoins themselves (quite possibly) wasn't malicious, while the theft of these coins is most certainly malicious. If you leave your house door open is it morally or legally right for someone to take the opportunity to raid your house and rob it blind? In such a situation both parties are at fault, one for neglect but the other for immoral (and illegal) home invasion and thievery.

But since in this case Mark Karpeles is the only visible figure in this saga, and the thieves will almost certainly never be known, the majority of the vitriol is going to be directed at him. I've criticized him too, and I think this amounts to criminal neglect, but I think that there is a way forward for both Karpeles and BitCoin. I think we (myself included) should tone down our vitriol.


No, at some point between $0 and $400,000,000[1], negligence is no longer an acceptable excuse.

[1] The current market value of the claimed 700k BTC loss in USD.


$460 million vanished in minutes when Knight Capital Group deployed code to the wrong servers in 2012.

http://en.wikipedia.org/wiki/Knight_Capital_Group

Mizuho Securities lost around $400 million when a Tokyo Stock Exchange trader fat-fingered an order in 2005.

http://en.wikipedia.org/wiki/Mizuho_Securities


Both were point mistakes, which I think anyone would agree are bad but just huge mistakes. Running what is effectively a bank that loses $400m over the course of a couple of years in a constant bleed is not a mistake, it is negligent.


The person I replied to suggested it wasn't negligence. Maybe you should argue about what words mean with him, first?


Oh please. Saying that bitcoins are worth $400MM is like saying that a collection of "limited edition" Beanie Babies is worth $400MM.


Well, considering the price has been pretty stably above the current point (not stable in general but definitely above this point for months), I think it's safe to say if you had that Bitcoin you lost a potential opportunity to have made a lot more money. The worth is simply what people have been willing to buy at, and that price has recently been quite high.


I think it is safe to say people lost "a potential opportunity to have made a lot more money?" in 1000s of cases. Things are only ever worth what people are willing to pay for them. Just because that price has been high recently doesn't mean it's stable. Someone paid $4,500 for a Beanie Baby once.


My offer for your mint condition bears stands. You know how to reach me.


So very true if you have to peg that 400mm to a specific exchange rate for another currency.

You can ascertain the value of 1 BTC in your favored currency rather easily given a choice of marketplaces. Less so with 100, or 10000+. Most market-places couldn't handle the volume without a substantial shift in price before your 400mm mark was hit for say, USD.

That said BTC seems to want to reach the type of ubiquity that allowed USD to be a universal currency of sorts during it's heyday. With means to convert in and out being varied from the strictly regulated to the strictly unregulated.

Now let's see how long the blockchain can live.


If the rumors are true and Gox is tanking, I don't think Karpeles can ever adequately feel the aggregate pain that his incompetence in his role has caused MtGox customers. He deserves much worse than nasty internet comments.

There are plenty of entrepreneurs on HN alone who given the resources Gox had could manage to not (unknowingly) lose half a billion dollars due to broken programming in the timespan that Gox did.

And I say this as someone with no dog in the fight.


Karpeles is as much at fault as his customers. I remember back in March 2013 there was some serious DDoSing happening to Mt. Gox (which they couldn't handle). I decided right then and there to take all of my funds out because I knew that if they were not competent enough to successfully stop a DDoS with the resources they had, then they clearly would fuck up at a later time. And the time has come.

Seriously... all of you people are acting like Bitcoin is the world reserve currency or something. This thing didn't even exist 4 years ago.

If you're gonna invest in something like Bitcoin, then you better know your shit; cause shit happens.


I'm with you on the first part, but I have a hard time believing that this was solely broken programming and ignorance. I think we are well into the territory of negligence, and I could well believe that we will eventually discover the sort of dubious behavior and/or outright fraud that accompany accidental ponzi schemes.



Compelling evidence, but I'm not convinced yet. This could also be evidence for the sort of idiocy where people try to cover up for an accounting error though fraud.


> He deserves much worse than nasty internet comments.

Yeah, thanks for fanning the flames of a vigilante lynching in the making.


Don't be so melodramatic, nobody is literally being lynched.


Not yet (and because some people around here seem to be softer than melted butter, that's not a threat).

Now I'm usually a pretty cold-hearted bastard, and I'll admit that I had very little stake in MtGox (I never conducted any business there), but I sort of agree with the above. Yes, he probably deserves some Internet hate. The problem is that this Internet hate is not likely to be the full extent of the hate he'll get over this thing.

I, for one, hope that the dude hasn't fucked over the entire rest of his life.


Why would you assume violence? If he has covered up massive losses like this for a while but still taken deposits then he may be criminally liable.


That's too outcome oriented. Probably a less useful train of thought than focusing on the motivations, victories, and failures along the way to the outcome.


> There are plenty of entrepreneurs on HN alone who given the resources Gox had could manage to not (unknowingly) lose half a billion dollars due to broken programming in the timespan that Gox did.

Easy to say. Nobody sets out to fail.


... they didn't lose half a billion dollars.


Well, that's pretty cruel of you.


MtGox has been lying and scheming all the way, showing complete lack of respect for either their users or Bitcoin community at large. They should have been gone and prosecuted a long ago.

I have no sympathy for Mark Karpeles. He's a shady character and I'm glad to see his shady "startup" finally crumble.


This is whitewashing because this isn't the same thing as a company failing. They (likely) stole millions of dollars (equivalent) from a huge base of customers. That's not the same thing as losing money for your investors, which is effectively what happens when a business actually fails.


Still, anyone who didn't think that bitcoin is incredibly risky (with a high upside) was living under a rock, There are best practicies when dealing with a risky asset such as BTC, and they're really not that hard. Speaking of which, I should probably get around to implementing those best practices myself =D


Yeah...the only money I've personally put into any cryptocurrency has always been with the understanding that it may either be worth nothing tomorrow or could be lost in an instant. (But I also don't store my coins in an exchange, so that helps.)


I just set up a complex series of recurring draws to btc to reconcile being paid weekly with paying bills monthly. This could either be really awesome or really catastrophic!


It's not that big a deal...it's just internet funbucks anyways, right? :D


[deleted]


probably for the better. Everyone wins!


I respect your position on HN but I cannot disagree more with you on this one.

You sound like you just finished watching "thank you for smoking". The point that "he is a humanbeing" sounds like "what difference does it make" or other distraction that we are supposed to buy in order to feel less angry for his choices. Yes we are all human beings and im not sure how that helps in this instance. Maybe he should have thought of clients coins where platform continued to deliver slappy code and as a result, crashed?

I took all my coins out long time ago after seeing multiple red flag. But nothing pisses me more than this perfect situation. Any gov burocreat from a three letter agency is happily partying right now because there were waiting for something like this to happen. Mtgox will go down in the history, i dont care. Hope those sloppy pogrammers wont find their way into rocket engineering, traffic systems programming, airplains software programming or similar. But sure the gov will make a perfect example out of it and that gives them ammunition to try to regulate the market again.

You say "we all fucked up at some point". And you right. Just like one could assume most of us dui at some point. I did. Once. I drove very carefully, nothing happened and i hated myself for it for many weeks afterward as of how stupid i was. But still, i wont have much respect for someone else who drink and drive continuously and one day crashes and kills someone.


> Remember that we have ALL fucked up at some point, just luckily for most of us, "fucking up" doesn't mean losing than much of other peoples' money.

Most of us also don't get filthy rich losing other peoples' money.


That's pretty "touchy-feely".

You can claim people should be nice, but most start-ups that fail spend investor's money and those investors KNOW their money is at risk. Nobody expects that their money is at risk when you put it into a savings account. Crypto-currency exchanges and wallets should be the same way ... perhaps it's not as safe as putting it under your mattress but close.

So in the business world, you have a responsibility to your customers and most sane companies carry E&O insurance to cover the unforeseen mistakes that they might make. It doesn't cover incompetence or negligence in many cases, and I'd classify what happened with Gox as criminal negligence.

Karpeles might in fact be sad, but I guess I just respectfully called him a criminal. Those with more "skin-in-the-game" are going to want to extract as much of their money as possible from him ... I'm afraid he's going to get sadder.


>It's really easy in all of this to pile a bunch of hatred on Mark Karpeles, but please, everybody remember that he is a human being, with real human emotions, and that those things really do hurt.

Fraudsters are real human beings too.

As are people who are incometent but go ahead and build stuff risking other people's money and providing false assurances.


You are ignoring the fact that he has been straight up lying the last few weeks, and in my opinion, he still is. He said that they were aware of the bug for quiet some time, and yet had enabled automatic re-issuing of failed withdrawals. Do you think that is what really happened? They just got an excuse to steal coins on a massive scale!


What I wonder is this: Were any bitcoins actually lost during the meltdown? I mean in the sense that nobody can get at them any more.

The blockchain should, sooner or later, allow the tracing of some of the coins, right? So if somebody still has access to them, there might be a chance to find out who?

Or am I misunderstanding something here?


No man. The blockchain man, the blockchain. It's out there. We got this. The question could be that once they find out the who or who's, and those people are riding pitchfork style, around Bittown, who's going to be in charge of liqudating assets and sending pennies on the dollar back to all those quasi-anonymous folks saying the fiat is theirs?

Oh, and what about when we find out that suspect 1 might not actually be the culprit? Oops. YOLO.

Is there not an interesting question in, assuming coins could be recovered, what laws, in what countries, will cover them, and what value would they have if the 'currency' has no value? Do people want their BC back?

Looks like a bunch of people are praying to get out of bitcoin at 550 right now. If that aspiration thinking fails and people eat through the standing buys around 400, the next stop is 400, where panic will kick in and, maybe there's a pause at 100.

Pins, needles, popcorn... Black Tuesday 2014?


I should totally invest all my savings into speculative stocks. A first wave of gried ate through 550 and accelerated into 500 which ran to 400, where a wall of buying kicked in. That triggered a run-up. Not enough selling to breach the support point there. Fare thee well bitcoiners. Fare thee well.


Guys, let's not be angry with the bankers, they're only human. Now, somebody give this man a presidency. That's jwst you get for fraud on this scale.


On some level, if you lose many life savings worth of wealth through what I can only assume was gross negligence and incompetence, you should expect the hatred. It's not like you can lose hundreds of millions of dollars -- or even tens, for the pedants who want us to take the integral of the value through the buy side of the order book -- through an honest mistake. He deserves the infamy he's getting.


The point is that these people are people - have some compassion.

I failed in my last startup, fairly publicly, and got a fair amount of internet hatred, and suffice to say I was not a happy bunny. But I didnt fail with remotely the publicity this got - I can't even imagine what the mtgox people must be feeling.


If you misled people into thinking you were solvent and kept taking their money when you knew you wouldn't be able to pay it back, or if you took grossly unacceptable risks with that same money, I'm glad you were unhappy. I doubt that's what you actually did though, and you are reacting to this story out of a kind, admirable, but entirely misplaced sense of compassion for someone whose wrongs are entirely unlike your own.


People who commit fraud deserve no compassion. Failing and stealing are vastly different things. Gox didn't just fail, they tried to hide it and have done nothing to deserve a single lick of compassion.


I dearly hope no one invested their life savings into Bitcoin.

That said, I'm sure many did, as they tend to do into any investment that has potentially huge upswings.


https://falkvinge.net/2011/05/29/why-im-putting-all-my-savin...

You mean like Rick Falkvinge founder of the Pirate Party?


Falkvinge says he got most of his bitcoins off Mtgox before it blew: http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s...


I don't know any high-profile cases, but this random Reddit user did:

https://pay.reddit.com/r/Bitcoin/comments/1r88vl/need_advice...


It doesn't matter how much hate we pile on. Prosecutors will pile enough hatred on Mark et al for us all. The fact that they just shut down and have vanished with hundreds of millions of dollars worth of assets that don't belong to them is going to bring the legal equivalent of hellfire and brimstone down on the heads of everyone involved.

They could have handled this far better, and maybe avoided some of the major problems they are now headed for. Now, unless Mt Gox suddenly reappears with an explanation, they are in for a very rough ride.


With credit to /r/bitcoin, I got a chuckle out of this one:

    Sorry, due to a major bug in the WWW protocol, our
    website is temporarily unavailable. Thank you for
    your patience while we await Al Gore's instruction!


Jokes like this make me crazy. Seriously HTTP is layer 7. Why would you bother the former senator with anything above 4? tcp/ip is just fine. your buggy code is what's broken, thank you very much.


I believe the proper honorific is to reference the highest office, so it's the Vice President Al Gore.


Ah, indeed. I always feel a little guilty about editing posts, so i'm going to let it stand. This one especially, because it's such a reddit joke. But yes, you are correct.


If you feel guilty just add an addendum:

EDIT: Use correct honorific


I bet you leave descriptive commit messages.


How is this related to my comment?


Your advice for specifying that he give an explanation for his edit generally goes above what most people do when they edit posts.

So I am assuming you are probably someone who applies that same sensitibility to writing descriptive commit messages, because similarly to people editing Internet posts/comments without specifying what they changed, many people leave very vague or meaningless commit messages.


Now I get it. I was not sure where you were going with this.


That's level ten Vice President.


Ah the best comment buryed the deepest. So true you are.


If you're going to give credit, then you should actually mention the user, /u/millsdmb http://www.reddit.com/r/Bitcoin/comments/1yuxl8/mtgox_is_dow...


Pretty good Ponzi. Not as impressive as Bernie Maddof's, but extra points for the tech angle.


I am not aware of any indication that this was a ponzi scheme. Saying that it was, without evidence, is misinformation.

The loss of coins was unintentional on the behalf of MtGox. It may have been stupid that basic abc123 auditing would have probably revealed that there was a problem months/years ago, but evil has not been shown at this point in time.


An exchange that manipulates it's market to hide away losses and try to shore up it's balances starts to look a lot like a ponzi scheme after awhile.


Only given an unacceptably broad interpretation of the word "Ponzi." Fraud is the one you're looking for.


Halting withdrawals while still allowing deposits in an attempt to gain enough capital to payout those who were poised to withdraw sounds very ponzi-ish.

The low BTC exchange rates were both indicative of the risk, but also enticing to new exchange customers trying to strike it rich off a sinking ship.


Ponzi schemes are a form of fraud, sure, but the particular kind of fraud under discussion shares the key features of a Ponzi scheme, since its sustainable exactly as long as there is a sufficient net inflow of money from the outside to cover the money being extracted by uncontrollable losses.

The only difference from a traditional Ponzi scheme is that in such a scheme the extraction is to the fraudsters pockets, rather than to the fraudsters incompetence.


> but the particular kind of fraud under discussion shares the key features of a Ponzi scheme

No it doesn't; the key feature of a Ponzi scheme is intentional fraud using a phony investment that doesn't actually exit. That's what a Ponzi scheme is.

Bitcoin has nothing in common with a Ponzi scheme and all you people who keep repeating this non-sense need to go educate yourselves on what a Ponzi scheme actually is.


> No it doesn't; the key feature of a Ponzi scheme is intentional fraud on a phone investment that doesn't actually exit.

Assuming the description of this as being a loss that, however unintended when it first started occurring, was known, concealed, and papered over by using other funds, it was an intentional fraud from that point on a phony investment that doesn't actually exist.

> Bitcoin has nothing in common with a Ponzi scheme

That may be true about Bitcoin, but not about the scenario proposed upthread about what was going on at Mt. Gox. They aren't the same thing.


Again still wrong. Exchanges aren't investments; users aren't promised returns, they in fact expect that the chance of loss is high.

Just because fraud occurs does not a Ponzi make. Seriously, just stop repeating this complete nonsense. Ponzi schemes are very specific things and neither the Gox situation nor Bitcoin are Ponzi's in any way.


> Exchanges aren't investments; users aren't promised returns, they in fact expect that the chance of loss is high.

They expect the chance of trading losses is high, they don't expect that the loss of balances on account is high (in fact, they are generally promised that, except for specified transaction fees, such accounts will retain their value.)

There's a slight difference from what goes on in a traditional Ponzi scheme in that the former promises a positive return which is only met for as long as external funds come in to cover the returns (plus the funds being extracted by the fraudster) where the suggestion about Mt. Gox is that their Bitcoin accounts were promising a zero return, which could only be met for as long as external funds were coming in to cover the BTC being stolen. Which isn't strictly the same thing as a traditional Ponzi scheme, but is a very closely related form of fraud.

Note that I'm not saying this is what happened at Gox -- I have no way of knowing that. But what has been suggested is very much like a Ponzi scheme.


That's not a slight difference, that's a fundamental difference. Lacking a promise of a positive return and lacking a fake investment opportunity, no fraud can be classified as a Ponzi; it's simply fraud or theft. There's absolutely nothing Ponzi like about this Gox situation; nothing. Ponzi's require both of those elements, they are the definition of what a Ponzi is.

From Google:

Ponzi Scheme: a form of fraud in which belief in the success of a nonexistent enterprise (the definition) is fostered(i.e. the mechanism) by the payment of quick returns to the first investors from money invested by later investors.

Many valid things use the mechanism of new money paying out earlier investors; that alone is meaningless and not a defining trait of Ponzi's. All insurance also does this. A ponzi is literally "a form of fraud carried out by the belief in the success of a nonexistent enterprise"; that's it.


MtGox was usually advertising the highest exchange value for Bitcoins, and it most recently was advertising fire sale level exchange rates on Bitcoins.

Once they severely restricted/shut off withdrawals, they were no longer an "exchange". People were no longer investing in Bitcoins facilitated through an exchange, they were investing in the exchange allowing withdrawals and making good on the promised high Bitcoin to USD values or low USD to Bitcoin values. All the time they were telling people it was a technical problem and they would make good on transactions. Given how insolvent they were, this had probably been going on for a significant amount of time or they just never had intentions of making good. Allowing deposits to continue despite the issues they faced was unscrupulous, and I believe it was likely a way for them to try to collect capital to make good on the "top of the line" and "bottom of the barrel" exchange rates that they had promised their customers, which they simply could never fulfill.


Yes, fraud is likely, no one is disputing that. Fraud != Ponzi scheme.


MtGox was not a normal exchange. The MtGox Bitcoin was essentially a separate entity from a regular Bitcoin. The MtGox Bitcoin was offering higher than normal rates of return. This encouraged investors to pump in new capital, which was used to cover previous expenses MtGox had accrued. They then would pick and choose who they would allow to cashout at a high rate of return to keep the ruse going for an extended period of time, while making excuses to others. This worked until the Ponzi scheme imploded. I know you don't like that word for MtGox, but the fact that it may have been a legitimate exchange at one point does not prevent it from turning into a Ponzi scheme at a later date.

Perfect example of the mentality of a new investor at MtGox can be found on this reddit comment: http://www.reddit.com/r/Bitcoin/comments/1yw9vj/how_i_nearly...

I'll admit that not all the facts are known, and my conclusion above is essentially hypothetical based on the information known at this time. Perhaps when if we ever get access to internal communications within MtGox, we'll know the truth. Even pleading incompetence does not mean that the operators weren't unknowingly running a Ponzi scheme.


It does. . . but I think there's still plenty of room for Hanlon's Razor to remain in effect here.


Sufficiently advanced incompetence is indistinguishable from malice.

That is to say, at the end of the day, does it really matter if this happened because Karpeles is an idiot or because Karpeles was malicious? No, the end result is the same, and possessing and wielding that shear amount of idiocy is no more excusable than just being malicious.


There's really one spot where it matters: I think that when we fail to distinguish adequately between idiocy and malice, we begin to fall into the trap of seeing all catastrophes like this as malicious in hindsight, and consequently lull ourselves into assuming that any future catastrophes must also stem from malice.

The end result being, we hinge huge decisions on the question, "Do I think this person might actually try to hurt me?" without giving adequate attention to the question, "Does this person possess sufficient competence to reliably avoid hurting me by accident?"

Not just in finance. The issue seems to come up in health care quite a bit, too. Do you really want someone who doesn't fully grasp the germ theory of disease sticking sharp objects into you after previously having stuck them into someone else? The occasional outbreaks of hepatitis associated with acupuncture suggest this is a question we might want to spend more time thinking about. Instead, we tend to not get past worries (including legitimate ones) about whether or not Big [insert_big_thing_here] is trying to hurt us.


If they continued to take in deposits after they knew they were insolvent, it was a ponzi scheme.

Every ponzi operator dreams of earning themselves to solvency.


> If they continued to take in deposits after they knew they were insolvent, it was a ponzi scheme.

You clearly have no idea what a ponzi scheme actually is; educate yourself before making such foolish public statements.


I am pretty sure this sort of practice is illegal bitcoin or not.


> The loss of coins was unintentional on the behalf of MtGox.

Your evidence of that is...


In dubio pro reo.


only in a court of law.


honestly none of us really knows what happened behind the scenes. there's no indication it was a ponzi scheme. there's no indication it wasn't. what do you think really happened?

all I know is that an awful lot of people lost money.


I would say quite a bit more impressive as Madoff did the same thing that's been done hundreds of times before: take money and promise huge returns.

Here we have a company that took money and let the "investors" fight it out amongst themselves.


I don't think you understand what a Ponzi scheme is.


If MtGox actually had much none of the BTC they showed on their clients accounts, it was exactly that – a Ponzi scheme. Not sure if it changes the matter whether they did it intentionally or not.


No, that's a different type of fraud or downright incompetence. A Ponzi is when investors who are expecting positive returns are intentionally paid with other investors' money. That's not what happened here. Exchanges don't offer investments.


I'm sure it will happen again. And again. And again. And again.

The ponzi never dies because no one who participates every believes that _they_ are the one who's going to get screwed.


It might be more impressive than Bernie Madoff's when you consider it as a fraction of the BTC economy...about 10x more impressive.


How in the hell did these guys manage to screw this up so badly? Think about the tx fees they were raking in.


Maybe they didn't screw up. Maybe they just cashed out.


This doesn't fit even the loosest definition of "Ponzi scheme."


See my little rant, and I agree with you.

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: