It's really easy in all of this to pile a bunch of hatred on Mark Karpeles, but please, everybody remember that he is a human being, with real human emotions, and that those things really do hurt.
MtGox was (past tense is probably appropriate here, but for the sake of anybody who had coins there, I hope not) a startup that failed spectacularly, and publicly, and took a TON of peoples' money with it.
The transaction malleability thing was poor programming on the part of gox. Remember that we have ALL fucked up at some point, just luckily for most of us, "fucking up" doesn't mean losing than much of other peoples' money.
Mark, I doubt you read hacker news, but if you do: it's alright, dude. You bastard.
Most people who've been around bitcointalk and bitcoin-otc know not to use MtGox since circa 2011 when their stunning incompetence was at it's height. Sadly there were plenty of media shill articles when Btc skyrocketed to $1,000 last year who were promoting them as the "Biggest Bitcoin exchange" without pointing people to relevant bitcointalk threads on what a nightmare that site has been over the years.
I clicked through and thought you were being too harsh. I mean, it can be fun to make toy implementations of things as an exercise. Doing an SSH server in PHP would be entertaining if you liked PHP. You'd learn something.
And then I read that his hacked-together-in-3-days ssh server was for use in production. In a hosting service.
> And then I read that his hacked-together-in-3-days ssh server was for use in production. In a hosting service.
That sounds like a brilliant technical guy, capable of running with a daft idea to completion (unlike me, with my collection of at-best-half-built personal projects), who should have some layers of protection between him and Real World Production...
Inexperienced (young) programmers don't know what's been tried, and what's available. I've been dealing with this a lot at work recently, where we ended up doing poor reimplementations of off-the-shelf stuff due to a mix of ignorance, and honestly, a bit of hubris.
It's a good attitude to have in academia/non-production critical work, but the GP is right, production demands a more conservative approach, especially when money/safety is at stake.
The type of ignorance Joel writes about (see parent) is different, it's more like "slavishly following design patterns" and "writing copy-and-pasted, improperly factored code". Both are ignorance, but the first is better called "NIH", whereas Joel's is, "writing bad code".
This is so very true, OpenSSH is probably one of the most secure pieces of software around. It has extremely high value to attackers, yet has had extremely few remote security holes in its lifetime.
They've invested years and many talented people in developing such a piece of software.
If you want to write your own ssh server in php, you should probably consider your motivation and how you can re-use their code or operate through it instead if your purpose if anything other than experimentation.
Yeah, I'm still trying to figure all that out myself.
There was some allusion to needing some kind of database backend for the SSH server, but there are multiple solutions for that now (like LDAP).
I'd love to have this guy work for me in a junior role (because he can really crank out the code), but all his work would need to be reviewed, and I wouldn't want him to be making architectural decisions on his own.
I can tell you absolutely, without question, that when it comes to security and people's funds, there is nothing courageous about a hacked MVP in production. There's a difference between someone's to-do app one weekend, and this case. If you are handling people's money directly or indirectly, you need to care about that and take it seriously. Or don't ship.
Well when mtgox started off btc was play money, it was always play money until perhaps 12 months ago when it became serious money. And I base play and serious on the value, at $10 a coin it was still fun, at $100 a coin I had to seriously consider how much I should keep on my phone or any other single place.
Putting on my Lean Startup hat for a sec, I would even say that the M could allow for losing money. If it's early on and your customers are all in the 2 1/2% of innovators, they will put up with a little of that. Certainly if you make them whole, but probably even without.
That said, "flawless accounting" would be very high up on my feature list. I think the failure here isn't launching without perfection; it's operating at scale without perfection.
I've been wondering whether the "M" in "MVP" is for minimum quality, or minimum feature scope.
I think minimum feature scope doesn't necessitate poor-quality software, just solutions that don't do everything for everybody. It's much better to ship a small feature set with very high quality, IMO, than a big feature set with low quality.
In the Lean Startup sense, the M is about minimum effort, and the V is about viability with customers. You're basically playing Battleship trying to discover where those two Venn circles overlap.
Different aspects of quality map to both those circles. There's build quality, which relates to the sustainability of the code base. There, you have to consider both short- and long-term quality. 
There's also quality as users perceive it. That varies widely by domain by market, and by how far you are along the adopter curve.
My general answer is the same as yours: minimal features with highly sustainable code. But for experiments, I think you can get away with terrible code as long as you a) throw it away quickly, and b) you are on it so even if you have a bad MTBF, your MTTR is really good.
I also think that you can tactically discard certain kinds of user-side quality. E.g., if I'm making a product for early-adopter financial traders, I'm not going to worry about quality of visual design, and I might inflict hard-to-learn interfaces on them. But I'd be rigorous about accounting and about UI issues that might lead to mistaken trades.
One way to look at ordering features in early products is as risk reduction.
One of the biggest risks is, "nobody gives a fuck", which is why MVPs are so valuable. It lets you test market hypotheses.
But if you're building something handling real money, then a pretty obvious risk is, "The system will lose money beyond our capacity to absorb losses." Their failure to address that risk here is at best negligence.
But given the size of the loss, I don't think we should rule out fraud. The interesting question is, "When did they know they had a problem?" Sometimes shitty accounting systems are just naiveté. But when they persist over a long period of time in a way that just happens to cover up loss, embezzlement, or theft, then it's worth asking: did they keep the shitty accounting because better accounting would have forced them to admit something they were hoping to cover up?
I wouldn't today, but the wright brothers did, because if they hadn't, someone else would've done it instead. If you wanted to be trail blazers like the wright brothers were, you might have to put up with a hacked together MVP. I m just saying that anyone who lost their money did so knowing the risks (or should have known the risks).
>Most people who've been around bitcointalk and bitcoin-otc know not to use MtGox since circa 2011 when their stunning incompetence was at it's height.
And still, even 2 weeks ago, tons of people defended MtGox in HN threads, and said how it's a temporary glitch and they are very good exchange and such.
Even when it was pointed to them that it's a service build by a guy with no actual knowledge of exchanges and no prior experience at finance services whatsoever -- a mere PHP developer (not to knock the language) that had done nothing spectacular before (no Carmack, or Fitzpatrick or your favorite coder hero).
People trusted their money to a guy that literary calls himself "MagicalTux" -- which to me seems like investing to the hobo on the corner, people call Crazy Bob.
>Does this mean we shouldn't trust "coldtea" to develop anything?
Of course you shouldn't.
If you were to here him (well, me) you'd ask for my CV -- if not an interview also.
And if it was like "developed some random toy stuff" you wouldn't hire me to develop a money exchange playing with other people's millions of dollars.
And if you were to assess if you will put $10,000 in a financial online service made by me, my past work in the area, my general competence would be quite important.
Else, don't be surprised if you lost it all. The chances were way higher than if you had put that money in Citibank, you just ignored the signs.
And for me, not giving the impression I'm a 20-something script kiddie with a fancy handle would also be quite important. I mean, it might be prejudice, but "Ives, Rockefeller and Berstein" as a financial service just feels more secure than "$uper7eetMoneyMakah", "LuvFlamingoes" or "MagicalTux".
Yes, maybe because they didn't ignore all the context of my email, and did checked that he has serious credentials, like:
"he had been leading the core library development of Android while at Google".
And that he is just but one of the players at Square, including guys like a well known VC and Twitter's cofounder.
If "CrazyBobs" was an unknown in the industry guy and his CV was like "I have done some fun projects, like a PHP mailer" and he was the major person behind the company, no investor would have touched it with a barge pole.
people who've been around bitcointalk and bitcoin-otc know not to use MtGox
There are a lot of forums on the Internet. It's not confidence-building, at all, to tell people "if you hang out on the right forum you know what's safe." Especially because "the right forum" is not written in stone.
Of course normal frameworks are a no-go. Using
someone else’s framework will make your world
slightly better, but until you create your own
full framework, you won’t understand what I mean.
The next step is to build applications with your
framework. The kind of applications that will
change the world...
What you wrote made me think, "What would anyone in their right mind write on their blog that would make people think something like that?" So I clicked through, and read the first four words, that struck me in the face like a four layer wedding cake: You were right. Then I read the rest of the sentence, and that was like a ton of frosting being poured on the cake from a dump truck. Point well taken, sir!
I've been around. What is bitcoin?, and who cares about whatever the hell 'Mount Gox' is?? Can we all get back to work on something meaningful to the future, family, or nature... someone we don't know about made up a currency, and some other company we also don't know about made up an 'exchange' of this 'currency' and now we still don't know what's going on and some 'bitcoins' are missing... the most it's all worth is a laugh
Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.
Of course, the coins are only yours if you hold the private keys. A promise of some Japanese exchange to send you an amount of Bitcoin in the future is not the same as owning a Bitcoin.
I think you had the only decent reply. Thank you.
I know bitcoin, and was really just fishing for others that may share my view on the current state of affairs for the digital crypto currency. Some of us have been around just long enough to be aware that the field of technology doesn't create a buffer from unclean people and business characters. Also, that just because a lot of smart/clever people made something that a lot of people believe in, that at some point it passes the point of no return or is immune to failure. I think bitcoin failing may be good, could wake a lot of people up, many mistakes won't be made a second time, and the freed up focus and brainpower will go towards a better generation of technology to benefit humanity.
Maybe you should go back around to wherever you've been around, and not be around here, where you have nothing of value to contribute and no interest in the discussion at hand. The way things work, in case you didn't learn that by being around, is that you don't post messages complaining you're not interested in a topic to discussions about that topic. So stop being around here.
A laugh and a few good tens of millions of dollars that people actually do value and will pay that much for. Maybe cryptocurrencies aren't in your favor, but their value and growth isn't something to scoff at.
> There is no fucking way 700,000 BTC disappears with nobody noticing.
The history of Barings Bank is interesting, primarily because the main trader Nick Leeson was in the position to mask hundreds of millions of pounds of losses. In that case, no one noticed the roughly $1.3B loss because he was in a position where the internal controls didn't apply
>At MtGox, it should be much simpler to (1) add up all customer balances, (2) add up all BTC in hot and cold wallets, and (3) compare those two numbers.
Yes, considering Gox only had 2 bank accounts (and now are down to just 1 in Japan) I don't see how hard it is to compare balances and notice 744,000 coins are missing.
They claim that over time the cold wallet was cleaned out. If this is true then the first few customers would've complained hey I never got my coins, and he could've seen shenanigans happening due to his php wallet implementation and halted all trading. Then thousands more customers. I find it hard to believe 744,000 worth of coins disappeared over months and nobody noticed until recently
Heh, I had only been on the internet for about 2 years when that went down and I spent that evening watching the world's gears seize up instead of finishing the book I was suppose to be writing; it was around this time that I started tog et interested in alternative currencies. I was just thinking that here I am doing the same thing 20 years later.
> Either case is at least gross negligence if not criminal fraud.
To echo the original commenter: Yes, jail sounds like a reasonable end to this — but keep it restrained.
> No sympathy for Karpeles.
No, certainly not for hiding his incompetence, but I think the point was more: don't be too graphic in wishing him to discover what sex in jail can be. That’s an… understandable reaction, but inappropriate on a public forum. He’s got family who cares about his well-being, and the next days are going to be tough for them too. Imagine talking to his mother, or children: the facts, they are going to need them to understand, but nothing violent or tasteless (and I think you did a great job).
> But I don't pretend to be a surgeon and perforate a patient's aorta.
He didn't kill anyone; I'm sure one can save a lot of lives with that kind of money, but… I’d rather see you compare him to Kerviel (I'd disagree) or that Barings' trader (closer). The Head of security at Target, or Sony might be more accurate cases.
People aren't hating Mark Karpeles because he messed up, but because of the completely absurd response to this situation.
Optimal response: A message to the customers as soon as the issue is noticed: "Due to a technical problem we lost X amount of Bitcoins, which means we currently can't cover all of the deposits. Trading has been disabled while this issue is investigated. [Some external financial company] is in charge of coordinating withdrawals of existing customer funds."
Actual response: Blaming the issue on the Bitcoin protocol. Trading stays active althought the price tanks. Customers can still deposit funds although it's clear that they won't be able to withdraw it. Released announcements try to hide information about insolvency and try to give hope to the customers.
I didn't have any deposits at MtGox. As a customer I would probably have forgiven them losing the funds (if it was a technical issue), but I wouldn't have forgiven them they way how they handle public communication. Such a behavior is not acceptable.
He's being ignorant about it and tries to blame others for the mess MtGox caused. On a speculative note, he'll propably walk out of this with millions in his pockets, while his customers lost tons of cash due to this mess.
I'm surprised nobody is posting detailed traces of all the Mt. Gox bitcoins. They can be traced through the system, right? It should be possible to figure out how many Mt Gox still had when it went down. It should be detectable when he transfers them to a different account or sells them.
Honestly, Mt. Gox users are not that bright (of course with exception).
Either that or their entire IRC channel is full of trolls because some of the statements being made there are completely insane.
It's almost like they've never done any research about what Bitcoin actually is and just ran to Mt Gox to buy up this magical currency that they were told would make them rich. Just to note; I'm not talking about the Doge trolls either.
I don't know much about Japanese law, but in the US, there are times when it's deemed necessary to "pierce the corporate veil". If he's got assets, I suspect people will go after them ... though it might take him 3 years to notice his personal accounts are empty.
The other possibility is that he's incompetent in his personal life too ... maybe his paychecks have all been spent? (I hear gaming cards are collectible!)
Today it's transaction malleability. Tomorrow it's something else. Bitcoin is an experiment. Those seeking to turn it into a ponzi scheme are pretending as if it's a reliable currency or investment.
Their is no accountability in the Bitcoin ecosystem.
If you transfer your coins anywhere you should consider them gone. The only "safe" coin is a cold storage coin. The second it goes hot it's at risk. The second you send it somewhere it's at risk.
Whether it's Silk Road or MtGox or whatever comes next, this will happen over and over again. People will spend their time either trying to exploit someone else's system or creating the illusion of trust in a system which they plan to exploit. The next MtGox is already out there.
This happens with dollars all the time too. But we hold people accountable. We have a number of ways to reverse transactions. We have insurance.
Even that is not safe, because the value ultimately depends on confidence in the currency as a whole. Money is a social construct; you can never safely hold it with no fear of loss, even in cold storage or under your mattress. As you say, this happens with every currency, but we introduce regulations to limit the fallout.
This is a lesson that many alternative currency fans are learning today.
No matter how many times this is pointed out, people will continue to demonstrate their complete lack of understanding behind the "bail outs"; essentially asset swaps that earned the US Treasury a small profit.
Yes, if I have any schadenfreude here it's not for him. It's for all of the people who smugly told us for years that Bitcoin is superior to our "legacy" fiat managed and regulated monetary system system in every way, and anyone who can't see that is an idiot.
Don't equate Bitcoin the protocol with dodgy websites.
Unlike cash, radical transparency is entirely possible with Bitcoin.
Bitcoin the protocol is as strong as ever, but customers of other sites should demand proof that their exchanges and online wallets actually control 100% of the BTC they claim to have in their custody.
People in 1989 didn't exhibit a nearly religious devotion to ARPANET as perfect in every way, going so far as to say things like "Bitcoin cannot fail, it can only be failed" (do people realize how absurd this sounds?)
When every one of Bitcoin's characteristics (deflationary money supply, irreversibility of transactions, completely public record) is touted as an unmitigated advantage, it is irritating to those of us who see it as an interesting idea and cool technology with both plusses and minuses.
ARPANET isn't superior to post offices in every way; for example you can't send a package through ARPANET. And in fact one of the Internet's biggest winners Amazon.com built its success largely on being really good at shipping.
I didn't necessarily, it's just a precaution. I see a lot of vitriol directed at Bitcoin, and this sort of extremist overcompensation is really nothing new anyway. It's just a reminder to stay rational.
> People in 1989 didn't exhibit a nearly religious devotion to ARPANET as perfect in every way, going so far as to say things like "Bitcoin cannot fail, it can only be failed" (do people realize how absurd this sounds?)
I actually agree with you, but if you're talking about me, I was being wildly sarcastic and riffing off of an old Communist slogan. I'm not aware of anyone who's ever said that sincerely, but if someone did it would be hilarious.
That would be a good analogy if we couldn't transfer money online. But, you know, we can.
The whole point of Bitcoin that's been touted in pretty much every thread, hoisted up by Libertarians like a giant flag, is that it's unregulated. And now, they're all discovering why we regulated in the first place.
Not that there haven't been failures, but in the US, bank customers -- as opposed to bank shareholders or investors -- are a fairly protected class.
In 2008(?), Lehman investors were fucked, WaMu shareholders were fucked, but as a WaMu customer I was not inconvenienced in the slightest. My money was safe and I was able to freely access it every day during the transition to Chase ownership.
Now, I don't think that it is fair to compare MtGox to a bank. It was really an exchange for investors to speculate on fluctuations in exchange rates, so in the regulated financial industry you'd probably be just as fucked.
I think the take-home message from the failure of MtGox is that your risks don't just come from the volatility of the market you are investing in. You could lose your money through a crash in the market, yes, but you could also lose your money through the incompetence or malfeasance of your investment partners, through having your password stolen and your account hacked, through losing your private keys, ... If you only consider one type of risk, you will understate your total risk, and not hedge against it effectively.
It's this kind of thinking that really irks me. "Well, my $100 still adds up to $100, so it's all there."
Yeah, you money is there. Maybe it holds the same value as yesterday, or tomorrow. But over time, your taxes will go up, prices of things you buy will go up, inflation will rise, and the spending power of your $100 will become less and less.
Every bank failure, financial meltdown, and economic downturn robs your money of value. When a meltdown happens, and the FED has to prints more money to cover it up, your dollar loses value. When the price of merchandise goes up, because fees go up, because bank insurance premiums rise, because they keep losing your money, your dollar loses value.
It may happen slowly and indirectly, but make no mistake, you are losing you money. The best way to cook a frog is to do it slowly, so the frog doesn't jump out of the pot.
Cash isn't really a reasonable analogy in this case, since it can't be transferred digitally and needs to remain in the custody of the owner. BTC held in exchanges is much more comparable to money in demand deposit or savings accounts.
Exactly how does this differ from the regular banking sector? I can demand 'proof' (whatever that might mean in this case) from Barclays that their books are balanced, but it doesn't mean they'll give it to me.
If Mt Gox has a single deposit wallet for example, we could easily audit how many coins it has.
We couldn't enforce rules, but if some people decided to set up a sort of "best practices" website saying it's "SAFE compliant or something (Sure Against Forged Equalities), in which case beginners guide would be "ALWAYS GO FOR SAFE COMPLIANT EXCHANGES!"
We couldn't punish them but it would allow some sort of feeling of safety(if minimal).
If we can regulate them, so can the government. AFAIU Bitcoin is designed to prevent exactly that, at least in general.
Fully resolving their books would require knowing identities of those entitled to receive Bitcoin from an exchange, as only one example, as otherwise an exchange could simply transfer the right amount to an account under their control and use those Silk Road-style money laundering schemes to transfer it to some wallet they actually care about.
To make sure the outlays went to the customers it's required to know which Bitcoin wallets belong to said customers. Are you going to sign up for an exchange that maps wallet IDs to customer identities for public transparency purposes?
The problem is they also say this about every exchange. It was enough for me to send half my btc to coinbase, but not enough to warrant any real urgency about it. Thus I lost about 7 btc due to this fiasco.
Did you really? I literally don't think I've ever seen anyone recommend MtGox outside of mass media reports, but I might be wrong. I remember seeing online conversations (I think it was either a forum or IRC) from 3 or 4 years ago where the people making MtGox were basically bragging about how incompetent they are, and everyone else was doing a collective facepalm. As far as I can tell, they got a first-mover advantage, which got them into basically every media mention of Bitcoin, which compounded and led to them being the largest exchange for a long time. But my honest impression is that the Bitcoin community has been wary of MtGox for essentially as long as it has existed.
Yes, the old Bitcoin community. But as you may have noticed, bitcoin got a lot of attention over the past year, and probably drew in a lot of users who weren't on that forum 3 or 4 years ago. All those mass media reports weren't immediately followed by warnings from the community to stay away from MtGox, so a lot of new Bitcoin users probably ended up at the biggest (and therefore presumably the most professional and reliable) exchange.
How could MtGox have been so big if everybody already knew for years that it was crap? The community failed to inform the new users about this very real danger.
Because the protocol is broken with regards to tracking transactions and that has been acknowledged. Even the official implementation got it wrong. It needs to be fixed because the workaround just does not scale.
Taken by other people. That's the more interesting note, IMO.
My understanding of the problem is that some people went to withdraw money and due to transaction malleability MtGox thought the transaction failed and resent repeatedly. But the first transaction didn't actually fail and they received their money multiple times.
Whether this happened to a lot of people a little or a few people a lot, and whether they were accidental beneficiaries or intentional instigators will probably never be known. But some number of people received a share of that missing 750k BTC, and I don't recall a one of them posting a "Hey, MtGox just sent me more BTC than it should have" blogpost that ended up here, so that's pretty interesting.
So the BTC aren't missing so much as illicitly redistributed.
This is basic failure of accounting. If you are running a bank, you need to get things to match up exactly.
In a lot of software engineering, Good Enough really is good enough. But a 5 cent discrepancy between what you actually have and what you thought you had need to be treated as seriously as a $5 million discrepancy.
Bingo. While growing up in the '70s, my parents were often small businessmen, or running the business affairs of e.g. groups of doctors. More than one I can remember them spending quite a while tracking down a less than $1 discrepancy in the books they necessarily kept manually, for just that reason. (They moved to doing by computer in the '80s, of course.)
There is no such thing as money without trust of third parties. Transacting under the auspices of a neutral, trusted third party is what money means.
The Fed has the backing of a sovereign power with its own currency and is central to the largest national economy in the world, as well as a great deal of the international economy. If MtGox's earned trust was an apple, you could see the Fed's from space.
If you're using gold as money, then you are certainly trusting many third parties.
Consider; what does using gold as money mean? Are we trading notional gold? Certificates that claim to represent gold in some vault? Obviously you need to trust the issuer of the certificates. Are you using minted gold coins? Obviously you need to trust the mint and more generally the entire financial system that equates those coins with a certain value. (The history of coin clipping, adulteration of coinage, and the results of having multiple currencies circulating at once should show why this is important.) In fact, the only way that you don't actually need to trust a 3rd part is if...
...you're trading a known quantity of gold to someone else strictly for its value as gold. In which case you are actually trading in gold as a commodity; the technical term is barter. It simply does not fit the definition of money.
So now the trust devolves onto the designers of the Bitcoin protocol, the software programmers implementing said protocol, the programmers implementing the operating system kernel that said software runs on, etc. etc. etc.
Just ask the MtGox users about how completely ironclad that trust is. Sure, "transaction malleability" was identified in 2011, but that didn't help the users of MtGox, and the other exchanges had to take corrective action in 2014 as well.
If anything Bitcoin is even worse for the normal user; physical security is much much easier for most of us to grasp and implement. Is Aunt Tillie going to be able to ensure that she never gets too rich, so as to entice a cyberattack to steal all her Bitcoin wealth?
Are you a qualified assayer? You trust the other person is giving you gold, or you trust the individual who tests it.
You trust the system that provides you with an understanding of the relative value of the gold you're holding so that you aren't massively overpaying.
There's a reason Jesus through the money changers out of the temple - they were abusing that 3rd party trust.
You are relying on third parties to accept the gold you receive for approximately the same value you spent to obtain it.
You have some apples, and Alice has some oranges. You would like some oranges, but Alice doesn't want any apples. So you go to Bob and sell Bob some apples for gold. You give Bob a bushel of apples, Bob gives you a bar of gold. Now you go take this bar of gold to Alice and try to trade it to Alice for a bushel of oranges. Alice tells you to fuck off, she doesn't want a bar of gold any more than she wants an apple. Bob doesn't want his bar of gold back, no backsies. No one in town wants a bar of gold, in fact.
There's a big difference between trusting you'll be able to trade something which has historically been valued by a lot of people at a certain amount, and trusting someone won't steal your money, which is generally what people mean when referring to a "trusted third party".
If you do that, you need to store it on your own premises and hand-deliver it. You can't do internet transactions that way. Crucially you can't do credit, which is a practical requirement of most business.
This brings up a point I've never really understood about the hoarding of gold. Why? Let's say there is some catastrophic meltdown of society and money is a thing of the past. What am I supposed to do with the bar of gold you trade me for goods? Rather than assume that everyone's still on board the "gold is valuable and not just rocks" train, isn't it far more sensible to trade goods or services for goods or services? I would think that, in that I am exchanging a thing that I cannot use just so I can later exchange it for something I Can use, I am using gold as money. (Same deal if I trade goods for shoes that are the wrong size or handfuls of scratch 'n sniff stickers.)
Try telling that to the cashier at the local grocery store.
Gold is not generally accepted as payment for goods and services in any culture that I know of (excluding jewelry and metal stores, of course). I'd be genuinely interested to hear about places where you can still take a lump of gold to a store and pay with it.
You can read many Latin works, and find the language taught in many schools. Since it isn't spoken except in a handful of limited contexts, it gets the special qualifier "dead language." Gold is basically a "dead money." Hung onto by various people for historical and religious legacies, but not really suited for modern use.
the Fed is not a third party w.r.t USD. its the first party. the Fed is the entity in direct control of the monetary supply. the Fed is also the entity politically mandated to protect the money supply against inflation and deflation.
... an apt comparison in many ways. If the former fails, the latter is going to be in trouble.
The value of bitcoin is in many ways dependent on the irrational response of people who invest their money in it. Mt.Gox fails and many people are going to lose faith (at least temporarily) and consequently, the value has dropped significantly.
We're talking about an entity which at some point has held more than 5% of the BTC out there.
Funny thing about this argument is that we don't apply it to the rest of the world, and for good reason.
"God look at all the people killed by that airplane attack... let's get rid of skyscrapers and/or airplanes!"
"Man, alcohol sure does fuck over a lot of families, let's prohibit it!"
"That computer-based system led to millions of dollars being lost, we should stop using computers!"
Face it, now the same argument that you would use in support of still using Bitcoin exchanges (presumably run by more competent individuals?) would also work in support of regulated fiat systems (especially those run by more competent individuals!).
A couple of years ago a server management application called HyperVM had a 0day due to some questionable programming, hundreds of thousands of websites were lost along with a lot of money... the next day the creator took his own life. A lot of people are going to be in a very bad position right now (both customers and people inside mtgox), let's hope it doesn't come to that.
There were no suicides associated with the 1987 Black Monday crash. You're thinking of Black Tuesday in 1929, a much bigger event. Even so, nobody jumped out any windows on Black Tuesday -- it was an urban legend. There were a handful of suicides but nothing statistically significant.
I'm having trouble understanding what you think the relevance of that might be. Obviously, when someone commits suicide, that decision ultimately rests on their shoulders and is borne of their experience/history/state/what-have-you. GP was trying to make a broader point about the difference in levels of significance between a catastrophic business fuck-up and the wasting of human life, a conflation that people without family histories of suicide make all the time.
I have zero sympathy for Karpeles or anyone else who screws up like this. The reason this sort of thing happens is either because (a) the perpetrators deliberately set out to defraud their customers or (b) they got overconfident and sold a product/service that they simply weren't capable of delivering.
Operating a financial exchange is a serious business. In purporting to do so, you're taking people's money and promising them that you will operate the exchange honestly and competently. From what I've observed and from the private conversations I've had with people who've had first-hand dealings with them, many of the current batch of hot Bitcoin startups are run by people who don't have a fucking clue but have managed to delude themselves that they can build the Next Big Thing in financial technology by faking it 'til they make it. It's like a bunch of kids acting at being grown-ups - maybe one or two might actually blunder their way to success but the vast majority are going to crash and burn due to stupid, idiotic mistakes that could have been avoided had they been willing to listen to advice from people with more knowledge and experience. Of course, the downside of actually doing things properly is that they don't get the growth/traction that attracts investors' attention. The corrollary is that the startups who do achieve the sort of growth curves that attract investors probably aren't doing things properly, whether by cutting corners, failing to balance the books properly, not focusing enough on security or the 101 other things that can lead to an implosion/collapse/insolvency.
While the founders at least have the excuse of being young and foolish, I question the morals of investors who fund teams that clearly lack the appropriate skills/experience to provide proper financial products and services.
It's the same type of one-way bet that contributed to the 2008 financial crisis. If the startup is successful, the founders and investors exit for millions/billions. If it fails, the founders and investors get to walk away unscathed while the customers end up suffering the losses of the founders' incompetence and the investors' failure to properly supervise their investment.
I fully expect a Silicon Valley-based Bitcoin startup to implode at some point and I would not be at all surprised if the resulting clamour from customers who've lost money is loud enough that the authorities step in to begin regulating the space.
This is just life and death of a business and it is interesting to watch how these exchanges are being removed from the economy, by essentially a Darwinian survival of the fittest rule, the least secure get hacked and taken off line. We lost bitcoin-central, bitcoinica, mtgox on the way but BTC-E is going strong and so is Bitstamp, kraken are doing a good job and so are btcchina. The market does not need regulation. Gmaxwell has suggested exchanges provide an anonymised form of financial data to confirm their liquidity and I know BTC-E have suggested they will do something like that. Of course people may suffer losses along the way and that sucks but you can buy and store them locally and this sort of thing will never affect you.
I sympathize with him and sincerely hope that he comes through this and he finds some redemption.
This was a combination of criminal theft and not merely neglect. We must remember that the loss of these BitCoins themselves (quite possibly) wasn't malicious, while the theft of these coins is most certainly malicious. If you leave your house door open is it morally or legally right for someone to take the opportunity to raid your house and rob it blind? In such a situation both parties are at fault, one for neglect but the other for immoral (and illegal) home invasion and thievery.
But since in this case Mark Karpeles is the only visible figure in this saga, and the thieves will almost certainly never be known, the majority of the vitriol is going to be directed at him. I've criticized him too, and I think this amounts to criminal neglect, but I think that there is a way forward for both Karpeles and BitCoin. I think we (myself included) should tone down our vitriol.
Well, considering the price has been pretty stably above the current point (not stable in general but definitely above this point for months), I think it's safe to say if you had that Bitcoin you lost a potential opportunity to have made a lot more money. The worth is simply what people have been willing to buy at, and that price has recently been quite high.
I think it is safe to say people lost "a potential opportunity to have made a lot more money?" in 1000s of cases. Things are only ever worth what people are willing to pay for them. Just because that price has been high recently doesn't mean it's stable. Someone paid $4,500 for a Beanie Baby once.
So very true if you have to peg that 400mm to a specific exchange rate for another currency.
You can ascertain the value of 1 BTC in your favored currency rather easily given a choice of marketplaces. Less so with 100, or 10000+. Most market-places couldn't handle the volume without a substantial shift in price before your 400mm mark was hit for say, USD.
That said BTC seems to want to reach the type of ubiquity that allowed USD to be a universal currency of sorts during it's heyday. With means to convert in and out being varied from the strictly regulated to the strictly unregulated.
Both were point mistakes, which I think anyone would agree are bad but just huge mistakes. Running what is effectively a bank that loses $400m over the course of a couple of years in a constant bleed is not a mistake, it is negligent.
If the rumors are true and Gox is tanking, I don't think Karpeles can ever adequately feel the aggregate pain that his incompetence in his role has caused MtGox customers. He deserves much worse than nasty internet comments.
There are plenty of entrepreneurs on HN alone who given the resources Gox had could manage to not (unknowingly) lose half a billion dollars due to broken programming in the timespan that Gox did.
And I say this as someone with no dog in the fight.
I'm with you on the first part, but I have a hard time believing that this was solely broken programming and ignorance. I think we are well into the territory of negligence, and I could well believe that we will eventually discover the sort of dubious behavior and/or outright fraud that accompany accidental ponzi schemes.
Not yet (and because some people around here seem to be softer than melted butter, that's not a threat).
Now I'm usually a pretty cold-hearted bastard, and I'll admit that I had very little stake in MtGox (I never conducted any business there), but I sort of agree with the above. Yes, he probably deserves some Internet hate. The problem is that this Internet hate is not likely to be the full extent of the hate he'll get over this thing.
I, for one, hope that the dude hasn't fucked over the entire rest of his life.
Karpeles is as much at fault as his customers. I remember back in March 2013 there was some serious DDoSing happening to Mt. Gox (which they couldn't handle). I decided right then and there to take all of my funds out because I knew that if they were not competent enough to successfully stop a DDoS with the resources they had, then they clearly would fuck up at a later time. And the time has come.
Seriously... all of you people are acting like Bitcoin is the world reserve currency or something. This thing didn't even exist 4 years ago.
If you're gonna invest in something like Bitcoin, then you better know your shit; cause shit happens.
This is whitewashing because this isn't the same thing as a company failing. They (likely) stole millions of dollars (equivalent) from a huge base of customers. That's not the same thing as losing money for your investors, which is effectively what happens when a business actually fails.
Still, anyone who didn't think that bitcoin is incredibly risky (with a high upside) was living under a rock, There are best practicies when dealing with a risky asset such as BTC, and they're really not that hard. Speaking of which, I should probably get around to implementing those best practices myself =D
Yeah...the only money I've personally put into any cryptocurrency has always been with the understanding that it may either be worth nothing tomorrow or could be lost in an instant. (But I also don't store my coins in an exchange, so that helps.)
You can claim people should be nice, but most start-ups that fail spend investor's money and those investors KNOW their money is at risk. Nobody expects that their money is at risk when you put it into a savings account. Crypto-currency exchanges and wallets should be the same way ... perhaps it's not as safe as putting it under your mattress but close.
So in the business world, you have a responsibility to your customers and most sane companies carry E&O insurance to cover the unforeseen mistakes that they might make. It doesn't cover incompetence or negligence in many cases, and I'd classify what happened with Gox as criminal negligence.
Karpeles might in fact be sad, but I guess I just respectfully called him a criminal. Those with more "skin-in-the-game" are going to want to extract as much of their money as possible from him ... I'm afraid he's going to get sadder.
You are ignoring the fact that he has been straight up lying the last few weeks, and in my opinion, he still is. He said that they were aware of the bug for quiet some time, and yet had enabled automatic re-issuing of failed withdrawals. Do you think that is what really happened? They just got an excuse to steal coins on a massive scale!
No man. The blockchain man, the blockchain. It's out there. We got this. The question could be that once they find out the who or who's, and those people are riding pitchfork style, around Bittown, who's going to be in charge of liqudating assets and sending pennies on the dollar back to all those quasi-anonymous folks saying the fiat is theirs?
Oh, and what about when we find out that suspect 1 might not actually be the culprit? Oops. YOLO.
Is there not an interesting question in, assuming coins could be recovered, what laws, in what countries, will cover them, and what value would they have if the 'currency' has no value? Do people want their BC back?
Looks like a bunch of people are praying to get out of bitcoin at 550 right now. If that aspiration thinking fails and people eat through the standing buys around 400, the next stop is 400, where panic will kick in and, maybe there's a pause at 100.
I should totally invest all my savings into speculative stocks. A first wave of gried ate through 550 and accelerated into 500 which ran to 400, where a wall of buying kicked in. That triggered a run-up. Not enough selling to breach the support point there. Fare thee well bitcoiners. Fare thee well.
On some level, if you lose many life savings worth of wealth through what I can only assume was gross negligence and incompetence, you should expect the hatred. It's not like you can lose hundreds of millions of dollars -- or even tens, for the pedants who want us to take the integral of the value through the buy side of the order book -- through an honest mistake. He deserves the infamy he's getting.
The point is that these people are people - have some compassion.
I failed in my last startup, fairly publicly, and got a fair amount of internet hatred, and suffice to say I was not a happy bunny. But I didnt fail with remotely the publicity this got - I can't even imagine what the mtgox people must be feeling.
If you misled people into thinking you were solvent and kept taking their money when you knew you wouldn't be able to pay it back, or if you took grossly unacceptable risks with that same money, I'm glad you were unhappy. I doubt that's what you actually did though, and you are reacting to this story out of a kind, admirable, but entirely misplaced sense of compassion for someone whose wrongs are entirely unlike your own.
People who commit fraud deserve no compassion. Failing and stealing are vastly different things. Gox didn't just fail, they tried to hide it and have done nothing to deserve a single lick of compassion.
It doesn't matter how much hate we pile on. Prosecutors will pile enough hatred on Mark et al for us all. The fact that they just shut down and have vanished with hundreds of millions of dollars worth of assets that don't belong to them is going to bring the legal equivalent of hellfire and brimstone down on the heads of everyone involved.
They could have handled this far better, and maybe avoided some of the major problems they are now headed for. Now, unless Mt Gox suddenly reappears with an explanation, they are in for a very rough ride.
I respect your position on HN but I cannot disagree more with you on this one.
You sound like you just finished watching "thank you for smoking". The point that "he is a humanbeing" sounds like "what difference does it make" or other distraction that we are supposed to buy in order to feel less angry for his choices. Yes we are all human beings and im not sure how that helps in this instance. Maybe he should have thought of clients coins where platform continued to deliver slappy code and as a result, crashed?
I took all my coins out long time ago after seeing multiple red flag. But nothing pisses me more than this perfect situation. Any gov burocreat from a three letter agency is happily partying right now because there were waiting for something like this to happen. Mtgox will go down in the history, i dont care. Hope those sloppy pogrammers wont find their way into rocket engineering, traffic systems programming, airplains software programming or similar. But sure the gov will make a perfect example out of it and that gives them ammunition to try to regulate the market again.
You say "we all fucked up at some point". And you right. Just like one could assume most of us dui at some point. I did. Once. I drove very carefully, nothing happened and i hated myself for it for many weeks afterward as of how stupid i was. But still, i wont have much respect for someone else who drink and drive continuously and one day crashes and kills someone.
Your advice for specifying that he give an explanation for his edit generally goes above what most people do when they edit posts.
So I am assuming you are probably someone who applies that same sensitibility to writing descriptive commit messages, because similarly to people editing Internet posts/comments without specifying what they changed, many people leave very vague or meaningless commit messages.
I am not aware of any indication that this was a ponzi scheme. Saying that it was, without evidence, is misinformation.
The loss of coins was unintentional on the behalf of MtGox. It may have been stupid that basic abc123 auditing would have probably revealed that there was a problem months/years ago, but evil has not been shown at this point in time.
Ponzi schemes are a form of fraud, sure, but the particular kind of fraud under discussion shares the key features of a Ponzi scheme, since its sustainable exactly as long as there is a sufficient net inflow of money from the outside to cover the money being extracted by uncontrollable losses.
The only difference from a traditional Ponzi scheme is that in such a scheme the extraction is to the fraudsters pockets, rather than to the fraudsters incompetence.
> No it doesn't; the key feature of a Ponzi scheme is intentional fraud on a phone investment that doesn't actually exit.
Assuming the description of this as being a loss that, however unintended when it first started occurring, was known, concealed, and papered over by using other funds, it was an intentional fraud from that point on a phony investment that doesn't actually exist.
> Bitcoin has nothing in common with a Ponzi scheme
That may be true about Bitcoin, but not about the scenario proposed upthread about what was going on at Mt. Gox. They aren't the same thing.
Again still wrong. Exchanges aren't investments; users aren't promised returns, they in fact expect that the chance of loss is high.
Just because fraud occurs does not a Ponzi make. Seriously, just stop repeating this complete nonsense. Ponzi schemes are very specific things and neither the Gox situation nor Bitcoin are Ponzi's in any way.
> Exchanges aren't investments; users aren't promised returns, they in fact expect that the chance of loss is high.
They expect the chance of trading losses is high, they don't expect that the loss of balances on account is high (in fact, they are generally promised that, except for specified transaction fees, such accounts will retain their value.)
There's a slight difference from what goes on in a traditional Ponzi scheme in that the former promises a positive return which is only met for as long as external funds come in to cover the returns (plus the funds being extracted by the fraudster) where the suggestion about Mt. Gox is that their Bitcoin accounts were promising a zero return, which could only be met for as long as external funds were coming in to cover the BTC being stolen. Which isn't strictly the same thing as a traditional Ponzi scheme, but is a very closely related form of fraud.
Note that I'm not saying this is what happened at Gox -- I have no way of knowing that. But what has been suggested is very much like a Ponzi scheme.
That's not a slight difference, that's a fundamental difference. Lacking a promise of a positive return and lacking a fake investment opportunity, no fraud can be classified as a Ponzi; it's simply fraud or theft. There's absolutely nothing Ponzi like about this Gox situation; nothing. Ponzi's require both of those elements, they are the definition of what a Ponzi is.
Ponzi Scheme: a form of fraud in which belief in the success of a nonexistent enterprise (the definition) is fostered(i.e. the mechanism) by the payment of quick returns to the first investors from money invested by later investors.
Many valid things use the mechanism of new money paying out earlier investors; that alone is meaningless and not a defining trait of Ponzi's. All insurance also does this. A ponzi is literally "a form of fraud carried out by the belief in the success of a nonexistent enterprise"; that's it.
MtGox was usually advertising the highest exchange value for Bitcoins, and it most recently was advertising fire sale level exchange rates on Bitcoins.
Once they severely restricted/shut off withdrawals, they were no longer an "exchange". People were no longer investing in Bitcoins facilitated through an exchange, they were investing in the exchange allowing withdrawals and making good on the promised high Bitcoin to USD values or low USD to Bitcoin values. All the time they were telling people it was a technical problem and they would make good on transactions. Given how insolvent they were, this had probably been going on for a significant amount of time or they just never had intentions of making good. Allowing deposits to continue despite the issues they faced was unscrupulous, and I believe it was likely a way for them to try to collect capital to make good on the "top of the line" and "bottom of the barrel" exchange rates that they had promised their customers, which they simply could never fulfill.
MtGox was not a normal exchange. The MtGox Bitcoin was essentially a separate entity from a regular Bitcoin. The MtGox Bitcoin was offering higher than normal rates of return. This encouraged investors to pump in new capital, which was used to cover previous expenses MtGox had accrued. They then would pick and choose who they would allow to cashout at a high rate of return to keep the ruse going for an extended period of time, while making excuses to others. This worked until the Ponzi scheme imploded. I know you don't like that word for MtGox, but the fact that it may have been a legitimate exchange at one point does not prevent it from turning into a Ponzi scheme at a later date.
I'll admit that not all the facts are known, and my conclusion above is essentially hypothetical based on the information known at this time. Perhaps when if we ever get access to internal communications within MtGox, we'll know the truth. Even pleading incompetence does not mean that the operators weren't unknowingly running a Ponzi scheme.
Sufficiently advanced incompetence is indistinguishable from malice.
That is to say, at the end of the day, does it really matter if this happened because Karpeles is an idiot or because Karpeles was malicious? No, the end result is the same, and possessing and wielding that shear amount of idiocy is no more excusable than just being malicious.
There's really one spot where it matters: I think that when we fail to distinguish adequately between idiocy and malice, we begin to fall into the trap of seeing all catastrophes like this as malicious in hindsight, and consequently lull ourselves into assuming that any future catastrophes must also stem from malice.
The end result being, we hinge huge decisions on the question, "Do I think this person might actually try to hurt me?" without giving adequate attention to the question, "Does this person possess sufficient competence to reliably avoid hurting me by accident?"
Not just in finance. The issue seems to come up in health care quite a bit, too. Do you really want someone who doesn't fully grasp the germ theory of disease sticking sharp objects into you after previously having stuck them into someone else? The occasional outbreaks of hepatitis associated with acupuncture suggest this is a question we might want to spend more time thinking about. Instead, we tend to not get past worries (including legitimate ones) about whether or not Big [insert_big_thing_here] is trying to hurt us.
No, that's a different type of fraud or downright incompetence. A Ponzi is when investors who are expecting positive returns are intentionally paid with other investors' money. That's not what happened here. Exchanges don't offer investments.
They are insured in the US, but that's a relatively recent development. Before 1934, when your bank failed, you lost your money, which was why there were runs on banks during financial panics (1929, for example). But it is important to note that there is nothing special about a bank that makes it insured. You could set up a bank that is not FDIC insured. Maybe offer people a higher rate of interest the entice them to come. You can set up a brokerage that is not SIPC insured, too.
If MtGox were managing real money or stocks, and did what they are alleged to have done, I expect there would be some jail time. I doubt it's worth the Japanese government's time to criminally prosecute a few million dollars of new, unregulated currency-equivalent, but if they do prosecute, I'm guessing there is a serious risk of jail time here.
Depending on the nature of the risk, yes, that might be enough insurance.
Bank deposit insurance is fascinating: it largely exists to prevent bank runs, which are caused by people believing they won't get their money out. Having any insurance means that people have less reason to believe there's a chance they won't get paid back, which decreases the probability of a run on the bank, which decreases the risk associated with the insurance, which decreases the amount of insurance needed.
considering the time spans and number of countries, that's not actually that bad. Sure, there have been many other less famous examples, but the thing is that hyperinflation and currency collapse is actually quite rare. A lot of bitcoin boosters seemed to be under the impression that it was both inevitable and frequent. Also, this list is strongly correlated with catastrophic economic/political problems, as opposed to countries that were rolling along just fine until a sudden monetary-policy mistake.
I don't think there is any meaningful dichotomy between "external" and "internal" anything with regard to a currency. If an "external" asteroid hits a country and destroys all the users of a given currency, it goes to zero, but that is a meaningful measure of the value of the "internal" exchanges that are going on as valued in that currency.
This is the very reason why Bitcoin needs to policed from a decentralized standpoint. I don't know much about the logistics of crypto-currencies but from my understanding there are public/private keys involved.
It should be possible that one can blacklist their own bitcoin address by using the private key. This way at least crooks cannot make off or use the stolen coins. Do any more technical Bitcoin fanatics have any thoughts about this?
And even now, that is not a valid criticism. There are many successful businesses who have started in fields only tangentially related to their final form. There will undoubtedly be many postmortems on what happened, but card trading will have very little impact on what happened.
I think the point is that a card game has nothing to do with a currency exchange and the same sort of skills you would need for one don't translate into another. We're talking about software we want to deal with a lot of people's money, the impact of a trading card game platform making a big mistake vs a currency exchange is much much different. I think the very real criticism is you might be willing to risk having a business that isn't necessarily super organized or secure deal with trading cards but not with your money.
The talent and quality I would want to hold each to are on completely different levels, and seeing someone pivot so frivolously from one to the other should really give you pause. A pivot rarely involves completely changing the type of business you're dealing with in the first place, the product might be completely different or the customers you're going after might change, but it usually is on some level related to what you started out doing. Because theoretically you're drawing on some experience or insight into the general sector you start a business in, not choosing something that you think might be cool but are not qualified to run or manage and potentially loose people (investors and consumers) a ton of money.
I really, really think this is a Silicon Valley bias. You all have had pivot! pivot! pivot! Nokia used to make tires! drilled into your heads to the point that the very idea of questioning whether a team is up to a challenge has been driven out.
Sure it is. It was unlikely that they had real financial controls. I never would have trusted them with money, but thats just me. Everyone in finance knows if there is no custodian then well, you will not have your money for very long. The only real question is will people who withdrew money be subject to clawback...
There doesn't seem to be any information about trading cards at that link. If you are making the claim that they lacked the technical foundations to generate a major currency exchange, then I daresay you are correct. That does not necessarily follow from formerly being a trading card business.
Is it Magic the Gathering specifically that you object to? If they were in the Hanafuda card business would they have had a better chance in a more technical field.
If you are making the claim that they lacked the technical foundations to generate a major currency exchange, then I daresay you are correct.
Is it Magic the Gathering specifically that you object to?
People are only pointing to the likely incompetence of someone who starts off writing a card exchange (unimportant) and switches to a currency exchange (important and hard), says 'PHP can do anything', and wants to rewrite Bitcoin clients, an SSH server, a DNS server, and mail servers in PHP and then use them in production. That is all.
Content is probably still hosted at kalyhost.com accessible via this SSH server written in PHP, probably with multiple vulnerabilities he doesn't know about.
> People are only pointing to the likely incompetence of someone who starts off writing a card exchange (unimportant) and switches to a currency exchange (important and hard), says 'PHP can do anything',
> In late 2006, programmer Jed McCaleb (eDonkey2000, Overnet, Ripple), thought of building a website for users of the _Magic The Gathering Online_ service to let them trade cards like stocks. In January 2007, he purchased the domain name 'mtgox.com', short for "'Magic The Gathering Online' eXchange"; sometime around late 2007, the service went live for around 3 months before McCaleb moved on to other projects. He reused the domain name in 2009 to advertise his card game _The Far Wilds_. In July 2010, he read about Bitcoin on Slashdot, and decided that the nascent Bitcoin community needed an exchange for trading Bitcoin & regular currencies; a week later, after writing an exchange website, he launched it while reusing the mtgox.com domain name. [etc etc]
I know little about Bitcoin (and its community) so please correct me where I'm wrong:
If MtGox can publish all stolen Bitcoin, would it make it impossible for whoever with them to use them? Although Bitcoin is not regulated, stealing them still violates laws right? And since everything is kept track by the entire Bitcoin network, whoever uses it can't keep anonymous.
Stealing them may or may not violate laws - I'm not aware of an explicit precedent for this kind of "virtual property", but courts tend to look at intent, so if people treat them as coins and you treated what you were doing as stealing them that probably counts.
Yes, the community could agree they won't accept the stolen coins. But for most bitcoin people the whole point is to avoid regulation. I mean, the primary use for bitcoin is buying drugs - if you start blacklisting coins that were stolen, why not also blacklist coins that were used to pay for drugs, which is also illegal?
The basic cycle of the bitcoin economy is: drug user buys bitcoins for cash from someone who has them (either a drug dealer or one of the early "miners"), user buys drugs from dealer with bitcoins, dealer sells bitcoins for cash.
Is the user (who's already breaking the law) going to refuse to buy stolen bitcoins? Maybe, but if they're cheaper I'll bet they'll find a buyer; is every user going to check the blockchain history?
Is the dealer, who again is already breaking the law, going to refuse payment in stolen bitcoins. Maybe, but that sets a bad precedent for themselves. Maybe they'll charge a higher price for those bitcoins. But I suspect most of them won't care.
Done correctly, mixing N together means a strict 1/N chance of getting the source correct, and being more certain is impossible.
Trivialized example: a friend and I split a single bitcoin each and send half to address A and half to address B, and we each control one address. Who owns A and who owns B? If A is used to buy something, am I the buyer or my friend? Since the private keys are generated offline, the fact that two sources sent to both A and B is all the information that exists. I've "tainted" both addresses, anyone can see that, but that's all.
But even when done correctly, odds are you still expose your identity through your use of the coins in the future. So you run through a random number of mixers, and then you behave extremely carefully, since there's some taint to everything and someone could be watching any of a billion addresses for signs of you (shipment to your house, for example). Given enough connections, you can get pretty reasonable probabilities and start forming deeper and more confident paths.
Aren't there mixing services that completely sever the connection to you?
i.e. Me and you both want to launder coins, so through this mixing service we essentially swap coins. Now my spends get traced to you and vice versa (obviously this works a lot better with more people involved)
Its too early to say how this will go down in the end for Bitcoin (lawsuits, public policy, pricing, etc), but it certainly is a dark mark. Somewhere between management woes, terrible communication and technical ineptitude will make this a case study for the future for what not to do on all fronts.
All businesses have risk, but it would appear they took an amazing opportunity and squandered it entirely. To be at the forefront of an opportunity like this, and then to screw it up royally for yourself, your users and the community at large is simply tragic.
So MtGox is basically confirming, that some online criminals have accumulated at least 6% of total Bitcoin market capital?
Not to count the drug dealers, cryptolockers, etc. The banksters are bad, but this kind of stuff isn't good for wider adoption. "Hey, invest in bitcoin and watch how the deflation will boost your friendly local crime empire!"
1) unlikely, since cascading bank runs are usually a result of fractional reserve banking. Depositors in a collapsed bank are unable to pay off loans in another bank, causing collateral damage to this other bank.
2) do other exchanges have security issues? Yes. Are they vulnerable? Only time will tell. I would take Mandelbrot's modeling of insurers (banks are "insurers" of sorts) in "the (Mis)behaviour of markets" to heed: Collapses are levy-distributed with fat tails (infinite variance) so they will happen more frequently than you think, especially if you are operating with a model that uses the normal distribution. Best practice is to diversify.
3) I doubt it. ADDENDUM: But in a rational world this incident (might take a bit of time for the market to realize this) should actually INCREASE confidence in BTC, since a large, irresponsible player was knocked out, and the rest of the players on the field have a net higher level of responsibility (for now).
Bitcoin exchanges will have a run - they resemble fractional reserve banking, because all exchanges dont have enough USD (or other currency) to cover every bitcoin that people might want to trade thru the exchanges (that could be every single bitcoin in existence).
This obviously results in the crash of the exchange rates, and probably a reduction in the usage of the currency as well. Getting paid in something that has little use of it's own doesn't help you.
Now, on #3, you said "in a rational world"... But this isn't a rational world, so the rest of this sentence doesn't apply.
The reality is like loss of confidence is very powerful, and it could, as the document noted, destroy BTC for the near and possibly medium term.
That's the problem with mtgox - there was a divorce of BTC and mtgoxBTC account values, and that divergence, due to poor accounting/theft/whatever ultimately lead to a situation where mtgox is now acting like a fractional reserve bank.
In theory everything at mtgox is fine, UNLESS everyone want their real BTC back now, aka bank run. As long as people just trade between mtgoxBTC or only withdraw in reasonable amounts, it might be ok.
But that won't happen, because of the expectation of full BTC convertibility, people are freaking out and wont cease to freak out.
There are so many parallels between the gold-backed currency and bank runs in that era. Just rumors, or facts of insolvency and inability to produce either specie or gold for deposit values could drive a run and that would be that.
All that annoying bank regulation is there for a reason. It's a good thing we don't have bank runs anymore. Right? RIGHT?
1) agreed, but that run doesn't necessarily cascade to another exchange. If the value of btc collapses and people make a run on it, those other exchanges will likely be able to cover the bid/ask spread in any case because by and large they are merely mediating exchanges of $/btc that other people are holding.
3) the 'rational world' was meant to apply to the rate at which bitcoin recovers. In a rational world it would be instantaneous, we're not. It's certainly possible that bitcoin will go to zero as a result of this, but I treat that as a separate case. If you think that bitcoin will survive in the medium-term, my point is the resulting value should be higher than before Mt Gox. In a 'rational world' everyone would figure this out tomorrow, for certain values of irrationality it takes longer for this to suss out, and for extreme values, it goes to zero too fast.
An exchange shouldn't be able to have a run, unless their assets are less than their deposits. They don't give you BTC or USD at the spot price. You buy the one you want from another person, and then you withdraw it from the exchange.
Bitcoin and USD are not the same thing. Bitcoin exchanges need to have enough BTC to cover any accounts in BTC. They only need to have USD if they also have accounts in USD, which I suspect they don't.
If nobody wants to exchange your BTC for USD, then the value of the coin collapses, but not the exchange.
> Bitcoin and USD are not the same thing. Bitcoin exchanges need to have enough BTC to cover any accounts in BTC. They only need to have USD if they also have accounts in USD, which I suspect they don't.
If they are going to function effectively as exchanges where BTC can be traded for dollars (which necessarily implies trading dollars for bitcoins), they have to maintain both BTC and USD denominated accounts (which is why, indepedently of the treatment of BTC under applicable laws, they generally are subject to whatever the local equivalent of money service/trasnmitter laws are, because they have to maintain and distribute funds from fiat currency accounts.)
a) Contributes some sort of additional benefit on the part of the computations being performed, e.g. seti@home
b) Backed by a physical medium such as gold
c) Very anonymous as opposed to public
I think the future will involve many different crypto currencies. There could be compelling business reasons for a company to issue their own currencies.
For example, lets presume there is a cloud AI brain. You can send inquiries to this brain for complex questions you have. This AI is composed of the miners. Like BTC you either can purchase to "AI Coins" or mine them.
In this respect the crypto currency could create its own self-sustaining entity with a real value. Yet it would not really owned by anyone. If the currency got too expensive, at some point you could have a competitor and the prices would balance out.
Speculators can fuck themselves, in the literal sense. For example, the dot com/domain name market had a handful of people buy up most of the good generic domain names. They parked them and earned pay per click revenue from Google and Yahoo. Google realized how much traffic was coming from "direct navigation" and basically put an end to type in domain traffic (and arguably consumers were trained to go elsewhere.) Had these domain names been developed in to good businesses rather than sat on, we would actually expect to see a good web site behind (insert keyword).com. When Google started hijacking the browser there would have been many more complainers.
BTC and other crypto-currencies right now have an outsized proportion of speculators verses those who are actually doing things. When prices rise, you get rich just by buying. Why devote any of your work to anything other than buying?
Right now the best thing that can happen for BTC and crypto-currency is for people to build software that uses it and actually works. Marketing is just painting the same thing over in a new color.
Please stop spamming your copycoin. Doge offers nothing new other than the picture of a dog. If you think more coins is better (whatever that means, for an infinitely divisible currency), you might as well just used Infinitecoin or whatever.
Nice, anyone who disagrees with you is a spammer? (And it's not "mine"; I'm not involved with or holding any cryptocoin)
It's not about the number of coins, it's about how the number changes over time. I think bitcoin's regressive, pyramidal exponential decay is a very bad thing. I'm much more willing to support a currency that has e.g. a constant mining reward/year. Doge is the only one I'm aware of that departs from the bitcoin model.
Maybe you should try making a positive contribution rather than just throwing insults? If there are other altcoins offering better production models, what are they? (Not that it matters when none of them have the popularity of doge)
So the OP is down, but if black hats truly made away with 700k BTC, they control some 700000/12440000 = 5.6% of existing bitcoins. If that's the case, is the original bitcoin blockchain really worth continuing?
At this point, the timeline of events greatly suggests that Mt. Gox's initial announcement of withdrawal freezing was the point at which they were officially dead. If the insolvency document is true, over 700,000 bitcoin was stolen, due to a bug in their cold storage (likely, it wasn't truly cold, but automated filling a hot wallet).
In the last two weeks, they were probably attempting to see if there was any way to reverse or mitigate the damage. This is the point at which they have determined that there is no 'out.' They have no where near the amount of bitcoin required to even service withdrawals.
Edit: http://support.mtgox.com/ now shows that their Zendesk account has been terminated (a new account can be registered at that address).
Yes, but in return you are learning a valuable lesson, which is that "loose" spells the word that means the opposite of tight and the word you were looking for is "lose", which is the opposite of win or gain.
Yes, they seem to be gone, but the leaked document  shows that major stakeholders plan to inject coins back in to cover losses, and to run the new Gox.com so that it's profits go to stakeholders with losses.
The "Strategy Timeline" page says "50% covered", which sounds to me like the other big exchanges think that between bailout and arbitrage they can cover that amount initially, and hopefully earn the rest back over time. I could definitely be misreading the document. Take a look yourself. And of course, the best laid plans often go awry....
How this plays out will be very interesting. Sure, I've studied bank runs, and currency events in school, but to actually see it as it happens...I hope economists are paying attention, there could be some awesome research coming out of this whole event!
It's probably more likely that many employees were oblivious to the insolvency. As long as everyone's accounts were "credited" as they should, regardless of the soundness of their cold storage accounts, it would appear as though everything was fine.
Perhaps in theory the agreement is still meant to be honoured, but in practice if the agreement was with an organization that no longer exists (0 employees), who would initiate legal action to enforce the NDA? I have no experience in this area, but can't see how the NDA could be enforced by a dead organization.
A competitor does not get to put out a statement and declare a company dead. That's laughable.
The company itself can't even do that, it needs to unwind positions first at a minimum. It can take years to shut down a "dead" company, and until then all NDA's and contracts remain valid (although potentially unenforceable).
To me this demonstrates how powerful first mover advantage can be. Gox was showing cracks in the hull (actually more like gaping holes) for months and months. People have been repeatedly warned not to touch Gox with their funds. Other, more professional (so far) exchanges popped up. Yet people very much still used Gox. Were they ignorant, lazy, or stupid? I wish everyone who lost could get their money back, but it's really hard to have sympathy here.
Wow just watched this video of Kolin Burges from London who flew to Tokyo to find out, face to face, if he could withdraw his Bitcoins from Mt Gox. He makes an accurate prediction at the end, but this totally sucks for BTC. I was pretty optimistic about the future of it, but this is a pretty big speed bump.
I do believe Mark Karpelès' LinkedIn Summary is due for an update:
"... I have a long experience in company creation, and experienced almost any imaginable kind of trouble. Now is the time to create something that will be solid enough to handle any situation, anytime."
Everyone on this thread is being way too nice about this guy. He deserves to go to jail for a very long time.
He knowingly took money from people even after problems were discovered, and said nothing about it. And after the implosion he has still not fessed up to the truth! He deserves what he gets. I'm sure a movie will be made about this debacle st some stage in the future, but this chap doesn't get to become a motivational speaker in the end.
I'm curious if this will create a run on bitcoin or not? All of the funds from MtGox have in theory already been lost. There may be some fear that other networks will follow, but it may be rational that the price would remain level as one failed bank does not equal a failed currency.
BTW, why all this "you lost your coins" talk? if you have valid, in any way documented claims against MtGox, you should be able to sue and get some form of compensation... unfortunately, the unregulated nature of Bitcoin, the fact that the company might not have any property... ah, forget it.
edit - basically, MtGox lost money. for it's users, there might be a chance to get something back.
Sorry. I know the magnitude of Madoff's scam. I accidentally a word or two. What I wanted to write was something like, this would be the largest successful fraud (=no one goes to jail). Mt. Gox seems to have convinced everyone that "a hacker" took all the money, and now the insiders can retire to a non-extraditing country somewhere.
There is pretty much no place on the planet where any "industry" is so unregulated that depriving people of their property without consent, or by false pretenses, without special legal privilege, is not illegal.
The applicable laws aren't industry-specific regulations.
Please. That's not even the biggest fraud in my country (Portugal). In 1925 we had a group who printed 1% of our PIB in fake notes. Just in the 21th century, the state spent 12 billion dollars to bail out the creditors of a bank that was essentially a fraud machine.
TARP was only about 250 billion and it's been repaid with interest. It was neither stolen nor given.
If you're including various stabilization programs the Fed put into place, that money was neither stolen nor given either. It was created using sovereign authority that is granted to the Federal Reserve by law.
The citizens of the US would be immensely poorer today if the world financial system had collapsed into a second Great Depression.
>The citizens of the US would be immensely poorer today if the world financial system had collapsed into a second Great Depression.
If the only alternative to bailing out the banks was sitting on our hands, then yes. That's like arguing that if the fire department hadn't put the house fire out with Gatorade, the entire block would have burned.
>If you're including various stabilization programs the Fed put into place, that money was neither stolen nor given either.
Loans with below market-rate interest are giveaways. If you don't believe me, just loan me two trillion at 1% for five years. Or rather, just buy two trillion worth of treasuries for me, and send me the interest in excess of 1%.
I agree there were better options than TARP and its related programs to deal with the financial crisis.
I just don't think it's accurate to characterize the bailouts as theft (or "rape", as has another commenter), and I don't think inaction (and the subsequent collapse of the financial system) was an acceptable option considering the massive pain and privation it would have caused.
But not market rate interest, which was about infinity for the banks that accepted loans, because they were completely insolvent. And do we get to include the spread between the actual worth of all of those shit bonds we have been purchasing from them and the par prices we have been paying?
You can see that over the past months there has been tons of large transfers out to addresses (https://blockchain.info/address/1pnHxHzRQ1uE4rH9KtxYKhVDic2S...) that end up splitting up into tons of small addresses, all of which has never spent a dime. From the look of it, it seems that a huge part of the total 782,558 BTC going through the address has ended up in tiny addresses which has never spent any part of it. Are there any other plausible owners of such an account?
I've been following this story for a while, and it seems that no one can say for sure if this is embezzlement or gross incompetence. Based on leaked memos it seems to be most people are learning towards the latter, but I'm curious if there's any evidence either way.
Based on the claimed transparency of Bitcoin, I would have expected embezzlement on this scale to have been noticed earlier, or at the very least have people be able to follow the Bitcoin trail to determine what is actually happening.
All the transactions that go to mtgox are spread out over blocks that go back for years. It's only useful to reverse the most recent block(s). This is because blocks are made up of transactions. You can't just cherrypick them out, and each block needs the previous unchanged.
Frankly I am surprised so many people in this community were so incredibly stupid and blind about Gox. Months and months ago when I was deciding to get into BTC I researched the exchanges and people were complaining about difficulties withdrawing from Gox. I just had this instinctive feeling that it was a big red flag and I would rather deal with a regulated albeit slow broker (Coinbase) where I can actually get my money back.
I read a few of your other posts about BTC and your investment. Kudos on the honest reporting of your motivations and hopes regarding BTC - it was interesting to read them, whatever you think of Bitcoin.
This is the best way to take this sort of loss, and hopefully when you think of it over the long-term you have not lost a significant amount of money. At this point it's better to write off the loss as a lesson learned and move on with other things.
In the event of recent news reports and the potential repercussions on MtGox's operations and the market, a decision was taken to close all transactions for the time being in order to protect the site and our users. We will be closely monitoring the situation and will react accordingly.
If 700,000 BTC were really stolen over a long term, the people running mtgox must be complete idiots. How hard is it to occasionally add up the amount in the wallet and compare to the customer DB balances?
You would think this would be done hourly (if not, at least daily) as part of sanity check / auditing process.
Actually, they do - courts award damages for loss of life all the time, and calculating such economic loss is a basic skill of practicing tort law. A person's life is almost always infinitely valuable to the individual in question, but for everyone else it's surprisingly calculable. A gloomy business, but a necessary one all the same -life still goes on for the survivors, and at some point accountings are made and people move on.