Hacker News new | comments | show | ask | jobs | submit login
MtGox.com is offline (mtgox.com)
587 points by cjbarber 1424 days ago | hide | past | web | favorite | 521 comments

It's really easy in all of this to pile a bunch of hatred on Mark Karpeles, but please, everybody remember that he is a human being, with real human emotions, and that those things really do hurt.


MtGox was (past tense is probably appropriate here, but for the sake of anybody who had coins there, I hope not) a startup that failed spectacularly, and publicly, and took a TON of peoples' money with it.

The transaction malleability thing was poor programming on the part of gox. Remember that we have ALL fucked up at some point, just luckily for most of us, "fucking up" doesn't mean losing than much of other peoples' money.

Mark, I doubt you read hacker news, but if you do: it's alright, dude. You bastard.

There is no fucking way 700,000 BTC disappears with nobody noticing. This must have been building for a long time.

Was there never any attempt to compare BTC in wallets to customer balances?

Or did MtGox know about this problem, and hope to cover it up over time?

Either case is at least gross negligence if not criminal fraud.

Yes, we all fuck up at some point. But I don't pretend to be a surgeon and perforate a patient's aorta. Pretending to be competent to gain people's trust is fraud.

I sympathize with those who lost money in this clusterfuck.

No sympathy for Karpeles.

Most people who've been around bitcointalk and bitcoin-otc know not to use MtGox since circa 2011 when their stunning incompetence was at it's height. Sadly there were plenty of media shill articles when Btc skyrocketed to $1,000 last year who were promoting them as the "Biggest Bitcoin exchange" without pointing people to relevant bitcointalk threads on what a nightmare that site has been over the years.

If you read MagicalTux's personal blog you'd know to never trust anything he's coded too. http://blog.magicaltux.net/2010/06/27/php-can-do-anything-wh...

I clicked through and thought you were being too harsh. I mean, it can be fun to make toy implementations of things as an exercise. Doing an SSH server in PHP would be entertaining if you liked PHP. You'd learn something.

And then I read that his hacked-together-in-3-days ssh server was for use in production. In a hosting service.

Wow. Just wow.

> And then I read that his hacked-together-in-3-days ssh server was for use in production. In a hosting service.

That sounds like a brilliant technical guy, capable of running with a daft idea to completion (unlike me, with my collection of at-best-half-built personal projects), who should have some layers of protection between him and Real World Production...

That reminds me:

"Now, people who Get Things Done but are not Smart will do stupid things, seemingly without thinking about them, and somebody else will have to come clean up their mess later. "


I think it's different.

Inexperienced (young) programmers don't know what's been tried, and what's available. I've been dealing with this a lot at work recently, where we ended up doing poor reimplementations of off-the-shelf stuff due to a mix of ignorance, and honestly, a bit of hubris.

It's a good attitude to have in academia/non-production critical work, but the GP is right, production demands a more conservative approach, especially when money/safety is at stake.

The type of ignorance Joel writes about (see parent) is different, it's more like "slavishly following design patterns" and "writing copy-and-pasted, improperly factored code". Both are ignorance, but the first is better called "NIH", whereas Joel's is, "writing bad code".

The part of "running a SSH server that you wrote in PHP in production" that is scary is not the "in PHP" part.

It's the "that you wrote" part.

No matter what language you write it in, you are going to mess something up. The OpenSSH guys have messed up working a lot smarter and more diligently and with more time than you have.

This is so very true, OpenSSH is probably one of the most secure pieces of software around. It has extremely high value to attackers, yet has had extremely few remote security holes in its lifetime.

They've invested years and many talented people in developing such a piece of software.

If you want to write your own ssh server in php, you should probably consider your motivation and how you can re-use their code or operate through it instead if your purpose if anything other than experimentation.

Yeah, thats what I thought too, until I read this little gem, suggesting that OpenSSL was written by monkeys: http://www.peereboom.us/assl/assl/html/openssl.html

Its kinda hard to disagree with that conclusion.

You shouldn't be using OpenSSL unless you are an expert in crypto and software development. It's not easy to use and it shouldn't be.

I can't say those difficulties he had in using the library were put there on purpose to keep people like him out, but it seems to be a good effect here.

OpenSSH is not OpenSSL.

Dang, guess that joke's on me. Wouldn't have realized it, thx for the correction.

Omg, I nearly missed that:

    What did I create a ssh server for? The same thing I created a DNS server for fun and for KalyHost.
I'm not sure "disbelief" is sufficient to describe how I feel right now.

Yeah, I'm still trying to figure all that out myself.

There was some allusion to needing some kind of database backend for the SSH server, but there are multiple solutions for that now (like LDAP).

I'd love to have this guy work for me in a junior role (because he can really crank out the code), but all his work would need to be reviewed, and I wouldn't want him to be making architectural decisions on his own.

well, is it better to have a hacked MVP released in production, or spend forever making it and never actually releasing it and then missing the window?

I can tell you absolutely, without question, that when it comes to security and people's funds, there is nothing courageous about a hacked MVP in production. There's a difference between someone's to-do app one weekend, and this case. If you are handling people's money directly or indirectly, you need to care about that and take it seriously. Or don't ship.

Well I would argue that the "M" in MVP would necessitate never losing anyone's money. If I were going to create a trading platform, I'd probably start with one that only accepted Play Money.

Well when mtgox started off btc was play money, it was always play money until perhaps 12 months ago when it became serious money. And I base play and serious on the value, at $10 a coin it was still fun, at $100 a coin I had to seriously consider how much I should keep on my phone or any other single place.

Putting on my Lean Startup hat for a sec, I would even say that the M could allow for losing money. If it's early on and your customers are all in the 2 1/2% of innovators, they will put up with a little of that. Certainly if you make them whole, but probably even without.

That said, "flawless accounting" would be very high up on my feature list. I think the failure here isn't launching without perfection; it's operating at scale without perfection.

I've been wondering whether the "M" in "MVP" is for minimum quality, or minimum feature scope.

I think minimum feature scope doesn't necessitate poor-quality software, just solutions that don't do everything for everybody. It's much better to ship a small feature set with very high quality, IMO, than a big feature set with low quality.

Great thing to wonder about!

In the Lean Startup sense, the M is about minimum effort, and the V is about viability with customers. You're basically playing Battleship trying to discover where those two Venn circles overlap.

Different aspects of quality map to both those circles. There's build quality, which relates to the sustainability of the code base. There, you have to consider both short- and long-term quality. [1]

There's also quality as users perceive it. That varies widely by domain by market, and by how far you are along the adopter curve.

My general answer is the same as yours: minimal features with highly sustainable code. But for experiments, I think you can get away with terrible code as long as you a) throw it away quickly, and b) you are on it so even if you have a bad MTBF, your MTTR is really good.

I also think that you can tactically discard certain kinds of user-side quality. E.g., if I'm making a product for early-adopter financial traders, I'm not going to worry about quality of visual design, and I might inflict hard-to-learn interfaces on them. But I'd be rigorous about accounting and about UI issues that might lead to mistaken trades.

[1] I wrote some about that here: http://agilefocus.com/2009/06/22/the-3-kinds-of-code/

Minimum viability?

He did. It was called Bitcoin

Cute, but they also traded and held USD.

Oh, that's easy. The best thing is to use the off-the-shelf SSH server, one that has been written by experts and carefully reviewed by a lot of people.

Or do you mean this as a metaphor for MtGox? In that case, I would say that I would rather miss the window than be the famous asshole who -- oopsie! -- lost $500 million of other people's money.

The problem is less with a minimum viable product, and more with a far-from-viable product, in ways that aren't immediately obvious. The security FFVP is especially dangerous.

Depends on what the product itself is and from which perspective you're asking the question. At any rate, those are almost never the only two choices...

what if the hacks you used to build your MVP result in unrecoverable real world damage to your self, your investors, and your customers?

One way to look at ordering features in early products is as risk reduction.

One of the biggest risks is, "nobody gives a fuck", which is why MVPs are so valuable. It lets you test market hypotheses.

But if you're building something handling real money, then a pretty obvious risk is, "The system will lose money beyond our capacity to absorb losses." Their failure to address that risk here is at best negligence.

But given the size of the loss, I don't think we should rule out fraud. The interesting question is, "When did they know they had a problem?" Sometimes shitty accounting systems are just naiveté. But when they persist over a long period of time in a way that just happens to cover up loss, embezzlement, or theft, then it's worth asking: did they keep the shitty accounting because better accounting would have forced them to admit something they were hoping to cover up?

Would you want to fly in a hacked together MVP plane released to production? A similarly made bike in a park? Maybe.

I wouldn't today, but the wright brothers did, because if they hadn't, someone else would've done it instead. If you wanted to be trail blazers like the wright brothers were, you might have to put up with a hacked together MVP. I m just saying that anyone who lost their money did so knowing the risks (or should have known the risks).

>Most people who've been around bitcointalk and bitcoin-otc know not to use MtGox since circa 2011 when their stunning incompetence was at it's height.

And still, even 2 weeks ago, tons of people defended MtGox in HN threads, and said how it's a temporary glitch and they are very good exchange and such.

Even when it was pointed to them that it's a service build by a guy with no actual knowledge of exchanges and no prior experience at finance services whatsoever -- a mere PHP developer (not to knock the language) that had done nothing spectacular before (no Carmack, or Fitzpatrick or your favorite coder hero).

People trusted their money to a guy that literary calls himself "MagicalTux" -- which to me seems like investing to the hobo on the corner, people call Crazy Bob.

Does this mean we shouldn't trust "coldtea" to develop anything?

I'm the last person to defend Karpeles' competency, but his internet alias has nothing to do with it.

>Does this mean we shouldn't trust "coldtea" to develop anything?

Of course you shouldn't.

If you were to here him (well, me) you'd ask for my CV -- if not an interview also.

And if it was like "developed some random toy stuff" you wouldn't hire me to develop a money exchange playing with other people's millions of dollars.

And if you were to assess if you will put $10,000 in a financial online service made by me, my past work in the area, my general competence would be quite important.

Else, don't be surprised if you lost it all. The chances were way higher than if you had put that money in Citibank, you just ignored the signs.

And for me, not giving the impression I'm a 20-something script kiddie with a fancy handle would also be quite important. I mean, it might be prejudice, but "Ives, Rockefeller and Berstein" as a financial service just feels more secure than "$uper7eetMoneyMakah", "LuvFlamingoes" or "MagicalTux".

> I mean, it might be prejudice, but "Ives, Rockefeller and Berstein" as a financial service just feels more secure than "$uper7eetMoneyMakah", "LuvFlamingoes" or "MagicalTux".

How do you feel about "Bear Stearns" or "Lehman Brothers"?

Much more comfortable than MagicalTux. For one they have the clout to get trillion dollar bailouts from the government.


I don't know, investors don't seem too put off by this Crazy Bob's name.


Yes, maybe because they didn't ignore all the context of my email, and did checked that he has serious credentials, like:

"he had been leading the core library development of Android while at Google".

And that he is just but one of the players at Square, including guys like a well known VC and Twitter's cofounder.

If "CrazyBobs" was an unknown in the industry guy and his CV was like "I have done some fun projects, like a PHP mailer" and he was the major person behind the company, no investor would have touched it with a barge pole.

people who've been around bitcointalk and bitcoin-otc know not to use MtGox

There are a lot of forums on the Internet. It's not confidence-building, at all, to tell people "if you hang out on the right forum you know what's safe." Especially because "the right forum" is not written in stone.

That's what makes it fun..

Oh lawdy [1]:

    Of course normal frameworks are a no-go. Using
    someone else’s framework will make your world
    slightly better, but until you create your own
    full framework, you won’t understand what I mean.

    The next step is to build applications with your
    framework. The kind of applications that will
    change the world...
Should have tagged the post with NIH.

[1] http://blog.magicaltux.net/2009/09/19/striving-for-a-better-...

The worst thing is he still runs multiple other companies:





If he was not dealing with other people's real money and data this experimentation and shotgun approach would be fine.

What you wrote made me think, "What would anyone in their right mind write on their blog that would make people think something like that?" So I clicked through, and read the first four words, that struck me in the face like a four layer wedding cake: You were right. Then I read the rest of the sentence, and that was like a ton of frosting being poured on the cake from a dump truck. Point well taken, sir!

I've been around. What is bitcoin?, and who cares about whatever the hell 'Mount Gox' is?? Can we all get back to work on something meaningful to the future, family, or nature... someone we don't know about made up a currency, and some other company we also don't know about made up an 'exchange' of this 'currency' and now we still don't know what's going on and some 'bitcoins' are missing... the most it's all worth is a laugh

> I've been around. What is bitcoin?

From https://bitcoin.org/bitcoin.pdf‎:

Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.

Of course, the coins are only yours if you hold the private keys. A promise of some Japanese exchange to send you an amount of Bitcoin in the future is not the same as owning a Bitcoin.

It's pretty interesting, you should read it.

I think you had the only decent reply. Thank you. I know bitcoin, and was really just fishing for others that may share my view on the current state of affairs for the digital crypto currency. Some of us have been around just long enough to be aware that the field of technology doesn't create a buffer from unclean people and business characters. Also, that just because a lot of smart/clever people made something that a lot of people believe in, that at some point it passes the point of no return or is immune to failure. I think bitcoin failing may be good, could wake a lot of people up, many mistakes won't be made a second time, and the freed up focus and brainpower will go towards a better generation of technology to benefit humanity.

Currently, this event looks like about the third or fourth-largest crisis of the currency and has had very moderate on the valuation, although this might change in the coming weeks.

Many people in the field are very ethical and think that an improvement to the current financial system is of great benefit to humanity.

I mean, you are the one that decided to dive into the middle of a bitcoin discussion. I typically find it rather easy to ignore things that do not interest me, maybe you should work on that.

Maybe you should go back around to wherever you've been around, and not be around here, where you have nothing of value to contribute and no interest in the discussion at hand. The way things work, in case you didn't learn that by being around, is that you don't post messages complaining you're not interested in a topic to discussions about that topic. So stop being around here.

A laugh and a few good tens of millions of dollars that people actually do value and will pay that much for. Maybe cryptocurrencies aren't in your favor, but their value and growth isn't something to scoff at.

Bitcoin is a technological breakthrough, you are just being ignorant about it.

> There is no fucking way 700,000 BTC disappears with nobody noticing.

The history of Barings Bank is interesting, primarily because the main trader Nick Leeson was in the position to mask hundreds of millions of pounds of losses. In that case, no one noticed the roughly $1.3B loss because he was in a position where the internal controls didn't apply

At Barings, Leeson was trading futures contracts and he was also responsible for accounting for his own positions. There was no segregation of duties, no mark-to-market.

At MtGox, it should be much simpler to (1) add up all customer balances, (2) add up all BTC in hot and cold wallets, and (3) compare those two numbers.

If the numbers differ by more than timing differences, shut it down, debug it, and prevent a small problem from becoming a big problem.

The Barings backstory is that the billion-dollar loss started with a 20k bad trade, Leeson tried to cover it up, and it snowballed.

It wouldn't be surprising to learn that MtGox followed a similar trajectory.

>At MtGox, it should be much simpler to (1) add up all customer balances, (2) add up all BTC in hot and cold wallets, and (3) compare those two numbers.

Yes, considering Gox only had 2 bank accounts (and now are down to just 1 in Japan) I don't see how hard it is to compare balances and notice 744,000 coins are missing.

They claim that over time the cold wallet was cleaned out. If this is true then the first few customers would've complained hey I never got my coins, and he could've seen shenanigans happening due to his php wallet implementation and halted all trading. Then thousands more customers. I find it hard to believe 744,000 worth of coins disappeared over months and nobody noticed until recently

Which is just another aspect of the travesty - that someone responsible for routinely trading tens of millions of dollars per transaction should feel the need to cover up a $20,000 loss.

Leeson tried to cover it up because he wasn't supposed to be trading at all, he was supposed to a broker and he decided to try to make some extra money.

You also have to account for the insane levels of indirection in the management structure of an institution like Barings Bank, an exponential sneakernet.

The Wikipedia article is worth a read: https://en.wikipedia.org/wiki/Nick_Leeson#Downfall

Heh, I had only been on the internet for about 2 years when that went down and I spent that evening watching the world's gears seize up instead of finishing the book I was suppose to be writing; it was around this time that I started tog et interested in alternative currencies. I was just thinking that here I am doing the same thing 20 years later.

You must be new here... I have seen PLENTY of situations where internal controls are weak, NO people dont cross compare assets and liabilities.

> Either case is at least gross negligence if not criminal fraud.

To echo the original commenter: Yes, jail sounds like a reasonable end to this — but keep it restrained.

> No sympathy for Karpeles.

No, certainly not for hiding his incompetence, but I think the point was more: don't be too graphic in wishing him to discover what sex in jail can be. That’s an… understandable reaction, but inappropriate on a public forum. He’s got family who cares about his well-being, and the next days are going to be tough for them too. Imagine talking to his mother, or children: the facts, they are going to need them to understand, but nothing violent or tasteless (and I think you did a great job).

> But I don't pretend to be a surgeon and perforate a patient's aorta.

He didn't kill anyone; I'm sure one can save a lot of lives with that kind of money, but… I’d rather see you compare him to Kerviel (I'd disagree) or that Barings' trader (closer). The Head of security at Target, or Sony might be more accurate cases.

Especially if you are paying millions to accounts each year according to that document.

Where did those accountants get their degrees/licenses?

if there is no fucking way, then where is the news

People aren't hating Mark Karpeles because he messed up, but because of the completely absurd response to this situation.

Optimal response: A message to the customers as soon as the issue is noticed: "Due to a technical problem we lost X amount of Bitcoins, which means we currently can't cover all of the deposits. Trading has been disabled while this issue is investigated. [Some external financial company] is in charge of coordinating withdrawals of existing customer funds."

Actual response: Blaming the issue on the Bitcoin protocol. Trading stays active althought the price tanks. Customers can still deposit funds although it's clear that they won't be able to withdraw it. Released announcements try to hide information about insolvency and try to give hope to the customers.

I didn't have any deposits at MtGox. As a customer I would probably have forgiven them losing the funds (if it was a technical issue), but I wouldn't have forgiven them they way how they handle public communication. Such a behavior is not acceptable.

> People aren't hating Mark Karpeles because he messed up

I think they are hating Mark for losing their money, clearly a 'mess up'.

He's being ignorant about it and tries to blame others for the mess MtGox caused. On a speculative note, he'll propably walk out of this with millions in his pockets, while his customers lost tons of cash due to this mess.

I'm surprised nobody is posting detailed traces of all the Mt. Gox bitcoins. They can be traced through the system, right? It should be possible to figure out how many Mt Gox still had when it went down. It should be detectable when he transfers them to a different account or sells them.

Honestly, Mt. Gox users are not that bright (of course with exception).

Either that or their entire IRC channel is full of trolls because some of the statements being made there are completely insane.

It's almost like they've never done any research about what Bitcoin actually is and just ran to Mt Gox to buy up this magical currency that they were told would make them rich. Just to note; I'm not talking about the Doge trolls either.

I don't know much about Japanese law, but in the US, there are times when it's deemed necessary to "pierce the corporate veil". If he's got assets, I suspect people will go after them ... though it might take him 3 years to notice his personal accounts are empty.

The other possibility is that he's incompetent in his personal life too ... maybe his paychecks have all been spent? (I hear gaming cards are collectible!)

A bargain in Keyhole Downs is always too good to be true.

Today it's transaction malleability. Tomorrow it's something else. Bitcoin is an experiment. Those seeking to turn it into a ponzi scheme are pretending as if it's a reliable currency or investment.

Their is no accountability in the Bitcoin ecosystem.

If you transfer your coins anywhere you should consider them gone. The only "safe" coin is a cold storage coin. The second it goes hot it's at risk. The second you send it somewhere it's at risk.

Whether it's Silk Road or MtGox or whatever comes next, this will happen over and over again. People will spend their time either trying to exploit someone else's system or creating the illusion of trust in a system which they plan to exploit. The next MtGox is already out there.

This happens with dollars all the time too. But we hold people accountable. We have a number of ways to reverse transactions. We have insurance.

The only "safe" coin is a cold storage coin.

Even that is not safe, because the value ultimately depends on confidence in the currency as a whole. Money is a social construct; you can never safely hold it with no fear of loss, even in cold storage or under your mattress. As you say, this happens with every currency, but we introduce regulations to limit the fallout.

This is a lesson that many alternative currency fans are learning today.

> This happens with dollars all the time too. But we hold people accountable.

You mean like the bank bailouts, and all the money that "went missing" from that?

You mean like how we made a profit from them?[0]

[0]: http://projects.propublica.org/bailout/list

No matter how many times this is pointed out, people will continue to demonstrate their complete lack of understanding behind the "bail outs"; essentially asset swaps that earned the US Treasury a small profit.

Who is this "we" you speak of?

My thought exactly, why don't we call up Jon Corzine and ask him what kind of accountability he was held to after losing all MF Global's customers money.

Fiat currency can disappear as well. You can't get blood from a stone.


Ditto - it's a lesson to be learned for many young/youth that are deep in tech that sip the kool aid that all is fine in the land of 1's and 0's

Yes, if I have any schadenfreude here it's not for him. It's for all of the people who smugly told us for years that Bitcoin is superior to our "legacy" fiat managed and regulated monetary system system in every way, and anyone who can't see that is an idiot.

Don't equate Bitcoin the protocol with dodgy websites.

Unlike cash, radical transparency is entirely possible with Bitcoin.

Bitcoin the protocol is as strong as ever, but customers of other sites should demand proof that their exchanges and online wallets actually control 100% of the BTC they claim to have in their custody.

Yes, I think my schadenfreude is for you.

Generally not a good trait to have, particularly not with something that has a tendency to bounce back.


Were you that guy in 1989?

"My schadenfreude is for all of the people who smugly told us for years that ARPANET is superior to our 'legacy' post office and ham radio in every way"

People in 1989 didn't exhibit a nearly religious devotion to ARPANET as perfect in every way, going so far as to say things like "Bitcoin cannot fail, it can only be failed" (do people realize how absurd this sounds?)

When every one of Bitcoin's characteristics (deflationary money supply, irreversibility of transactions, completely public record) is touted as an unmitigated advantage, it is irritating to those of us who see it as an interesting idea and cool technology with both plusses and minuses.

ARPANET isn't superior to post offices in every way; for example you can't send a package through ARPANET. And in fact one of the Internet's biggest winners Amazon.com built its success largely on being really good at shipping.

I understand a certain irritation with a lot of "Bitcoiners", but don't let contempt of Bitcoin extremists make you an anti-Bitcoin extremist.

Where did you get "anti-Bitcoin extremist" from any of what they wrote?

I didn't necessarily, it's just a precaution. I see a lot of vitriol directed at Bitcoin, and this sort of extremist overcompensation is really nothing new anyway. It's just a reminder to stay rational.

> People in 1989 didn't exhibit a nearly religious devotion to ARPANET as perfect in every way, going so far as to say things like "Bitcoin cannot fail, it can only be failed" (do people realize how absurd this sounds?)

I actually agree with you, but if you're talking about me, I was being wildly sarcastic and riffing off of an old Communist slogan. I'm not aware of anyone who's ever said that sincerely, but if someone did it would be hilarious.

That would be a good analogy if we couldn't transfer money online. But, you know, we can.

The whole point of Bitcoin that's been touted in pretty much every thread, hoisted up by Libertarians like a giant flag, is that it's unregulated. And now, they're all discovering why we regulated in the first place.

yes, and regulated banks/exchanges have never been the centre of financial disasters.

Not that there haven't been failures, but in the US, bank customers -- as opposed to bank shareholders or investors -- are a fairly protected class.

In 2008(?), Lehman investors were fucked, WaMu shareholders were fucked, but as a WaMu customer I was not inconvenienced in the slightest. My money was safe and I was able to freely access it every day during the transition to Chase ownership.

Now, I don't think that it is fair to compare MtGox to a bank. It was really an exchange for investors to speculate on fluctuations in exchange rates, so in the regulated financial industry you'd probably be just as fucked.

I think the take-home message from the failure of MtGox is that your risks don't just come from the volatility of the market you are investing in. You could lose your money through a crash in the market, yes, but you could also lose your money through the incompetence or malfeasance of your investment partners, through having your password stolen and your account hacked, through losing your private keys, ... If you only consider one type of risk, you will understate your total risk, and not hedge against it effectively.

It's this kind of thinking that really irks me. "Well, my $100 still adds up to $100, so it's all there."

Yeah, you money is there. Maybe it holds the same value as yesterday, or tomorrow. But over time, your taxes will go up, prices of things you buy will go up, inflation will rise, and the spending power of your $100 will become less and less.

Every bank failure, financial meltdown, and economic downturn robs your money of value. When a meltdown happens, and the FED has to prints more money to cover it up, your dollar loses value. When the price of merchandise goes up, because fees go up, because bank insurance premiums rise, because they keep losing your money, your dollar loses value.

It may happen slowly and indirectly, but make no mistake, you are losing you money. The best way to cook a frog is to do it slowly, so the frog doesn't jump out of the pot.

actually the latest banking disaster was largely due to a decade prior of deregulation, and the economies of other counties who came through it best had retained a lot of their regulation (Canada).

"Bitcoin cannot fail, it can only be failed."

Cash isn't really a reasonable analogy in this case, since it can't be transferred digitally and needs to remain in the custody of the owner. BTC held in exchanges is much more comparable to money in demand deposit or savings accounts.

Exactly how does this differ from the regular banking sector? I can demand 'proof' (whatever that might mean in this case) from Barclays that their books are balanced, but it doesn't mean they'll give it to me.

But they will give it to the regulators.

And that is the point. Bitcoin as an open system means we are ALL the regulators. Issue is we cant see their FIAT.

How are we regulators? How can we demand anything from any enxchange? How can we punish them if they violate the rules, or our trust?

If Mt Gox has a single deposit wallet for example, we could easily audit how many coins it has.

We couldn't enforce rules, but if some people decided to set up a sort of "best practices" website saying it's "SAFE compliant or something (Sure Against Forged Equalities), in which case beginners guide would be "ALWAYS GO FOR SAFE COMPLIANT EXCHANGES!"

We couldn't punish them but it would allow some sort of feeling of safety(if minimal).

I think that is the whole issue with this.

They are beholden to no one and there is no way to punish them if they violate the rules. (rules in the BTC world?! blasphemy!)

If we can regulate them, so can the government. AFAIU Bitcoin is designed to prevent exactly that, at least in general.

Fully resolving their books would require knowing identities of those entitled to receive Bitcoin from an exchange, as only one example, as otherwise an exchange could simply transfer the right amount to an account under their control and use those Silk Road-style money laundering schemes to transfer it to some wallet they actually care about.

To make sure the outlays went to the customers it's required to know which Bitcoin wallets belong to said customers. Are you going to sign up for an exchange that maps wallet IDs to customer identities for public transparency purposes?

> If we can regulate them, so can the government.

Even if we can't, the government still can if it really wants to. They can still demand access to the software, the wallets, and they can fine or imprison people.

Lots of people in the Bitcoin community have been saying for years to not touch MtGox with a ten foot pole.

The problem is they also say this about every exchange. It was enough for me to send half my btc to coinbase, but not enough to warrant any real urgency about it. Thus I lost about 7 btc due to this fiasco.

You should not leave your coins on any exchange. Store them locally - offline preferably.

Not loudly enough. I remember reading lots of stuff about how Mt. Gox was where it's at.

Did you really? I literally don't think I've ever seen anyone recommend MtGox outside of mass media reports, but I might be wrong. I remember seeing online conversations (I think it was either a forum or IRC) from 3 or 4 years ago where the people making MtGox were basically bragging about how incompetent they are, and everyone else was doing a collective facepalm. As far as I can tell, they got a first-mover advantage, which got them into basically every media mention of Bitcoin, which compounded and led to them being the largest exchange for a long time. But my honest impression is that the Bitcoin community has been wary of MtGox for essentially as long as it has existed.

Yes, the old Bitcoin community. But as you may have noticed, bitcoin got a lot of attention over the past year, and probably drew in a lot of users who weren't on that forum 3 or 4 years ago. All those mass media reports weren't immediately followed by warnings from the community to stay away from MtGox, so a lot of new Bitcoin users probably ended up at the biggest (and therefore presumably the most professional and reliable) exchange.

How could MtGox have been so big if everybody already knew for years that it was crap? The community failed to inform the new users about this very real danger.

{{weasel words}}{{whom}}

It's my genuine impression of the Bitcoin community, nothing more.

So "lots of people" suddenly became "My impression"

In this case, his impression of lots of people is correct. People that have been around bitcoin for long enough have seen ridiculous things happen at Mt Gox repeatedly.

Well, yes. All I have to go on is my own observations. I have observed a large number of people in the Bitcoin community disparage MtGox for a long time. Not sure what else you want me to say.

Plenty of threads on HN.

MtGox had to code custom software to interact with the bitcoin network because of their size. They coded it wrong and allowed a bug that could (and did) wipe them of their money.

How is it the bitcoin network's fault?

> How is it the bitcoin network's fault?

Because the protocol is broken with regards to tracking transactions and that has been acknowledged. Even the official implementation got it wrong. It needs to be fixed because the workaround just does not scale.

it's not broken at all. tx hashes are essential for looking up txs in the block chain, and can be used as addresses because they immutable once they are in the block chain.

before they are included in the blockchain, malleability aside, they aren't even necessarily valid (they could be double spend attempts, etc)

the workaround just does not scale.

That is nonsense.

Wait, so where are people's bitcoins and cash then? Lost in void?

Taken by other people. That's the more interesting note, IMO.

My understanding of the problem is that some people went to withdraw money and due to transaction malleability MtGox thought the transaction failed and resent repeatedly. But the first transaction didn't actually fail and they received their money multiple times.

Whether this happened to a lot of people a little or a few people a lot, and whether they were accidental beneficiaries or intentional instigators will probably never be known. But some number of people received a share of that missing 750k BTC, and I don't recall a one of them posting a "Hey, MtGox just sent me more BTC than it should have" blogpost that ended up here, so that's pretty interesting.

So the BTC aren't missing so much as illicitly redistributed.

This is basic failure of accounting. If you are running a bank, you need to get things to match up exactly.

In a lot of software engineering, Good Enough really is good enough. But a 5 cent discrepancy between what you actually have and what you thought you had need to be treated as seriously as a $5 million discrepancy.

Bingo. While growing up in the '70s, my parents were often small businessmen, or running the business affairs of e.g. groups of doctors. More than one I can remember them spending quite a while tracking down a less than $1 discrepancy in the books they necessarily kept manually, for just that reason. (They moved to doing by computer in the '80s, of course.)

That's what I thought. Something is afoul about it and it's not only incompetence. I think there was intent and malice here. It will be rather interesting to see where this goes.

Could bitcoin function as a viable replacement for today's money/monetary system without entities like MtGox ?

Not functioning technically but functioning pragmatically.

(honest question, I am an economic newbie)

Yes, trusting a third party with your money, whether MtGox or the US Fed, is a bad idea.

There is no such thing as money without trust of third parties. Transacting under the auspices of a neutral, trusted third party is what money means.

The Fed has the backing of a sovereign power with its own currency and is central to the largest national economy in the world, as well as a great deal of the international economy. If MtGox's earned trust was an apple, you could see the Fed's from space.

"Transacting under the auspices of a neutral, trusted third party is what money means."

Can you explain this a little more? How do I need to trust a 3rd party when I use, say, gold as money?

If you're using gold as money, then you are certainly trusting many third parties.

Consider; what does using gold as money mean? Are we trading notional gold? Certificates that claim to represent gold in some vault? Obviously you need to trust the issuer of the certificates. Are you using minted gold coins? Obviously you need to trust the mint and more generally the entire financial system that equates those coins with a certain value. (The history of coin clipping, adulteration of coinage, and the results of having multiple currencies circulating at once[1] should show why this is important.) In fact, the only way that you don't actually need to trust a 3rd part is if...

...you're trading a known quantity of gold to someone else strictly for its value as gold. In which case you are actually trading in gold as a commodity; the technical term is barter. It simply does not fit the definition of money.

[1]: Eg, Gresham's Law: http://en.wikipedia.org/wiki/Gresham's_law

Gold as in Au does not need any third party. Certificates... that is another thing.

> Gold as in Au does not need any third party.

Even that generally needs a third party, unless you happen to be one of the world's experts in distinguishing counterfeit coin or bullion from gold of a certified purity.

Ok, but Bitcoin doesn't need an expert to do that, just widely available open source software that's already been vetted by thousands of developers.

So now the trust devolves onto the designers of the Bitcoin protocol, the software programmers implementing said protocol, the programmers implementing the operating system kernel that said software runs on, etc. etc. etc.

Just ask the MtGox users about how completely ironclad that trust is. Sure, "transaction malleability" was identified in 2011, but that didn't help the users of MtGox, and the other exchanges had to take corrective action in 2014 as well.

If anything Bitcoin is even worse for the normal user; physical security is much much easier for most of us to grasp and implement. Is Aunt Tillie going to be able to ensure that she never gets too rich, so as to entice a cyberattack to steal all her Bitcoin wealth?

Are you a qualified assayer? You trust the other person is giving you gold, or you trust the individual who tests it. You trust the system that provides you with an understanding of the relative value of the gold you're holding so that you aren't massively overpaying.

There's a reason Jesus through the money changers out of the temple - they were abusing that 3rd party trust.

Ok, this is one area where Bitcoin is demonstrably better than pretty much any other form of money: it's cryptographically impossible to counterfeit.

You are relying on third parties to accept the gold you receive for approximately the same value you spent to obtain it.

You have some apples, and Alice has some oranges. You would like some oranges, but Alice doesn't want any apples. So you go to Bob and sell Bob some apples for gold. You give Bob a bushel of apples, Bob gives you a bar of gold. Now you go take this bar of gold to Alice and try to trade it to Alice for a bushel of oranges. Alice tells you to fuck off, she doesn't want a bar of gold any more than she wants an apple. Bob doesn't want his bar of gold back, no backsies. No one in town wants a bar of gold, in fact.

There's a big difference between trusting you'll be able to trade something which has historically been valued by a lot of people at a certain amount, and trusting someone won't steal your money, which is generally what people mean when referring to a "trusted third party".

If you do that, you need to store it on your own premises and hand-deliver it. You can't do internet transactions that way. Crucially you can't do credit, which is a practical requirement of most business.

My question wasn't suggesting gold was a good form of money, I was trying to understand why people believe all money requires a "trusted 3rd party".

Anyway, Bitcoin does not require a trusted 3rd party any more so than gold does.

Gold is not money... you should say "when I use dollars as money"

This brings up a point I've never really understood about the hoarding of gold. Why? Let's say there is some catastrophic meltdown of society and money is a thing of the past. What am I supposed to do with the bar of gold you trade me for goods? Rather than assume that everyone's still on board the "gold is valuable and not just rocks" train, isn't it far more sensible to trade goods or services for goods or services? I would think that, in that I am exchanging a thing that I cannot use just so I can later exchange it for something I Can use, I am using gold as money. (Same deal if I trade goods for shoes that are the wrong size or handfuls of scratch 'n sniff stickers.)

Under what definition of money is that? Gold is and has always been money.

Try telling that to the cashier at the local grocery store.

Gold is not generally accepted as payment for goods and services in any culture that I know of (excluding jewelry and metal stores, of course). I'd be genuinely interested to hear about places where you can still take a lump of gold to a store and pay with it.

You're confusing money with legal tender. But in any case, you can just travel to the Utah: http://www.nytimes.com/2011/05/30/us/30gold.html?pagewanted=...

> You're confusing money with legal tender.

I don't think I am. Something can be generally accepted as payment for goods and services without it being legal tender.

> But in any case, you can just travel to the Utah

That article is about coins produced by the US mint, not lumps of gold. And even so, the article says, "so far, it is hard to find anyone who is using gold or silver to buy anything."

Isn't your argument equivalent to saying that Latin isn't a language, because it's hard to find anyone who uses it to chat?

Gold is money, it just has been superseded for most uses. And even so, when dollars are harder to use, gold is still used for some large transactions: http://online.wsj.com/news/articles/SB1000142412788732435200...

You can read many Latin works, and find the language taught in many schools. Since it isn't spoken except in a handful of limited contexts, it gets the special qualifier "dead language." Gold is basically a "dead money." Hung onto by various people for historical and religious legacies, but not really suited for modern use.

Gold isn't money, it's an asset you can barter with.

the Fed is not a third party w.r.t USD. its the first party. the Fed is the entity in direct control of the monetary supply. the Fed is also the entity politically mandated to protect the money supply against inflation and deflation.

> the Fed is not a third party w.r.t USD. its the first party.

Its a trusted third party with regard to most use of USD as money -- that is, its use by market participants in exchange for goods and services.

> the Fed is also the entity politically mandated to protect the money supply against inflation and deflation.

Well, yeah, that official role (combined with its past history of performance in the role) is a big part of why its a trusted third party in the use of USD as money.

consumers don't interact directly with the Fed. from their point of view I guess you could call it a third party.

banks interact directly with the Fed though. to them it is a first party.

Equating MtGox with Bitcoin is like equating NASDAQ with the US Dollar.

... an apt comparison in many ways. If the former fails, the latter is going to be in trouble.

The value of bitcoin is in many ways dependent on the irrational response of people who invest their money in it. Mt.Gox fails and many people are going to lose faith (at least temporarily) and consequently, the value has dropped significantly.

We're talking about an entity which at some point has held more than 5% of the BTC out there.

It's a good thing that nobody has ever been massively fucked over by a regulated fiat system.

Funny thing about this argument is that we don't apply it to the rest of the world, and for good reason.

"God look at all the people killed by that airplane attack... let's get rid of skyscrapers and/or airplanes!"

"Man, alcohol sure does fuck over a lot of families, let's prohibit it!"

"That computer-based system led to millions of dollars being lost, we should stop using computers!"

Face it, now the same argument that you would use in support of still using Bitcoin exchanges (presumably run by more competent individuals?) would also work in support of regulated fiat systems (especially those run by more competent individuals!).

Getting rid of something is not necessarily the same thing as proposing an alternative that may provide new benefits.

Unregulated currency is only new to those who refused to stay awake in their history and humanities classes though.

Unregulated currency by cryptography is novel, but doesn't create an inherently new concept any more than digital cryptography did not innovate encipherment or authenticity checking.

Currency devaluation (not inflation) amounts practically to the same thing: money lose their value overnight. You go to sleep a millionaire and the next day you pay a million for half a bread.

I got mugged. Obviously the US Dollar is a failure.

Wouldn't a better analogy be "my bank got robbed, and now I'm broke"?

For the effect on a person, yes. For the implications for the platform, no.

Well you said "I" so that's what I assumed you meant. For the effect on you.

I lost my bitcoins by trusting MtGox. Therefore, Bitcoin is a failure.

I lost my USDs from a mugging. Therefore, the USD is a failure.

A couple of years ago a server management application called HyperVM had a 0day due to some questionable programming, hundreds of thousands of websites were lost along with a lot of money... the next day the creator took his own life. A lot of people are going to be in a very bad position right now (both customers and people inside mtgox), let's hope it doesn't come to that.

October 19, 1987 was "Black Monday" as US equity markets crashed. A number of Wall Street bankers defenestrated themselves because they lost so much money.

I hope that customers of MtGox don't do the same thing when they realize how much they've lost.

I also hope Karpeles doesn't harm himself, though we should have at least as much concern for the customers as we have for the proprietor.

There were no suicides associated with the 1987 Black Monday crash. You're thinking of Black Tuesday in 1929, a much bigger event. Even so, nobody jumped out any windows on Black Tuesday -- it was an urban legend. There were a handful of suicides but nothing statistically significant.

According to this[0] the HyperVM guy may have had a family history of suicide.

[0] http://www.itwire.com/business-it-news/security/25559-hyperv...

I'm having trouble understanding what you think the relevance of that might be. Obviously, when someone commits suicide, that decision ultimately rests on their shoulders and is borne of their experience/history/state/what-have-you. GP was trying to make a broader point about the difference in levels of significance between a catastrophic business fuck-up and the wasting of human life, a conflation that people without family histories of suicide make all the time.

On the general point my original parent was trying to make, I totally agree. People throwing away their lives over a business fuck-up is a waste.

I just wanted to search on the story and saw that point was made in the article I linked, and thought it was an interesting point to that specific case.

oh, well, that's alright then.

> HyperVM guy may have had a family history of suicide.

Seems so. http://www.theregister.co.uk/2009/06/09/lxlabs_funder_death/

But more than that, in his own words, he was a "man of excesses." Here is his archived blog (http://echoreply.us/ligesh.com/ligesh.com/about/index.html)

I have zero sympathy for Karpeles or anyone else who screws up like this. The reason this sort of thing happens is either because (a) the perpetrators deliberately set out to defraud their customers or (b) they got overconfident and sold a product/service that they simply weren't capable of delivering.

Operating a financial exchange is a serious business. In purporting to do so, you're taking people's money and promising them that you will operate the exchange honestly and competently. From what I've observed and from the private conversations I've had with people who've had first-hand dealings with them, many of the current batch of hot Bitcoin startups are run by people who don't have a fucking clue but have managed to delude themselves that they can build the Next Big Thing in financial technology by faking it 'til they make it. It's like a bunch of kids acting at being grown-ups - maybe one or two might actually blunder their way to success but the vast majority are going to crash and burn due to stupid, idiotic mistakes that could have been avoided had they been willing to listen to advice from people with more knowledge and experience. Of course, the downside of actually doing things properly is that they don't get the growth/traction that attracts investors' attention. The corrollary is that the startups who do achieve the sort of growth curves that attract investors probably aren't doing things properly, whether by cutting corners, failing to balance the books properly, not focusing enough on security or the 101 other things that can lead to an implosion/collapse/insolvency.

While the founders at least have the excuse of being young and foolish, I question the morals of investors who fund teams that clearly lack the appropriate skills/experience to provide proper financial products and services.

It's the same type of one-way bet that contributed to the 2008 financial crisis. If the startup is successful, the founders and investors exit for millions/billions. If it fails, the founders and investors get to walk away unscathed while the customers end up suffering the losses of the founders' incompetence and the investors' failure to properly supervise their investment.

I fully expect a Silicon Valley-based Bitcoin startup to implode at some point and I would not be at all surprised if the resulting clamour from customers who've lost money is loud enough that the authorities step in to begin regulating the space.

This is just life and death of a business and it is interesting to watch how these exchanges are being removed from the economy, by essentially a Darwinian survival of the fittest rule, the least secure get hacked and taken off line. We lost bitcoin-central, bitcoinica, mtgox on the way but BTC-E is going strong and so is Bitstamp, kraken are doing a good job and so are btcchina. The market does not need regulation. Gmaxwell has suggested exchanges provide an anonymised form of financial data to confirm their liquidity and I know BTC-E have suggested they will do something like that. Of course people may suffer losses along the way and that sucks but you can buy and store them locally and this sort of thing will never affect you.

I sympathize with him and sincerely hope that he comes through this and he finds some redemption.

This was a combination of criminal theft and not merely neglect. We must remember that the loss of these BitCoins themselves (quite possibly) wasn't malicious, while the theft of these coins is most certainly malicious. If you leave your house door open is it morally or legally right for someone to take the opportunity to raid your house and rob it blind? In such a situation both parties are at fault, one for neglect but the other for immoral (and illegal) home invasion and thievery.

But since in this case Mark Karpeles is the only visible figure in this saga, and the thieves will almost certainly never be known, the majority of the vitriol is going to be directed at him. I've criticized him too, and I think this amounts to criminal neglect, but I think that there is a way forward for both Karpeles and BitCoin. I think we (myself included) should tone down our vitriol.

No, at some point between $0 and $400,000,000[1], negligence is no longer an acceptable excuse.

[1] The current market value of the claimed 700k BTC loss in USD.

$460 million vanished in minutes when Knight Capital Group deployed code to the wrong servers in 2012.


Mizuho Securities lost around $400 million when a Tokyo Stock Exchange trader fat-fingered an order in 2005.


Both were point mistakes, which I think anyone would agree are bad but just huge mistakes. Running what is effectively a bank that loses $400m over the course of a couple of years in a constant bleed is not a mistake, it is negligent.

The person I replied to suggested it wasn't negligence. Maybe you should argue about what words mean with him, first?

Oh please. Saying that bitcoins are worth $400MM is like saying that a collection of "limited edition" Beanie Babies is worth $400MM.

Well, considering the price has been pretty stably above the current point (not stable in general but definitely above this point for months), I think it's safe to say if you had that Bitcoin you lost a potential opportunity to have made a lot more money. The worth is simply what people have been willing to buy at, and that price has recently been quite high.

I think it is safe to say people lost "a potential opportunity to have made a lot more money?" in 1000s of cases. Things are only ever worth what people are willing to pay for them. Just because that price has been high recently doesn't mean it's stable. Someone paid $4,500 for a Beanie Baby once.

My offer for your mint condition bears stands. You know how to reach me.

So very true if you have to peg that 400mm to a specific exchange rate for another currency.

You can ascertain the value of 1 BTC in your favored currency rather easily given a choice of marketplaces. Less so with 100, or 10000+. Most market-places couldn't handle the volume without a substantial shift in price before your 400mm mark was hit for say, USD.

That said BTC seems to want to reach the type of ubiquity that allowed USD to be a universal currency of sorts during it's heyday. With means to convert in and out being varied from the strictly regulated to the strictly unregulated.

Now let's see how long the blockchain can live.

If the rumors are true and Gox is tanking, I don't think Karpeles can ever adequately feel the aggregate pain that his incompetence in his role has caused MtGox customers. He deserves much worse than nasty internet comments.

There are plenty of entrepreneurs on HN alone who given the resources Gox had could manage to not (unknowingly) lose half a billion dollars due to broken programming in the timespan that Gox did.

And I say this as someone with no dog in the fight.

Karpeles is as much at fault as his customers. I remember back in March 2013 there was some serious DDoSing happening to Mt. Gox (which they couldn't handle). I decided right then and there to take all of my funds out because I knew that if they were not competent enough to successfully stop a DDoS with the resources they had, then they clearly would fuck up at a later time. And the time has come.

Seriously... all of you people are acting like Bitcoin is the world reserve currency or something. This thing didn't even exist 4 years ago.

If you're gonna invest in something like Bitcoin, then you better know your shit; cause shit happens.

I'm with you on the first part, but I have a hard time believing that this was solely broken programming and ignorance. I think we are well into the territory of negligence, and I could well believe that we will eventually discover the sort of dubious behavior and/or outright fraud that accompany accidental ponzi schemes.

Compelling evidence, but I'm not convinced yet. This could also be evidence for the sort of idiocy where people try to cover up for an accounting error though fraud.

> He deserves much worse than nasty internet comments.

Yeah, thanks for fanning the flames of a vigilante lynching in the making.

Don't be so melodramatic, nobody is literally being lynched.

Not yet (and because some people around here seem to be softer than melted butter, that's not a threat).

Now I'm usually a pretty cold-hearted bastard, and I'll admit that I had very little stake in MtGox (I never conducted any business there), but I sort of agree with the above. Yes, he probably deserves some Internet hate. The problem is that this Internet hate is not likely to be the full extent of the hate he'll get over this thing.

I, for one, hope that the dude hasn't fucked over the entire rest of his life.

Why would you assume violence? If he has covered up massive losses like this for a while but still taken deposits then he may be criminally liable.

That's too outcome oriented. Probably a less useful train of thought than focusing on the motivations, victories, and failures along the way to the outcome.

> There are plenty of entrepreneurs on HN alone who given the resources Gox had could manage to not (unknowingly) lose half a billion dollars due to broken programming in the timespan that Gox did.

Easy to say. Nobody sets out to fail.

... they didn't lose half a billion dollars.

Well, that's pretty cruel of you.

MtGox has been lying and scheming all the way, showing complete lack of respect for either their users or Bitcoin community at large. They should have been gone and prosecuted a long ago.

I have no sympathy for Mark Karpeles. He's a shady character and I'm glad to see his shady "startup" finally crumble.

This is whitewashing because this isn't the same thing as a company failing. They (likely) stole millions of dollars (equivalent) from a huge base of customers. That's not the same thing as losing money for your investors, which is effectively what happens when a business actually fails.

Still, anyone who didn't think that bitcoin is incredibly risky (with a high upside) was living under a rock, There are best practicies when dealing with a risky asset such as BTC, and they're really not that hard. Speaking of which, I should probably get around to implementing those best practices myself =D

Yeah...the only money I've personally put into any cryptocurrency has always been with the understanding that it may either be worth nothing tomorrow or could be lost in an instant. (But I also don't store my coins in an exchange, so that helps.)

I just set up a complex series of recurring draws to btc to reconcile being paid weekly with paying bills monthly. This could either be really awesome or really catastrophic!

It's not that big a deal...it's just internet funbucks anyways, right? :D


probably for the better. Everyone wins!

I respect your position on HN but I cannot disagree more with you on this one.

You sound like you just finished watching "thank you for smoking". The point that "he is a humanbeing" sounds like "what difference does it make" or other distraction that we are supposed to buy in order to feel less angry for his choices. Yes we are all human beings and im not sure how that helps in this instance. Maybe he should have thought of clients coins where platform continued to deliver slappy code and as a result, crashed?

I took all my coins out long time ago after seeing multiple red flag. But nothing pisses me more than this perfect situation. Any gov burocreat from a three letter agency is happily partying right now because there were waiting for something like this to happen. Mtgox will go down in the history, i dont care. Hope those sloppy pogrammers wont find their way into rocket engineering, traffic systems programming, airplains software programming or similar. But sure the gov will make a perfect example out of it and that gives them ammunition to try to regulate the market again.

You say "we all fucked up at some point". And you right. Just like one could assume most of us dui at some point. I did. Once. I drove very carefully, nothing happened and i hated myself for it for many weeks afterward as of how stupid i was. But still, i wont have much respect for someone else who drink and drive continuously and one day crashes and kills someone.

> Remember that we have ALL fucked up at some point, just luckily for most of us, "fucking up" doesn't mean losing than much of other peoples' money.

Most of us also don't get filthy rich losing other peoples' money.

That's pretty "touchy-feely".

You can claim people should be nice, but most start-ups that fail spend investor's money and those investors KNOW their money is at risk. Nobody expects that their money is at risk when you put it into a savings account. Crypto-currency exchanges and wallets should be the same way ... perhaps it's not as safe as putting it under your mattress but close.

So in the business world, you have a responsibility to your customers and most sane companies carry E&O insurance to cover the unforeseen mistakes that they might make. It doesn't cover incompetence or negligence in many cases, and I'd classify what happened with Gox as criminal negligence.

Karpeles might in fact be sad, but I guess I just respectfully called him a criminal. Those with more "skin-in-the-game" are going to want to extract as much of their money as possible from him ... I'm afraid he's going to get sadder.

>It's really easy in all of this to pile a bunch of hatred on Mark Karpeles, but please, everybody remember that he is a human being, with real human emotions, and that those things really do hurt.

Fraudsters are real human beings too.

As are people who are incometent but go ahead and build stuff risking other people's money and providing false assurances.

You are ignoring the fact that he has been straight up lying the last few weeks, and in my opinion, he still is. He said that they were aware of the bug for quiet some time, and yet had enabled automatic re-issuing of failed withdrawals. Do you think that is what really happened? They just got an excuse to steal coins on a massive scale!

What I wonder is this: Were any bitcoins actually lost during the meltdown? I mean in the sense that nobody can get at them any more.

The blockchain should, sooner or later, allow the tracing of some of the coins, right? So if somebody still has access to them, there might be a chance to find out who?

Or am I misunderstanding something here?

No man. The blockchain man, the blockchain. It's out there. We got this. The question could be that once they find out the who or who's, and those people are riding pitchfork style, around Bittown, who's going to be in charge of liqudating assets and sending pennies on the dollar back to all those quasi-anonymous folks saying the fiat is theirs?

Oh, and what about when we find out that suspect 1 might not actually be the culprit? Oops. YOLO.

Is there not an interesting question in, assuming coins could be recovered, what laws, in what countries, will cover them, and what value would they have if the 'currency' has no value? Do people want their BC back?

Looks like a bunch of people are praying to get out of bitcoin at 550 right now. If that aspiration thinking fails and people eat through the standing buys around 400, the next stop is 400, where panic will kick in and, maybe there's a pause at 100.

Pins, needles, popcorn... Black Tuesday 2014?

I should totally invest all my savings into speculative stocks. A first wave of gried ate through 550 and accelerated into 500 which ran to 400, where a wall of buying kicked in. That triggered a run-up. Not enough selling to breach the support point there. Fare thee well bitcoiners. Fare thee well.

Guys, let's not be angry with the bankers, they're only human. Now, somebody give this man a presidency. That's jwst you get for fraud on this scale.

On some level, if you lose many life savings worth of wealth through what I can only assume was gross negligence and incompetence, you should expect the hatred. It's not like you can lose hundreds of millions of dollars -- or even tens, for the pedants who want us to take the integral of the value through the buy side of the order book -- through an honest mistake. He deserves the infamy he's getting.

The point is that these people are people - have some compassion.

I failed in my last startup, fairly publicly, and got a fair amount of internet hatred, and suffice to say I was not a happy bunny. But I didnt fail with remotely the publicity this got - I can't even imagine what the mtgox people must be feeling.

If you misled people into thinking you were solvent and kept taking their money when you knew you wouldn't be able to pay it back, or if you took grossly unacceptable risks with that same money, I'm glad you were unhappy. I doubt that's what you actually did though, and you are reacting to this story out of a kind, admirable, but entirely misplaced sense of compassion for someone whose wrongs are entirely unlike your own.

People who commit fraud deserve no compassion. Failing and stealing are vastly different things. Gox didn't just fail, they tried to hide it and have done nothing to deserve a single lick of compassion.

I dearly hope no one invested their life savings into Bitcoin.

That said, I'm sure many did, as they tend to do into any investment that has potentially huge upswings.


You mean like Rick Falkvinge founder of the Pirate Party?

Falkvinge says he got most of his bitcoins off Mtgox before it blew: http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s...

I don't know any high-profile cases, but this random Reddit user did:


It doesn't matter how much hate we pile on. Prosecutors will pile enough hatred on Mark et al for us all. The fact that they just shut down and have vanished with hundreds of millions of dollars worth of assets that don't belong to them is going to bring the legal equivalent of hellfire and brimstone down on the heads of everyone involved.

They could have handled this far better, and maybe avoided some of the major problems they are now headed for. Now, unless Mt Gox suddenly reappears with an explanation, they are in for a very rough ride.

With credit to /r/bitcoin, I got a chuckle out of this one:

    Sorry, due to a major bug in the WWW protocol, our
    website is temporarily unavailable. Thank you for
    your patience while we await Al Gore's instruction!

Jokes like this make me crazy. Seriously HTTP is layer 7. Why would you bother the former senator with anything above 4? tcp/ip is just fine. your buggy code is what's broken, thank you very much.

I believe the proper honorific is to reference the highest office, so it's the Vice President Al Gore.

Ah, indeed. I always feel a little guilty about editing posts, so i'm going to let it stand. This one especially, because it's such a reddit joke. But yes, you are correct.

If you feel guilty just add an addendum:

EDIT: Use correct honorific

I bet you leave descriptive commit messages.

How is this related to my comment?

Your advice for specifying that he give an explanation for his edit generally goes above what most people do when they edit posts.

So I am assuming you are probably someone who applies that same sensitibility to writing descriptive commit messages, because similarly to people editing Internet posts/comments without specifying what they changed, many people leave very vague or meaningless commit messages.

Now I get it. I was not sure where you were going with this.

That's level ten Vice President.

Ah the best comment buryed the deepest. So true you are.

If you're going to give credit, then you should actually mention the user, /u/millsdmb http://www.reddit.com/r/Bitcoin/comments/1yuxl8/mtgox_is_dow...

Pretty good Ponzi. Not as impressive as Bernie Maddof's, but extra points for the tech angle.

I am not aware of any indication that this was a ponzi scheme. Saying that it was, without evidence, is misinformation.

The loss of coins was unintentional on the behalf of MtGox. It may have been stupid that basic abc123 auditing would have probably revealed that there was a problem months/years ago, but evil has not been shown at this point in time.

An exchange that manipulates it's market to hide away losses and try to shore up it's balances starts to look a lot like a ponzi scheme after awhile.

Only given an unacceptably broad interpretation of the word "Ponzi." Fraud is the one you're looking for.

Halting withdrawals while still allowing deposits in an attempt to gain enough capital to payout those who were poised to withdraw sounds very ponzi-ish.

The low BTC exchange rates were both indicative of the risk, but also enticing to new exchange customers trying to strike it rich off a sinking ship.

Ponzi schemes are a form of fraud, sure, but the particular kind of fraud under discussion shares the key features of a Ponzi scheme, since its sustainable exactly as long as there is a sufficient net inflow of money from the outside to cover the money being extracted by uncontrollable losses.

The only difference from a traditional Ponzi scheme is that in such a scheme the extraction is to the fraudsters pockets, rather than to the fraudsters incompetence.

> but the particular kind of fraud under discussion shares the key features of a Ponzi scheme

No it doesn't; the key feature of a Ponzi scheme is intentional fraud using a phony investment that doesn't actually exit. That's what a Ponzi scheme is.

Bitcoin has nothing in common with a Ponzi scheme and all you people who keep repeating this non-sense need to go educate yourselves on what a Ponzi scheme actually is.

> No it doesn't; the key feature of a Ponzi scheme is intentional fraud on a phone investment that doesn't actually exit.

Assuming the description of this as being a loss that, however unintended when it first started occurring, was known, concealed, and papered over by using other funds, it was an intentional fraud from that point on a phony investment that doesn't actually exist.

> Bitcoin has nothing in common with a Ponzi scheme

That may be true about Bitcoin, but not about the scenario proposed upthread about what was going on at Mt. Gox. They aren't the same thing.

Again still wrong. Exchanges aren't investments; users aren't promised returns, they in fact expect that the chance of loss is high.

Just because fraud occurs does not a Ponzi make. Seriously, just stop repeating this complete nonsense. Ponzi schemes are very specific things and neither the Gox situation nor Bitcoin are Ponzi's in any way.

> Exchanges aren't investments; users aren't promised returns, they in fact expect that the chance of loss is high.

They expect the chance of trading losses is high, they don't expect that the loss of balances on account is high (in fact, they are generally promised that, except for specified transaction fees, such accounts will retain their value.)

There's a slight difference from what goes on in a traditional Ponzi scheme in that the former promises a positive return which is only met for as long as external funds come in to cover the returns (plus the funds being extracted by the fraudster) where the suggestion about Mt. Gox is that their Bitcoin accounts were promising a zero return, which could only be met for as long as external funds were coming in to cover the BTC being stolen. Which isn't strictly the same thing as a traditional Ponzi scheme, but is a very closely related form of fraud.

Note that I'm not saying this is what happened at Gox -- I have no way of knowing that. But what has been suggested is very much like a Ponzi scheme.

That's not a slight difference, that's a fundamental difference. Lacking a promise of a positive return and lacking a fake investment opportunity, no fraud can be classified as a Ponzi; it's simply fraud or theft. There's absolutely nothing Ponzi like about this Gox situation; nothing. Ponzi's require both of those elements, they are the definition of what a Ponzi is.

From Google:

Ponzi Scheme: a form of fraud in which belief in the success of a nonexistent enterprise (the definition) is fostered(i.e. the mechanism) by the payment of quick returns to the first investors from money invested by later investors.

Many valid things use the mechanism of new money paying out earlier investors; that alone is meaningless and not a defining trait of Ponzi's. All insurance also does this. A ponzi is literally "a form of fraud carried out by the belief in the success of a nonexistent enterprise"; that's it.

MtGox was usually advertising the highest exchange value for Bitcoins, and it most recently was advertising fire sale level exchange rates on Bitcoins.

Once they severely restricted/shut off withdrawals, they were no longer an "exchange". People were no longer investing in Bitcoins facilitated through an exchange, they were investing in the exchange allowing withdrawals and making good on the promised high Bitcoin to USD values or low USD to Bitcoin values. All the time they were telling people it was a technical problem and they would make good on transactions. Given how insolvent they were, this had probably been going on for a significant amount of time or they just never had intentions of making good. Allowing deposits to continue despite the issues they faced was unscrupulous, and I believe it was likely a way for them to try to collect capital to make good on the "top of the line" and "bottom of the barrel" exchange rates that they had promised their customers, which they simply could never fulfill.

Yes, fraud is likely, no one is disputing that. Fraud != Ponzi scheme.

MtGox was not a normal exchange. The MtGox Bitcoin was essentially a separate entity from a regular Bitcoin. The MtGox Bitcoin was offering higher than normal rates of return. This encouraged investors to pump in new capital, which was used to cover previous expenses MtGox had accrued. They then would pick and choose who they would allow to cashout at a high rate of return to keep the ruse going for an extended period of time, while making excuses to others. This worked until the Ponzi scheme imploded. I know you don't like that word for MtGox, but the fact that it may have been a legitimate exchange at one point does not prevent it from turning into a Ponzi scheme at a later date.

Perfect example of the mentality of a new investor at MtGox can be found on this reddit comment: http://www.reddit.com/r/Bitcoin/comments/1yw9vj/how_i_nearly...

I'll admit that not all the facts are known, and my conclusion above is essentially hypothetical based on the information known at this time. Perhaps when if we ever get access to internal communications within MtGox, we'll know the truth. Even pleading incompetence does not mean that the operators weren't unknowingly running a Ponzi scheme.

It does. . . but I think there's still plenty of room for Hanlon's Razor to remain in effect here.

Sufficiently advanced incompetence is indistinguishable from malice.

That is to say, at the end of the day, does it really matter if this happened because Karpeles is an idiot or because Karpeles was malicious? No, the end result is the same, and possessing and wielding that shear amount of idiocy is no more excusable than just being malicious.

There's really one spot where it matters: I think that when we fail to distinguish adequately between idiocy and malice, we begin to fall into the trap of seeing all catastrophes like this as malicious in hindsight, and consequently lull ourselves into assuming that any future catastrophes must also stem from malice.

The end result being, we hinge huge decisions on the question, "Do I think this person might actually try to hurt me?" without giving adequate attention to the question, "Does this person possess sufficient competence to reliably avoid hurting me by accident?"

Not just in finance. The issue seems to come up in health care quite a bit, too. Do you really want someone who doesn't fully grasp the germ theory of disease sticking sharp objects into you after previously having stuck them into someone else? The occasional outbreaks of hepatitis associated with acupuncture suggest this is a question we might want to spend more time thinking about. Instead, we tend to not get past worries (including legitimate ones) about whether or not Big [insert_big_thing_here] is trying to hurt us.

If they continued to take in deposits after they knew they were insolvent, it was a ponzi scheme.

Every ponzi operator dreams of earning themselves to solvency.

> If they continued to take in deposits after they knew they were insolvent, it was a ponzi scheme.

You clearly have no idea what a ponzi scheme actually is; educate yourself before making such foolish public statements.

I am pretty sure this sort of practice is illegal bitcoin or not.

> The loss of coins was unintentional on the behalf of MtGox.

Your evidence of that is...

In dubio pro reo.

only in a court of law.

honestly none of us really knows what happened behind the scenes. there's no indication it was a ponzi scheme. there's no indication it wasn't. what do you think really happened?

all I know is that an awful lot of people lost money.

I would say quite a bit more impressive as Madoff did the same thing that's been done hundreds of times before: take money and promise huge returns.

Here we have a company that took money and let the "investors" fight it out amongst themselves.

I don't think you understand what a Ponzi scheme is.

If MtGox actually had much none of the BTC they showed on their clients accounts, it was exactly that – a Ponzi scheme. Not sure if it changes the matter whether they did it intentionally or not.

No, that's a different type of fraud or downright incompetence. A Ponzi is when investors who are expecting positive returns are intentionally paid with other investors' money. That's not what happened here. Exchanges don't offer investments.

I'm sure it will happen again. And again. And again. And again.

The ponzi never dies because no one who participates every believes that _they_ are the one who's going to get screwed.

It might be more impressive than Bernie Madoff's when you consider it as a fraction of the BTC economy...about 10x more impressive.

How in the hell did these guys manage to screw this up so badly? Think about the tx fees they were raking in.

Maybe they didn't screw up. Maybe they just cashed out.

This doesn't fit even the loosest definition of "Ponzi scheme."

See my little rant, and I agree with you.

Hello, downsides of unregulated currency. Some of the rules are there for a reason.

Businesses fail all the time. Most startups fail. Should we have more startup regulation?

Failure is a normal part of the market. What's really scary are the businesses that are never allowed to fail.

There is a reason the SEC mandates you be an "accredited" investor with at least $200k income in the last 2 years or $1M in assets, excluding your house.

How many customers ("investors") would Mt. Gox have if that same regulation was applied to them?

This is totally different from an accredited investment.

People using Mt.Gox were not investing in Mt.Gox, they were investing in USD and BTC, and allowing Mt.Gox to hold it for them.

Correction, they were allowing Mt.Gox to claim they were holding it.

> This is totally different from an accredited investment.

Well obviously. And it turns out the regulations are different too!

The need for regulations is what we are discussing here.

Failure is OK. Your trading platform doesn't work out and you have to return the money to customers. Failure where all your customers' money disappears (to where?) is not OK and should not be allowed.

Bankruptcy courts exist for this reason.

No. Jails exist for this reason.

Except if you're rich, like HSBC banksters. No matter how many rules you set up, it'll never be fair.

You mean custodian banks. You can manage my money all you want, but in my own accounts at an institution backed by SIPC (http://www.sipc.org/)

Startups tend not to hold vast sums of money on behalf of their customers.

Yeeaaahh regulated companies that handle vast amounts of money for their customers never get into any trouble.

If you're talking about banks, they're insured and if the bank fails you still get your money back though.

They are insured in the US, but that's a relatively recent development. Before 1934, when your bank failed, you lost your money, which was why there were runs on banks during financial panics (1929, for example). But it is important to note that there is nothing special about a bank that makes it insured. You could set up a bank that is not FDIC insured. Maybe offer people a higher rate of interest the entice them to come. You can set up a brokerage that is not SIPC insured, too.

If MtGox were managing real money or stocks, and did what they are alleged to have done, I expect there would be some jail time. I doubt it's worth the Japanese government's time to criminally prosecute a few million dollars of new, unregulated currency-equivalent, but if they do prosecute, I'm guessing there is a serious risk of jail time here.

Something that happened in 1934 is a "relatively recent development"? Relative to dinosaurs, sure. Relative to the modern world? No.

You mean with that $25B that FDIC has to insure $10T of deposits? That insurance? http://www.occ.gov/topics/capital-markets/financial-markets/...

Depending on the nature of the risk, yes, that might be enough insurance.

Bank deposit insurance is fascinating: it largely exists to prevent bank runs, which are caused by people believing they won't get their money out. Having any insurance means that people have less reason to believe there's a chance they won't get paid back, which decreases the probability of a run on the bank, which decreases the risk associated with the insurance, which decreases the amount of insurance needed.

Firstly, your link says nothing about customer deposits, it's about bank derivative holdings. Which aren't insured by FDIC.

But, yes, because it's pretty unlikely that all banks will fail at once, it's not necessary for the FDIC to have on hand a sum matching all insured US bank deposits.

There are also limits on coverage. If you keep $1 million in your savings account, you won't get all of it if the bank goes under.

> Should we have more startup regulation?

Have you never heard of the SEC? There are all sorts of rules about what kinds of investors are allowed in a startup.

Yes, we absolutely should have regulation for startups that (claim to) replace banking infrastructure.

> Businesses fail all the time. Most startups fail. Should we have more startup regulation?

No, I want regulations for all other industries except my own. My industry is fine.

Except when the rules result in say, Weimar.

Because bad rules can exist doesn't mean all rules are bad. Just because bad can laws exist doesn't mean all laws are bad. libertarians can't seem to understand this.

Well, sure. It would be pretty idiotic to suggest that every rule ever thought up was a good idea.

no but there's a pretty bad track record of currency collapse. Diocletian. Confederate States of America. Weimar. Yugoslavia. Argentina. Zimbabwe. Venezuela.

Edit: Looking at my list, I should have listed one for every alphabet Letter, instead of going chronologically.

considering the time spans and number of countries, that's not actually that bad. Sure, there have been many other less famous examples, but the thing is that hyperinflation and currency collapse is actually quite rare. A lot of bitcoin boosters seemed to be under the impression that it was both inevitable and frequent. Also, this list is strongly correlated with catastrophic economic/political problems, as opposed to countries that were rolling along just fine until a sudden monetary-policy mistake.

well, small catastophes aggregate themselves in centralized economies. I'll strongly suggest you read this (which I linked to above):


Financial losses and windfalls / catastrophes happen far more frequently than you'd expect.

Also, my list is subject to dnautic's memory bias. Those are the names that I remember. There are certainly more. There is no currency in the history of the world that has lasted forever.

Plumbing my memory, I can add another: Brazil

The cruzeiro was replaced by the "cruzeiro real" literally "real cruzeiro", as a hack to recover from poor fiscal policy resulting in hyperinflation. The cruzeiro real was then replaced by the 'real'.

Imagine things getting so bad that the government decides to rebrand its old currency as 'fake'.

But that's another example of a currency collapsing as a result of external (political) pressures. This was something that Bitcoin did all by itself.

I don't think there is any meaningful dichotomy between "external" and "internal" anything with regard to a currency. If an "external" asteroid hits a country and destroys all the users of a given currency, it goes to zero, but that is a meaningful measure of the value of the "internal" exchanges that are going on as valued in that currency.

The failure of one exchange is not a currency collapse.

You could start with Assignats...

It sounds like you're saying that having rules (as opposed to having no rules) is a good idea, but only if there is some mechanism that makes good rules more likely than bad rules.

That mechanism is called "liberal democracy". It's been fairly effective so far.

I don't think it has been that great.

Well, look at the alternatives.

I have. I think there are better ones.

This is the very reason why Bitcoin needs to policed from a decentralized standpoint. I don't know much about the logistics of crypto-currencies but from my understanding there are public/private keys involved.

It should be possible that one can blacklist their own bitcoin address by using the private key. This way at least crooks cannot make off or use the stolen coins. Do any more technical Bitcoin fanatics have any thoughts about this?

First, it would be pretty disastrous being able to blacklist money after spending it (by giving it to someone else)

Second, AFAIK crooks need the private key to steal it, so wouldn't work anyway.

People usually don't refer to securing their own money as "blacklisting". Look into cold wallets, hardware wallets, and multisignature transactions.

Brings back memories of banking scams in EVE Online

How would any existing regulated system handle a similar situation to this? Or are you suggesting that bad things like this never happen in regulated systems?


So instead of the the people who knowingly took a risk in investing in a risky prospect suffering, taxpayers who took no such risks have to foot the bill instead? Great.

No no no, I meant a bailout by Saint Satoshi. He will return on the 13th day after the fall of Gox to reimburse all its users.

Bailouts, plus a regulatory apparatus making fraud and deception harder to get away with, plus criminal and civil liability for illegal financial activity.

But what's the state good for anyway?

By "civil liability," do you mean fining a company $10M for stealing $100B? And let's not pretend that bankers go to jail often.

I'd support if you mean "death by hanging in the public square" by criminal liability for illegal financial activity.

Make the corporation pay back every penny they got illegally, then hang the bastards high to set an example.

Yes because government currency is such a Utopia......

Where we're going, the rules will be written in software

I remember people getting angry whenever anyone pointed out that they were trusting a whole lot of their money to the Magic The Gathering Online Exchange.

And even now, that is not a valid criticism. There are many successful businesses who have started in fields only tangentially related to their final form. There will undoubtedly be many postmortems on what happened, but card trading will have very little impact on what happened.

I think the point is that a card game has nothing to do with a currency exchange and the same sort of skills you would need for one don't translate into another. We're talking about software we want to deal with a lot of people's money, the impact of a trading card game platform making a big mistake vs a currency exchange is much much different. I think the very real criticism is you might be willing to risk having a business that isn't necessarily super organized or secure deal with trading cards but not with your money.

The talent and quality I would want to hold each to are on completely different levels, and seeing someone pivot so frivolously from one to the other should really give you pause. A pivot rarely involves completely changing the type of business you're dealing with in the first place, the product might be completely different or the customers you're going after might change, but it usually is on some level related to what you started out doing. Because theoretically you're drawing on some experience or insight into the general sector you start a business in, not choosing something that you think might be cool but are not qualified to run or manage and potentially loose people (investors and consumers) a ton of money.

It would have been very very hard to suddenly realize you don't have 500,000 MtG cards. Even willful ignorance about inventory would have pointed out the problems pretty soon.

I really, really think this is a Silicon Valley bias. You all have had pivot! pivot! pivot! Nokia used to make tires! drilled into your heads to the point that the very idea of questioning whether a team is up to a challenge has been driven out.

"questioning whether a team is up to a challenge has been driven out."

Of course, I assume you personally are up to ANY challenge, but its other people who need not try... they're the ones not talented enough.

By your logic, if I aspire to be a doctor, I should let all men practice medicine upon me. After all, if I am up to the challenge, they surely must be.

It's not a criticism, it's a signal.

Sure it is. It was unlikely that they had real financial controls. I never would have trusted them with money, but thats just me. Everyone in finance knows if there is no custodian then well, you will not have your money for very long. The only real question is will people who withdrew money be subject to clawback...

Please read this (written by the owner):


There doesn't seem to be any information about trading cards at that link. If you are making the claim that they lacked the technical foundations to generate a major currency exchange, then I daresay you are correct. That does not necessarily follow from formerly being a trading card business.

Is it Magic the Gathering specifically that you object to? If they were in the Hanafuda card business would they have had a better chance in a more technical field.

If you are making the claim that they lacked the technical foundations to generate a major currency exchange, then I daresay you are correct.


Is it Magic the Gathering specifically that you object to?

Clearly not.

People are only pointing to the likely incompetence of someone who starts off writing a card exchange (unimportant) and switches to a currency exchange (important and hard), says 'PHP can do anything', and wants to rewrite Bitcoin clients, an SSH server, a DNS server, and mail servers in PHP and then use them in production. That is all.

Content is probably still hosted at kalyhost.com accessible via this SSH server written in PHP, probably with multiple vulnerabilities he doesn't know about.

> People are only pointing to the likely incompetence of someone who starts off writing a card exchange (unimportant) and switches to a currency exchange (important and hard), says 'PHP can do anything',

Mark Karpeles did not write Mtgox, Jed McCaleb (edonkey2000, Ripple) did. I've been emailing with McCaleb (see https://en.wikipedia.org/wiki/Talk:Mt.Gox#Possible_citogenes... ) and so far my best reconstruction of the early history of the mtgox.com domain name is as follows:

> In late 2006, programmer Jed McCaleb (eDonkey2000, Overnet, Ripple), thought of building a website for users of the _Magic The Gathering Online_ service to let them trade cards like stocks. In January 2007, he purchased the domain name 'mtgox.com', short for "'Magic The Gathering Online' eXchange"; sometime around late 2007, the service went live for around 3 months before McCaleb moved on to other projects. He reused the domain name in 2009 to advertise his card game _The Far Wilds_. In July 2010, he read about Bitcoin on Slashdot, and decided that the nascent Bitcoin community needed an exchange for trading Bitcoin & regular currencies; a week later, after writing an exchange website, he launched it while reusing the mtgox.com domain name. [etc etc]

Thanks for the correction on the origins. Since MagicalTux has run the site for most of its existence though as CEO and it seems developer too, I think the criticism of his methods stands.

See this scary record of a response to issues from 2011 as an example:

I'm adding some code to avoid this from happening, but nobody in their right mind would do that


Ah, now I get it. It's magic: now you see it, now you don't

Did anyone have a look at the (html) source? What does this comment mean?

<!-- put announce for mtgox acq here -->

Maybe mtgox has been acquired by another party?

It's gone now. Something odd I noticed, though: I was testing to see if going to https://www.mtgox.com/img/ would serve up a directory listing and, while it doesn't, it redirects to https://www.mtgox.com/data/mtgox_off/img/ and displays a 404.

If you request https://www.mtgox.com/foobar, it doesn't redirect but displays the same 404.

If you request https://www.mtgox.com/data/mtgox_off/img/mtgox_logo_mail.png, it loads the image, so that's definitely a valid directory, and the shorter version (https://www.mtgox.com/img/mtgox_logo_mail.png) is probably just being rewritten.

I wonder if there's anything accessible in the / or /data dirs.

Just noticed that as well; that's weird indeed. Would that mean we'd actually see it being acquired?

I think we're being trolled :)

I know little about Bitcoin (and its community) so please correct me where I'm wrong:

If MtGox can publish all stolen Bitcoin, would it make it impossible for whoever with them to use them? Although Bitcoin is not regulated, stealing them still violates laws right? And since everything is kept track by the entire Bitcoin network, whoever uses it can't keep anonymous.

Stealing them may or may not violate laws - I'm not aware of an explicit precedent for this kind of "virtual property", but courts tend to look at intent, so if people treat them as coins and you treated what you were doing as stealing them that probably counts.

Yes, the community could agree they won't accept the stolen coins. But for most bitcoin people the whole point is to avoid regulation. I mean, the primary use for bitcoin is buying drugs - if you start blacklisting coins that were stolen, why not also blacklist coins that were used to pay for drugs, which is also illegal?

The basic cycle of the bitcoin economy is: drug user buys bitcoins for cash from someone who has them (either a drug dealer or one of the early "miners"), user buys drugs from dealer with bitcoins, dealer sells bitcoins for cash.

Is the user (who's already breaking the law) going to refuse to buy stolen bitcoins? Maybe, but if they're cheaper I'll bet they'll find a buyer; is every user going to check the blockchain history?

Is the dealer, who again is already breaking the law, going to refuse payment in stolen bitcoins. Maybe, but that sets a bad precedent for themselves. Maybe they'll charge a higher price for those bitcoins. But I suspect most of them won't care.

There's Bitcoin laundering. https://en.bitcoin.it/wiki/Mixing_service

Interesting. Is it mathematically impossible to trace back to source (and intermediate nodes) or is it just harder?

Done correctly, mixing N together means a strict 1/N chance of getting the source correct, and being more certain is impossible.

Trivialized example: a friend and I split a single bitcoin each and send half to address A and half to address B, and we each control one address. Who owns A and who owns B? If A is used to buy something, am I the buyer or my friend? Since the private keys are generated offline, the fact that two sources sent to both A and B is all the information that exists. I've "tainted" both addresses, anyone can see that, but that's all.

But even when done correctly, odds are you still expose your identity through your use of the coins in the future. So you run through a random number of mixers, and then you behave extremely carefully, since there's some taint to everything and someone could be watching any of a billion addresses for signs of you (shipment to your house, for example). Given enough connections, you can get pretty reasonable probabilities and start forming deeper and more confident paths.

Aren't there mixing services that completely sever the connection to you?

i.e. Me and you both want to launder coins, so through this mixing service we essentially swap coins. Now my spends get traced to you and vice versa (obviously this works a lot better with more people involved)

I don't think that severs the connection to you; you are now connected to the service, and so is your friend, and therefore potentially to each other.

Not mathematically impossible just computationally infeasible, that is assuming a good implementation.

To be effective only tiny amounts of the 700k bitcoins would be able to be hidden

So Mt. Gox has defrauded its users of half a BILLION dollars in value.

And, they've put out enough misinformation that those users believe "it wuz a hax0r that did it". So no cops, no jail sentences.

I believe this will go down in history as the largest fraud ever committed.

If you've been following this closely and you aren't writing the book already, you're missing out.

>I believe this will go down in history as the largest fraud ever committed.

Madoff was estimated at ~$65b, the Enron settlement was $7.1b, Lehmen folded with $600b in assets, Comp-u-card overstated income and costed investors $14b, etc. etc.

Exactly. This is just warmup exercise compared to the pros.

We'll do better next time.

Sorry. I know the magnitude of Madoff's scam. I accidentally a word or two. What I wanted to write was something like, this would be the largest successful fraud (=no one goes to jail). Mt. Gox seems to have convinced everyone that "a hacker" took all the money, and now the insiders can retire to a non-extraditing country somewhere.

> What I wanted to write was something like, this would be the largest successful fraud (=no one goes to jail).

Why would no one go to jail?

Unregulated industry.

There is pretty much no place on the planet where any "industry" is so unregulated that depriving people of their property without consent, or by false pretenses, without special legal privilege, is not illegal.

The applicable laws aren't industry-specific regulations.

According to Wikipedia, that 65b figure is inflated. It's more likely the total amount was somewhere between 10 and 20 billion[1].

That's obviously still a ton of money.

[1] https://en.wikipedia.org/wiki/Bernard_Madoff

> I believe this will go down in history as the largest fraud ever committed.

Not even close. Madoff's fraud was in the tens of billions.

Please. That's not even the biggest fraud in my country (Portugal). In 1925 we had a group who printed 1% of our PIB in fake notes. Just in the 21th century, the state spent 12 billion dollars to bail out the creditors of a bank that was essentially a fraud machine.

Mt.Gox is peanuts.

You're forgetting the 3 trillion the US government stole from its citizens and gave to the banks.

TARP was only about 250 billion and it's been repaid with interest. It was neither stolen nor given.

If you're including various stabilization programs the Fed put into place, that money was neither stolen nor given either. It was created using sovereign authority that is granted to the Federal Reserve by law.

The citizens of the US would be immensely poorer today if the world financial system had collapsed into a second Great Depression.

Economics is supposed to be a morality play. Except when it comes to Bitcoin.

>The citizens of the US would be immensely poorer today if the world financial system had collapsed into a second Great Depression.

If the only alternative to bailing out the banks was sitting on our hands, then yes. That's like arguing that if the fire department hadn't put the house fire out with Gatorade, the entire block would have burned.

>If you're including various stabilization programs the Fed put into place, that money was neither stolen nor given either.

Loans with below market-rate interest are giveaways. If you don't believe me, just loan me two trillion at 1% for five years. Or rather, just buy two trillion worth of treasuries for me, and send me the interest in excess of 1%.

I agree there were better options than TARP and its related programs to deal with the financial crisis.

I just don't think it's accurate to characterize the bailouts as theft (or "rape", as has another commenter), and I don't think inaction (and the subsequent collapse of the financial system) was an acceptable option considering the massive pain and privation it would have caused.

And then paid it back with interest

But not market rate interest, which was about infinity for the banks that accepted loans, because they were completely insolvent. And do we get to include the spread between the actual worth of all of those shit bonds we have been purchasing from them and the par prices we have been paying?

Wasn't that 9 trillion?

Its too early to say how this will go down in the end for Bitcoin (lawsuits, public policy, pricing, etc), but it certainly is a dark mark. Somewhere between management woes, terrible communication and technical ineptitude will make this a case study for the future for what not to do on all fronts.

All businesses have risk, but it would appear they took an amazing opportunity and squandered it entirely. To be at the forefront of an opportunity like this, and then to screw it up royally for yourself, your users and the community at large is simply tragic.

Much failure. Very wow.

They serve some obfuscated JavaScript if you don't have a cookie:

      <title>MtGox.com loading</title>
      <p>Please wait...</p>
          function xdec(data) {
              var o = "rnBEt3XYIimD807pKGVwMLgbTFQWflO1CHv4eAR6Uc5odsNa_x9qy2ukJZ-jzPSh=";
              var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
                  ac = 0,
                  dec = "",
                  tmp_arr = [];
              if (!data) {
                  return data
              data += '';
              do {
                  h1 = o.indexOf(data.charAt(i++));
                  h2 = o.indexOf(data.charAt(i++));
                  h3 = o.indexOf(data.charAt(i++));
                  h4 = o.indexOf(data.charAt(i++));
                  bits = h1 << 18 | h2 << 12 | h3 << 6 | h4;
                  o1 = bits >> 16 & 0xff;
                  o2 = bits >> 8 & 0xff;
                  o3 = bits & 0xff;
                  if (h3 == 64) {
                      tmp_arr[ac++] = String.fromCharCode(o1)
                  } else if (h4 == 64) {
                      tmp_arr[ac++] = String.fromCharCode(o1, o2)
                  } else {
                      tmp_arr[ac++] = String.fromCharCode(o1, o2, o3)
              } while (i < data.length);
              dec = tmp_arr.join('');
              return dec
          document.cookie = xdec('0X8_0wFvF4iv0q898gGR8Ee9FRMJT4neFRGe840e8qrPKuxaOXA6Wef').replace(String.fromCharCode(0), '').split('').reverse().join('');
          location.href = '/';

Its from prolexic, their anti-ddos service. Its checking to make sure you are a legit user.

That JS sets this cookie:

Almost certainly an md5 hash given the length. No idea what the significance is, though.


I've been staring at too much code today... what the hell does that likely do?

The "lazy route" when dealing with obfuscated Javascript is to replace final calls with `console.log`. Often it'll be `eval` you want to replace, but here you just remove the document.cookie assignment and log the rvalue.

Saw a "?=dead", on the url, but when I refresh it's gone...

Appending a random query argument is just a technique to skirt HN's duplicate-post prevention.

So MtGox is basically confirming, that some online criminals have accumulated at least 6% of total Bitcoin market capital?

Not to count the drug dealers, cryptolockers, etc. The banksters are bad, but this kind of stuff isn't good for wider adoption. "Hey, invest in bitcoin and watch how the deflation will boost your friendly local crime empire!"

Questions I have now:

1) How likely is a cascade of bank runs on other exchanges?

2) Do other exchanges have security issues or insolvency that make them particularly vulnerable?

3) Will one of the other cryptocurrencies wax as confidence in BTC wanes?

1) unlikely, since cascading bank runs are usually a result of fractional reserve banking. Depositors in a collapsed bank are unable to pay off loans in another bank, causing collateral damage to this other bank.

2) do other exchanges have security issues? Yes. Are they vulnerable? Only time will tell. I would take Mandelbrot's modeling of insurers (banks are "insurers" of sorts) in "the (Mis)behaviour of markets[0]" to heed: Collapses are levy-distributed with fat tails (infinite variance) so they will happen more frequently than you think, especially if you are operating with a model that uses the normal distribution. Best practice is to diversify.

3) I doubt it. ADDENDUM: But in a rational world this incident (might take a bit of time for the market to realize this) should actually INCREASE confidence in BTC, since a large, irresponsible player was knocked out, and the rest of the players on the field have a net higher level of responsibility (for now).


(I'm linking it via overstock so you can buy it with BTC - which is, hilariously, what I did)

Bitcoin exchanges will have a run - they resemble fractional reserve banking, because all exchanges dont have enough USD (or other currency) to cover every bitcoin that people might want to trade thru the exchanges (that could be every single bitcoin in existence).

This obviously results in the crash of the exchange rates, and probably a reduction in the usage of the currency as well. Getting paid in something that has little use of it's own doesn't help you.

Now, on #3, you said "in a rational world"... But this isn't a rational world, so the rest of this sentence doesn't apply.

The reality is like loss of confidence is very powerful, and it could, as the document noted, destroy BTC for the near and possibly medium term.

I thought that the bids/asks were all from individual people

Unless the exchange is taking btc/money from users and investing it somewhere then every btc/$ should be totally within the system, yes?

so you can either withdraw your btc or your $ as the case may be.

That's the problem with mtgox - there was a divorce of BTC and mtgoxBTC account values, and that divergence, due to poor accounting/theft/whatever ultimately lead to a situation where mtgox is now acting like a fractional reserve bank.

In theory everything at mtgox is fine, UNLESS everyone want their real BTC back now, aka bank run. As long as people just trade between mtgoxBTC or only withdraw in reasonable amounts, it might be ok.

But that won't happen, because of the expectation of full BTC convertibility, people are freaking out and wont cease to freak out.

There are so many parallels between the gold-backed currency and bank runs in that era. Just rumors, or facts of insolvency and inability to produce either specie or gold for deposit values could drive a run and that would be that.

All that annoying bank regulation is there for a reason. It's a good thing we don't have bank runs anymore. Right? RIGHT?

1) agreed, but that run doesn't necessarily cascade to another exchange. If the value of btc collapses and people make a run on it, those other exchanges will likely be able to cover the bid/ask spread in any case because by and large they are merely mediating exchanges of $/btc that other people are holding.

3) the 'rational world' was meant to apply to the rate at which bitcoin recovers. In a rational world it would be instantaneous, we're not. It's certainly possible that bitcoin will go to zero as a result of this, but I treat that as a separate case. If you think that bitcoin will survive in the medium-term, my point is the resulting value should be higher than before Mt Gox. In a 'rational world' everyone would figure this out tomorrow, for certain values of irrationality it takes longer for this to suss out, and for extreme values, it goes to zero too fast.

An exchange shouldn't be able to have a run, unless their assets are less than their deposits. They don't give you BTC or USD at the spot price. You buy the one you want from another person, and then you withdraw it from the exchange.

Bitcoin and USD are not the same thing. Bitcoin exchanges need to have enough BTC to cover any accounts in BTC. They only need to have USD if they also have accounts in USD, which I suspect they don't.

If nobody wants to exchange your BTC for USD, then the value of the coin collapses, but not the exchange.

> Bitcoin and USD are not the same thing. Bitcoin exchanges need to have enough BTC to cover any accounts in BTC. They only need to have USD if they also have accounts in USD, which I suspect they don't.

If they are going to function effectively as exchanges where BTC can be traded for dollars (which necessarily implies trading dollars for bitcoins), they have to maintain both BTC and USD denominated accounts (which is why, indepedently of the treatment of BTC under applicable laws, they generally are subject to whatever the local equivalent of money service/trasnmitter laws are, because they have to maintain and distribute funds from fiat currency accounts.)

1) A "bank run" on an exchange should be a non event because all exchanges should have the money they claim to have.

2) I'm skeptical of any exchange I don't know a lot about

3) Is there another cryptocurrency that offers significant additional features over BTC? Right now I don't see it. In the future there is certain to be.

Tomorrow Mt Gox's failure should hit the mainstream press. There should be very harsh coverage and panic selling. The more speculators who are cleared out of the system, the better.

> 3) Is there another cryptocurrency that offers significant additional features over BTC? Right now I don't see it. In the future there is certain to be.

I think doge offers more future liquidity (because they're allowing inflation) and a more user-friendly community. Is that enough to matter? I don't know.

I think what you listed is marketing fluff.

Things I am looking out for:

a) Contributes some sort of additional benefit on the part of the computations being performed, e.g. seti@home b) Backed by a physical medium such as gold c) Very anonymous as opposed to public

I think the future will involve many different crypto currencies. There could be compelling business reasons for a company to issue their own currencies.

For example, lets presume there is a cloud AI brain. You can send inquiries to this brain for complex questions you have. This AI is composed of the miners. Like BTC you either can purchase to "AI Coins" or mine them.

In this respect the crypto currency could create its own self-sustaining entity with a real value. Yet it would not really owned by anyone. If the currency got too expensive, at some point you could have a competitor and the prices would balance out.

Speculators can fuck themselves, in the literal sense. For example, the dot com/domain name market had a handful of people buy up most of the good generic domain names. They parked them and earned pay per click revenue from Google and Yahoo. Google realized how much traffic was coming from "direct navigation" and basically put an end to type in domain traffic (and arguably consumers were trained to go elsewhere.) Had these domain names been developed in to good businesses rather than sat on, we would actually expect to see a good web site behind (insert keyword).com. When Google started hijacking the browser there would have been many more complainers.

BTC and other crypto-currencies right now have an outsized proportion of speculators verses those who are actually doing things. When prices rise, you get rich just by buying. Why devote any of your work to anything other than buying?

Right now the best thing that can happen for BTC and crypto-currency is for people to build software that uses it and actually works. Marketing is just painting the same thing over in a new color.

Please stop spamming your copycoin. Doge offers nothing new other than the picture of a dog. If you think more coins is better (whatever that means, for an infinitely divisible currency), you might as well just used Infinitecoin or whatever.

Nice, anyone who disagrees with you is a spammer? (And it's not "mine"; I'm not involved with or holding any cryptocoin)

It's not about the number of coins, it's about how the number changes over time. I think bitcoin's regressive, pyramidal exponential decay is a very bad thing. I'm much more willing to support a currency that has e.g. a constant mining reward/year. Doge is the only one I'm aware of that departs from the bitcoin model.

> Doge is the only one I'm aware of that departs from the bitcoin model.

It's not. Maybe you should try to get informed a bit before sharing your opinions based on whatever meme you saw on reddit.

Maybe try and add something to the conversation or educate him instead of trying to show how big your dick is because you shit on reddit/dogecoin.

Maybe you should try making a positive contribution rather than just throwing insults? If there are other altcoins offering better production models, what are they? (Not that it matters when none of them have the popularity of doge)

What for me is the worst is that Mark Karpeles just rips his fucking site off the net, deletes the twitter feed and gives NO GODDAMN PUBLIC RESPONSE about any of this shit.

Regardless of who's at fault, what went wrong, etc. just some simple communication would be appreciated.

I seriously hope he's sleeping with one eye open. He sure as shit deserves everything that's coming to him right now. Good fucking luck if you make it out alive.

OP here.

<Shameless Promo> http://www.meetup.com/Bitcoin-Engineers/

This is a meetup group I created. We had our first meeting last friday. Would love to have another one this Friday - will hold it at a casual restaurant/bar on campus at Stanford.

(Disclosure - although I'm a cofounder of the Stanford Bitcoin Group this group is by me and NOT the SBG).

</Shameless Promo>

So the OP is down, but if black hats truly made away with 700k BTC, they control some 700000/12440000 = 5.6% of existing bitcoins. If that's the case, is the original bitcoin blockchain really worth continuing?

At this point, the timeline of events greatly suggests that Mt. Gox's initial announcement of withdrawal freezing was the point at which they were officially dead. If the insolvency document is true, over 700,000 bitcoin was stolen, due to a bug in their cold storage (likely, it wasn't truly cold, but automated filling a hot wallet).

In the last two weeks, they were probably attempting to see if there was any way to reverse or mitigate the damage. This is the point at which they have determined that there is no 'out.' They have no where near the amount of bitcoin required to even service withdrawals.

Edit: http://support.mtgox.com/ now shows that their Zendesk account has been terminated (a new account can be registered at that address).

> Edit: http://support.mtgox.com/ now shows that their Zendesk account has been terminated (a new account can be registered at that address).

Reregistering that Zendesk account alone has to be worth something amusing =)

It may not be a hoax, but it is definitely wishful thinking.

Did I just loose all my coins I had with them?

Yes, but in return you are learning a valuable lesson, which is that "loose" spells the word that means the opposite of tight and the word you were looking for is "lose", which is the opposite of win or gain.

I'm impressed, how did you manage to understand what he meant?

Your coins were gone months or even a year or two ago. You are just realizing it now. MtGox didn't realize they were missing either, until rather recently.

That's what they say. How can you still trust what they said?there is 0 proof there was a bug.

Yes, they seem to be gone, but the leaked document [0] shows that major stakeholders plan to inject coins back in to cover losses, and to run the new Gox.com so that it's profits go to stakeholders with losses.

The "Strategy Timeline" page says "50% covered", which sounds to me like the other big exchanges think that between bailout and arbitrage they can cover that amount initially, and hopefully earn the rest back over time. I could definitely be misreading the document. Take a look yourself. And of course, the best laid plans often go awry....

Sorry, by the way. That sucks big time.

[0] http://www.scribd.com/doc/209050732/MtGox-Situation-Crisis-S...

You never had them at all; you had an account -- a promise that they would deliver coins to you had a later date.

Now, you just have more reason to suspect that promise will never be fulfilled.


How this plays out will be very interesting. Sure, I've studied bank runs, and currency events in school, but to actually see it as it happens...I hope economists are paying attention, there could be some awesome research coming out of this whole event!

First time I visited mtgox.com was a few hours ago. Still have it open in my browser.

For the nostalgic: http://imgur.com/a/qok0O

"Trade with confidence"

... yeah, right.

They have a padlock on their screen. What more do you want?

So...now that mt.gox is dead, does this mean mt gox employees are free from any non-disclosure agreements and can talk freely about what the hell happened?

Insider info would be greatly appreciated.

If i was a Mt Gox employee,I would go into hiding and keep quiet instead of going public, all sort of people have invested into Gox including the kind of people you dont want to mess with.

But on the plus side, many of those people no longer have the Silk Road and large supplies of Bitcoin available for "services."

It's probably more likely that many employees were oblivious to the insolvency. As long as everyone's accounts were "credited" as they should, regardless of the soundness of their cold storage accounts, it would appear as though everything was fine.

See: http://www.reddit.com/r/Bitcoin/comments/1ysaz2/sarahcoinbit...

The kind of people that (unlike mafia or the police) don't need physical proximity to make your life a nightmare...

Here's someone who claims to be an employee commenting on the reddit thread for this news article: http://www.reddit.com/user/SarahCoinBit/comments/

That's not how NDAs work.

Perhaps in theory the agreement is still meant to be honoured, but in practice if the agreement was with an organization that no longer exists (0 employees), who would initiate legal action to enforce the NDA? I have no experience in this area, but can't see how the NDA could be enforced by a dead organization.

organization is not a living being. it does not "die" like that, and any damages which it might have to pay, it might reduce by suing NDA violators. why not?

At this stage, sure. But unless MtGox gets revived, what about in 2 years from now? It doesn't seem likely unless the NDA is one of the assets they sell.

by that time i guess nobody would care if the NDA is violated..

Not legally... but who would sue?

The website and the company are not the same thing.

They are both dead. See the statements.

Uh, it doesn't work that way.

A competitor does not get to put out a statement and declare a company dead. That's laughable.

The company itself can't even do that, it needs to unwind positions first at a minimum. It can take years to shut down a "dead" company, and until then all NDA's and contracts remain valid (although potentially unenforceable).

To me this demonstrates how powerful first mover advantage can be. Gox was showing cracks in the hull (actually more like gaping holes) for months and months. People have been repeatedly warned not to touch Gox with their funds. Other, more professional (so far) exchanges popped up. Yet people very much still used Gox. Were they ignorant, lazy, or stupid? I wish everyone who lost could get their money back, but it's really hard to have sympathy here.

Wow just watched this video of Kolin Burges from London who flew to Tokyo to find out, face to face, if he could withdraw his Bitcoins from Mt Gox. He makes an accurate prediction at the end, but this totally sucks for BTC. I was pretty optimistic about the future of it, but this is a pretty big speed bump.


I do believe Mark Karpelès' LinkedIn Summary is due for an update:

"... I have a long experience in company creation, and experienced almost any imaginable kind of trouble. Now is the time to create something that will be solid enough to handle any situation, anytime."

So, who the other day said they would be buying if BTC felt bellow 500$?

Now seems to be the time if they still believe that arbitrary value still makes sense.

I planned to and actually tried today, but... https://news.ycombinator.com/item?id=7294217

Coinbase.com ran out of coins to sell. I gotta wait until Friday and hope the price is still sub 500.

EDIT: Whoa! Coinbase.com allowed me do it just now! http://i.imgur.com/VKvNRhN.png ...I hope this actually works.

that would be me, maybe?


Note the date on this... 79 days ago the price of BTC was in the 1.0k range.

I'm with you. In fact I've been buying some in the 500-550 range, and looking forward to the upcoming drop this week.

It wouldn't surprise me it reaches the 350-400 level, when Gox announces it is officially dead.

I see he was not alone!

But it was more likely in the past 10 days or so... :)

What's an "autodraw" by the way?

coinbase has a feature where you can set up recurring draws.

Everyone on this thread is being way too nice about this guy. He deserves to go to jail for a very long time. He knowingly took money from people even after problems were discovered, and said nothing about it. And after the implosion he has still not fessed up to the truth! He deserves what he gets. I'm sure a movie will be made about this debacle st some stage in the future, but this chap doesn't get to become a motivational speaker in the end.

Note the comment in the source code which just appeared:

<!-- put announce for mtgox acq here -->

Slight drop over the last few hours http://bitcoinwisdom.com/

I'm curious if this will create a run on bitcoin or not? All of the funds from MtGox have in theory already been lost. There may be some fear that other networks will follow, but it may be rational that the price would remain level as one failed bank does not equal a failed currency.

Almost certainly we will get a short term drop, but I'm optimistic that cheap coins combined with lots of media attention will lead us to the great Bitcoin bubble of 2014.

until people figure out that permanently lost coins are deflationary...

the coins were not lost, but stolen through the transaction malleability bug

good point.

BTW, why all this "you lost your coins" talk? if you have valid, in any way documented claims against MtGox, you should be able to sue and get some form of compensation... unfortunately, the unregulated nature of Bitcoin, the fact that the company might not have any property... ah, forget it.

edit - basically, MtGox lost money. for it's users, there might be a chance to get something back.

In the page source:

<!-- put announce for mtgox acq here -->

Have anyone started analyzing the blockchain for these suspicious 'leaks' out of Gox? This might be one of the addresses: https://blockchain.info/address/1Drt3c8pSdrkyjuBiwVcSSixZwQt...

You can see that over the past months there has been tons of large transfers out to addresses (https://blockchain.info/address/1pnHxHzRQ1uE4rH9KtxYKhVDic2S...) that end up splitting up into tons of small addresses, all of which has never spent a dime. From the look of it, it seems that a huge part of the total 782,558 BTC going through the address has ended up in tiny addresses which has never spent any part of it. Are there any other plausible owners of such an account?

On the other thread there was some information suggesting this might be an internal account used by another exchange.

I'm sorry but the vast majority of PHP programmers are not equipped to handle running a goddamn main exchange.

  $ curl -I https://www.mtgox.com
  HTTP/1.1 503 Service Unavailable
  Server: AkamaiGHost
  Mime-Version: 1.0
  Content-Type: text/html
  Content-Length: 176
  Expires: Tue, 25 Feb 2014 03:38:10 GMT
  Date: Tue, 25 Feb 2014 03:38:10 GMT
  Connection: keep-alive

If they took money from depositors after they knew they were insolvent they probably broke the law.

I wonder what this comment in the source means <!-- put announce for mtgox acq here --> ?

Probably just a way to start a rumor that acquisition will take place.

The tendency of institutions to deny, cover up and conceal systems exploitation is one of the major failing of contemporary culture.

This is how we lied ourselves into thinking that the iOS SSL stack was trustworthy and it applies equally to the Mt. Gox situation.

This is still better than a government bailout.

Hmm? We got all the money back from government bailout. Here, you lose all the money.

Ok, at the risk of sounding completely naive...

I've been following this story for a while, and it seems that no one can say for sure if this is embezzlement or gross incompetence. Based on leaked memos it seems to be most people are learning towards the latter, but I'm curious if there's any evidence either way.

Based on the claimed transparency of Bitcoin, I would have expected embezzlement on this scale to have been noticed earlier, or at the very least have people be able to follow the Bitcoin trail to determine what is actually happening.

Am I wrong or just missing something?

How do we know that the mgmt hasn't run away with a whole load of coin? They may really have lost a lot; they may really not be able to continue; but how do we know that they lost everything?


dark side of the moon

<html> <head> <title>MtGox.com</title> </head> <body> <!-- put announce for mtgox acq here --> </body> </html>

They still have my 6 BTC. Oh well, it didn't really cost me anything to get those coins, and it taught me a valuable lesson about trusting a system with no customer protections.

My understanding is that if a majority of the miners agree, certain reversals can be made to the Bitcoin economy. Is this a situation which would benefit from such a reversal?

All the transactions that go to mtgox are spread out over blocks that go back for years. It's only useful to reverse the most recent block(s). This is because blocks are made up of transactions. You can't just cherrypick them out, and each block needs the previous unchanged.

You might get some more details from this http://www.reddit.com/r/Bitcoin/comments/1a51xx/. It descries a fork in the blockchain that occured a while ago.

You guys have any idea on how to proceed if you (allegedly) have a few BTC and USD there?

Yeah yeah I know, I read HN often but obviously I missed the "Stay away from Gox" posts :(

Contact a lawyer that knows something about Japan maybe? I'd say you are fucked.

I agree with your take on the situation ;)

Thing is that a lawyer might be throwing good money after bad, it's just ~3k and who knows, maybe the fiat claims (~50% of the 3k) are worth something (though I doubt it).

Frankly I am surprised so many people in this community were so incredibly stupid and blind about Gox. Months and months ago when I was deciding to get into BTC I researched the exchanges and people were complaining about difficulties withdrawing from Gox. I just had this instinctive feeling that it was a big red flag and I would rather deal with a regulated albeit slow broker (Coinbase) where I can actually get my money back.

Hmm... It seems I was wrong.

Well, damn. Oh well.

I read a few of your other posts about BTC and your investment. Kudos on the honest reporting of your motivations and hopes regarding BTC - it was interesting to read them, whatever you think of Bitcoin.

This is the best way to take this sort of loss, and hopefully when you think of it over the long-term you have not lost a significant amount of money. At this point it's better to write off the loss as a lesson learned and move on with other things.

So do you still have all your savings in BTC?

I'm sorry this didn't work out. I want to hope that they'll at least try to pay people back, but I can't bring myself to believe there's any funds to fill what they've lost.

In the comments there are some examples of large losses due to technical or software failures:

- Knight Capital Group - Mizuho Securities - HyperVM

Anyone knows more cases?


And there's a new statement on the website:

Dear MtGox Customers,

In the event of recent news reports and the potential repercussions on MtGox's operations and the market, a decision was taken to close all transactions for the time being in order to protect the site and our users. We will be closely monitoring the situation and will react accordingly.

Best regards, MtGox Team

What does that even mean?

There is not one single oficial statement saying what they will do from now on. To me, this delay means just one thing, they screwed big time and have zero good news.

"We will be closely monitoring the situation and will react accordingly."

No doubt written from an undisclosed beach.

If 700,000 BTC were really stolen over a long term, the people running mtgox must be complete idiots. How hard is it to occasionally add up the amount in the wallet and compare to the customer DB balances?

You would think this would be done hourly (if not, at least daily) as part of sanity check / auditing process.

I bet they did occasionally check. And leaving it at, "Hm, that's weird. Oh well!" was where it went from problem to disaster.

So I guess the transfer out I initiated 3 weeks ago is also lost then. You live you learn I guess !

Why would they pull the site down?

Hide as much information as possible to avoid class action lawsuits?

Seems to make a lawsuit even more likely. Evidence of something to hide?

Most links are still valid, like this one for their (last?) announcement:


The excellent "Blame it on Mt.Gox" music video from last spring seems rather topical again:


So there is alot of talk about coins being lost. I converted all my coins to litecoin a while ago, but I think I had some yen in my account. What is the likely hood of me getting that back.

"The time to buy is when there's blood in the streets."

"It's always darkest just before it goes pitch black."

The big questions now, what does this mean for BTC prices and which exchanges can still be trusted? Perhaps a good time to invest after the inevitable collapse tomorrow.

You are not suppose to trust any exchange to large sums of coins. You buy, you transfer out immediately.

They will go down. None of them.

Could this be the largest documented heist of BTC in history?

Maybe so, but the race is long.

Last time I've lost coins with exchange (bitomat.pl) MtGox stepped in and covered the losses in full. I wonder if anyone will save my bitcoins now.

Will anyone be able to get their bitcoins from MtGox?

They said the bitcoins were safe. What changed? Will they be transferred eventually? What are the chances?

Gox coins are gone,along with all the customer fiat.

What do you mean gone? What happened to the hard drives with the wallet numbers and private keys? How hard is it to transfer them via the blockchain transactions to their owners?

Let me put this clearly : Gox customers were robbed,either by Gox itself or by a third party. There is no "transfer to the owners".

> What happened to the hard drives with the wallet numbers and private keys?

The hard drives are still there, but the wallets are empty. The coins were stolen.

Are you sure? I haven't heard of any coins being stolen. MtGox said the coins were safe and they just had trouble transferring them because of their client and malleable transactions!

Malleable transactions don't make it harder to transfer coins, they make it easier.

This kind of reminds me of the Diablo 1 duping scheme, well at least my layman understanding of the duping flaw.

Bitcoin is just a game, nobody was hurt.

so, in time, bitcoin exchanges will become regulated. and in some more time, the irony might dawn on the libertarians.

but on a serious note, growing pains, i guess. i am sorry for people who lost their money.

On the bright side, we have a new term for getting screwed: goxxed.

And you can get both goxxed and doxxed.

In a strange way, I feel this merits the HN black bar treatment if only because of its historical import.

What is the "black bar" treatment

When someone prominent in the hacking community dies HN puts a black bar at the top of the page as a memorial.

It's not appropriate here. A human life and money are not comparable no matter how much money.

Thank you for the sanity check, seriously.

this isn't true, it is worth about 7 millions (http://en.wikipedia.org/wiki/Value_of_life)

So if we can raise $7m we can kill you?

Seriously, the accounting fictions used for various economic analyses don't directly apply in the real world.

Actually, they do - courts award damages for loss of life all the time, and calculating such economic loss is a basic skill of practicing tort law. A person's life is almost always infinitely valuable to the individual in question, but for everyone else it's surprisingly calculable. A gloomy business, but a necessary one all the same -life still goes on for the survivors, and at some point accountings are made and people move on.

Sorry, but that is not what I'd include in the real world, not in the sense that is relevant to this thread. Economic loss is not the only kind of loss.

Which is why this $500m loss is not the same as 71.43 deaths, even if that many deaths might result in a $500m settlement.

One thing that's important to note is that it's not a reversible calculation. You can't pay 7 million to buy someone or have them killed legally or something like that because that's the "going rate".

>>It's not appropriate here. A human life and money are not comparable no matter how much money.

Oh, Just wait a few days... =/

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact