It's really easy in all of this to pile a bunch of hatred on Mark Karpeles, but please, everybody remember that he is a human being, with real human emotions, and that those things really do hurt.
MtGox was (past tense is probably appropriate here, but for the sake of anybody who had coins there, I hope not) a startup that failed spectacularly, and publicly, and took a TON of peoples' money with it.
The transaction malleability thing was poor programming on the part of gox. Remember that we have ALL fucked up at some point, just luckily for most of us, "fucking up" doesn't mean losing than much of other peoples' money.
Mark, I doubt you read hacker news, but if you do: it's alright, dude. You bastard.
Most people who've been around bitcointalk and bitcoin-otc know not to use MtGox since circa 2011 when their stunning incompetence was at it's height. Sadly there were plenty of media shill articles when Btc skyrocketed to $1,000 last year who were promoting them as the "Biggest Bitcoin exchange" without pointing people to relevant bitcointalk threads on what a nightmare that site has been over the years.
I clicked through and thought you were being too harsh. I mean, it can be fun to make toy implementations of things as an exercise. Doing an SSH server in PHP would be entertaining if you liked PHP. You'd learn something.
And then I read that his hacked-together-in-3-days ssh server was for use in production. In a hosting service.
This is so very true, OpenSSH is probably one of the most secure pieces of software around. It has extremely high value to attackers, yet has had extremely few remote security holes in its lifetime.
They've invested years and many talented people in developing such a piece of software.
If you want to write your own ssh server in php, you should probably consider your motivation and how you can re-use their code or operate through it instead if your purpose if anything other than experimentation.
> And then I read that his hacked-together-in-3-days ssh server was for use in production. In a hosting service.
That sounds like a brilliant technical guy, capable of running with a daft idea to completion (unlike me, with my collection of at-best-half-built personal projects), who should have some layers of protection between him and Real World Production...
Inexperienced (young) programmers don't know what's been tried, and what's available. I've been dealing with this a lot at work recently, where we ended up doing poor reimplementations of off-the-shelf stuff due to a mix of ignorance, and honestly, a bit of hubris.
It's a good attitude to have in academia/non-production critical work, but the GP is right, production demands a more conservative approach, especially when money/safety is at stake.
The type of ignorance Joel writes about (see parent) is different, it's more like "slavishly following design patterns" and "writing copy-and-pasted, improperly factored code". Both are ignorance, but the first is better called "NIH", whereas Joel's is, "writing bad code".
Yeah, I'm still trying to figure all that out myself.
There was some allusion to needing some kind of database backend for the SSH server, but there are multiple solutions for that now (like LDAP).
I'd love to have this guy work for me in a junior role (because he can really crank out the code), but all his work would need to be reviewed, and I wouldn't want him to be making architectural decisions on his own.
I can tell you absolutely, without question, that when it comes to security and people's funds, there is nothing courageous about a hacked MVP in production. There's a difference between someone's to-do app one weekend, and this case. If you are handling people's money directly or indirectly, you need to care about that and take it seriously. Or don't ship.
Well when mtgox started off btc was play money, it was always play money until perhaps 12 months ago when it became serious money. And I base play and serious on the value, at $10 a coin it was still fun, at $100 a coin I had to seriously consider how much I should keep on my phone or any other single place.
Putting on my Lean Startup hat for a sec, I would even say that the M could allow for losing money. If it's early on and your customers are all in the 2 1/2% of innovators, they will put up with a little of that. Certainly if you make them whole, but probably even without.
That said, "flawless accounting" would be very high up on my feature list. I think the failure here isn't launching without perfection; it's operating at scale without perfection.
I've been wondering whether the "M" in "MVP" is for minimum quality, or minimum feature scope.
I think minimum feature scope doesn't necessitate poor-quality software, just solutions that don't do everything for everybody. It's much better to ship a small feature set with very high quality, IMO, than a big feature set with low quality.
In the Lean Startup sense, the M is about minimum effort, and the V is about viability with customers. You're basically playing Battleship trying to discover where those two Venn circles overlap.
Different aspects of quality map to both those circles. There's build quality, which relates to the sustainability of the code base. There, you have to consider both short- and long-term quality. 
There's also quality as users perceive it. That varies widely by domain by market, and by how far you are along the adopter curve.
My general answer is the same as yours: minimal features with highly sustainable code. But for experiments, I think you can get away with terrible code as long as you a) throw it away quickly, and b) you are on it so even if you have a bad MTBF, your MTTR is really good.
I also think that you can tactically discard certain kinds of user-side quality. E.g., if I'm making a product for early-adopter financial traders, I'm not going to worry about quality of visual design, and I might inflict hard-to-learn interfaces on them. But I'd be rigorous about accounting and about UI issues that might lead to mistaken trades.
One way to look at ordering features in early products is as risk reduction.
One of the biggest risks is, "nobody gives a fuck", which is why MVPs are so valuable. It lets you test market hypotheses.
But if you're building something handling real money, then a pretty obvious risk is, "The system will lose money beyond our capacity to absorb losses." Their failure to address that risk here is at best negligence.
But given the size of the loss, I don't think we should rule out fraud. The interesting question is, "When did they know they had a problem?" Sometimes shitty accounting systems are just naiveté. But when they persist over a long period of time in a way that just happens to cover up loss, embezzlement, or theft, then it's worth asking: did they keep the shitty accounting because better accounting would have forced them to admit something they were hoping to cover up?
I wouldn't today, but the wright brothers did, because if they hadn't, someone else would've done it instead. If you wanted to be trail blazers like the wright brothers were, you might have to put up with a hacked together MVP. I m just saying that anyone who lost their money did so knowing the risks (or should have known the risks).
>Most people who've been around bitcointalk and bitcoin-otc know not to use MtGox since circa 2011 when their stunning incompetence was at it's height.
And still, even 2 weeks ago, tons of people defended MtGox in HN threads, and said how it's a temporary glitch and they are very good exchange and such.
Even when it was pointed to them that it's a service build by a guy with no actual knowledge of exchanges and no prior experience at finance services whatsoever -- a mere PHP developer (not to knock the language) that had done nothing spectacular before (no Carmack, or Fitzpatrick or your favorite coder hero).
People trusted their money to a guy that literary calls himself "MagicalTux" -- which to me seems like investing to the hobo on the corner, people call Crazy Bob.
>Does this mean we shouldn't trust "coldtea" to develop anything?
Of course you shouldn't.
If you were to here him (well, me) you'd ask for my CV -- if not an interview also.
And if it was like "developed some random toy stuff" you wouldn't hire me to develop a money exchange playing with other people's millions of dollars.
And if you were to assess if you will put $10,000 in a financial online service made by me, my past work in the area, my general competence would be quite important.
Else, don't be surprised if you lost it all. The chances were way higher than if you had put that money in Citibank, you just ignored the signs.
And for me, not giving the impression I'm a 20-something script kiddie with a fancy handle would also be quite important. I mean, it might be prejudice, but "Ives, Rockefeller and Berstein" as a financial service just feels more secure than "$uper7eetMoneyMakah", "LuvFlamingoes" or "MagicalTux".
Yes, maybe because they didn't ignore all the context of my email, and did checked that he has serious credentials, like:
"he had been leading the core library development of Android while at Google".
And that he is just but one of the players at Square, including guys like a well known VC and Twitter's cofounder.
If "CrazyBobs" was an unknown in the industry guy and his CV was like "I have done some fun projects, like a PHP mailer" and he was the major person behind the company, no investor would have touched it with a barge pole.
people who've been around bitcointalk and bitcoin-otc know not to use MtGox
There are a lot of forums on the Internet. It's not confidence-building, at all, to tell people "if you hang out on the right forum you know what's safe." Especially because "the right forum" is not written in stone.
Of course normal frameworks are a no-go. Using
someone else’s framework will make your world
slightly better, but until you create your own
full framework, you won’t understand what I mean.
The next step is to build applications with your
framework. The kind of applications that will
change the world...
What you wrote made me think, "What would anyone in their right mind write on their blog that would make people think something like that?" So I clicked through, and read the first four words, that struck me in the face like a four layer wedding cake: You were right. Then I read the rest of the sentence, and that was like a ton of frosting being poured on the cake from a dump truck. Point well taken, sir!
I've been around. What is bitcoin?, and who cares about whatever the hell 'Mount Gox' is?? Can we all get back to work on something meaningful to the future, family, or nature... someone we don't know about made up a currency, and some other company we also don't know about made up an 'exchange' of this 'currency' and now we still don't know what's going on and some 'bitcoins' are missing... the most it's all worth is a laugh
Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.
Of course, the coins are only yours if you hold the private keys. A promise of some Japanese exchange to send you an amount of Bitcoin in the future is not the same as owning a Bitcoin.
I think you had the only decent reply. Thank you.
I know bitcoin, and was really just fishing for others that may share my view on the current state of affairs for the digital crypto currency. Some of us have been around just long enough to be aware that the field of technology doesn't create a buffer from unclean people and business characters. Also, that just because a lot of smart/clever people made something that a lot of people believe in, that at some point it passes the point of no return or is immune to failure. I think bitcoin failing may be good, could wake a lot of people up, many mistakes won't be made a second time, and the freed up focus and brainpower will go towards a better generation of technology to benefit humanity.
A laugh and a few good tens of millions of dollars that people actually do value and will pay that much for. Maybe cryptocurrencies aren't in your favor, but their value and growth isn't something to scoff at.
Maybe you should go back around to wherever you've been around, and not be around here, where you have nothing of value to contribute and no interest in the discussion at hand. The way things work, in case you didn't learn that by being around, is that you don't post messages complaining you're not interested in a topic to discussions about that topic. So stop being around here.
> There is no fucking way 700,000 BTC disappears with nobody noticing.
The history of Barings Bank is interesting, primarily because the main trader Nick Leeson was in the position to mask hundreds of millions of pounds of losses. In that case, no one noticed the roughly $1.3B loss because he was in a position where the internal controls didn't apply
>At MtGox, it should be much simpler to (1) add up all customer balances, (2) add up all BTC in hot and cold wallets, and (3) compare those two numbers.
Yes, considering Gox only had 2 bank accounts (and now are down to just 1 in Japan) I don't see how hard it is to compare balances and notice 744,000 coins are missing.
They claim that over time the cold wallet was cleaned out. If this is true then the first few customers would've complained hey I never got my coins, and he could've seen shenanigans happening due to his php wallet implementation and halted all trading. Then thousands more customers. I find it hard to believe 744,000 worth of coins disappeared over months and nobody noticed until recently
Heh, I had only been on the internet for about 2 years when that went down and I spent that evening watching the world's gears seize up instead of finishing the book I was suppose to be writing; it was around this time that I started tog et interested in alternative currencies. I was just thinking that here I am doing the same thing 20 years later.
> Either case is at least gross negligence if not criminal fraud.
To echo the original commenter: Yes, jail sounds like a reasonable end to this — but keep it restrained.
> No sympathy for Karpeles.
No, certainly not for hiding his incompetence, but I think the point was more: don't be too graphic in wishing him to discover what sex in jail can be. That’s an… understandable reaction, but inappropriate on a public forum. He’s got family who cares about his well-being, and the next days are going to be tough for them too. Imagine talking to his mother, or children: the facts, they are going to need them to understand, but nothing violent or tasteless (and I think you did a great job).
> But I don't pretend to be a surgeon and perforate a patient's aorta.
He didn't kill anyone; I'm sure one can save a lot of lives with that kind of money, but… I’d rather see you compare him to Kerviel (I'd disagree) or that Barings' trader (closer). The Head of security at Target, or Sony might be more accurate cases.
I have zero sympathy for Karpeles or anyone else who screws up like this. The reason this sort of thing happens is either because (a) the perpetrators deliberately set out to defraud their customers or (b) they got overconfident and sold a product/service that they simply weren't capable of delivering.
Operating a financial exchange is a serious business. In purporting to do so, you're taking people's money and promising them that you will operate the exchange honestly and competently. From what I've observed and from the private conversations I've had with people who've had first-hand dealings with them, many of the current batch of hot Bitcoin startups are run by people who don't have a fucking clue but have managed to delude themselves that they can build the Next Big Thing in financial technology by faking it 'til they make it. It's like a bunch of kids acting at being grown-ups - maybe one or two might actually blunder their way to success but the vast majority are going to crash and burn due to stupid, idiotic mistakes that could have been avoided had they been willing to listen to advice from people with more knowledge and experience. Of course, the downside of actually doing things properly is that they don't get the growth/traction that attracts investors' attention. The corrollary is that the startups who do achieve the sort of growth curves that attract investors probably aren't doing things properly, whether by cutting corners, failing to balance the books properly, not focusing enough on security or the 101 other things that can lead to an implosion/collapse/insolvency.
While the founders at least have the excuse of being young and foolish, I question the morals of investors who fund teams that clearly lack the appropriate skills/experience to provide proper financial products and services.
It's the same type of one-way bet that contributed to the 2008 financial crisis. If the startup is successful, the founders and investors exit for millions/billions. If it fails, the founders and investors get to walk away unscathed while the customers end up suffering the losses of the founders' incompetence and the investors' failure to properly supervise their investment.
I fully expect a Silicon Valley-based Bitcoin startup to implode at some point and I would not be at all surprised if the resulting clamour from customers who've lost money is loud enough that the authorities step in to begin regulating the space.
This is just life and death of a business and it is interesting to watch how these exchanges are being removed from the economy, by essentially a Darwinian survival of the fittest rule, the least secure get hacked and taken off line. We lost bitcoin-central, bitcoinica, mtgox on the way but BTC-E is going strong and so is Bitstamp, kraken are doing a good job and so are btcchina. The market does not need regulation. Gmaxwell has suggested exchanges provide an anonymised form of financial data to confirm their liquidity and I know BTC-E have suggested they will do something like that. Of course people may suffer losses along the way and that sucks but you can buy and store them locally and this sort of thing will never affect you.
A couple of years ago a server management application called HyperVM had a 0day due to some questionable programming, hundreds of thousands of websites were lost along with a lot of money... the next day the creator took his own life. A lot of people are going to be in a very bad position right now (both customers and people inside mtgox), let's hope it doesn't come to that.
There were no suicides associated with the 1987 Black Monday crash. You're thinking of Black Tuesday in 1929, a much bigger event. Even so, nobody jumped out any windows on Black Tuesday -- it was an urban legend. There were a handful of suicides but nothing statistically significant.
I'm having trouble understanding what you think the relevance of that might be. Obviously, when someone commits suicide, that decision ultimately rests on their shoulders and is borne of their experience/history/state/what-have-you. GP was trying to make a broader point about the difference in levels of significance between a catastrophic business fuck-up and the wasting of human life, a conflation that people without family histories of suicide make all the time.
People aren't hating Mark Karpeles because he messed up, but because of the completely absurd response to this situation.
Optimal response: A message to the customers as soon as the issue is noticed: "Due to a technical problem we lost X amount of Bitcoins, which means we currently can't cover all of the deposits. Trading has been disabled while this issue is investigated. [Some external financial company] is in charge of coordinating withdrawals of existing customer funds."
Actual response: Blaming the issue on the Bitcoin protocol. Trading stays active althought the price tanks. Customers can still deposit funds although it's clear that they won't be able to withdraw it. Released announcements try to hide information about insolvency and try to give hope to the customers.
I didn't have any deposits at MtGox. As a customer I would probably have forgiven them losing the funds (if it was a technical issue), but I wouldn't have forgiven them they way how they handle public communication. Such a behavior is not acceptable.
He's being ignorant about it and tries to blame others for the mess MtGox caused. On a speculative note, he'll propably walk out of this with millions in his pockets, while his customers lost tons of cash due to this mess.
I'm surprised nobody is posting detailed traces of all the Mt. Gox bitcoins. They can be traced through the system, right? It should be possible to figure out how many Mt Gox still had when it went down. It should be detectable when he transfers them to a different account or sells them.
Honestly, Mt. Gox users are not that bright (of course with exception).
Either that or their entire IRC channel is full of trolls because some of the statements being made there are completely insane.
It's almost like they've never done any research about what Bitcoin actually is and just ran to Mt Gox to buy up this magical currency that they were told would make them rich. Just to note; I'm not talking about the Doge trolls either.
I don't know much about Japanese law, but in the US, there are times when it's deemed necessary to "pierce the corporate veil". If he's got assets, I suspect people will go after them ... though it might take him 3 years to notice his personal accounts are empty.
The other possibility is that he's incompetent in his personal life too ... maybe his paychecks have all been spent? (I hear gaming cards are collectible!)
Yes, if I have any schadenfreude here it's not for him. It's for all of the people who smugly told us for years that Bitcoin is superior to our "legacy" fiat managed and regulated monetary system system in every way, and anyone who can't see that is an idiot.
Don't equate Bitcoin the protocol with dodgy websites.
Unlike cash, radical transparency is entirely possible with Bitcoin.
Bitcoin the protocol is as strong as ever, but customers of other sites should demand proof that their exchanges and online wallets actually control 100% of the BTC they claim to have in their custody.
People in 1989 didn't exhibit a nearly religious devotion to ARPANET as perfect in every way, going so far as to say things like "Bitcoin cannot fail, it can only be failed" (do people realize how absurd this sounds?)
When every one of Bitcoin's characteristics (deflationary money supply, irreversibility of transactions, completely public record) is touted as an unmitigated advantage, it is irritating to those of us who see it as an interesting idea and cool technology with both plusses and minuses.
ARPANET isn't superior to post offices in every way; for example you can't send a package through ARPANET. And in fact one of the Internet's biggest winners Amazon.com built its success largely on being really good at shipping.
I didn't necessarily, it's just a precaution. I see a lot of vitriol directed at Bitcoin, and this sort of extremist overcompensation is really nothing new anyway. It's just a reminder to stay rational.
> People in 1989 didn't exhibit a nearly religious devotion to ARPANET as perfect in every way, going so far as to say things like "Bitcoin cannot fail, it can only be failed" (do people realize how absurd this sounds?)
I actually agree with you, but if you're talking about me, I was being wildly sarcastic and riffing off of an old Communist slogan. I'm not aware of anyone who's ever said that sincerely, but if someone did it would be hilarious.
That would be a good analogy if we couldn't transfer money online. But, you know, we can.
The whole point of Bitcoin that's been touted in pretty much every thread, hoisted up by Libertarians like a giant flag, is that it's unregulated. And now, they're all discovering why we regulated in the first place.
Not that there haven't been failures, but in the US, bank customers -- as opposed to bank shareholders or investors -- are a fairly protected class.
In 2008(?), Lehman investors were fucked, WaMu shareholders were fucked, but as a WaMu customer I was not inconvenienced in the slightest. My money was safe and I was able to freely access it every day during the transition to Chase ownership.
Now, I don't think that it is fair to compare MtGox to a bank. It was really an exchange for investors to speculate on fluctuations in exchange rates, so in the regulated financial industry you'd probably be just as fucked.
I think the take-home message from the failure of MtGox is that your risks don't just come from the volatility of the market you are investing in. You could lose your money through a crash in the market, yes, but you could also lose your money through the incompetence or malfeasance of your investment partners, through having your password stolen and your account hacked, through losing your private keys, ... If you only consider one type of risk, you will understate your total risk, and not hedge against it effectively.
It's this kind of thinking that really irks me. "Well, my $100 still adds up to $100, so it's all there."
Yeah, you money is there. Maybe it holds the same value as yesterday, or tomorrow. But over time, your taxes will go up, prices of things you buy will go up, inflation will rise, and the spending power of your $100 will become less and less.
Every bank failure, financial meltdown, and economic downturn robs your money of value. When a meltdown happens, and the FED has to prints more money to cover it up, your dollar loses value. When the price of merchandise goes up, because fees go up, because bank insurance premiums rise, because they keep losing your money, your dollar loses value.
It may happen slowly and indirectly, but make no mistake, you are losing you money. The best way to cook a frog is to do it slowly, so the frog doesn't jump out of the pot.
Cash isn't really a reasonable analogy in this case, since it can't be transferred digitally and needs to remain in the custody of the owner. BTC held in exchanges is much more comparable to money in demand deposit or savings accounts.
Exactly how does this differ from the regular banking sector? I can demand 'proof' (whatever that might mean in this case) from Barclays that their books are balanced, but it doesn't mean they'll give it to me.
If Mt Gox has a single deposit wallet for example, we could easily audit how many coins it has.
We couldn't enforce rules, but if some people decided to set up a sort of "best practices" website saying it's "SAFE compliant or something (Sure Against Forged Equalities), in which case beginners guide would be "ALWAYS GO FOR SAFE COMPLIANT EXCHANGES!"
We couldn't punish them but it would allow some sort of feeling of safety(if minimal).
If we can regulate them, so can the government. AFAIU Bitcoin is designed to prevent exactly that, at least in general.
Fully resolving their books would require knowing identities of those entitled to receive Bitcoin from an exchange, as only one example, as otherwise an exchange could simply transfer the right amount to an account under their control and use those Silk Road-style money laundering schemes to transfer it to some wallet they actually care about.
To make sure the outlays went to the customers it's required to know which Bitcoin wallets belong to said customers. Are you going to sign up for an exchange that maps wallet IDs to customer identities for public transparency purposes?
The problem is they also say this about every exchange. It was enough for me to send half my btc to coinbase, but not enough to warrant any real urgency about it. Thus I lost about 7 btc due to this fiasco.
Did you really? I literally don't think I've ever seen anyone recommend MtGox outside of mass media reports, but I might be wrong. I remember seeing online conversations (I think it was either a forum or IRC) from 3 or 4 years ago where the people making MtGox were basically bragging about how incompetent they are, and everyone else was doing a collective facepalm. As far as I can tell, they got a first-mover advantage, which got them into basically every media mention of Bitcoin, which compounded and led to them being the largest exchange for a long time. But my honest impression is that the Bitcoin community has been wary of MtGox for essentially as long as it has existed.
Yes, the old Bitcoin community. But as you may have noticed, bitcoin got a lot of attention over the past year, and probably drew in a lot of users who weren't on that forum 3 or 4 years ago. All those mass media reports weren't immediately followed by warnings from the community to stay away from MtGox, so a lot of new Bitcoin users probably ended up at the biggest (and therefore presumably the most professional and reliable) exchange.
How could MtGox have been so big if everybody already knew for years that it was crap? The community failed to inform the new users about this very real danger.
Because the protocol is broken with regards to tracking transactions and that has been acknowledged. Even the official implementation got it wrong. It needs to be fixed because the workaround just does not scale.
Taken by other people. That's the more interesting note, IMO.
My understanding of the problem is that some people went to withdraw money and due to transaction malleability MtGox thought the transaction failed and resent repeatedly. But the first transaction didn't actually fail and they received their money multiple times.
Whether this happened to a lot of people a little or a few people a lot, and whether they were accidental beneficiaries or intentional instigators will probably never be known. But some number of people received a share of that missing 750k BTC, and I don't recall a one of them posting a "Hey, MtGox just sent me more BTC than it should have" blogpost that ended up here, so that's pretty interesting.
So the BTC aren't missing so much as illicitly redistributed.
This is basic failure of accounting. If you are running a bank, you need to get things to match up exactly.
In a lot of software engineering, Good Enough really is good enough. But a 5 cent discrepancy between what you actually have and what you thought you had need to be treated as seriously as a $5 million discrepancy.
Bingo. While growing up in the '70s, my parents were often small businessmen, or running the business affairs of e.g. groups of doctors. More than one I can remember them spending quite a while tracking down a less than $1 discrepancy in the books they necessarily kept manually, for just that reason. (They moved to doing by computer in the '80s, of course.)
There is no such thing as money without trust of third parties. Transacting under the auspices of a neutral, trusted third party is what money means.
The Fed has the backing of a sovereign power with its own currency and is central to the largest national economy in the world, as well as a great deal of the international economy. If MtGox's earned trust was an apple, you could see the Fed's from space.
If you're using gold as money, then you are certainly trusting many third parties.
Consider; what does using gold as money mean? Are we trading notional gold? Certificates that claim to represent gold in some vault? Obviously you need to trust the issuer of the certificates. Are you using minted gold coins? Obviously you need to trust the mint and more generally the entire financial system that equates those coins with a certain value. (The history of coin clipping, adulteration of coinage, and the results of having multiple currencies circulating at once should show why this is important.) In fact, the only way that you don't actually need to trust a 3rd part is if...
...you're trading a known quantity of gold to someone else strictly for its value as gold. In which case you are actually trading in gold as a commodity; the technical term is barter. It simply does not fit the definition of money.
So now the trust devolves onto the designers of the Bitcoin protocol, the software programmers implementing said protocol, the programmers implementing the operating system kernel that said software runs on, etc. etc. etc.
Just ask the MtGox users about how completely ironclad that trust is. Sure, "transaction malleability" was identified in 2011, but that didn't help the users of MtGox, and the other exchanges had to take corrective action in 2014 as well.
If anything Bitcoin is even worse for the normal user; physical security is much much easier for most of us to grasp and implement. Is Aunt Tillie going to be able to ensure that she never gets too rich, so as to entice a cyberattack to steal all her Bitcoin wealth?
Are you a qualified assayer? You trust the other person is giving you gold, or you trust the individual who tests it.
You trust the system that provides you with an understanding of the relative value of the gold you're holding so that you aren't massively overpaying.
There's a reason Jesus through the money changers out of the temple - they were abusing that 3rd party trust.
You are relying on third parties to accept the gold you receive for approximately the same value you spent to obtain it.
You have some apples, and Alice has some oranges. You would like some oranges, but Alice doesn't want any apples. So you go to Bob and sell Bob some apples for gold. You give Bob a bushel of apples, Bob gives you a bar of gold. Now you go take this bar of gold to Alice and try to trade it to Alice for a bushel of oranges. Alice tells you to fuck off, she doesn't want a bar of gold any more than she wants an apple. Bob doesn't want his bar of gold back, no backsies. No one in town wants a bar of gold, in fact.
There's a big difference between trusting you'll be able to trade something which has historically been valued by a lot of people at a certain amount, and trusting someone won't steal your money, which is generally what people mean when referring to a "trusted third party".
If you do that, you need to store it on your own premises and hand-deliver it. You can't do internet transactions that way. Crucially you can't do credit, which is a practical requirement of most business.
Try telling that to the cashier at the local grocery store.
Gold is not generally accepted as payment for goods and services in any culture that I know of (excluding jewelry and metal stores, of course). I'd be genuinely interested to hear about places where you can still take a lump of gold to a store and pay with it.
You can read many Latin works, and find the language taught in many schools. Since it isn't spoken except in a handful of limited contexts, it gets the special qualifier "dead language." Gold is basically a "dead money." Hung onto by various people for historical and religious legacies, but not really suited for modern use.
This brings up a point I've never really understood about the hoarding of gold. Why? Let's say there is some catastrophic meltdown of society and money is a thing of the past. What am I supposed to do with the bar of gold you trade me for goods? Rather than assume that everyone's still on board the "gold is valuable and not just rocks" train, isn't it far more sensible to trade goods or services for goods or services? I would think that, in that I am exchanging a thing that I cannot use just so I can later exchange it for something I Can use, I am using gold as money. (Same deal if I trade goods for shoes that are the wrong size or handfuls of scratch 'n sniff stickers.)
the Fed is not a third party w.r.t USD. its the first party. the Fed is the entity in direct control of the monetary supply. the Fed is also the entity politically mandated to protect the money supply against inflation and deflation.
... an apt comparison in many ways. If the former fails, the latter is going to be in trouble.
The value of bitcoin is in many ways dependent on the irrational response of people who invest their money in it. Mt.Gox fails and many people are going to lose faith (at least temporarily) and consequently, the value has dropped significantly.
We're talking about an entity which at some point has held more than 5% of the BTC out there.
Funny thing about this argument is that we don't apply it to the rest of the world, and for good reason.
"God look at all the people killed by that airplane attack... let's get rid of skyscrapers and/or airplanes!"
"Man, alcohol sure does fuck over a lot of families, let's prohibit it!"
"That computer-based system led to millions of dollars being lost, we should stop using computers!"
Face it, now the same argument that you would use in support of still using Bitcoin exchanges (presumably run by more competent individuals?) would also work in support of regulated fiat systems (especially those run by more competent individuals!).
If the rumors are true and Gox is tanking, I don't think Karpeles can ever adequately feel the aggregate pain that his incompetence in his role has caused MtGox customers. He deserves much worse than nasty internet comments.
There are plenty of entrepreneurs on HN alone who given the resources Gox had could manage to not (unknowingly) lose half a billion dollars due to broken programming in the timespan that Gox did.
And I say this as someone with no dog in the fight.
I'm with you on the first part, but I have a hard time believing that this was solely broken programming and ignorance. I think we are well into the territory of negligence, and I could well believe that we will eventually discover the sort of dubious behavior and/or outright fraud that accompany accidental ponzi schemes.
Karpeles is as much at fault as his customers. I remember back in March 2013 there was some serious DDoSing happening to Mt. Gox (which they couldn't handle). I decided right then and there to take all of my funds out because I knew that if they were not competent enough to successfully stop a DDoS with the resources they had, then they clearly would fuck up at a later time. And the time has come.
Seriously... all of you people are acting like Bitcoin is the world reserve currency or something. This thing didn't even exist 4 years ago.
If you're gonna invest in something like Bitcoin, then you better know your shit; cause shit happens.
Not yet (and because some people around here seem to be softer than melted butter, that's not a threat).
Now I'm usually a pretty cold-hearted bastard, and I'll admit that I had very little stake in MtGox (I never conducted any business there), but I sort of agree with the above. Yes, he probably deserves some Internet hate. The problem is that this Internet hate is not likely to be the full extent of the hate he'll get over this thing.
I, for one, hope that the dude hasn't fucked over the entire rest of his life.
I sympathize with him and sincerely hope that he comes through this and he finds some redemption.
This was a combination of criminal theft and not merely neglect. We must remember that the loss of these BitCoins themselves (quite possibly) wasn't malicious, while the theft of these coins is most certainly malicious. If you leave your house door open is it morally or legally right for someone to take the opportunity to raid your house and rob it blind? In such a situation both parties are at fault, one for neglect but the other for immoral (and illegal) home invasion and thievery.
But since in this case Mark Karpeles is the only visible figure in this saga, and the thieves will almost certainly never be known, the majority of the vitriol is going to be directed at him. I've criticized him too, and I think this amounts to criminal neglect, but I think that there is a way forward for both Karpeles and BitCoin. I think we (myself included) should tone down our vitriol.
Today it's transaction malleability. Tomorrow it's something else. Bitcoin is an experiment. Those seeking to turn it into a ponzi scheme are pretending as if it's a reliable currency or investment.
Their is no accountability in the Bitcoin ecosystem.
If you transfer your coins anywhere you should consider them gone. The only "safe" coin is a cold storage coin. The second it goes hot it's at risk. The second you send it somewhere it's at risk.
Whether it's Silk Road or MtGox or whatever comes next, this will happen over and over again. People will spend their time either trying to exploit someone else's system or creating the illusion of trust in a system which they plan to exploit. The next MtGox is already out there.
This happens with dollars all the time too. But we hold people accountable. We have a number of ways to reverse transactions. We have insurance.
Even that is not safe, because the value ultimately depends on confidence in the currency as a whole. Money is a social construct; you can never safely hold it with no fear of loss, even in cold storage or under your mattress. As you say, this happens with every currency, but we introduce regulations to limit the fallout.
This is a lesson that many alternative currency fans are learning today.
No matter how many times this is pointed out, people will continue to demonstrate their complete lack of understanding behind the "bail outs"; essentially asset swaps that earned the US Treasury a small profit.
Well, considering the price has been pretty stably above the current point (not stable in general but definitely above this point for months), I think it's safe to say if you had that Bitcoin you lost a potential opportunity to have made a lot more money. The worth is simply what people have been willing to buy at, and that price has recently been quite high.
I think it is safe to say people lost "a potential opportunity to have made a lot more money?" in 1000s of cases. Things are only ever worth what people are willing to pay for them. Just because that price has been high recently doesn't mean it's stable. Someone paid $4,500 for a Beanie Baby once.
So very true if you have to peg that 400mm to a specific exchange rate for another currency.
You can ascertain the value of 1 BTC in your favored currency rather easily given a choice of marketplaces. Less so with 100, or 10000+. Most market-places couldn't handle the volume without a substantial shift in price before your 400mm mark was hit for say, USD.
That said BTC seems to want to reach the type of ubiquity that allowed USD to be a universal currency of sorts during it's heyday. With means to convert in and out being varied from the strictly regulated to the strictly unregulated.
Both were point mistakes, which I think anyone would agree are bad but just huge mistakes. Running what is effectively a bank that loses $400m over the course of a couple of years in a constant bleed is not a mistake, it is negligent.
No man. The blockchain man, the blockchain. It's out there. We got this. The question could be that once they find out the who or who's, and those people are riding pitchfork style, around Bittown, who's going to be in charge of liqudating assets and sending pennies on the dollar back to all those quasi-anonymous folks saying the fiat is theirs?
Oh, and what about when we find out that suspect 1 might not actually be the culprit? Oops. YOLO.
Is there not an interesting question in, assuming coins could be recovered, what laws, in what countries, will cover them, and what value would they have if the 'currency' has no value? Do people want their BC back?
Looks like a bunch of people are praying to get out of bitcoin at 550 right now. If that aspiration thinking fails and people eat through the standing buys around 400, the next stop is 400, where panic will kick in and, maybe there's a pause at 100.
I should totally invest all my savings into speculative stocks. A first wave of gried ate through 550 and accelerated into 500 which ran to 400, where a wall of buying kicked in. That triggered a run-up. Not enough selling to breach the support point there. Fare thee well bitcoiners. Fare thee well.
Still, anyone who didn't think that bitcoin is incredibly risky (with a high upside) was living under a rock, There are best practicies when dealing with a risky asset such as BTC, and they're really not that hard. Speaking of which, I should probably get around to implementing those best practices myself =D
Yeah...the only money I've personally put into any cryptocurrency has always been with the understanding that it may either be worth nothing tomorrow or could be lost in an instant. (But I also don't store my coins in an exchange, so that helps.)
It doesn't matter how much hate we pile on. Prosecutors will pile enough hatred on Mark et al for us all. The fact that they just shut down and have vanished with hundreds of millions of dollars worth of assets that don't belong to them is going to bring the legal equivalent of hellfire and brimstone down on the heads of everyone involved.
They could have handled this far better, and maybe avoided some of the major problems they are now headed for. Now, unless Mt Gox suddenly reappears with an explanation, they are in for a very rough ride.
You can claim people should be nice, but most start-ups that fail spend investor's money and those investors KNOW their money is at risk. Nobody expects that their money is at risk when you put it into a savings account. Crypto-currency exchanges and wallets should be the same way ... perhaps it's not as safe as putting it under your mattress but close.
So in the business world, you have a responsibility to your customers and most sane companies carry E&O insurance to cover the unforeseen mistakes that they might make. It doesn't cover incompetence or negligence in many cases, and I'd classify what happened with Gox as criminal negligence.
Karpeles might in fact be sad, but I guess I just respectfully called him a criminal. Those with more "skin-in-the-game" are going to want to extract as much of their money as possible from him ... I'm afraid he's going to get sadder.
This is whitewashing because this isn't the same thing as a company failing. They (likely) stole millions of dollars (equivalent) from a huge base of customers. That's not the same thing as losing money for your investors, which is effectively what happens when a business actually fails.
On some level, if you lose many life savings worth of wealth through what I can only assume was gross negligence and incompetence, you should expect the hatred. It's not like you can lose hundreds of millions of dollars -- or even tens, for the pedants who want us to take the integral of the value through the buy side of the order book -- through an honest mistake. He deserves the infamy he's getting.
The point is that these people are people - have some compassion.
I failed in my last startup, fairly publicly, and got a fair amount of internet hatred, and suffice to say I was not a happy bunny. But I didnt fail with remotely the publicity this got - I can't even imagine what the mtgox people must be feeling.
If you misled people into thinking you were solvent and kept taking their money when you knew you wouldn't be able to pay it back, or if you took grossly unacceptable risks with that same money, I'm glad you were unhappy. I doubt that's what you actually did though, and you are reacting to this story out of a kind, admirable, but entirely misplaced sense of compassion for someone whose wrongs are entirely unlike your own.
People who commit fraud deserve no compassion. Failing and stealing are vastly different things. Gox didn't just fail, they tried to hide it and have done nothing to deserve a single lick of compassion.
You are ignoring the fact that he has been straight up lying the last few weeks, and in my opinion, he still is. He said that they were aware of the bug for quiet some time, and yet had enabled automatic re-issuing of failed withdrawals. Do you think that is what really happened? They just got an excuse to steal coins on a massive scale!
I respect your position on HN but I cannot disagree more with you on this one.
You sound like you just finished watching "thank you for smoking". The point that "he is a humanbeing" sounds like "what difference does it make" or other distraction that we are supposed to buy in order to feel less angry for his choices. Yes we are all human beings and im not sure how that helps in this instance. Maybe he should have thought of clients coins where platform continued to deliver slappy code and as a result, crashed?
I took all my coins out long time ago after seeing multiple red flag. But nothing pisses me more than this perfect situation. Any gov burocreat from a three letter agency is happily partying right now because there were waiting for something like this to happen. Mtgox will go down in the history, i dont care. Hope those sloppy pogrammers wont find their way into rocket engineering, traffic systems programming, airplains software programming or similar. But sure the gov will make a perfect example out of it and that gives them ammunition to try to regulate the market again.
You say "we all fucked up at some point". And you right. Just like one could assume most of us dui at some point. I did. Once. I drove very carefully, nothing happened and i hated myself for it for many weeks afterward as of how stupid i was. But still, i wont have much respect for someone else who drink and drive continuously and one day crashes and kills someone.