Hacker News new | comments | show | ask | jobs | submit login
Mt. Gox new announcement ( February 26th 2014 )
56 points by ing33k on Feb 26, 2014 | hide | past | web | favorite | 52 comments
Copied from https://www.mtgox.com/

February 26th 2014

Dear MtGox Customers,

As there is a lot of speculation regarding MtGox and its future, I would like to use this opportunity to reassure everyone that I am still in Japan, and working very hard with the support of different parties to find a solution to our recent issues.

Furthermore I would like to kindly ask that people refrain from asking questions to our staff: they have been instructed not to give any response or information. Please visit this page for further announcements and updates.

Sincerely, Mark Karpeles

This statement at least seems like he stopped trying to bullshit people. He openly said that staff was instructed to not give out any info, which probably means they can't talk. I do not think this is the choice they or their lawyers made, but rather it is more likely to be an external factor, like a gag order or an acquisition deal.

Having said that, chances of getting our money back are still extremely slim, but the update strikes me as containing less bullshit and as an attempt to reach out. My hope is that the truth will be revealed sooner than later and we can all move on. I'm saying it basically having lost all of my money with Gox. I think the time we've lost following this drama is probably more valuable.

The possibility of them being acquired is discussed quite a bit, but of what value is Gox to a potential acquirer at this point, considering they've indeed hemorrhaged money? What remaining assets or loyal customer base would make it worth millions of new capital?

If indeed they lost 770k BTC then, in my view, there can only be two reasons someone would buy them:

1. A buyer truly believes that Gox death would mean Bitcoin death or stagnation for 5-10 years and, thus, his own coins would be worthless anyway.

2. A buyer believes he can make more than 770k BTC he'd have to pay back customers.

However, I don't really think they've lost that much. It is simply insane. I don't believe anyone can be that incompetent, especially after reading Mark's 2012 message about security here: https://bitcointalk.org/index.php?topic=23938.msg1177353#msg...

Update. Rumor on twitter about the acquisition: https://twitter.com/paulbuitink/status/438428157948219392

3. The buyers are only interested in acquiring the domain/brand, not the company's obligations and debt. They would get sold off in bankruptcy anyway.

And what would be the point of that? No one would ever trust anything to Gox, unless it returns the money.

Thousands of links, including mentions in every major news publication. They aren't going to disappear or be retroactively rewritten.

Nor would the previous owner's past be reason for someone not to trust the current owner of the brand. You wouldn't stop trusting Bitstamp or BTC-e if they happened to buy the MtGox domain. Nor would someone reading an old NY Times article stop to research the past owner's history.

The grand vision of Coinbase isn't to capture as much of the Bitcoin speculation market as possible, it's to capture as much of the e-commerce payment market as possible by offering lower transaction fees and eliminating chargeback risk for merchants. If, for example, they took over the MtGox domain, and that helped stabilize Bitcoin and continue its push towards the mainstream, then "snitko's and 0.02% of our target market's image of us is tained by Gox's past" is probably a good tradeoff.

I think no one would be willing to buy MtGox knowing they wouldn't be paying the debt. Imagine MtGox customers going to mtgox.com, then being redirected to Coinbase: it's like saying "Hi, we bought MtGox. We know you've lost your money there, not gonna return it. Come do business with us instead!". That's nuts and is going to hurt buyer's image a lot.

Then shouldn't Enron and Lehman Brothers be highly valuable brands?

The different business units in various countries for those organisations were sold off.

It is indeed absurd to claim they lost 99.7% of btc holdings (2000 left out of 750k) - I dont care how incompetent they may be..

They could know exactly where they are but not have the private key.

it's a little like the story of the gold reserves of the federal reserve isn't it ? :D

Even if Gox didn't lose the money, or at least not as much as we're hearing, who's going to 'bank' with them now? Who would leave their money with someone who will, at any time, cut off access and actively refuse to provide information?

Their value has been totally demolished in the eyes of their current customers and in the eyes of all potential customers. It's so bad that it has set back Bitcoin's adoption by months, if not years. The freaking Wall Street Journal published articles about it!

If this is not a case of fraud, then it is one of the worst and most poorly managed acquisitions in history.

They claim to have 1.1 customers, 550,000 which have submitted extensive identification documents for verification.

The large number of AML/KYC verified accounts could be valuable to other exchanges.

I am curious, how would it make sense for them to get acquired?

Surely their liabilities exceed their assets, their brand is now worthless, and their reputation is shot. Why would anyone acquire them?

They have a lot of verified users. Depending on how much you're willing to pay for a user, it' may not be that terrible a proposition and a lot of the reputation problems go away when you bring in new management.

Basically, their assets might be worth more than you think.

See my reply below.

Please stop saying things like this:

"chances of getting our money back are still extremely slim"

You assume that there is any staff.

There are two people on the IRC channel answering questions. When the official #mtgox channel on freenode was muted (reason support gave: until we get answers from mtgox management) they kept talking to people on the unofficial channel ##mtgox-chat.

Dear Mark,

Should you be reading this, please could you answer a very simple question...

For each of the currencies you support - including BTC, USD etc: 1) How much do people have in their MtGox account? 2) How much do you have in the bank/wallet?



There's a nice chart in the PDF that was leaked, which was later confirmed by him on IRC. It had BTC/fiat currency assets vs. holdings vs. debts, etc.: http://www.scribd.com/doc/209050732/MtGox-Situation-Crisis-S...

Mt.Gox has single-handedly the worst crisis communication I have ever seen.

Well, them and Yahoo

It's worth 0% assurance that you are still in Japan, Mark. Just sayin.

What are the issues?

If you haven't been following along, the brief version:

Mt. Gox is a Tokyo-based company which, most famously, took deposits in dollars, yen, and a few other currencies and also Bitcoin, and allowed people to trade Bitcoin for dollars/etc and vice versa. They charged traders a commission, and so earned a percentage of transaction volume. Transaction volume was massive -- Mt. Gox was the leading exchange for over a year.

They had a rough year in 2013, partly because their US subsidiary was closed by the US for being a money laundering operation and because, in their haste to exit the US regulatory environment, they attempted to engage a US company to serve the US/Canadians markets. This went poorly, as their counterparty was transparently also going to get shut down for money laundering. Between the feds and the counterparty, Mt. Gox had several million dollars of customers' funds frozen.

Some time after funds were seized, Mt. Gox started delaying outbound wire transfers. They variously blamed technical issues, issues with partner banks (including "The second largest bank in Japan can't process more than 10 wire transfers per day"), regulatory issues, etc etc. They didn't seem to have much problem with inbound transfers. They also didn't seem to have problems with domestic Japanese transfers until about December/January, which they blamed on the end-of-the-year holiday.

Waits for withdraws stretched from weeks to months to unbounded. During this time, they routinely transferred out Bitcoins in minutes. As a consequence, people wanting to exit Mt. Gox would buy BTC on the exchange and withdraw it. This caused the price of BTC at Gox to exceed that of other exchanges in a sustained fashion, since at least August.

Some weeks ago, Mt. Gox started delaying BTC withdraws as well. Their excuse for this was that their bookkeeping systems did not handle an edge case in the Bitcoin "protocol", where a) the One True Bitcoin Client searches for transactions by ID, b) the One True Bitcoin Client identifies a transaction by ID immediately upon creation, c) despite the above two facts, an emergent "feature" of the protocol is that that ID can change for up to about an hour after creation of the transaction.

People freaked out, because Mt. Gox now allowed neither real money nor Internet money to leave their company.

In the last 48 hours, it has been credibly alleged that Mt. Gox has suffered a theft to the tune of 700k BTC (worth somewhere north of $300 million) and that they are insolvent -- they owe debts to their customers far in excess of the Bitcoin and hard currency they have on hand.

People are quite concerned. Mt. Gox's crisis communications have been wildly below the level of professionalism one would hope to see from a company with several hundred million dollars of financial assets.

This is getting wide play in the media both internationally and in Japan, and it is possible that Mt. Gox has finally woken Leviathan, who may now take adverse notice to the fact that no-account foreigners are in his capitol making him look stupid and potentially ruining the livelihoods of some of his citizens.

Mt. Gox customers currently are unaware when (if ever) and to what degree their claims against Mt. Gox will be satisfied. People interested in Bitcoin are worried that this will tarnish the system's reputation and/or lead to additional adversarial interest from government and other parties.

[In evaluating whether I've been accurate with the above description, you might consider it useful to note that I'm a Japan-based entrepreneur with a fair bit of understanding about Bitcoin technically and systemically, and that I'm an open and notorious critic of it.]

I believed in Mark (the owner of MtGox) and his team, defending them vigorously, and got screwed as a consequence.

The support staff was on IRC every day saying "Yes, we have customers' funds. No, we aren't insolvent. Everything is fine, everything will be fine." They answered every question in a level-headed fashion.

They were either being paid to lie, or being fed lies, or somehow MtGox didn't become aware of the fact that they were missing >700,000btc until a day or two before they shut off their website.

So I was pretty gullible. And I just want to thank Patrick (patio11) for being a constant throughout this whole ordeal: constantly skeptical, and with good reason.

there is a lot of knowledge to be gained from being as humble in 'defeat' as you are right now.

It's an admirable trait that I myself often times lack, even when my defeat is obvious and ensured.

Thanks for being a good person, at least in that respect.

Clearest, most concise and level-headed summary of the whole ordeal. This comment is what I'll be linking to people who ask me to explain what's happened.

I will point out that MtGox did not use bitcoind (the official Bitcoin client), instead writing their own. However, even that would not have allowed attackers to withdraw more than they should.

What can happen is that the Bitcoin network fails to confirm a transaction. This can happen for various reasons, but a fairly obscure one is that someone on the network can mangle the transaction, changing its transaction ID without changing its signature. The transaction will actually go through, but with a different ID. The way to get around this is to keep track of what money you're spending and to whom, just like a normal ledger.

Because transactions aren't necessarily guaranteed (they're just very likely to happen, if accompanied by a fee), MtGox implemented logic to allow them to mark a transaction as not having taken place in their internal record-keeping, and generate a whole new transaction, with the money coming from a different source. This may have been an automatic process.

The thing is, if someone had mangled the transaction, MtGox would not have picked it up as having happened - because rather than keeping track of what money they'd spent and to whom, they kept track of transaction IDs - and sent more money to the attackers. This may have happened multiple times.

What they should have done is simply re-sent the exact same transaction (same money, same recipient) if it didn't go through. If it doesn't go through after several retries, that's a technical issue that should be forwarded to a developer who can look at the blockchain and see whether the money was actually spent.

This is, therefore, a cascading disaster, but a very preventable one. It started with MtGox's developers not understanding the bitcoin protocol correctly, but that in itself wouldn't have been a problem. It's what they did in a failure scenario that was the problem; if a transaction didn't go through, they simply attempted to spend different money (think a completely automated "I can't seem to spend out of one bank account, so I'll spend out of my other bank account"), and they didn't throw an error back to a human. This should never be done in financial software.

The long and the short of it is, don't trust developers who've never touched financial systems to develop closed source financial software.

This can happen for various reasons, but a fairly obscure one is that someone on the network can mangle the transaction

If it's a way to swindle people out of thousands, or hundreds of thousands, of dollars, then people are going to drive truckloads of money out that hole. it goes from "an obscure case" to "holy hell people are just stealing all our money".

Yeah, thing is, as I explained towards the bottom of the post, it was this in combination with their failure mode that caused people to be able to steal all their money.

If they had a sane failure mode, this would never have been a problem, even if they completely fucked up their understanding of the Bitcoin protocol in incomprehensible ways, or if there was a bug in the Bitcoin protocol that nobody was aware of.

> "People are quite concerned. Mt. Gox's crisis communications have been wildly below the level of professionalism one would hope to see from a company with several hundred million dollars of financial assets."

That's kinda why banks are regulated surely.

If bitcoin fails because of this incident, won't that be the free market deciding that unregulated financial institutions aren't acceptable?

Great explanation. Probably wasn't a great idea to trust a company that started as a trading card exchange (Magic The Gathering Online eXchange - Mt. Gox) with such large amounts of money.

mtgox.com was just a domain name the original owner had lying around after _possibly_ using it to host a card exchange at some point in time. https://en.wikipedia.org/wiki/Talk:Mt.Gox#Possible_citogenes...

Comments like these are why I tend to read the HN comments before (or in lieu of) the posted articles. Thanks for such an excellent synopsis.

Now picturing a kaiju-style Regulatory-Leviathon-mecha daintily picking its way through Tokyo and raising a foot over the Mt. Gox offices...

Excellent summary!

If Godzilla is angry, that is an ominous sign.

Bad case of stealingeverithingus ... usual treatment is long prison term unless you are a wall street dear.

stealing / losing ... exactly which is a little unclear at this point. Honestly, probably a little (a lot?) of both.

If the loss is due to mutability (failing to canonicalize transaction components before hashing them as the ID), why hasn't the BTC world just tracked down all the bogus double-spends: which wallets they went into, etc. The whole blockchain construction permits tracing the complete graph - at least until it exits via a physical exchange (money, gold, beer, whatever).

Well... At least this update includes some information (he's in Japan). Would be nice if he could mention anything about anything people actually care about (are they insolvent? Have they lost 700,000BTC? If not, how many? etc)

Its funny that people referred to bitcoin as a ponzy scheme

Now we know that the protocol itself is actually quite good (despite mtgox trying to blame it)

And the problem lies at the interface between bitcoin and the traditional payment systems (exchanges)

Its a pitty that Satoshi never solved the problem of distributed TRUSTLESS exchange, tho I suppose that is a problem that didnt exist until bitcoin became popular.

> tho I suppose that is a problem that didnt exist until bitcoin became popular.

Sure it did. Cash money. Exact same problems.

"Perfect is the enemy of good"

Tum ti tum.

"I haven't jumped the country... yet." - thanks for letting us know you're considering it.

"working very hard with the support of different parties to find a solution to our recent issues."

And yet still no explanation from Mark as to what those issues specifically are.

They still have staff?

I'm in Japan and I'm having some delicious sushi while working very hard with the support of different parties to find a solution to my recent issues.

Sincerely, mfukar.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact