I followed the 500,000 BTC for a bit beginning at https://blockchain.info/tx/b269bf1b82dae8a61f7f91dbf7a9d807e....
The coins move around and small amounts are sent away, but the majority ends up back in Mt. Gox's main (hot) wallet. This repeats a few times until the majority is paid back to the main Mt.Gox address.
Here is the transaction where it starts to get interesting:
What's left of the 500,000 (429.9k) is split into roughly half and sent to 2 new address. And then each of those address splits the coins in half and sends to two new address.
The end result is that the 429k was split again and again until the funds are split into many addresses, each of which now contain less than 1,000 BTC each. I stopped following the transactions there.
Why take 429k and split it into many addresses each containing less than 1,000 BTC each?
I'd like to see someone trace all of these coins and see if they end up coming together somewhere or show a pattern.
Not always literally true, but a good rule of thumb; you can't really sell $100-$1000 products that way, the cost/time of salespeople doesn't work out in that case.
And it goes back to MtGox address. What?
Following another chain and ended up here
Same. Goes back to MtGox.
Edit: Guys, the original address. The one which contains the MtGox coins. If you track any large transaction. > $30k, even the recent ones. They follow the same pattern. Split into two. And they all end up in pretty big wallets.
As much as I want to call it a witch hunt, there seem to be some patterns (I may be biased as I do want this thing to end up in positive). There's still so much information missing.
Also "Take all the coins that went through Silk Road. Now, floodfill forward." (probably) colors most of the network black.
This vs accepting cash which is fungible, and would need some other evidence associating the buyers money with the contested activity. At least the resolution activity there would likely be stopped at one level from receiving the cash, but with BTC, you happen to be able to track that one specific coin right through multiple layers of transactions. I can see lawyers tracking all the way out to the current holder of a given BTC.
edit: Upon a bit more side reading, I think the tracability of a given BTC is a bit overstated here.
I'd like to know if it would be feasible to regulate in someway to claim ownership of said coins and have them returned should they turn up in some sort of regulated clearing house / exchange. Caveat: I know this is in no way possible right now, yet as soon as this block chain gets large enough we are going to have some form of centralization going on, and with that I am certain it will be regulated in some way eventually. That is, if it lasts that long.
What exactly is the plan to deal with a multi terabyte block chain anyways?
Not that it matters - if 100BTC go into a wallet, and an hour later 100BTC comes out of that wallet, it's fairly irrelevant whether or not they're the same coins.
Bitcoin is decentralized, and that's the benefit of it. Creating a global block list would go against that.
The problem is that who then decides which coins are "bad"? Does the US Government get to decide? How about coins that fund organizations that the US Government doesn't care for?
My personal opinion is that no bitcoin should ever be tagged as better or worse than any other one. By messing with the fungibility of the currency, we would do way more harm in the long run than good.
If enough participants agree that bitcoin from a certain source are 'tainted', they become less valuable (similar to what we have seen at the Mt Gox exchange).
Bitcoin are very clearly distinguishable and thus there's no reason for them to be long-term fungible.
The result is that even if you can prove that someone else holds a dollar bill that was stolen from you at some point, you do not necessarily have the right to get it back.
See also the Wikipedia article on the principle of "Nemo dat quod non habet" ("no one gives what he doesn't have"): http://en.wikipedia.org/wiki/Nemo_dat_quod_non_habet
Imagine this: I exploit malleability and deposit directly in my BTC-e account, exchange to LTC etc, etc on dozens of exchange and finally to USD. I cash out to cash and disappear. I of course gave my final stop false information. So now my last victim gets a claim, if this last victim happens to be an exchange and it is forced to pay up and the amount is somewhat significant that exchange is now insolvent. Whose problem is that? The exchange declares bankruptcy and their customers get a haircut.
This won't happen, it does more harm than good.
once the feature exists to treat one set of coins different from another, it leaves the protocol open to control by centralized parties - they could ban the use of "unidentified coins", etc.
Fungibility prevents you from simply blacklisting these coins.
Ever heard the adage "Don't put all your eggs in one basket"?
It's possible that MtGox used to operate everything from a single, large wallet but decided to split it up into lots of smaller wallets, to avoid the risk of suffering a single, catastrophic compromise.
I'm pretty sure the opposite is also true though, as in "don't split all your eggs among thousands of little baskets." I mean, at some point the overhead of managing all of those wallets must outweigh the risk of having everything in one wallet, right?
How many of those did you trace? Can someone automate this trace?
Or if not, can we start listing all the addresses and the transaction chains to get there?
[Update] Here's a doc if anyone else wants to work on this manually:
[Update] Forgot to make it editable. Now it is editable.
14qKyR7b86JVHn5mfm6Dm3G756BgxhMqMP received 203002 BTC.
Then it sent 202658 BTC to 13JAudzPvKYyBtY9XpkhNW3YdDqBsi3c7Q.
Then it sent 108570 BTC to 144rbLnQmwH8MbB5iirSqvaPgXB9NMdcdb.
Then it sent 44505 BTC to 18pGH9G1FtpAkBt1zHTDuYXxPFMXqPG8PU.
Then it sent 23525 BTC to 13kfZQxVC6qi5pDSw56Fi3boTU7qMar8Nf.
Then it sent 23525 BTC to 14EKdT8ENWUY33Vyd7PN4TgLg6mnrwUt4T.
Then it sent 9576 BTC to 7jj6RTpzayiHDeFfCR5ihnDFccK997UNT.
Then it sent 5456 BTC to NRZTrVBQEcQ7EWgEdfUrs9xHjuwazdcuf.
Then it sent 2878 BTC to 2kSAA9HY11xwDi2QvmtZN1TYWuRdZb7Gx.
Then it sent 1241 BTC to 1GKUwZEzMoM92BVjVTNAwoSnUxeANhiawc.
Then it sent 509 BTC to 16hpTHQDWRTDkhgHw2T3RDneJM74XJXDoD.
Then it sent 473 BTC to 1KuNerYrrHiNR6bGgQesUiCyQt5u5qVBVQ.
Then it sent 473 BTC to 1Mu3EwLg85J3sV8No3RKLvwZPu2XZqEE63.
Then it sent 473 BTC to 1PgLdynDGFtsfpj6u442gokuLF1kZPCiRa.
Then it sent 376 BTC to 12yUfwW8DmgkZmAcAYsMzGWGw7LCmiQzXa.
Then it sent 375 BTC to 1CZHLDbrswW6ku8eHEDLLHC8Wr3RxowW3x.
Then it sent 354 BTC to 15robQvbP2Q1rZ9kMADnuv9f6tFhwkzz5z.
Then it sent 305 BTC to 1Jsdgh21hrbRuLuKeyvEGdkBauHiYXm7FN.
Then it sent 286 BTC to 1Q64Rx1tVCNeucdUGLkGdo1asiPHhPjoNW.
Then it sent 260 BTC to 1JWjfsk2tUAE83MtBjNEXP85ArxJuWoqg6.
Then it sent 260 BTC to 1JS9EAFzrjeFrLiPaK57mXeAZLwqHdEbPa.
Then it sent 256 BTC to 1421kfM6sbCXYsSZnvL6Dw1StXW2tbq4gZ.
Then it sent 247 BTC to 12eq3PnDcHLT2xpHevZMmFuVHymULjdoaj.
Then it sent 125 BTC to 12ZWoyaSwj53spGWGt9AtGCA28uLq58SCk.
Then it sent 125 BTC to 1Kf6KQd2oQA3yGPQDw8teCZVK7wj6C7ms7.
Then it sent 78 BTC to 1A3AsuYVsgdKNRDm7SGKkkHD9LQeuuipfe.
Then it sent 49 BTC to 1bu6ZBmksM5sRVEZspDKaXb5zTxZRuhrW.
Then it sent 49 BTC to 1J2HFUhF5xSnDXL3Zw3vCiEdv7eJi4EbM5.
Then it sent 156 BTC to 1JT6L2sT9z3QNitk4a2xiDEuwq3dksPYsb.
Then it sent 3730 BTC to 17C6oanWeXbehGZNL5fpUKsEQfMFya1pVD.
Then it sent 1000 BTC to 1MoUfk2Bow7n9B6ksreCbcyDzXdRTFMpC9 (this seems important address, received more than 117500 BTC).
Then it sent 998.99995 BTC to 1Ky8YXSXGensz2J8BYUprtLJvjcjNN3xbm.
Then it sent 999.99 BTC to 12wjEVECppk1rPBTQXyZ6m8zn4h91AzzSf.
Then it sent 1000 BTC to 1BoGw97oS9L2mU8HTQqpm7yxC72H4LCm6i, who still has 1000.35 BTC in its final balance.
We can construct a graph tree all destinations beginning from that one address, but what good would that be? Where do you make inferences to determine the identity of the recipients? How do you group them together?
At some point your trail becomes so long and so disparate that any effort to continue following that trail would be a pointless endeavor.
Sure the technology is there to follow the trail indefinitely, and (where available) you can easily check all recipient addresses from this "poisoned" tree against regular fiat exchange logs, but within the BTC ecosystem? It's an interesting intellectual challenge, but not useful.
Say you traced these coins to 50 different addresses. And then, for example, say that those addresses lay dormant for 3 months. And then 45 of those addresses send bitcoins somewhere on the same day. That would imply that the coins are under the control of a single owner.
I agree it is difficult and beyond the scope of just writing a simple script.
Here is a some background information at Let's Talk Bitcoin:
Is there an API available for doing this type of analysis of the blockchain (or a program already built for this)?
Which would mean that either people would stop using tumbling services (since the process would turn 'good' bitcoins into 'tainted' bitcoins as soon as a single participant wanted to anonymize stolen BTC), or tumbling services would disallow tumbling any blacklisted bitcoins, or both.
Can we verify this? Obviously we can't trace the outputs, but can we look for patterns that suggest the use of tumblers/mixers?
After finding a stolen bitcoin, unravelling its history back to the Mt. Gox Heist is likely to meet a wall of resistence - e.g. if it passed through Silk Road the parties on both sides will be reluctant to come forward and provide information.
In terms of a tort, is it civil or criminal? Was the loss of the coins by Mt. Gox simply an unsatisfactory business transaction? Supposing there was a theft, how should the bitcoins be valued? By the amount of storage space they consume, by the cost of the resources required to create them? If by some market price, which one - some average at the time of their creation, at the time of their loss, at the time of their recovery, or at the time of the prosecution? Many of those values are zero.
Finally, how many of Mt. Gox's customers are going to come forward and claim ownership if such claims are accompanied by a risk of being asked "And how came you to acquire these bitcoins?"
Unlike fiat currency, no government has an interest in supporting the agreed upon fiction that bitcoins are not a fiction. Stealing cash is a crime because the government has an interest in cash being an asset.
The problem with cryptocurrency is the proportion of black and grey market interests it attracts. With bitcoin, they were there first and good citizens second. Separating good citizens from their money was always going to be an attractive option, probably more attractive than separating participants in the black and grey markets from theirs given the greater potential for more serious reprisals which might accompany theft.
It's been over since the first Bitcoin story on NPR.
"MtGox still has at least 200k BTC"
Here are the possibilities, as far as I can tell:
1) That information is inaccurate.
2) MtGox lost their private keys.
3) The private keys were kept in a bank vault, which was seized by a foreign entity like the US government at some earlier time.
4) MtGox stole the coins.
The management of MtGox knows which of these is correct, but they probably aren't going to say.
The situation doesn't looks good.
The BTC lost/stolen are all available within blockchain/public ledger. Depending on who stole them, it would probably be distributed within multiple very smaller transaction.
It my be traceable, but likely unrecoverable, because this is a feature of Bitcoin. In other words authorities and forensic enthusiasts can find the BTC but they are most likely lost at the same time.
The thieves will move funds around at little cost in order to try to gain the value from the Bitcoin they stole.
The problem with Bitcoin is that because there's no fee associated with them, there's no money or resources being made available or directed towards policing and following of these thieves.
Edit: And it's not particularly fair to use the rest of society's resources to do this policing, when they're not contributing to the system - they're avoiding contributing, to a partially corrupt and currently inefficient system, yes - but it'd be better to fix these inefficiencies and deal with the corruption.
In the short term, referencing Blockchain transaction over a given period of time, a destination address could be assigned a lower karma value for having a relationship with a bad actor address. The karma could be measured in amounts taken from other bad karma addresses.
While your wallet may contain trace amounts of bad karma money, it eventually gets diluted over time. Maybe we could utilize a days destroyed karma as well.
How do you know that? Given the amount that was stolen, I would be very surprised if some victims are not employing considerable resources to find the thieves. Also given the amount, many layers and private investigators are probably willing to do speculative work on commission. It would just be silly for them to advertise such efforts.
Following the second category is roughly instantaneous, it's all on the block chain. So in some ways, the chase gets easier over time.
Let's assume eventually they will be 'spent' somewhere- its going to be damn near impossible to track them down unless they transfer all of them into a single wallet with their name/address in the comment.
If people manage to identify people behind the blockchains, I strongly suppose that law enforcements, depending on countries where the theift physically is, can force the thieft to give it back without any modifications to existing laws.
I think we can catch him when he is going to want to laundry his bitcoins.
If 4chan gets pissed off at me, my available recourse involves scouring all data traces I've made across the Internet and then hoping I did it fast enough before the pain train begins. At best, I could post some kind of apology or concession and pray they lose interest.
If the government wanted to put me in jail, my available recourse starts with a reasonably well documented legal system interested in fairly representing and judging me and extends all the way to, well... asking 4chan for help.
Maybe if I were black or female or gay, I'd prefer 4chan's treatment, but only maybe.
You underestimate fools.
I wanted to add the possibility of law enforcement from various countries tracing the alleged perpetrators. This is actually the most worrisome scenario, because a large portion of this would be unrecoverable from the law enforcement, due to the immense confusion stemming from authorities not knowing who has jurisdiction and the laws surrounding crypto-currencies.
This might be an acceptable situation for the customers but would be bad for the customers as over 6% of BTC would be almost permanently removed from circulation.
a) Bitcoin is pseudonymous enough that you can safely buy drugs with it
b) Large thefts of bitcoin can be traced; it's not pseudonymous enough for massive frauds
At the same time, the value of solving large thefts like this makes expending substantial resources to solve it much more reasonable.
It's like stealing someone's iPhone with a ski mask on while a camera catches you vs. robbing a bank with a ski mask on with a camera catching you. Both thefts begin with the same amount of evidence, but the latter is infinitely more likely to have resources devoted to it.
If a drug buyer in a BTC transaction got the coins anonymously (say, sent a self-destructing robot to drop off cash in exchange for BTC), then that part is fine. They can go use those coins anonymously. If they ship drugs to their house, well... that alone sort of undoes it all.
The drug sellers that were caught from Silk Road were caught due to things like making a huge amount of trips to post offices, getting the attention of postal workers. That may be a parallel construction, but it seems legitimate enough. Buy drugs from large seller, look at the postmarks for patterns. Then go gumshoeing around and wait 'til you see the same car or people going to the same post offices over and over and over. You can probably pull this attack off without even having government capabilities.
I had never really thought about the consequences of a public blockchain and the decreasing cost of analyzing that blockchain.
I seem to recall a news story about how people who spied against US in the 40's and 50's were caught later in the 70's and 80's because the intercepted cipher texts had been kept for decades until technology was able to break and decrypt them. Looking at the blockchain reminds me of that feat. Of course, that could have also been a poorly written thriller I'm remembering instead...
If you use it correctly, then bitcoin itself is anonymous.
and hasn't this happened already? someone did steal coins and was tracked for a while. how did that work out?
1. They weren't stolen - lost in cold storage harddisk failure for example
2. Revealing it would show something extremely embarrassing - they only used a single wallet?
3. They still have them - yay?
4. They were stolen by Mt. Gox - gulp
Though I agree a cold storage failure is still a good possibility, given the poor communication.
Fred: "Mark Karpeles was the thief all along!"
Karpeles: "And I would have gotten away with it, too, if it hadn't been for you meddling kids!"
Feds sized silk road and the Bitcoin wallets
If any was stored or transacted at MTGox this might be some of the amount of losses MTGOX is now showing but NOT ALL OF The lOSSeS obviously
Mark has said repeatedly that Mt. Gox is under investigation and that he can't talk about it. There's a supposed IRC log from two days ago where he let it slip that he's under a gag order, saying two days ago "le gouv US ne veut pas qu'on disclose" (the US gov. doesn't want us to say anything). And he's said in public that he can't discuss the matter since he's under investigation.
So my guess is that the feds have seized his cold wallet as part of the Silk Road investigation, or even as part of the case against Mt. Gox itself, which was probably in a safety deposit box. They've already seized 5 million USD last year from Gox, why wouldn't they go after the Bitcoins, too?
And yes, the seized Bitcoins would not equal the number owed, but my guess is that they're the majority of them, say 80%.
If that's the case, account holders would have to petition the USD to prove they're not drug dealers and or tax evaders to get their money back.
I find it extremely unlikely that MtGox would falsely claim that they suffered a theft due to transaction malleability (a real point of possible error) if the actual issue was a US Government seizure. It just strikes me as utterly unbelievable that they would actively cover up (rather than simply failing to disclose) a government seizure.
It's far, far more likely that Karpales is either grossly incompetent or a thief than it is that he's making up complicated stories to cover up a government action.
I agree Occam's Razor applies here. That said, we still don't know a lot about what happened.
I wouldn't put my money on explicit, but if it was, it wouldn't be the first time.
It isn't supposed you can go read the IRC transcript. He said no such thing. What did happen is, in response to the question of what would he like to tell everyone who is waiting for news he replied with a link to a image with a Batman quote about failure. The image happened to be hosted on an image sharing site called 9gag.com. People think that was his secret way of signaling that since the word "gag" was in the website's URL. It is a total ridiculous conspiracy theory to think that he is under some kind of gag order that is preventing him from telling the truth about what happened to the coins.
I don't believe this is right, but this is the reality.
I can't believe people think this is some kind of conspiracy theory. Mt. Gox has already had 5 million confiscated by the U.S., last year:
Why is it so unlikely that they seized more money, probably in the form of paper wallets from a safety deposit box? Japan law enforcement works closely with the U.S.
But here's what they really wanted from Mark, and I wonder if they got them: all the Mt. Gox account records, including IP logs and bank account numbers.
mean while you can have already split your key into parts and give them to trusted people. setup a dead man switch to email those people to talk and recombine private key, import into wallet and withdrawal funds.
this would have worked beautiful in silkroads case because the private was encrypted.
I'm guessing many of these coins were mined or bought before the astronomical price rises.
Of course I understand that that is irrelevant to people who have perceived millions of USD, but interesting nevertheless.
The value has recently dropped, and I'm sad that I didn't cash out before, but I didn't actually lose anything. I'm still up the entire value of my portfolio, I'm just not up as much as I was before (and could have cashed out at).
I do feel bad for the people who bought in and then lost it all.
"The Pony botnet attack was an ambitious data collection program. TrustWave reported staggering data loss statistics from the event the following sensitive information was stolen.
1,580,000 website login credentials
320,000 email account credentials
41,000 FTP account credentials
3,000 Remote Desktop credentials
3,000 Secure Shell account credentials
Pony’s attack on the Bitcoin community took down the worlds largest Bitcoin exchange, and caused the price of Bitcoin to plummet. The attack reinforced security concerns over the currency. Can confidence in Bitcoin recover?"
Assuming they weren't lost because someone forgot a password, all of the BTC lost / stolen in transaction malleability are traceable. Whether or not its feasible to check every transaction from Gox over the last few years and add up all the partial BTC is something I can't comment on.
1. Split the wallet up into as many wallets as possible. Preferably by transferring them through a couple hundred compromised (but not emptied) accounts.
2. Sell each individual wallet of say, 100-1000 BTC, on the black market. Make sure the transaction happens outside the transaction chain (i.e. either in real life or using other wallets with some kind of alternative trust system).
3. Be prepared to lose 5-20% of the value, in exchange for turning the money "white".
If the money was stolen and the people who took it aren't stupid, I don't see how someone is ever going to find it.
Again, I know very, very little about bitcoin or economics in general.
If I started my own currency called a superdollar, and I had the only superdollar in existence, it would be worthless, despite the fact that it was very rare.
If a foreign entity can make the bitcoins you have disappear, that leads to less confidence in your ability to use the bitcoins for trade. The fact that there's fewer out there doesn't mean yours are more valuable. The number of bitcoins has been constantly increasing, yet the price has been going steadily up as well. That's because they've become more trusted, more usable. More places will accept them in trade, and more exchanges exist.
When places like Mt. Gox fail, or fear that foreign entities have the ability to essentially rob the banks with impunity, it makes the currency less trusted.
Consider this. The government issues a currency called digibux. They are matched to the USD, you can buy one digibuck for 1 USD, but they are limited in volume, only so many are offered. Looking at this naively, digibux has the same value as USD. Now consider the following happens, the government takes down a giant drug operation, and invalidates all of the digibux that were involved in the operation. A friend of yours who was a pizza delivery guy has hundreds of dollars removed from his digital wallet because they were tips from people who had participated in the drug trade.
Now you're sitting with 10,000 digibux, and you know that the government is pleased with the results of the previous sting and wants to set up more operations like that. Someone offers you 8,000 USD for your 10,000 digibux. You know that the 8,000 USD can never just vanish.
The number of digibux in circulation went down. But did that make the total value of digibux go up?
You are only considering the supply side and assuming that the government seizing bitcoins from one of the major exchanges (and, subsequently, collapsing the exchange) doesn't impact the perceived viability of the bitcoin ecosystem (since, presumably, the same thing could happen elsewhere) and reduce the demand for bitcoins as well as the supply.
Also, it further assumes, on the supply side, that the government simply throws the coins in, effectively, a digital landfill -- otherwise, the fact that they were forcibly transferred from the exchange to the government doesn't actually have any effect on supply.
I don't know if it's possible to identify (from the blockchain) transactions that have been altered in a way that exploits the malleability issue but it should certainly be possible to identify pairs of transactions with identical startpoints, endpoints and sizes (i.e. number of bitcoins).
If it turned out that pairs of such transactions turned out to come from MtGox's wallets to third-party wallets, that would probably be a good starting point.
-The government has no inclination to interfere (even though many US citizens lost their money) as they were against it (if not outright criminalizing it).
- The lost money, even if recovered in full, would not be the same. The time lost is money lost. Besides the emotional shock and pain people had to take.
- Someone somewhere is sitting on that money, and it will have value, because people won't stop trading Bitcoin even now.
I know people are not ready to take any criticism of bitcoin, but here it is, what needs to be fixed about it.
Sure, if they were all stolen and tumbled at once. The descriptions of a cold storage "leak" suggest that if the loss was due to theft, it was a gradual over an extended period.
However, an employee or contractor at mtgox who figured he could cover his tracks could have stolen them
Instead Bitcoin is a ledger that details wallets and accounts. The origin of balances came from mining, and then people made transactions that, on the official ledger, transferred some or all of those amounts to other wallets. And on, and on, and on.
Hypothetically, if the community were foolhardy enough to trust someone's list of "recipients of mislaid money" wallet ids, you could blacklist those wallets, or even, through group agreement, force transfers back. But that's where tumblers come in: Tumblers are group wallets that take transactions in from all sorts, and then distribute them anonymously to new wallets you control (after a service fee, of course). Anyone hiding their tracks will of course have used a tumbler, often anonymously run on the Tor network. Do you blacklist or reclaim from every wallet that took an output from a tumbler?
Bitcoin would be toast. Tumblers are something that legitimate users of the currency make use of. You won't get the cooperation of tumbler operators because they are themselves engaged in a very serious crime.
So the trace-ability claim repeatedly being made just doesn't hold when you have legitimate and illegitimate transactions by the millions all intermixed. When bitcoins are transferred...game over. Give up on that thought.
Edit: Not "does it matter that they are lost", but rather "since they are lost, does it matter where they are".
You play in dirt, you get dirty. You want an unregulated purely digital currency with irrevocable transactions, you know it's going to sting if you lose some of it.