Hacker News new | comments | show | ask | jobs | submit login
Peter R’s Theory on the Collapse of Mt. Gox (bitcointalk.org)
235 points by passepartout 1359 days ago | hide | past | web | 121 comments | favorite


Regardless of how exactly it happened, I think the big thing is that anything that operates as "just an exchange" has the potential to operate as a fractional reserve bank instead (IE, just operate with enough money to cover day-to-day transactions and not-have/use-for-something the remaining funds people think you have in your vault).

So basically, trusting any unregulated entity that claims to have stuff in its vaults is an inherently dangerous thing since such entities inherently tend to fail all at once when they fail (because they can mask either a series of small failures or a failure large enough to bankrupt the company but still not large enough to clean out the customers - yet).

It also shows what happens in an environment without insurance. If Mt.Gox was insured, this catastrophe would have been avoided for the customer by either the insurance company paying out or by Mt.Gox never getting hacked due to the security controls that the insurance company would have demanded.

This, of course, raises the questions of "who insures the Bitcoin insurance company" and "how do the insurance companies protect their Bitcoin now that they are a target?"

Mt. Gox tried to secure insurance of customer deposits. Japanese insurance companies asked them about the specifics of their business and then said, to paraphrase, "Oh HELL no." One of the issues was that they were awaiting guidance from the Financial Services Authority, because insurance companies hate uncontrolled regulatory risk. The other issues were the sort of thing which will get your Errors and Omissions insurance application circular filed regardless of whether you're running an exchange or running a web development shop.

E&O insurance is surprisingly simple to understand. You fill out a 5ish page application, which asks you about the character of your business, your tech infrastructure, and your procedures/policies/etc regarding particular risks. The underwriter reads your application then asks some drilldown questions. The two I got were "Confirm Mr. McKenzie has 5+ years of professional experience in system administration" and "Confirm that the use of Appointment Reminder in a hospital is for the hospital's business administration or the convenience of patients, rather than for treatment/diagnosis/etc of a medical condition." (Translation: If it breaks, does anyone die? If so, we will probably not write this policy.)

I'm curious if this is due to Mt. Gox not trying hard enough. Recently a Bitcoin startup was able to obtain insurance from Lloyd's: http://arstechnica.com/business/2014/01/backed-by-lloyds-of-....

If this theory is true, presumably Karpeles would not have done this after the 2011 hack, because that would be insurance fraud (falsely obtaining insurance on the theft of coins that have already been stolen). It's possible that it would have been more difficult at that point because of Bitcoin being less mature.

But isn't Lloyd's famous for insuring what most other companies won't insure?

Yes. But from what I understand, this is because Lloyd's is a marketplace and not a traditional insurance company. They put wealthy entities in contact with people with peculiar insurance needs and let them work it out.

That's the classic move: outsource the risk to other people's money, and pocket some fees. Lloyd's seems a little like a bookie.

In the Eastern Bloc, in the '80s there was a new small fab being built to produce PROMs, PLDs and clone CPUs. Although the country in question was never charged with computing (as opposed to, say DDR, Bulgaria) it actually was onto FPGAs in stealth.

Obviously, it was burnt to ashes the next day, and Lloyd's paid out. One wonders, if somebody was funding Lloyd's, because this was practically guaranteed to happen given the circumstances. Today in the free market, you can freely choose between Altera (San Jose, California, U.S.) and Xilinx (San Jose, CA, USA).

Any links to the full story, or maybe just some keywords I can use to search the google?

I too was intrigued. Googling for UNITRA-CEMI, I found a reference to a fire in a east block factory in Hungary in 1985.

> Hungary had even less success with integrated circuits in the Soviet Era. Hungarian IC production was initiated in > 1985 under licenses from the Soviet Union and East Germany, > but the factory burned down the following year, destroying all the equipment.


I'm not sure, but if that's the case I wonder why Karpeles didn't go there (again presuming this attempt was made before the theorized 2011 theft).

Insuring Bitcoin in 2011 sounds like a scam already.

It is not insuring the value of bitcoins, but the operation of the company. Regardless of the legitimacy of bitcoins or their value, the company is providing a service and it can be insured against lawsuits for its own mistakes. In 2011 the potential losses for its mistakes were much lower.

E&O is almost impossible to get if you are considered to be trading.

Which is why government insuring bank deposits isn't such a crazy idea. If the government collapses and can't stand behind the policies, then you have some really big problems on your hands and it is likely that private insurers wouldn't have fared much better. If the government doesn't collapse, everyone gets made (more or less) whole again. Basically, when the government is your insurer, there is no "Who insures the insurer?" problem, or at least the problem becomes moot.

>>> it is likely that private insurers wouldn't have fared much better.

Why is it likely? There are many private companies controlling amounts of money comparable with amounts of money controlled by some governments. I'm not talking US government of course but there are many smaller ones. Such companies are usually multinational corporations carrying much less local political risks and less prone to engaging in stupid things like trying to build communism or invade neighboring country to steal their supply of goats.

>>> If the government doesn't collapse, everyone gets made (more or less) whole again.

That is certainly not so, since unless you are controlling world reserve currency (read: US government) your resources are limited unless your deposits are nominated in your local currency. If you have monetary crisis, local currency quickly becomes worthless. Thus, you have very limited resources for making your citizens whole. On the contrary, big multinational corp would usually have balanced deposits in many major currencies - and usually good political ties with US and EU governments - which would ensure any local currency risk would be survivable for it. Thus, for a private corporation it would be much easier to make everyone whole - unless we're talking about US government.

So, for most governments out there which are smaller than US government, it is not true that their form of insurance is preferable for those reasons. The only reason it may be preferable is that the government has monopoly on violence (at least until overthrown) and thus can extract money by coercion, which private corporation usually can't. But if your government has to resort to robbery, are you sure it's a good insurance?

> Why is it likely? There are many private companies controlling amounts of money comparable with amounts of money controlled by some governments.

You assume complete rule of law is maintained in the absence of government, which is a non-trivial assumption. To exercise control of said money, especially in times of turmoil, you need an underwriter, usually in the form of police and/or army, which usually require the government to be functional.

> But if your government has to resort to robbery, are you sure it's a good insurance?

It's a game of semantics. Some people consider any taxation "robbery at gunpoint". Most people would consider that only about "unjust taxation". However, the number of definitions of "unjust taxation" is close to the number of voters.

>>> . To exercise control of said money, especially in times of turmoil, you need an underwriter, usually in the form of police and/or army, which usually require the government to be functional.

You seem to operate under impression there's only one government. That is not so - in fact, there are many different governments and many different ways to store money, which allows to hedge the risks.

>>> It's a game of semantics.

It's not. There's a point when failing government resorts to actions which go beyond regular taxation - such as hyperinflation, confiscations, defaults, etc. In such cases governmental insurance is no good as there's much more chance it will hurt you than benefit you. For the private company, the minimum you get is zero, but for the government it can get way worse than that.

> That is not so - in fact, there are many different governments and many different ways to store money, which allows to hedge the risks.

For the omnipresent omnipotent investor, that might be true , but probably is not true even for that investor -- e.g. the US government can and does have a wealth tax in the form of inflation, that applies to every single asset class anywhere in the world, enforced through FATCA/FBAR; You have no legal way to protect your assets against inflation+taxation).

If you're in Cyprus, and you need money usable in Cyprus, you are dependent on a functional Cypriot government, one that did not employ capital controls (But they did...)

Furthermore, a lot of people here are unaware, but for at least 3 months, there was more than one currency called "Euro": The Greek Euro, and the non-greek Euro. Banks in Germany would NOT accept greek Euro, or remit non-greeo Euro to a greek bank without collateral or other guarantees. All fiat money is fungible.

>> It's not. There's a point when failing government resorts to actions which go beyond regular taxation -

Your statement is ironic. Who gets to define what "regular taxation" is? The US had, at times, 80% taxation. Is that regular? The US government has been running a much higher than reported inflation for years. Is that regular?

Right, because if government does not collapse there is nothing stopping them from printing all the money they need to cover their obligations.

The consequences of printing excess money during major financial meltdowns is something famous Nobel laureates still debate. The consequences of letting large segments of the population lose their life savings is a bit starker.


The first point that's not quite understood is that this generally stops the bank run because people don't feel worried about their money anymore (or not all given existing state insurance).

The second point is that the "inflation of funds" actually didn't happen at the point when government printed money but at the point when the private institution multiplied the perceived amount of money in the system. Think about it, people that are withdrawing their money during a bank run don't suddenly feel richer.

The third point is that banks can and have operated fractional reserve systems using gold just as MtGox seems to have done with bitcoin. 19th century US banks printed their own gold certificates and failed on a regular basis.

The second point is that the "inflation of funds" actually didn't happen at the point when government printed money but at the point when the private institution multiplied the perceived amount of money in the system.

J.K. Galbraith refers to this as the "bezzle" in The Great Crash: 1929. It's the monetary surplus created by fraudulent transactions, and, he notes, nobody has a problem with it until reality asserts her presence.

Update: More on the bezzle, found an online reference.

In many ways the effect of the crash on embezzlement was more significant than on suicide. To the economist embezzlement is the most interesting of crimes. Alone among the various forms of larceny it has a time parameter. Weeks, months, or years may elapse between the commission of the crime and its discovery. (This is a period, incidentally, when the embezzler has his gain and the man who has been embezzled, oddly enough, feels no loss. There is a net increase in psychic wealth.) At any given time there exists an inventory of undiscovered embezzlement in — or more precisely not in — the country’s businesses and banks. This inventory — it should perhaps be called the bezzle — amounts at any moment to many millions of dollars. It also varies in size with the business cycle. In good times people are relaxed, trusting, and money is plentiful. But even though money is plentiful, there are always many people who need more. Under these circumstances the rate of embezzlement grows, the rate of discovery falls off, and the bezzle increases rapidly. In depression all this is reversed. Money is watched with a narrow, suspicious eye. The man who handles it is assumed to be dishonest until he proves himself otherwise. Audits are penetrating and meticulous. Commercial morality is enormously improved. The bezzle shrinks...

Just as the boom accelerated the rate of growth, so the crash enormously advanced the rate of discovery. Within a few days, something close to a universal trust turned into something akin to universal suspicion. Audits were ordered. Strained or preoccupied behavior was noticed. Most important, the collapse in stock values made irredeemable the position of the employee who had embezzled to play the market. He now confessed.

J.K. Galbraith, The Great Crash: 1929, pp 132-133.


And the association between Galbraith's bezzle and Bitcoin / Mt. Gox has already been made:


For now, though, Bitcoin, like innumerable speculative vehicles before it, appears to be falling victim to what John Kenneth Galbraith, in his book on the 1929 stock market crash, referred to as “the bezzle.” In any economy, Galbraith noted, crookery and theft are present. But, particularly when money is plentiful and financial markets are rising, “the rate of embezzlement grows, the rate of discovery falls off and the bezzle increases rapidly.” It is only after the market falls and “audits are penetrating and meticulous” that much of this chicanery is uncovered.

Great post!

I'd just note the money effect doesn't have to be fraudulent (though I'm sure it helps).

Just the simple effect of banks being able to loan the funds under their care creates an effect where people have access to more money, even if it isn't there and they act accordingly (and certainly adds to the pure embezzlement as well).

Also, this highlights to me the contrast between '29 and 2008. In 2008, the problems up past a certain were covered up, effectively insolvent banks were supported and whole industries were bailed out. So one presumes the position of the embezzlers has been different, though some certainly were caught. Indeed, I would imagine that today's embezzler is trying to steal as much as possible as quickly as possible so as to get into and remain in the too-big-to-fail mafia.

I'd just note the money effect doesn't have to be fraudulent

You're pretty much precisely inverting Galbraith's insight.

First: the whole point of the bezzle is that it is fraudulent. It's that during the period before you realize this, everything looks hunky-dory. It's Wile E. Coyote running off the edge of the cliff, before looking down and realizing he's suspended in the air.

The other is that an expansion in the money supply, in the short run, leads to consequences generally seen as favorable: those whose apparent financial wealth is increased suddenly have the ability to make claims on (purchase) resources they wouldn't have been able to previously. There's a model of money as exchange particles, and the concept of virtual particles which can be created under certain circumstances, which I'm finding increasingly compelling. The problem is when the wavefront collapses -- that's when misery sets in.

As for '29 and '07: yes, individual institutions were allowed to fail (mostly) during the Great Crash. Again, Galbraith goes into detail on this, I recommend his book. Where addressing the situation failed was in not creating liquidity elsewhere in the system to make up for this resulting in tremendous deadweight losses as the economy simply tanked.

In 2007, an institution was allowed to fail (Lehmann Brothers), but the consequences were so severe that politicians stepped in to staunch the collapse. The manner in which they did this was both useful (the liquidity was absolutely needed) and utterly flawed (the very individuals and institutions which had, in large part, assisted in creating the problem were greatly enriched by the intervention). And yes, getting into a business in which profits are privatized and losses socialized is very much the modern mantra.


And if they print so much money that it becomes worthless, then that'll have a similar impact on lenders than if they just default, which is the government's first option and everyone else's only option. The government's only option, too, if the debt is denominated in someone else's currency.

To that extent, governments having the option to print money to satisfy debts is a good thing. As soon as there are two evils to choose from, it becomes possible to select the lesser of them.

In other words, don't think of lending money to a government in a currency it can't debase as if it were somehow less risky. There's still plenty of risk, it's just that it comes entirely in the form of default risk rather than as a mix of default risk and exchange rate risk.

Your point illustrates why government-backed currency is also a bad idea, at least when competition from private currencies is prohibited.

If you want a real word example, you can read about the Corralito ("child's playpen") in Argentina in 2001: http://en.wikipedia.org/wiki/Corralito

It also shows what happens in an environment without insurance.

I'm not sure why you raise this issue considering it's effective meaninglessness.

There are a raft of private insurance entities for things like pension funds and stock brokers (there used to be ones for state level "Thrift" banks. There used a mortgage bond insurance company too - it became insolvent in 2008. The pension and stock broker ones stay solvent by not necessarily fully guaranteeing any entity, etc).

None of the finance institution insurers are going to be large enough to actually insure against systemic failure. Essentially, these entity also, in supreme irony, operate with the fractional reserves principle. They only insure against a small failure every once and a while. Only the state, with it ability to print money, can provide real insurance for things that operate like a bank. So private financial failure insurance is a fancy fig leaf, it gave no comfort during 2008 crisis, etc.

And fricken really insure bitcoin exchanges? They would have to have enough dollars just sitting around doing nothing to do that and no one would provide these dollars. At best, all you're doing is asking for someone to sue if things go bad (OK, that's something but not much).

Insurers buy insurance from reinsurers, and this works quite well most of the time. Sure, government is the insurer of last resort in situations like the 2008 financial crisis, but that sort of systemic failure tends to only occur at generational intervals. In the meantime, governments also impose things like capital adequacy ratios and so forth to avoid bailout situations, even though banks don't like those very much.

I think you're taking the example of a systemic failure to mean that all such insurance is a waste of time. But most failures aren't systemic or massive.

I think you're taking the example of a systemic failure to mean that all such insurance is a waste of time. But most failures aren't systemic or massive.

It seems implausible that systemic failures for bitcoin in particular are going to be generational.

Insurance for entities subject to systemic failure is about having many hands looking the process and having the appearance of solidness. Appearance really is as important as reality for keeping such entities afloat.

You gotta admit "Insurance works most of the time" is kind of like a tight rope walker saying "that net that's there to catch me works most of the time, meaning that it definitely works when I don't fall and it makes people happier".

And my main point would be that state regulation and guarantees are the more serious measures and private insurance is not nothing but fairly weak affair. I'd trust regulation on a financial entity much more than I'd trust insurance on such an entity.

I too think regulation (either by peer or by government) is a much better guarantor than a hard-to-evaluate insurance policy. But the fact that insurance doesn't cover every eventuality doesn't make it useless. For example, my home insurance doesn't cover me against earthquake, a potentially catastrophic risk that comes with living in California. Of course I worry about this a bit, but earthquake insurance is very pricey at the same time. however, I don't consider ht einsurance I do buy to be a waste, since it covers me against fire, a tree falling on the house (of which there are several very large ones), a guest suffering an injury while on my property, etc.

The problem for a lot of Bitcoin service providers is that once the cost of regulatory compliance and even limited insurance (up to $5000 or something) is factored in, they won't seem especially competitive with other financial vehicles. Maybe the smart thing to do would be set up a bitcoin insurance firm first and make money out of the exchanges...

And indeed state guaranteed deposits are not covered against every risk. FDIC and the UK equivalent for private deposits in banks only covers up to GBP 100K or USD 250K (or at that level) anyway - good luck getting your millions of dollars back from the government when a bank collapses.

It also shows what happens in an environment without insurance.

If one thinks long and hard about this, one might conclude that the entity insuring such exchanges needs an entire agency of men in black, a standing army, some nuclear missile subs, and hundreds of billions, if not trillions, in reserves. Or, it could be another kind of organization of comparable power.

If I were the leader of an oil-rich state, I'd look into a system of bearer bonds based on cryptocurrency. Some alliance of nations might be able to become the virtual Switzerland of the 21st century, not with mountains to protect it, but complete dispersion and redundancy of its financial resources instead.

Actually, the entity best suited to back, insure, and police a cryptocurrency is the United States. A hybrid fiat/cryptocurrency with those kind of resources behind it would be invulnerable. However, this would just increase the hegemony of the US. (Ironic, that the US could further cement world domination by losing control of individual transactions.)

Insurance only helped so far in the Mortgage market... Most of the monoline (Mortgage-only) insurance companies went belly up.

Couldn't a bitcoin exchange publish a list of accounts that they use to hold coins for customers, and similarly, request that their bank confirm that the sum of customer funds is greater than X?

I mean, we might not see exactly the number of things we expect, but if it's holding over 95% of the value expected (through those mechanisms), and shows a successful trend of having increases when it claims and decreases when it claims, then it seems relatively trustworthy.

Many poker sites do this for their fiat reserves. They hold player funds in a separate bank account that is regularly audited by a trusted third party.

For the exchanges crypto-currency reserves, a trusted third party isn't even necessarly. The exchange can use gmaxwell's "prove how (non)-fractional your Bitcoin reserves are” scheme [1], which allows them to cryptographically prove they are not fractional reserve.

The Mt. Gox bankruptcy will have positive long-term repercussions on the bitcoin community, because it will pressure honest exchanges to do the above to prove they have the funds to cover their deposits. Coinbase has already done this for their bitcoin reserves [2], albeit through a trusted third party rather than the cryptographic way.

[1] https://news.ycombinator.com/item?id=7277865

[2] http://antonopoulos.com/2014/02/25/coinbase-review/

In the longer term (assuming Bitcoin survives so long) the question is whether exchanges will start to openly fractionally reserve their deposits. It might seem crazy today, but if and when the exchanges develop a strong reputation for financial soundness it may be very hard for them to resist the profits from a small, very safe under-reserving. Customers are likely to go along with this because 1) after all, the BTC exchanges have a strong reputation for safety and competence! and 2) some will likely share in the profits through interest on their deposits. Of course, these small, very safe overcommitments will likely turn out to be the first step on a slippery slope, but so it goes.

(I am not an expert on anything.)


Dollars are held in bank accounts that can be verified.

Bitcoins are not held in bank accounts. They are long strings of numbers in essence and "storing" bitcoins involve putting these numbers on a hard disk that isn't connected to anything.

I don't know enough about the bitcoin protocol to say this is possible but if an exchange could exhibit the public keys of their bitcoins without exposing the private keys, they could at least prove that either they or no one owns bitcoins of a given value.

I can think of two ways to do this. The first way is a zero knowledge proof. This is a cryptography concept where you can prove that you know some secret (in this case the private key) without revealing the secret. I am unfammiliar with the specifics of Bitcoin, and suspect that the feasability of this method depends on the type of public/private keys they are using.

The other approach is publish a list of your public keys along with predictions of future transactions. Assuming you actually control the public keys you claim to, you should be able to make those transactions successfully.

Both of these approaches will run into some difficulty with a robbery or loss of keys kept in cold storage. Because your keys are (supposedly) in cold storage, it is not suspicious that you cannot prove control of them. However, if you were to suffer a harddrive failure (and not have backups), then you could simply claim that those keys were still in cold storage.

This is achieved by making a transaction between two wallets you control - this is recorded on the blockchain. Karpeles / MTGox did this previously to prove that they had a certain amount of BTC. see https://bitcointalk.org/index.php?topic=21436.0 for more details (search for 424242).

Well, Cyprus bank were rather regulated, and even had stuff in their vaults, but then regulating authority came in and took the money. Oops. The difference is that in Cyprus theft no one went to jail.

The risk that something like this is what happened is why Bitcoin companies (and other companies that deal with money) should have mandatory vacation policies for employees. With a mandatory vacation policy, it's much harder to a single person to commit fraud, since keeping up a fraudulent scheme requires daily attention to create fake books and records.


And also use Gregory Maxwell's proof of solvency scheme: https://iwilcox.me.uk/2014/nofrac-orig

That's an interesting idea.

A mandatory vacation sure would have put a stop to "Brian Molony"'s systemic theft from CIBC much earlier. iyww Biran Molony was the real life person behing the movie "Owning Mahowny".

It's not just an interesting idea - it's very much the norm in much of the banking industry in my neck of the woods. It's generally considered one of the best ways of picking up internal fraud.

One example that springs to mind from Australia was a branch staffer who had managed to rack up A$5 million dollars in fake mortgages. Went on holiday, the stand-in noticed dozens of mortgages to the same PO Box, did some digging...

Yes, this is a good idea, but you need smart people auditing the books(system). The smart part is a problem. Industry hires too many credentialed fools. Hire a criminal to catch a criminal.

tl;dr: Mt Gox had a lot of coins stolen in 2011 and has been running a fractional reserve ever since. Mark tried to delay the inevitable insolvency by creating a bot to manipulate the price, and eventually tried to cover it all up by blaming "transaction malleability" attacks.

One of many plausible explanations. It's going to be really interesting seeing how this actually plays out.

Bitcoin folks need to understand that fractional reserve banking doesn't mean holding less in assets than you have in liablilities; it simply means that you hold less cash (or very liquid assets) than you have liabilities. What the author of this post describes is just fraud, not fractional reserve, and while libertarian types love to conflate the two, they are emphatically not the same thing.

Well "fraud" implies deception. I think the argument that "libertarian types" make is that very few people understand how money works at a high level (namely that the money supply can increase up to the money multiplier), and perhaps that the people who administer high level finance deliberately set things up to benefit themselves at the cost of the "common man." I don't think many people argue that fractional reserve banking literally constitutes fraud in the traditional civil or criminal justice system.

Murray Rothbard is probably the most influential example. He argued that fractional-reserve banking is fraud and should be effectively outlawed by regular tort law (not by government regulation).

He had a bit of a running disagreement with Von Mises over it: http://www.garynorth.com/public/9714.cfm

That article was interesting about the utilitarian Mises vs the natural law Rothbard, but it was completely wrong about the 100% reserve clause Rothbard insisted as essential being necessarily enforced by the state.

It sounds like the writer has not heard of Rothbard's proposed anarchocapitalist systems, polycentric laws and competitive arbitration and enforcement organisations.

Yeah, here's the relevant quote where he gets it wrong, or at least uses misleading wording:

> Mises openly rejected the idea that government should have any role in setting a specific percentage of gold and silver or other assets, including bank deposits, in relation to their issuance of what he called fiduciary media, but which hard money advocates refer to as fiat money. In contrast, Rothbard called for 100% reserves.

Im sorry but what is there to "play out"? The show is over. There is a bankrupcy filed protection that will decide what to give to whom but thats about it. We will never find out the truth. Even after extensive investigation, if any, you dealing with anonymous wallets over period of years that been sicking coins out of gox. Definite answer who did it, who knew it, even how they did it, will never come.

There's likely still a whole criminal investigation to come. Plenty of people to interview, records to review, pieces to put together. I think it's pretty likely that more information will come out.

I was watching Freakonomics the other day (well, part of it, anyway), and they were talking about how the Japanese police will only really investigate crimes when they have a clear chance of getting a conviction. Take that as you will, but it seems to be that even if there's an investigation, that doesn't mean that anything will necessarily come out of it.

That and the Japanese police also will try to get a conviction even if it means convicting someone with little evidence. Combined with their seeming incompetence at investigating cyber crime this does not bode well for the MtGox investigation. The Japanese police have a 99% conviction rate with prosecutors being fired for threatening to kill suspects if they don't confess. The Japanese system of "Justice" strives for convictions, not justice.


Summary: Police arrest 4 separate suspects and get confessions from 2 for having a virus on their computer.

It will be interesting to see how this will affect the business practices of other Bitcoin exchanges.

What I like about this story is how consistent it is with decades of stories from financial fraud. E.g., the downfall of Nick Leeson and Barings Bank:


Poor internal controls, greed, arrogance, and snowballing losses that lead to greater and greater risks. And then disaster, at least in the cases we hear about.

Of all the speculative explanations so far, this one would make the best plot for a movie script.

He's certainly a great writer. The thing that was lacking were the sources.

If you've been in the bitcoin world since at least before the first MtGox "crash" at $40 then it would be obvious which events he's talking about.

Granted it's being being turned into a narrative but the history is spot on. I wouldn't have bothered putting in sources if I were him either, it's time consuming and those who know the history of the events wouldn't need it.

Tone down the superior attitude. Sources benefit everyone.

It's not about being superior he's posting on bitcointalk the audience would be very familiar about the sequence of events. It's posted in "speculation" I.e. It's a hypothesis based on what everyone in the bitcoin world observed and he created a plausible yet possibly completely fictional technical hypothesis for what happened behind the scenes. There's no "sources" to back it up.

It's like when HN goes offline. It's an observable fact. Writing what you "think" happened to explain this fact is the speculation part.

It's of course a theory. But "I'm going to make up this accidental shortfall today by making bigger bets tomorrow" is how a lot of fraud starts innocently.

This shouldn't be surprising. The same sort of things would happen back in the good old days when we were on the gold standard.

Usually the catalyst in those days was some sort of financial stress at moment of weakness for the bank. In the 19th century, Typically this was in the fall before the receipts from the harvest came in. Small banks would have minimal reserves, and failures could easily cascade.

I'm surprised with all of the rhetoric about fiat money that nobody figured this out sooner.

> I'm surprised with all of the rhetoric about fiat money that nobody figured this out sooner.

My experience has been that goldbugs usually just don't want to be told about or think about this, so I'd expect things to be the same among Bitcoin supporters. And presumably a number of the clever boys will quietly reason that even if, later on, Bitcoin goes the way of all money, the people who were in on the ground floor will still have made their killing.

Apparently the gold market is still heavily fractionally reserved today, too.

Assuming that MtGox (let's say MtGox, not Mark) did indeed introduce transaction malleability as a feature, that should be very easy to prove with source control commit logs. But if the malleability vulnerability was already there to begin with, it would be very hard to prove indeed that MtGox was taking advantage of it.

Edit: I should also add that Mark in particular has not proven himself smart enough in my eyes to pull something like this off. In terms of technical skill, yes, but this requires a very human approach to deception which I, based on the conversations I've seen him have, do not think he possesses.

MtGox didn't use source code control.

Another great reason to assume ignorance rather than malice.

How.. convenient.

I'm curious, how do you know that? It sounds completely crazy to me.

rheide was talking about the Bitcoin source control.

No actually, I meant the MtGox source code that deals with transactions. The malleability issue was known long before MtGox announced the exploit. It's possible that MtGox initially handled transactions correctly, but later introduced the malleability issue so they can blame their problems on that. Like I said before, I don't believe that's the case though.

Mark was the CEO, the lead developer, the lead business guy, the lead operations guy, and nearly everything else you can think of. He likely had unlimited power to doctor anything he liked, and probably in a way that would not make it easy for other employees to notice. Even if they did use source control, he could probably mask those commits.

Honestly I'm not even sure how many other technical employees they had. I would assume only a few.

Would also explain why he never grew the team out more -- would make it more difficult to control the situtation.

Wow, this is something that's been bothering me for some time. Why didn't Mark grow the team? He evidently didn't have any employees, just a handful of contractors.

This would explain why.

Do we even know if they used version control? Given the hectic organisation of the code I've seen so far, wouldn't be surprised if it wasn't controlled.

An anonymous dev who interviewed there posted on reddit saying that they didn't use version control, and that all code changes had to go through Karpeles.

I'm predicting the imminent collapse of Mt. Gox collapse stories, following an indeterminate period of irrational exuberance.

Someone please work on the screenplay, and please have David Fincher direct.

It's interesting to note that the transaction malleability issue was a known problem to MtGox at the very latest by November 2013. [1]

I know this first hand because I was on #mtgox at the time speaking to support staff trying to get some of my own coin out, which I eventually did get. I personally think that at this point they themselves were "wtf is going on?" about the issue and couldn't really explain what went wrong.

Between that time and now they surely must have understood the problem well enough to either use it as a "feature" or try and fix it, which they didn't.


This is as plausible as anything else I've heard so far.

What is "GoxBTC" vs "Real BTC" ?

GoxBTC is BTC that you had in your account at Mt Gox, essentially, an entry in their database.

RealBTC is what you got when you finally got it out of them, to spend elsewhere.

I'm thinking about opening up an exchange for crypto-currencies with a guarantee that deposited coins are put directly into a cold wallet. The only drawback I can see is that (so far) I don't see an easy (and secure) way to make withdrawals instantaneous.

Perhaps my background in hardware systems leads me to solutions that use physics to solve certain security problems, but to me, sending bitcoins to an unconnected computer over a unidirectional link seems trivial.

Use 2-of-3 multisig: https://gist.github.com/oleganza/9232293

User owns a key protected by his password and your server never knows it. Another key is stored unencrypted on the web server (like in "hot" wallet). Third key is stored with your staff, encrypted by their personal password (like in "cold" wallet).

Normal withdrawal: user key and web server's key sign the transaction and it's instantly available.

Security analysis:

1. User forgot their password: he contacts staff that uses their key + web server's key to move funds to new destination.

2. Hackers have taken the web server: they see the key, but it's not enough to move anyone's funds.

3. Staff lost their keys: users still can access their funds if they still remember their passwords.

4. Hackers stole user's computer: they may instantly withdraw some amount up to an arbitrary daily limit. (Withdrawal can also be protected by 2-factor authentication.)

5. Hackers stole staff's keys (e.g. from a personal computer): they still need to break into web server. When staff realizes that keys are compromised, all funds must be moved immediately to new keys.

In other words, users have a hard proof of ownership of specific coins. All coins, no exception, are protected by two differently stored keys. So no need for hot/cold wallet difference.

If you want to block some BTC for trading, webserver will implement that easily: when you withdraw coins, it will move blocked portion to someone else's address.

You can use an HD wallet so that the online system holding an extended public key can receive BTC but not spend it. Then an offline system can sweep the incoming funds periodically.

You can't put money directly into a cold wallet, if I understand correctly. If you can manipulate it directly then it's hot by definition.

Yes, you can, as long as you have an address (Public key). A wallet is just a private key.

The transaction history, and thus the ballance of an address is held in the blockchain, in the ether.

To spend the coins, you must have at hand:

* the current blockchain

* the private key

* a connection to the network.

However, these can be on different devices. Transactions can be signed on an offline machine. Also, you need just the unspent transactions to sign a new transaction, not the whole blockchain. Bitcoin Trezor works this way, http://www.bitcointrezor.com/

Is that true even if you only spend some of coins and not all the coins? I seem to remember there being something very tricky about this if you are using a paper wallet.

You can add coins to a paper wallet many times.

What is considered risky is spending only a fraction of the paper wallet, for the following reasons:

- you just used the private key for creating a transaction, so the chances of it being compromised increases

- the client you used might have sent the change to another address while you're thinking the remaining coins are still in the paper wallet

But if it's done well, yes, it's possible to spend a fraction of a paper wallet.

You can deposit directly into a cold wallet; you can't withdraw directly from a cold wallet.

Let's say I have a machine that's not connected to the Internet, but I develop a serial protocol that allows the transfer of bitcoins across RS-232, and build a cable that only has the receive signals connected at my "secure" machine.

If I wanted to take it further, the "secure" machine could print that wallet onto paper or could robotically insert flash drives into a USB port (in such a way that removed keys were dropped into a bin the robot couldn't reach into.

This is only one of many ways I can think of that would allow the automatic creation of cold wallets ... the only way to attack such a system is to gain physical access.

You could still attack the stuff talking that RS232 protocol. Maybe it has a buffer overflow that allows me to gain control and change the software to write any money coming in not only to those flash drives but also out to my account (writing it to the flash drives makes it harder to detect this hack) In the limit, that doesn't require much. For example, I could flash a control LED and attempt to read it from across the street. Even if that succeeds in only a small fraction of transactions, it might still be worthwhile.

TL;dr version: anything that is connected to the outside world, no matter how small, is an attack target.

The question for me after all this is simple:

Is it that 'Everything is a Ponzi scheme until it isn't' or is it that 'Nothing is a Ponzi scheme until it is'?

I think in the real world, there is a large mix of both. Hard to know the true percentages of either category, though.

When bitcoin started it was touted as anonymous, reliable and secure against fraud and theft by central authorities (especially government.)

I had some doubts (and other interests) so didn't bother getting into bitcoins.

Now we find out that bitcoin definitely isn't secure, and fraud by central authorities is just as possible as with any complex system of representing monetary value. I really think it's a universal Law - let there be any kind of central body involved in a system where there are profits to be made by dishonesty, and there WILL be dishonesty.

MtGox turns out to be no different to the FED and any other fiat money authority. No different to the bullion markets, and their empty gold vaults (gold stolen, due to fractional reserve fraud.)

I think I'll stick to keeping gold and silver pieces in an old sock. The only true value store is in-your-hand allodial, and never, ever abstracted to ones and zeros (or paper.)

> Now we find out that bitcoin definitely isn't secure

If anything is secure, then bitcoin is. That doesn't mean that it protects people from their own incompetence when it comes to security, there's no getting around that at this stage.

> and fraud by central authorities is just as possible as with any complex system of representing monetary value.

Only when you actually trust a centralised authority with the private keys in question, which people should not be doing in the case of businesses like mtgox which were obviously utterly incompetent right from the start. Plaintext passwords in http get queries embedded in plaintext emails? Come on, that would've twigged my "this is a really dumb idea" sense even before I started software development.

> MtGox turns out to be no different to the FED and any other fiat money authority.

Exactly, which is irrelevant to the security of bitcoin itself. It's like saying a currency itself has a security vulnerability because a security guard at a bank was incompetent, it doesn't work like that.

> I think I'll stick to keeping gold and silver pieces in an old sock.

Gold and silver are just as vulnerable to centralised betrayal when held by a third party, and bitcoin is just as invulnerable to centralised betrayal when you hold it yourself. Your analogy compares two entirely different situations in order to make one look better than the other.

and fraud by central authorities is just as possible as with any complex system of representing monetary value.

It's actually less possible. It's just that the community lets the central authorities get away with it. With BTC, the exchanges can publically prove their assets. (Of course, if all of them got together to collude...)

> Now we find out that bitcoin definitely isn't secure

If Bitcoin is not secure because an exchange got hacked, then bank accounts are not secure because phishing exists. Or cash is not secure because it can be stolen.

Mark decided that he would do what he thought was right: he would slowly earn back the lost bitcoin with MtGox trading fee profits and eventually make his customers whole again. He still had over 500,000 BTC left—he moved 424242.42424242 BTC between bitcoin addresses and convinced the community that MtGox was solvent.

So, bitcoin is actually a hybrid fiat+cryptocurrency? Since there is little transparency, a significant fraction of the BTC market capital might actually exist as fiat!

Version 2 of a cryptocurrency protocol needs to protect against incompetently implemented exchanges as well.

EDIT: Apparently, there is a BTC scheme for proving solvency. Making this mandatory for exchanges would go a long way to improving things.

Its what economists have been trying to tell the BTC community for years. Some people get it, some people don't. Think about the money supply.


There is not only the MB money supply (total number of paper dollars that exist), there is also the M1 money supply (MB + number of Traveler's Checks, and other highly liquid bank inventions), and M2 (which includes deposits).

The true size of the monetary base can artificially grow and shrink in ways completely uncontrollable by the central-authority. This is true with both the USD and Bitcoins.

The ultimate reminder is... the US implementation of fractional reserve banking forces banks to do no worse than 10%. In unregulated markets, the "banks" (ie: MT. Gox) will tend to lie and cheat, and will have ratios at far far worse rates.

Yes, but the BTC infrastructure itself provides a cryptographically strong method of proving reserves. If a large nation decided to implement its own hybrid fiat/cryptocurrency, it would basically be an unstoppable juggernaut, assuming no one ever broke the crypto protocols in a widely exploitable way. (And even then, the fiat currency might survive.)

Agree'd. Although, to reach this conclusion, you have to first shed the commonly idiotic notions of anti-government anti-social stupidity, and recognize the utility of a public-private partnership.

Anyway, I think from a "infrastructure" point of view, BTC is not good enough yet. I'm finding proof-of-stake systems (peercoin / NXTcoin) far more technically useful than BTC... in particular, the fact that they're "greener" and don't waste electricity like the current mining rigs do.

The ideal system probably would be a decentralized proof-of-stake cryptocoin with regulated exchanges.

"Fiat" does not mean "accounting fraud".

But it does mean, "I've got X value, because we all just agreed to pretend." Whereas cryptocurrency is supposed to mean, "I've got X value, because we all just agreed to pretend, and here's some crypto to back it so we can't cheat." By MtGOX becoming part fiat, I mean that he secretly went from scenario 2 to scenario 1 with a large part of the assets he was entrusted with.

P2P crypto-exchanges can't come soon enough. Now the hacker's focus will be on Bitstamp and Coinbase. Hopefully they'll do everything they can to protect themselves, but it's probably just a matter of time before they get broken, too.

I did notice that the owner of a large mining pool was receiving error notifications from Mt. Gox. This mining pool has tampered with mined blocks to include religious messages, so they'd definitely be in a position to do transaction malleability attacks to provide Gox with plausible deniability.

/r/bitcoin thread with sources: http://www.reddit.com/r/Bitcoin/comments/1zifxf/why_is_the_a...

I recall hearing Mt. Gox had some sort of deal with Eligius where they'd include Mt. Gox's transactions for free. I don't know what Eligius got in return, if anything.

The religious messages thing is a strawman. Miners are allowed to include whatever they want in the coinbase. It's common among pools, and hardly considered "tampering". https://bitcointalk.org/index.php?topic=38007.0

Edit: more info: http://www.reddit.com/r/Bitcoin/comments/1zifxf/why_is_the_a...

Great story. It certainly is a plausible one that changes the culpability of the owners. (From theft to slippery slope, both still bad)

i'm just (still) glad i didn't buy into the latest fad because of common sense.

all stories aside i believe that bitcoin is unsafe - and that this has been /blatantly/ obvious since i first encountered it as a suggested method to launder money and fund criminal activity.

don't buy unregulated 'currencies' with a strong history and incentive for money laundering and facilitating the black market. its violates the spirit of the law of pretty much every nation on earth.

whilst i genuinely believe that cryptocurrency is possibly the way forward - certainly a global currency which is independent of such whimsical things as nation states, politics and commodoties - i also think that it took a spectacular lack of common sense or 'street smarts' to actually spend money on bitcoins.

nice story... but i am indifferent to its truth - it doesn't negate the obvious risk of investing in bitcoin. but then many will say 'the greater the risk the greater the reward' and they are precisely correct.

NB: i barely trust the bank - i have a bank account 'under duress' as most of you probably have - that i would like to see my earnings from employment. how did that happen? why should banks have any involvement in my remuneration for work. /i would very much rather cash in hand that you can't fuck up for me because you are gambling it on the stock market under the pretense of running a business/. its not like we have self inflicted financial crises as a result or anything at all... :/

some people, which probably use tin hats, thinks that bitcoin was made by the government because it makes the flow of money more traceable, since all the operations are public. The government will never use bitcoin or bitcoin-based currencies because then they couldn't cover their own traces.

Serious organized crime operations would also never use Bitcoin for the same reason. Physical cash still offers superior anonymity and obfuscation to BTC. Also, when you're laundering hundreds of billions of dollars, you can use real banks and the legitimate world financial system, not some fishy online currency.

I'm somewhat glad as well, but only for the reason that I'm reasonably certain I wouldn't have been smart enough to see this coming and lost everything at mtgox.

I very much need a ;TLDR. Not through laziness but through hatred of the patronising prosaic style which stopped me reading.

Actually, I'm pretty sure it was laziness.

VSDR--very short, did read. I once had a English teacher tell the class, 'just don't use cliches, or cute language'. I felt that was too strick, but I now understand the wisdom.

TLDR; In this hypothetical, thieves robbed MtGox in 2011 and the operator has been desperately trying to cover for it and delay since.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact