TOKYO—Major bitcoin exchange Mt. Gox announced Thursday it had discovered 200,000 missing bitcoins in a wallet that the company no longer uses, reducing the total number of bitcoins still missing to 650,000 from 850,000.
"We believed there were no bitcoins left in old wallets, but found 199,999.99 bitcoins on March 7," Mt. Gox chief executive Mark Karpelès said in a document released Thursday.
Mt. Gox said it reported the discovery of the bitcoins to its lawyers on March 8, and moved the discovered bitcoins to offline storage between the March 14 and 15.
The exchange filed for court protection on Feb. 28. At the time, Mr Karpeles told a news conference it had lost 750,000 bitcoins owned by users and 100,000 held by the company, citing the possibility the bitcoins had been withdrawn without authorization.
The exchange was shut down Feb. 25.
Not my ideal situation, but HN is gonna be HN.
If you'll excuse me, I have to go to the bank. I just realized that I left a million dollars in the pockets of the jeans that I just washed. I suppose I should dry them out and deposit them, along with the $100,000 I just found fallen between then cushions of my couch.
If you want to start an online financial services business, the first thing to do is start researching the legal requirements for doing so, both where your business is located and where most of your likely customers will be. Not looking at them doesn't mean the rules don't apply, it's just grossly—potentially criminally—negligent.
In fact, that's the case for anyone starting almost any business. You need to examine the legal and regulatory environment in which you'll be operating as the very first step of your due diligence. Anything else is negligent.
Who’d have thought that there might be an incentive for operators in a totally unregulated market to take people’s assets and run? Or that self-regulation would be so lacking in a market that purposefully concocts information asymmetries that benefit money creators/the tech-savvy…. or that the Bitcoin system was only recreating and replicating all the bad incentives we know and love in our current system, which are now being curbed by intensified post-crisis regulation?
Irony of irony, Bitcoin Magazine concludes that since it is unfortunately the case that many bitcoin businesses must use escrow accounts to hold people’s bitcoin, the only solution to the problem is moving towards a quint-party agreement to manage unauthorised liability creation in the system...
But you mustn’t confuse this with some sort of recommendation to forge a Federal Bitcoin Reserve system. It’s a “Five Parties Model” system. Entirely different...
All in all, it would be NOTHING like the Federal Reserve System we have already arrived at thanks to decades of collective trial and error, and acquired wisdom from the countless bank collapses and system crises that have come before us.
Except, of course it would be exactly like the Fed. And where it wasn’t yet exactly like the Fed, it would soon be, because exactly the same human processes, incentives and behaviours would govern its evolution and development.
Proving the point yet again that there is nothing new under the sun, and that bitcoin is more of a replication of the old unregulated past, under a new technological order, which society collectively refined and regulated until it created the system-stabilising framework we know today, than a golden era of finance no-one had yet been smart enough to discover beforehand.
B: Oh yeah? Well look at all the shenanigans that happen at the re-entry points to the conventional financial system! Checkmate, hard-moneyists.
I hear this a lot, but I think it's really only true with a massive asterix next to it. Can you explain how bitcoin will work, for instance, in a retail model? It seems like the transactions take a long (relatively) time to verify, which leaves two options:
1. The customer waits (not really a possibility - maybe for bar tabs it's sort of ok?)
2. The vendor purchases some level of security or risk management that allows transactions to occur instantly with a minimum amount of doublespend. And there's your transaction fee. Maybe it will be less than the credit card fee?
Am I wrong? I haven't been able to have anyone explain this to me.
This is considered safe because even though there are various tricks you can pull with no confirmations, the hashpower needed to do any of them is so great that you would make far more money turning that hashpower towards legitimate mining than by scamming retailers.
With Bitcoin value, block rewards, and hashrates as they are now, this means that anything less expensive then a car or a boat is okay to complete immediately. Waiting up to an hour for a couple of confirmations for a purchase of $10k or higher doesn't sound like too big of a deal.
Thanks for answering, appreciate it - stuff like this is surprisingly difficult to google for.
The heart of the Bitcoin system is the block confirmation system. Once a transaction has been accepted into a block and that block becomes part of the official blockchain, it becomes essentially impossible to perform any kind of scam or attack on that transaction, such as spending those coins somewhere else. Only one spend of a particular quantity of bitcoins can be in the blockchain at once, so any attempt to spend them again will be rejected.
The trouble is that this is relatively slow. Getting one confirmation on a transaction takes probably like 5 minutes on average, and could vary depending essentially on the luck of the mining network at that moment. Using 6 confirmation is the official recommendation, and this may be expected to take about 1hr.
It isn't necessary to use the official recommendation, though. It's always hard to attack the system, and the 6 confirmation point is where it becomes essentially impossible for even major governments to attack the system, but such strong security is not necessary on all transactions. So the question becomes, how hard do we need to make it for a particular transaction?
To guess at that, we have to look at attacks. I mentioned earlier completing the physical transaction after the initial arrival of a Bitcoin transaction through the P2P Bitcoin network, before any blocks confirming it come in. To do a double-spend in that scenario, you would put 2 transactions spending the same coins on the network, and arrange for one to hit the vendor's system, while the other went out to the rest of the network and would be included in the next block. That's tough to arrange though - who knows what nodes the vendor is connected to, and it's impossible to know which miner will produce the next block. To have a solid chance at pulling this attack off, you would have to run a very powerful miner yourself, solve a block with a transaction spending some of your coins before another miner solved a block, then hold back that block, and perform your transaction at the target vendor between when you solved that block that you are holding and when another miner does.
That's a window of a could of minutes, maybe, and it could take days or weeks or longer for your miner to solve a block that puts you in the position to do this. The timing is very tough to pull off at a physical store, then. And to do all of this, you have to be running your own independent miner, which is powerful enough to have a reasonable chance at solving a block in the next couple of weeks. But just running that miner as a normal miner means you're likely to get the mined block reward, currently 25 bitcoins, currently worth $12,500, just for solving that block. Why pull the funny business with transactions for, say, a $10 sandwich when you just made over 1000 times that money by doing nothing?
So because of this, completing physical transactions after only a receipt of the Bitcoin transaction is a risk, but given the high difficulty and low reward to the attacker, and low loss amount to the business, it seems like a very acceptable risk to make the purchase process more convenient to the normal customers.
As for bitcoin, to my knowledge this is pretty much analoguous to "transaction confirmation", which typically happens in 10 minutes. So it's actually much much faster than credit card payments.
What are you going to do, provide a detailed transaction history to the retailer proving that "your bitcoin transactions always are legit?" Kind of removes the last of the "anonymity" afforded by Bitcoin.
So the idea is that if you're a regular retail store, accepting unconfirmed transactions is fine. Unless a big exploit becomes known, any fraud you might happen to see certianly won't any higher than the credit card chargebacks you're getting now. If you're selling your house, you probably want to wait for a few block confirmations.
Not to mention there are other crypto-currencies with significantly faster block clearing times, and cryptocoin to cryptocoin exchanges are significantly easier to run than bitcoin to fiat exchanges.
So it really seems like all of this is only a minor inconvenience for bitcoin if anything. And there's certainly no reason to ever have to trust someone because "they've been legit in the past", that's an approximation of trust that previous systems have had to rely on but exactly what bitcoin avoids.
You really expect every mom and pop store to accept Bitcoins when they have to be as technically literate as the posters of HN?
What? You really think a small business has zero credit card fraud? You're wrong. Not to mention when you get hit with a chargeback, you get charged a fee that is usually higher than the amount stolen from you to begin with.
The credit card companies push fraud liability down to the merchant in the current system.
Bitcoin probably is less susceptible to PoS fraud than credit cards are, from a merchant standpoint. Consumer of course is a different story.
I see you've never run a small business that accepts credit cards before. They are far more than 0 risk.
Secondly, why would a business turn down any means by which a customer wants to pay? Have you ever run a business? Do you typically turn down cash payments? Bitcoin is cash.
Just in case he's not making it clear from the description of what actually doing that would involve, mining a block is a big deal. You're talking about winning the lottery in competition with 35 million other gigahash/sec worth of mining power. If the worst you want to do with that block is defraud a mom and pop store that accepts bitcoin you're positing a scenario something on the order of a multimillion dollar operation in order to undertake such an attempt. If you're going to do that, you're not going to try to defraud the corner store for a snickers bar.
Also, if that's genuinely not enough;
Plenty of 60 second block confirm altcoin chains out there, no reason to use bitcoin if you absolutely insist on some way to address the double spend "problem".
The other and less costly way is all about node connectivity. If you are going to execute a double spend all you 'need' to do is broadcast two txs spending the same output at the same time--one going to the merchant the other spending it back to yourself--and cross your fingers and hope the double spend gets put in a block. Now, you can increase the probability (e.g. shielding the merchant's node from your double spend) of success but it's not a sure bet. And the higher the node connectivity of the network (i.e. how many nodes are each node connected to) the harder this attack becomes.
There has been some work in this area, especially in pursuit of the efficacy of double spend attacks in light of some minor changes to the protocol which (I think) were rolled into core with the most release 0.9.0. It's about .09% probability of success.
But there is a trusted 3rd party (the issuing bank) that gives an instant reply as to whether the purchaser's account has enough funds (or credit) to make the purchase, and assumes much of the risk if they are wrong and the purchaser is uncollectible.
Maybe they don't need to take 2-5% of each transaction to provide this service, but it does seem like a pure, anonymous bitcoin transaction can not provide this service to a retailer.
Which is too long when waiting at a counter in a retail scenario. Imagine if every customer had to wait around for 10 minutes to verify the transaction, it would be chaos in a busy retail situation (even 1 minute is way too long), which is the point being raised by the GP comment.
The merchant might have to wait weeks to actually receive payment from a credit card company, but at least they know they will eventually get paid, as Visa or whoever is a trusted entity. Bitcoin is 'trustless', so if the customer can leave as soon as they like, the merchant might confirm the transaction in 10 minutes, or they might not get paid at all.
With bitcoin, you actually have to use real security to secure your possessions. There is no local police force preventing a break in or a credit card company which will absorb fraudulent charges, or a bank that will flag and freeze questionable withdraws. In a crypto currency world, the wealth will have a tendency to flow not to the most business savy or politically connected but to the most secure (in some dimensions we see that the same thing happens with global wealth, both in terms of countries and currencies.)
The flip side of that is, stolen bitcoins may fall under a legal classification of stolen property and be retrievable through legal systems -- or at the least blacklisted and non spendable through sources that fall under those jurisdictions. That outcome, I think, is the most important thing to watch, above any other hypothetical bitcoin regulation or banning. If I was an active bitcoin startup I would build a system to identify and classify bitcoins as safe, stolen, unknown, or questionable.
Think of the current implementation of bitcoin as crypto currency alpha build 2 or 3. It is slightly amusing that people would risk so much of their own capital to participate in an alpha test, but also necessary in order to truly stress test the system.
shenanigans that happen at the re-entry points to the conventional financial system
Those shenanigans aren't exclusive to exchanges. Exchanges are currently the epicenter of shenanigans because they're just high volume and operate on bitcoin as if it wasn't just a different asset in the conventional financial system.
People that are neither true believers nor in a specifically bitcoin focused business operate as normal. Bitcoin is just internet fun bucks that have to be liquidated. So the Bitcoin transactions get treated the same as any other transaction, as a result they carry the benefits of the processes created around conventional transactions.
In your recent post (http://ftalphaville.ft.com/2014/03/03/1787992/magic-the-unde...), which I found via Brad DeLong’s web site, you described Bitcoin as "totally unregulated" and "completely unregulated" a number of times. Such characterizations are completely erroneous, and you should probably correct your post.
Unfortunately, many people are under the impression that Bitcoin is unregulated because its various proponents (such as Marc Andreessen, the Bitcoin Foundation, etc.) have done an excellent job convincing the world that it’s so new and supposedly novel that no regulations could possibly apply. That’s not even close to true. In the United States, numerous Bank Secrecy Act statutes, 18 U.S.C. § 1960, and a state money transmission framework involving 47 different state laws all apply. The problem is that the state laws are hugely problematic, the regulators are bumbling fools, the entrepreneurs and their venture capitalist backers are exceptionally cunning in their efforts to evade regulatory scrutiny, while the press utterly refuses to write about what is actually going on. My company is the plaintiff in two federal lawsuits over the issue, one of which has set the record for the most-delayed, non-stayed motion to dismiss in California federal judicial history (764 days and counting):
If you’re interested in the issues, I would suggest that you read my recent comment letter to the Consumer Financial Protection Bureau, which can be found here:
You may also find this article on my personal web site about Mt. Gox specifically and the role of Iowa’s state regulators of interest:
Feel free to let me know if you have any questions.
I.E. Regulate the companies that are engaging in currency like transactions on top of the bitcoin ledger, but don't be too quick to attempt to regulate bitcoin itself.
As far as regulation goes what does one have to do with the other? I would answer yes to your question and also answer yes if someone asked if I could accept that a printing press that could be used to print currency should not be regulated as a currency. However as soon as you use the currency making tools to make currency then that currency should be regulated as a currency.
please don't rebut with a public good argument.
Since you anticipate one, why not preemptively respond to the best examples of one that you can think of rather than begging internet strangers to be nice to you?
Second of all, the question posed here was both presumptuous and awfully vague. I'm not about to go on the record in response to that kind of question other than to reject it. I'm sorry if that makes me come off as prickly--I have to put other considerations ahead of public perception.
His answer to "Can we agree?" is wrong?
If you disagree with the points put forth disemminate them and offer a rebuttal. Do you think that the presented cryptographic solution is one that is equivalent to money? if so why? I'm sure if I wanted to argue so I could think of some parallels or arguments to illustrate the point (possibly using the example of the current credit or financial systems, though I think I would personally disagree with those arguments). If not and you take exception to some other point raised state what that is.
Your response as it is provides 1 bit of information and that is only as to your opinion on a matter and is thus semantically useless.
How does the suit relate to your experience with FaceCash?
Everyone who lost money in this knew the risks. Nobody is calling for accountability beyond the guy that actually is accountable. How refreshing is that? How refreshing is it to actually have a name of the person who fucked up, instead of a stream of pseudonymous apologetic soundbites from banks/regulators/politicians?
Not to mention the fact this whole problem is completely self contained. There is no talk of rescuing MtGox with tax money, or the need for a "national debate" on how to run this shit in the future. If you didn't run MtGox or have money in MtGox or don't outright choose to be involve yourself in some other way then you can go to bed at night and sleep well knowing it is absolutely not your problem.
This, friends, is one example of the many long forgotten benefits of private trade.
I think you'd find the debate would have been entirely different if the scale of it wasn't such that most people, if asked, would go "MtGox? What's that?"
This is why there are bailouts of the finance sector. A bank loses this kind of money, they get it back for free.
But that doesn't stop this old sore being rolled out regularly. Who need the truth when you've got Truthiness on your side, eh?
as already stated, the economic impacts were larger than the money owed, and the abstract impacts are untold and likely substantial.
the 'too big to fail' paradigm was novel, and a clear abuse of their position. Most of us are upset at the fact that corporations literally held the idea of 'global financial well-being' hostage.
"Save us, if not only to save yourselves." is not anything that any corporation should ever or ever be able to say, especially to the government of an entire nation.
This sounds very truthy, but there was no market rate on the interest on loans to insolvent banks that was less than infinity%. The reason the government loaned them money was because they were completely uncreditworthy, and at those rates, they could have (and did) just invest the money in treasuries and take the favorable difference in the interest rate as a gift.
Simultaneously, we started a massive program of buying all of their shit debt at par.
Banks supply capital to firms, the government bailed them out (and the automakers) because no one else was willing to supply capital to get the economy rolling.
Where did he other half go? Not mentioned in the article. Also, that investment was paid back in grossly inflated dollars, thanks to QE.
In the US, banks are regulated by the Federal Reserve. They have the authority to close and liquidate a bank. They have no authority to bailout a bank. That authority is the responsibility of Congress.
I'm pretty sure it's the same in other countries with a regulated banking sector. The UK parliament decided to bailout their banks, the German senate chose not to.
That's way too simple a statement for the US banking system. Banks in the US are regulated by the Federal Reserve, by the Federal Deposit Insurance Corporation, by the Office of Foreign Assets Control and a few others.
FDIC insured accounts are liabilities on a bank's balance sheet.
(I made the mistake of talking when I shouldn't have, I wasn't trying to mislead)
Is the understanding of the financial crisis really this poor? Paulson literally forced the banks to take TARP. The CEO of BofA and other banks that didn't need it spent a lot of time in the media complaining about it.
He also forced the retail banks to merge with and absorb the losses of the investment banks.
He wasn't able to do this because of direct permission, but because the Fed has so much power that everybody just has to listen to what they say.
Yes. One of the great tricks of this disaster (as in most financial crises) is that the powers that be were able to convince to public that there was some single enemy that caused this problem, in this case the "banks", completely ignoring the banks' customers and clients (businesses small and large, mortgage brokers, house-flippers, home-buyers, honest investors, fraudsters, sovereign nations) or the fact that the banks consists of hundreds of thousands of actors working and thinking independently.
This crisis was so much more complicated than "The banks were too greedy". But that's as deep as most people care to get.
That said, the quantitative easing programs are basically bailouts, just not as overt as opening up the public treasury.
The meeting minutes came out in an FOIA request and lawsuit:
> Ben, Sheila, John, Tim and I have asked you here ..
> If a capital fusion is not appealing, you should be aware that your regulator will require it in any circumstance.
I hope you know that the FED is not a independent institution, but owned by the banks themselves?
Another thing to keep in mind, the people who got the bailouts are a subset of the people who claim unfettered capitalism will cure all ills.
Indeed, other exchanges and other Bitcoin businesses don't appear to suffer from the gross incompetence that brought down MtGox.
> Another thing to keep in mind, the people who got the bailouts are a subset of the people who claim unfettered capitalism will cure all ills.
Is that so? In that case they are paying the same kind of lip service to that point as a kleptocratic dictator on his private jet is to socialism.
Iceland did it by stiffing creditors. That's a short-run gain, long-term pain solution.
With regards to Canada, there are specific laws that have inhibited a housing crisis, but we don't know if we have avoided anything yet. Our housing in major centres is as frothy as the peaks of almost anywhere else in the world who suffered a bust. It's too early to say.
Customers lose that kind of money, they get it back for free. Socialising losses is an annoyingly common theme in ‘capitalist’ countries; unfortunately, it is politically infeasible not to bail out failed banks.
This is a bit naive isn't it? Imagine contacting FINCEN, or whatever other appropriate regulatory agencies at the time of MtGox's founding when Bitcoin was a novelty and worth practically nothing. Imagine trying to explain to them what a "Bitcoin" is. Imagine being thrown out of their offices "Go away kid. Grown-ups are working here." Even if you did find some reasonable solution, compliance would have probably made the proposition unprofitable. Bitcoin might never have got off the ground if your advice were followed rigorously.
OTOH, it is certainly unforgivable for Kerpales to have continued in shooting from the hip after becoming a millionaire; and after MtGox was raking in the kind of fees that would have supported hiring legal staff, building a robust trading engine, and implementing some sane practices for data protection.
Much of the financial regulation that exists that would apply to MtGox has nothing to do with Bitcoin per se, it has to do with keeping customer accounts denominated in fiat currency and disbursing funds at customer direction from those accounts to accounts of other customers.
I lost over $5000 USD (in fiat) on Mt. Gox and I want my money. Seeing stories like this just raise more questions that I wish didn't have to be asked.
At least the reddit discussions I've been directed to have been very unscientific— more pseudo-scientific in that they dump a bunch of data and throw around some technical terms. Though there may be some selection bias since people are probably more likely to ask me for my opinion on the more questionable work.
Total novice. Clearly didn't talk to his lawyer first.
there's one hell of a difference between a large financial organisation or an exchange and some half arsed startup who hacked up a web site in PHP that just happens to handle something that represents a currency. The former at least probably has a QA team, knows industry regulations and best practices and designs their architecture properly. Oh and they have cumulative experience and a designated location you can visit with burning torches and pitchforks when they steal your money. I'm ignoring regulation as I've worked in the compliance industry and it's entirely about working around it.
Not joking and I'm sure that this is going to stand on a few toes but some of the stuff I've seen on HN is verging on criminal. So many immature poorly thought out and damn right dangerous products being thrown out. Lots of people are sitting on ticking bombs like this.
Nobody is saying that traditional financial institutions are perfect, but at least they are regulated and at least there are checks and balances in place. By and large the examples people roll out of these institutions behaving badly are examples of the regulators and legal frameworks working the way they are supposed to.
Knight capital were in a risky business and they blew it. It happens. But they're the exception, not the rule. In the wonderful world of Bitcoin, the goings on at MtGox looks like the rule, not the exception.
Excuse me, you must have forgotten about a certain global financial meltdown in 2008?
Knight capital was a cock up in a high risk trading env. They paid for that.
HSBC was money laundering which is basically the entire purpose of a bank.
NatWest was a process cock up.
However no money went "oops we lost it" and was never seen again. At most, even with HSBC consumer withdrawal limits it's a minor inconvenience for a couple of days.
Much like mobile phone networks, people expect 100% uptime but that's unrealistic in practice. Always keep £200 rolled up in your mattress.
This is a very strong statement.
Do you mind backing it up, or is this just meant as a glib throwaway quip?
One of the functions of banks is indeed to hide the source and destination of your money. My grocer doesn't get to know who employs me; my employer doesn't see where I spend my money.
Yes, you can achieve that with cash, without directly involving a bank. But the money is still issued by a bank.
I'm not saying that it's impossible to achieve this level of information hiding without banks, but I can see where the GP is coming from in his argument.
Seriously, that's screwed up. That being said, banks have insurance and all that jazz. So even though the state of security is not that great, it seems that you are less likely to get screwed incase of a screwup.
Edit: apparently I don't need them any more.
HSBC does still require it though.
I love it when I find $120MM under the couch. It really makes my day.
The reality however, is that it's just not all that easy to cut out the middleman. People follow the path of least resistance, and educating yourself on cold storage and paper wallets and the like just isn't that easy compared to simply trusting a third party to do it all for you. Unfortunately, in doing so you give up all the benefits of bitcoin, AND all the benefits of traditional banking with it's oversight and FDIC coverage, etc. Literally the worst of both worlds.
Is this just a symptom of the wrong-headed thinking around cloud SaaS, where data and continuity are considered to be of such low value that they can be entrusted to any number of external parties?
Most of it was in this transaction of 180,000 bitcoins -
From that evidence alone, it wasn't clear who had control of the money. Mt. Gox, or a hacker, but the Mt.Gox API was still up, and the API confirmed that this was a Mt.Gox-controlled transaction. Reddit saw that, too: http://redd.it/1zswul
I've known several web developer "enthusiasts" over the years who know just enough PHP (usually it's PHP, but this applies to other technologies as well) to build things that mostly work and feel confident that they can solve anything with "a little PHP." Working mostly alone, these people prefer to spend their time building constantly, and little time learning or keeping up with current best practices (or in this case, cryptography).
There are a large number of companies (many of them doing very well) built by people like this, and even when they bring on other developers, no one has the courage to tell the original developer (who is often CEO) that their code sucks and needs to be scrapped completely. They keep throwing more crap onto the pile because the machine "works" and customers are demanding new features. The original (incompetent) developer feels a sense of pride for his or her work, and nothing short of total failure (in this case, spectacular failure) will convince them that their work is anything less than genius.
It's unfortunate that some companies thrive in situations like this (it sets them up for failure), but it happens all the time.
I don't know Mark personally, but from everything I've read from him over the years, he seems to fit the description above. It doesn't necessarily mean he's a terrible person or a thief (he could be that as well, but I have no knowledge to prove one way or the other). It just means he got in over his head, and kept the site running on deeply flawed assumptions and implementations (e.g., no standard accounting, little understanding of security, etc). It's a shame that people kept coming back to Mt. Gox and entrusted the site with their money, even after those behind Mt. Gox proved themselves to be incompetent over and over again.
Is it sad? Yes. Is it surprising? The only surprising thing is how people kept going back.
As for the missing and suddenly reappearing coins, I honestly think they just had absolutely no idea where everything was. I've heard people describe Mt. Gox's infrastructure as a hodgepodge of random scripts and servers duct-taped together, and it's easy to imagine a dozen hard drives filled with an unorganized mess of Bitcoin wallets, private keys, database dumps, etc. I believe they're honestly trying to pick up the pieces, but the pieces are scattered everywhere.
Ironically, from what I understand, PHP was originally intended to be little more than a template language. OOP and other features were added later to allow PHP to function more like a "proper" programming language. Unfortunately, it still carries some oddities from the early days (procedural and OOP ways to do many things, the default use of PHP opening/closing tags even in scripts where HTML/markup may not be applicable, etc.).
I'm happy that PHP got me interested in programming, and I think it still captures the interest of otherwise non-programmers today. It still empowers people to do amazing things without forcing all of the complexities (or best practices) of other languages. I don't fault PHP for the situations described above (incompetent people getting in over their heads and turning a blind eye to best practices), but many of the features that make PHP accessible to these kinds of people (including myself years ago) don't exactly help encourage or enforce best practices. The same could be said for NodeJS and others as you say.
The current incarnations of PHP, NodeJS, and others certainly allow for more disciplined and well-designed code, but the culture/community behind a language is shaped by much more than just the current state-of-the-art.
This story should be a wake-up call for any entrepreneur/developer to never become complacent, even when things are going well.
Would you prefer successful company run by incompetent people or unsuccessful company run by competent people?
This is the first ray of hope regarding customers recovering any of their missing bitcoin though.
Or that they lost the keys to some wallets and have managed to crack one.
I guess the fact that they have to have been so staggeringly incompetent to have 200,000 bitcoins they didn't even know about makes me feel like there must be some other explanation than the one they are offering.
Attempted theft is up there.
My assumption is that they either made a mistake with the algorithm, or they lost enough chunks of the keys that they can't reconstitute the private key. This could have been as simple as a banks safety-deposit box being inaccessible because it's seized or losing the pieces.
If they were stored digitally, it could be as simple as a media problem (Organic dyes in CDR's degrade. USB drives aren't infallible, etc).
The reason they got this wallet open is because they probably recovered the private key in some ancient backup they forgot they had from before they split the keys into pieces and deleted what they thought were the only copies of the unsecured keys.
This is just my completely unsubstantiated theory, but it seems to match the current facts.
Not saying he is or isnt lying, but we cant just throw around the 'there is no good reason for him to say xyz' in this situation...
Sure, it would have required tons of computing power, but they still would have cracked the key in several weeks' time.
If you remember any details about this passphrase then you can dramatically reduce the strength? (I'm not sure of the word to use here. Someone help me out) of said passphrase.
But yes, if someone was able to crack keys in a reasonable amount of time then bitcoin would crash overnight.
No cracking. They just found a wallet.dat somewhere, that's all. If they lost the keys(as in, lost the wallet.dat with the keys in it) and were able to generate a valid private key given only a public bitcoin address... bitcoin is dead, game over, pack it up.
Now instead, if we're talking about a passphrase to a wallet.dat...
This is a realistic scenario. If the private key generation was of the same quality as the rest of their code (i.e. using a weak PRNG), the reconstructing a private key may be doable.
It's not like Bitcoin wallets weren't previously cracked using this method in the case of an Android wallet misusing the crypto API (http://arstechnica.com/security/2013/08/google-confirms-crit...)
A competent entity in possession of MtGox source code may be in a good position to steal all the loot.
Yeah. This wouldn't be a fail on the MTGox league; this would be a "Satoshi Nakamoto and all the cryptographers who took a look at the code failed". Cracking a wallet is supposed to be something that requires the resources of a state-sized entity.
A galaxy-sized entity, maybe? The only known way to find a private key from a public key is brute force. That's way beyond the abilities of a state, unless they've made a massive breakthrough in quantum computing.
Still completely infeasible.
tl;dr: Wallets were in cold storage at Japanese bank, US govt seized them while investigating Silk Road.
The have more coins and there is evidence for that in the blockchain. Many people know about that for weeks. After they figured people were on to them they released this lie.
Nobody just forgets about 200,000 btc.
I first wrote them off as a scam years ago when I read a Bitcointalk thread wherein Gox tried to explain away their aggressive "tainted" coin confiscation policy. They essentially explained that they were confiscating all coins that they deemed to be tied to theft or illegal activity at any point in the blockchain - in their sole discretion. Yet somehow, with that and many more very public red flags, they just kept growing.
Random person: Have you tried looking in your wallet?
MtGox: Found it!
MtGox: We lost all the coins! What must have happened is a very complex sequence of events where people were able to take money from us without noticing. We complained to the wallet manufacturer. But it's very complex, and umm, we're sorry, and umm, bye.
It would be more useful to think of regulation for bitcoin actors more in the sense of required car insurance, or not being allowed to sell food with poisonous chemicals in it.
There can be a certain amount of regulation that helps avoiding incompetent or fraudolent actors even without a money-emitting FED or a socialize-losses-privatize-gains government.
It almost always works for some reason.. my best guess is that sites allows these crawled links to see the full content because doing otherwise would harm their SEO.
So from publisher's perspective, they are getting more SEO by pay-walling!
A leading trading site management company "bit coin (BTC = Bitcoin)" virtual currency on the Internet, the 20th, I had described the company has lost the bankruptcy in February "Mount Ngoc, Inc." The (Tokyo) Of the approximately 850,000 BTC, has announced about 200,000 BTC has left.
According to the lawyers of the company, the 7th of this month, the company was using previously in June 2011, and found the place of examination of the storage location on the net called "Wallet" and (wallet).
February 28, when it is filed for Civil Rehabilitation Law in Tokyo District Court, the company describes a total of about 850,000 BTC corresponding to almost all to be held has been lost.
Edit: antonius has posted the content above:
One a serious note: How do they not have a program that monitors all wallets they control? This seems beyond ridicule.
I take better care of my dogecoins, and they are only worth a few hundred at best.
Turns out all those tough exams and practices are in place to mitigate this exact scenario.
The above assuming no malicious intent on part of MtGox and the recent revelation was pure stupidity.
Would an accountant know enough to safely store "wallets", to monitor "blockchains". Is this in their training? No. You can have perfect accounting and still turn out you lost the wallets.
Bitcoin's problem is that there's no other asset in human history so easily misplaced, lost, or stolen. A bunch of numbers on a bunch of vulnerable computers.
MtGox: "Funny story ... internet ... website to trade Magic cards ... digital currency ... so that's how we found the $100,000,000 that we accidentally misplaced. Still looking for the other $300,000,000 or so -- must be around here someplace."
However, there is also someone in every thread who replies to this assertion to say that they never actually traded Magic cards. My question is, what is your motivation for this? I could think of three off the top of my head:
a. Emotional need to defend MtGox
b. Intellectual need to correct misinformation
c. Refocusing; it's an ad hominem and detracts from the real problems with MtGox
I assume this wasn't stolen and isn't already in the blockchain somehow. I do not believe that Gox was this blind to the problem in their systems. Something seems very, very fishy about this.
While I feel really bad for those who lost money with MtGox, there were so many signs pointing at such an outcome: Unexperienced programmer asking all the wrong questions, background in "Magic the Gathering" card trading, zero background in banking or security.
None of that sounded particularly trustworthy and look where it went.
Profit-based news is irretrievably broken.
In fact, I think it's some sort of super power.