Hackers Allege Mt. Gox Still Controls "Stolen" Bitcoins 228
The Verge reports that "Tokyo-based Bitcoin exchange Mt. Gox lost $400 million worth of bitcoins in February. Its management said the amount was stolen after hackers exploited a transaction bug to divert the funds, but some of Mt. Gox's users are not so sure, suggesting instead that the exchange's owners pocketed the cash. Now, facing silence from those owners about the fate of the money and the methods by which 6 percent of all of the Bitcoin in the world could have been stolen, a group of hackers claims it has broken into the bankrupted Bitcoin exchange's network to get answers. ... Forbes reports that the group gained access to the personal blog and Reddit account of Mark Karpeles, Mt. Gox's CEO. The hackers used the platforms to post a message that claimed Karpeles still had access to some of the bitcoins that he'd reported stolen. In support of the claim, they uploaded a series of files that included a spreadsheet of more than a million trades, Karpeles' home addresses, and a screenshot purportedly confirming the hackers' access to the data." (The Forbes article on which the Verge report is based.)
Stills seems like it has to be an inside job (Score:5, Insightful)
I tend to think it has to be an inside job, that is being run by the folks pretty high up. Any kind of really really basic accounting and inventory control should have uncovered more coins going out than the transaction register indicates. This transaction malleability issue supposedly went on for months.
Even a badly run business should have detected a problem like the time frame of weeks, whenever their next month end comes up. It would have been impossible to balance the books, unless someone was simply not doing them or cooking them.
Re:Stills seems like it has to be an inside job (Score:5, Insightful)
Why high up? Most articles about Mt. Gox talks about lax security and bag change management.
They had half a billion dollars worth of bitcoins, a "currency" which is extremely hard to track and ridiculously easy to steal if you have the keys to the city. Stealing half a billion dollars (without being a bank) requires a truck and some heavy lifting - a developer stealing the wallets and nuking the database takes only a few seconds and very little lifting.
I find it harder to believe it took so long for someone to steal it...
Re:Anonymous cryptocurrency, who to trust? (Score:5, Insightful)
who can you possibly trust with something that can be so easily disappeared
No one, which is why you don't. There's no reason to keep your bitcoins in an "online wallet," or maintain a balance in an exchange, just like there's no reason to keep your life savings in PayPal.
Re:Stills seems like it has to be an inside job (Score:3, Insightful)
I think the so-called 'lax security' was simply a ploy to generate plausible deniability for the fat cats at the top. There's no other reasonable explanation.
Re:Anonymous cryptocurrency, who to trust? (Score:5, Insightful)
Right, instead you should keep it in an offline wallet! Just like how it's smart to keep your life's savings in an actual, physical wallet!
Oh wait, no, that's fucking retarded.
This is (one of) the (many) problem(s) with bitcoin: no one can actually come up with a sane answer of how you are supposed to store it safely. Trust it to an exchange and you're basically no better off than trusting real money to a bank -- worse off, in fact, because the lack of regulations means that if the exchange takes your money and runs you're SOL, while if a bank takes your money and runs it will be reimbursed (up to a limit) courtesy of the FDIC. Keep it in an offline wallet and you can be sure that no banker can abscond with it, but now your life's savings are tied to a single, stealable object.
It's not any less safe than cash (Score:2, Insightful)
I love how people are attacking libertarians over this. Bitcoins are not designed to be a 'safe' currency. It's like cash. There is no reason this should be a problem for those who understand when, where, and how to use it. I wouldn't maintain more in a Bitcoin wallet than I would store in my real wallet. For me that would probably be a few thousand in US currency.
Like cash Bitcoins have a downside. Bitcoins fluctuate in value. US dollars loose value over time. It's also not that easy to steal. Practice good security hygiene and there is little to no risk. Don't walk down back alleys with $2,000 in your pocket and you'll probably be fine. Apply the security updates for your OS and don't run Microsoft Windows / Mac OS X and you'll probably be fine.
Anonymity has value- but Bitcoins isn't totally anonymous. Nobody who gets Bitcoins is claiming it is. It's at best difficult to trace due to the current lack of people or facilities to do this. That doesn't mean it or a derived currency won't eventually have such anonymous or pseudo-anonymous features. Zerocoin is a proposed extension to the Bitcoin payment network that adds anonymity to Bitcoin payments. It's here. It exists. It might need some peer review, some beta testing, and people to formally implement it, but we're not that far off.
Are Bitcoins a libertarians wet dream? Almost... but it's not 100% perfect yet and I'd be skeptical of anybody claiming it is.
Re:Anonymous cryptocurrency, who to trust? (Score:2, Insightful)
If everybody used bitcoins, we wouldn't need any exchanges or banks.
Re:Stills seems like it has to be an inside job (Score:5, Insightful)
I think what people miss is that they didn't have a half billion USD worth of currency when they set things up. When they set things up, BTC was trading for less than 1% of today's values, and (just speculating here) a couple of years back they probably had a small fraction of the BTC that they have today (had a few months ago, at least...). So, the half billion USD peak might have only been a hundred thousand or so when the organization started to "get serious."
When your organization's total assets are less than a year's salary of a good software engineer, odds are, you don't have a good software engineer on staff full time to make sure things like change management are happening properly. Ditto for accounting and audits.
Should they have hired up proper staff when assets started to resemble Scrooge McDuck's vault? Yep, they sure should have. Think about how long it takes to hire good people when you're looking for them. Now think about how long it takes management to start looking for good people, even when they have a clearly demonstrated need, but no immediate crisis.
Not that I trust a damn thing written about fund managers on prospectuses, but this is why people should be looking for years of experience in relevant fields in the team that manages an investment. Then, when the fund goes bust and it turns out that the prospectus was a pack of lies, some lawyers can make a little money suing the bastards until they only have their offshore accounts left to live on.
Re:Anonymous cryptocurrency, who to trust? (Score:5, Insightful)
No banks? How do you plan on borrowing money to buy things you can't afford outright, like a new car or a house?
Re:Anonymous cryptocurrency, who to trust? (Score:2, Insightful)
Then don't buy them simple as that.
Re:Anonymous cryptocurrency, who to trust? (Score:4, Insightful)
Yeah, so when they steal your TV, they get your encrypted life savings too!
Re:Stills seems like it has to be an inside job (Score:5, Insightful)
Re:Stills seems like it has to be an inside job (Score:4, Insightful)
That would be my guess or perhaps just enable the theft in the first place by creating a culture where nobody will ask any questions being aware the documentation and logs won't exist to provide answers.
If someone in authority was making a routine habit of bypassing organizational policies, or thwarting security control some pesky honest person might start to scrutinize their behavior and might even blow a whistle. On the other hand if there are no policies and no security control than nothing anyone does malicious or others is going to seem strange enough to stick ones neck out over.
Re:This is why we can't have nice tihngs... (Score:5, Insightful)
People who claim modern currency is baseless don't understand economics. Modern currency is backed by *everything*. Gold, Real Estate, Cars, Businesses. Everything that is used for collateral against a loan becomes backing for our currency. Crypto-currency is based on scarcity like gold was, and thus makes a terrible general purpose currency because it's vulnerable to manipulations, and rigidity that make it easy for bankers and insiders rob everyone. The modern form of debt backed currency is the most flexible and least vulnerable to manipulation there has ever been. Our advanced modern currency has weathered the pressures of the current economic stresses extremely well, and dramatically lessened the impact of the current problems with our economy. If you want to look at what things where like with a scarcity backed currency, look at the economics of the US pre 1913. It's full of horror stories like the panic of 1893 and 1873, and even some events where bankers conspired to not give out loans to anyone to buy up houses cheap and re-sell them for a profit once they all agreed to give out mortgages again.
Re:Anonymous cryptocurrency, who to trust? (Score:4, Insightful)
Re:Stills seems like it has to be an inside job (Score:3, Insightful)
Re:Stills seems like it has to be an inside job (Score:5, Insightful)
There's no other reasonable explanation.
So there's absolutely no chance that people who created a web site to trade Magic The Gathering cards, then hastily modified it to trade bitcoins, could possible get in over their heads technically and financially?