Yes, they should have had its insolvency reported as soon as they were aware of it. Now they are the ones that need to report that they weren't, which is very easy: Just publish the addresses of all cold wallets that belong to mtgox at each moment in time so that it is possible see exactly which balance they had at point. The same for bank accounts.

I donno which fantasy world does Karpeles thinks he live, but he has make some vague claims that he will have to back up with evidence. Not doing so means just one thing.

And no, its not that were just criminal negligent by not periodically reconciling balances... They were in fact doing it "All the time":

http://www.reddit.com/user/WeAreMtGox

WeAreMtGox 301 puntos 10 meses atrás

NO. Everything is accounted for (BTC and money). Fractional reserve is absolutely against our principles. In fact 90~95% of BTC are held in cold storage.

[–]WeAreMtGox 10 puntos 8 meses atrás

Absolutely not true. We do not operate a fractional reserve exchange. 100% of deposits and Bitcoins are accounted for at all times.


That was 8/10 months ago... Were they lying then or now? Pick your choice, because the two just doesn't match.

COmo ya se ha comentado en otros hilos... O bien MK mentía entonces o lo hace ahora. No hay otra opción.

Pero para demostrarlo a ciencia cierta, quizás haría falta un esfuerzo colaborativo en el que los usuarios de mtgox aportasen todas las direcciones de salida y depositos para confirmar las relaciones. Al menos los que aún puedan tener un registro de ellas y que no afecte a su privacidad el publicarlas.

Pues yo creo que con lo que he "perdido" en mtgox me he ganado las palomitas para seguir bien de cerca el tema. Y desde luego esto no va a quedar en un simple "It's gone!". Hasta ahora ninguna de las explicaciones encaja ni tiene el más mínimo sentido.

Lo que se tenga que perder, que se pierda, pero al menos que se llegue a la "verdad"... que todavía está muy lejos.

Hay varios hilos bastante interesantes que intentan analizar con un poco más de detalle la situación, entre ellos este: https://bitcointalk.org/index.php?topic=488165.0

And here it is:

http://www.reddit.com/user/WeAreMtGox

WeAreMtGox 301 puntos 10 meses atrás

NO. Everything is accounted for (BTC and money). Fractional reserve is absolutely against our principles. In fact 90~95% of BTC are held in cold storage.

[–]WeAreMtGox 10 puntos 8 meses atrás

Absolutely not true. We do not operate a fractional reserve exchange. 100% of deposits and Bitcoins are accounted for at all times.


That was 8/10 months ago... Were they lying then or now? Pick your choice, because the two just doesn't match.

That subject is an easy one: Whomever cracks them, gets them. It couldnt be any other way, unless we start talking about "tainted coins" again.

If my understanding is correct, exchanges use their custom code to create the transactions. That would mean they are the ones that specify also the address that would receive the change. I think it is easier to reuse them from a pool (which you are already storing private keys) of "hot" change address than to create new ones each time and "erase" the private key after spending...

In this case I think the "wrong" way is more effort than the right one.

But yes, not only exchanges should not erase private keys of any address ever used... Exchanges should NEVER EVER erase ANY transactional data, logs, accounting, ANYTHING.

In short: We are all still waiting for ANY explanation of what has happenned. COntrary to the common belief, there has been NONE that makes ANY sense. Just a bunch of nonsense without any evidence backing any claim.

When that happens, we could analyse if theres any truth on it.

Interesting theory... except that it doesnt match with the facts:

Considering you could reuse any deposit address at any point of time in the future, one can conclude that mtgox system was storing all public/private keys and its relationship forever.

1) Its "possible". I think that either they belong to gox (or Mark Karpeles, which in theory is DIFFERENT THING) or he was already lying and started its fraud at around that time. Anyway, the fact that most of those coins seem to have been static shows that either they are the stash of someone very wealthy which dont even need em yet or somehow lost access to them (temporarily or otherwise).

Considering the date it may also be KnightMB's stash, Finnley's "legacy",... maybe even sturle's... who knows.

In any case, we will be paying very close attention on any move of those coins in the future. And also there is an ongoing effort to compile as much data from different sources to get a better understanding of the whereabouts of these coins.

2) If I had to bet I would say they have always belong to same person/entity who has a bigger stash and haven't needed to use them yet. If they were theft at some time... We are still waiting for MK to report that theft, he hasn't.

Also... who in their right senses would have bought that stash and not move em to another address where only he has the private key? Unless that transaction was in fact the sale and he haven't moved since. Not the most plausible explanation.

3) You are mistaking in considering the recent "moves". It's all dust, I can also send some smallish btc to that addresses but that doesnt mean anything. It hasn't really "moved" since the time it was funded on 2011-11-16 05:59:08.

4) A lot of maybes are possible at this time. It's Karpeles which at this time should explain whose BTC's are those and why did he used them to "back up" his claims of solvency at that time. Whatever the explanation, he is or was lying. Pick your choice.

That's the point. It's so easy (for mtgox) to audit the whole issue up to the last satoshi that the vague excuses just dont match.

Also, any time I try think of a situation in which this happenned from a long time ago (ability to withdraw without verification) its almost impossible that it wasn't detected on time before a HUGE hole, and unthinkable that it wouldnt be detected afterwards any time during the past year.

I hope that when the criminal charges press him, he will give some better and more detailed explanations of WHAT (and HOW)  REALLY happenned.

Also, the "fact" that we can't follow the traces up to a certain identity is a common myth. Given enough (internal) data about the whole issue, and considering the INMENSE ammount of BTC we are talking about and that humans make mistakes, I am very confident that with mtgox colaboration (if they really are not into it) it would be possible to follow the traces of the MANY "leaks" to individual entitities.

But the vague explanations, trying to blame theoretical vulnerabilities without giving ANY proof of it actual impact, etc... makes me think the answer its much more simple than all that.


P.S.: Also, I want to point some thing:

The reason for having a hot/cold/deep wallets system is because when you run an online exchange you can't trust whatever your online databases (ie: BALANCES) says, because it can be hacked, manipulated, etc...

I mean, if you take advantage of a vulnerability that makes the online system belive you have a balance of 1000 BTC you do some checks before withdrawal, or, at the very least, you risk your hot wallet to be emptied and ANY time that happens, BEFORE loading one of the cold wallets to replenish the hot wallet, you reconciliate the balances to check that everything is ok and you arent being fooled by altered data.

Not doing so, would be the equal of not having a cold/hot wallet protection at all, and you could simply be putting all your balance on a hot wallet anyways.

So no, not only saying they didnt periodically reconcicle the balances IS criminal negligence... it is also *FALSE*.

I see. I thought due to its (presumably) high number of transactions maybe they were doing the same "merging" of multiple inputs(funds)/outputs(payments) into one big transaction that satoshidice was using... but probably they didnt have the same need to combine so many small ammounts into a bigger transaction to cut on fees.

What you say makes more sense and is more consistent with this whole "transactions" issue.

Well, lets see if at some point gox publish the data needed to back their vague explanations, until then there's not much more to think besides speculation.

Thanks for the detailed explanations. Yes, I meant using mtgox internal accounting records, which obviously mtgox should have and so (being this forensic reconciliation possible) could/should do this audit themselves and offer it as proof in the process as defense of the accusation of internal theft (which is also already in the air).

Each attempted transaction should have been logged, not only because of its forensic value, but because one couldnt know it would become a "failed" one, you need to log it to be able to track the outcome. In no way they could justify that failed transactions were simple wiped from the logs afterwards.

It's the same as they should have a detailed log of the order book at any point in time.

But now that I am thinking about the malleability issue, and after reading the explanations, some thing has come to my mind:

Withdrawal transactions are put in queue and then a transaction with many inputs and many outputs (all the withdrawal destinations) is created... so... for each sucessful malleability attack, not only the "attacker" withdrawal would be reissued, but all the ones in the same "failed" transaction would. So many people besides the attacker would have received duplicate bitcoin transactions for each sucessful attack. (Unless I am wrong in my understanding of how that process works)

At least if we come to believe the explanation that it was an AUTOMATED reissue process and not a manual one after opening a ticket asking for the reissue.

The more I think about it, the more it all seems totally BS to me.

Then there is a reason why such collisions should be considered an "incident" and logged separately (for forensic purposes), especially if the volume is not that big as to make it impractical. Pity it wasn't being already done on a regular basis, at least on some "strategical" points of the network.


Again a pity it wasn't being logged in full even after the mtgox announcement. But anyways, that information could imply that the "attack" was not so generalised as to justify the ammount of damage mtgox wants everyone to believe. Maybe it even was a smoke screen to give some credibility to the announcement.

Also, being this type of attack some sort of race condition (combined with mtgox negligencies), the volume should have probably been huge in comparison to the sucessful "exploits", and this doesnt seem to have been the case.

Do you really think that it is really possible that all the BTC's were leaked out of gox by taking advantage of the malleability issue?

And that, even if no periodic balance reconciliation were done (which might be criminal negligence in itself), they woulnt notice something very wrong was happenning each time they had to load another of their deep cold wallet address because the previous ones had all been emptied without any logical reason?

I find easier to believe that all the time they knew they were running a fractional reserve, probably risking the remaining BTCs in an attempt to recover solvency and losing them in unfortunate trades, until they couldnt even fulfill its pending withdrawals... and then blaming some old known issue which may or may not have had an additional but negligible impact in its balance.

Yep... apparently. Unless one of those theories like the one about the 200K BTC on accounts used on the 2011 showoff prove to be right, or who knows what.

Until Mtgox publish (at least to those legitimate parties) its detailed internal accounting, including the list of all the cold wallet addresses used over all these years, we won't know for sure.

If it is the same as in Spain and many other countries, it is a different thing.

Basically it means the corporate is not bankrupt (not just yet) but it has a lack of liquidity that makes it impossible to fulfil its debts in the short term. It then gains some time to solve the liquidity problem (by selling some assets, recovering pending debts, etc) so that it can restart its normal operation... or not, and then it files definitive bankruptcy.

Tienes razón, insignificante no es la palabra más apropiada. Me refería a insignificante en comparación al resto de la pérdida y no digamos de las que han podido tener otras muchas personas... y a que está cerca del límite en que merece la pena apostar otros 40 euros por la remota posibilidad de recuperarla.

Thanks for the detailed explanation.

Do you have any idea of how high is the percentage of discarded transations under "normal" conditions? Would it be feasible for some miners to be logging those "incidents"?

Anyway, one thing is that we can't detect those "malleability attacks" afterwards and other very different that mtgox can't reconcile its internal accounting with the blockchain and detect each and all discrepancies.

Please let me know if theres some reason that a process like this would not work:

1- Balances for all accounts with no withdrawals are ok (at least from a "malleability issue" point of view)
2- Balances for all accounts with no failed withdrawal + reissue are also OK
3- Accounts with failed withdrawal transactions lets check like this:
    - For each failed transaction lets search if the transaction went through. Obviously not using the txid, but ammount, input, output. If it did, then flag the account as "abuser" and take note of the "leaked" ammount.

Now you should know exactly how much the malleability "issue" is to blame for the "missing" BTC's and also who were the users behind it, and when/where the leaked money did go to.

Is there any technical reason for this to not be a simple process to run against mtgox records or maybe the only reason they havent made this figure public is because they already know that total sum would just be negligible and that was not the real problem?

P.S.: I am aware that there have been some comments saying that one of the faults of mtgox was that maybe they were doing the reissue using different inputs...

Well, that's what makes difficult/impossible to locate the "dupes" using only the blockchain, but mtgox accounting records should have the missing information, i.e. inputs/output/ammount for each attempted transaction, original or reissued, so that it would be a matter of going through that records rechecking everything against the blockchain.

Very interesting explanations about the malleability "issue" and its limited practical impact on mtgox assets.

The "funny" thing here is that MK has deluded himself into thinking that the "It's gone" will suffice as an explanation without offering any proofs in an environment so full of them.

Sooner or later he will have to provide internal accounting records and then it will be very easy to finally know what (and when) really happenned.

One of most important accounting records he will have to provide is the list of all the cold wallet addresses that they were using at each moment in time. Being the most valuable assets of the company (apart from bank accounts) all of them should be perfectly identified in company reports showing periodical balance.

Then we will have the full picture of what was happenning and since when.... the same full picture that Karpeles had in front of him all the time... the same that would automatically show a discrepance as soon as it started between mtgox internal BTC balances and real ("blockchained") addresses under their control.

After that basic accounting is done then it will be easy to check which explanation fits better into this case... and since when was MTgox knowingly operating in insolvency without reporting it, which I supposse its a criminal act in Japan as much as everywhere else.

Maybe then the malleability "issue" and all the bunch of excuses will be insignificant and no matter anymore even if it had any additional impact on the already criminal operation of MtGOX.

... Or maybe the next twist of this plot will be to execute another "It's gone!" this time to the accounting records? That would be even more funny.

TL;DR: The answer is in the accounting records which he will have to provide to prove the insolvency and how it developed over time. It won't be easy to fake them as they must match and be coherent with the public blockchain.

Sí, así lo entiendo yo también... pero teniendo en cuenta la "avalancha" de retrotracciones que habrán llegado al banco polaco y que, se supone, a mtgox no le conviene actuar con patente mala fe... es *posible* que acepten la retrotracción de las últimas transferencias que no llegaron a entrar en el sistema.

No es más que otra apuesta, vaya... en este caso por 40 euros. A ver que pasa.