One recurring pattern eventually stood out: MtGox bitcoins would suddenly get sent to a new non-MtGox address, without any withdrawal log entry, often in fairly recognizable amounts of a few hundred BTC at a time. Shortly afterwards, these addresses in turn would get gathered up into bigger addresses holding a few thousand BTC. From there, the coins would get deposited in chunks of some hundred BTC at a time onto various bitcoin exchanges.
As its time period overlaps--late 2011 through early 2013--between the apparent theft of bitcoins observed by WizSec and the operation of Tibanne Limited HK, is there any link between the suspicious behaviour that they noticed and Tibanne? For example, could those transactions found by WizSec in the blockchain, identified as with Mt. Gox addresses, which failed to match any of the ones logged in the leaked database, merely be collateral ones made by some Tibanne special user that were never logged.
Tibanne Limited HK operated two special users--possibly as selling bots--who were entered in the leaked Mt. Gox database as "TIBANNE_LIMITED_HK" and "THK" (Different names at different times). These two users never purchased ANY bitcoins, and yet between August 2011 to the end of November 2013 sold almost 3 million bitcoins--between 6% and 30% of the daily trading volume (AVG=6.29%). Never a single trading fee was paid.
The activities of these two Tibanne special users are discussed in greater detail here:
http://7u83.cauwersin.com/2014-03-15-activities-of-these-tibanne-users-found-in-leaked-mt-gox-databaseAs to the reason why these users sold bitcoin, but never bought any, various ones have been speculated:
- Selling off the proceeds from Silk Road
- Tibanne operated a mining pool
- Purchased on other exchanges
- A bug in the Mt. Gox logging software
- GoxCoins created out of thin air
Since Tibanne, parent company of Mt. Gox, had at least two special users who could sell bitcoins, but never had to purchase any, some of whose transactions may have gone unlogged, and never had to pay trading fees, then this company should first be excluded as a possible cause of those anomalous unlogged transactions identified by WizSec before reaching any conclusion about theft being involved or not.
Also, it should be recalled that in January, a leak attributed to a joint Japanese and American government investigation into the disappearance of the bitcoins pointed to
fraud as the most likely reason the coins went missing. See:
https://www.cryptocoinsnews.com/japanese-police-suspect-99-of-mt-gox-bitcoins-missing-due-to-fraud-not-transaction-malleability-hack/