Mtgox's official story could be wrong. The BTC of many accounts was sold.

[ahtremblay]

I believe a hacker got hold of everyone's account at mtgox. This hacker then executed a looping script that logged into a number of accounts one by one and issued a sales order for the full BTC balance in these select accounts. After 2 minutes, the loop was completed and all BTC held of the mtgox's clients accounts were offered for sale on the mtgox market.

This drove the price of BTC down to almost nothing. mtgox as a withdrawal limit of 1000$ equivalent BTC per 24 hour period. With the price to almost nothing, the hacker could withdraw almost any amount of BTC he wished from different accounts. I think in a few days or weeks some people will learn they have lost a fortune in this attack.

We must face the reality that mtgox is short on BTC. They do not have the BTC they claim they have.


This is just a warning. I am not saying it is the case that this happened. Just that it is a possibility.

[1714775496]

1714775496

[1714775496]

1714775496

[1714775496]

1714775496

[1714775496]

1714775496

[1714775496]

1714775496

[1714775496]

1714775496

[padrino]

I was watching my account until after this happened and nothing was missing, what you saw is every buy order being executed as a large sell order was filled.

[ahtremblay]

I am stating that a script was run to offer for sale every BTC in every mtgox account.

I am not staying the BTC left mtgox. Mtgox might have been able to shut it down before the person could withdraw sufficient amount.

[Keenan79]

and you can't have script selling many small amounts only from 1 account?

[ahtremblay]

and you can't have script selling many small amounts only from 1 account?

You have to think here. The passwords/accounts of every account is out! Then you get thousands of micro sales with a bunch of big sales moments before. For a total sum larger than any account in the blockexplorer. Look at the evidence!

[speeder]

You are talking BS, because I was there when it happened, logged on mtgox, and when it was over, my account was untouched.

What you see on that list, is individual bids being supplied by a single sell order.

[SgtSpike]

You wouldn't see one big sell order because there isn't one big buy order.  In order to sell that much BTC, you have to make a transaction for every single buy order that is out there, one at a time.

Sorry OP, but you're wrong.

[ahtremblay]

You are talking BS, because I was there when it happened, logged on mtgox, and when it was over, my account was untouched.

What you see on that list, is individual bids being supplied by a single sell order.

Not every account would be compromised. Some accounts have stronger passwords and have a salt, making them harder to brute force. But the majority does not.

[ahtremblay]

You wouldn't see one big sell order because there isn't one big buy order.  In order to sell that much BTC, you have to make a transaction for every single buy order that is out there, one at a time.

Sorry OP, but you're wrong.

If that is the case, I am perfectly able to accept it. If fact I hope that is the case.

[Philj]

if someone put in a single order to sell 50,000 BTC at $.01 then however many small buy orders were out there would have all been executed as different transactions, and there would now be thousands of people that bought BTC at prices all the way down to $.01. It is more likely that a single large account created those transactions rather than a lot of individuals accounts.

[Bit_Happy]

I was watching my account until after this happened and nothing was missing, what you saw is every buy order being executed as a large sell order was filled.

+1
Everyone be careful about believing these BS threads, the trolls are here again today.

[icaci]

All leaked passwords are either MD5 hashes or FreeBSD MD5 crypt() hashes. The attacked must have changed all hashes to a known one in order to be able to log into each other users' account. It's not impossible to execute a simple UPDATE query given the fact that the entire passwords database was dumped. Then it would be impossible for you to log into your MtGox account unless the hacker has restored the original hashes.

[dutt]

OP you are totally wrong.
Those small orders represent the OTHER SIDE OF THE TRADE. The one big sell order was chewing through the open book.

[kjj]

Most people have never tried to code a big exchange market, so they have no idea how they work, or what they look like in action.  Those of us who have aren't fooled.

The exchange has two lists, one for buy orders, one for sell orders.  The order matcher finds the buy order with the highest amount, and the sell order with the lowest amount.  If there is a tie in either of these, it will go to the oldest one.  If there is an overlap, a sale is recorded, balances are updated, the smaller order is closed, the larger order is decremented by the size of the smaller order (or if they were the exact same size, they both close).  Rinse, repeat.

A large order, like selling 500,000 coins for not less than 0.01 $ each, will hit thousands of buy orders, one by one as it chews through the order book.

[BCEmporium]

I don't want to be guy carrying the bad news. Don't shoot me! I'm just the messenger! But I also believe MtGox's coins had been depleted.
MtGox has a 1000 USD limit or equivalent BTC, at 0.01 this means 100,000 btc can be withdraw at once.
By seeing the users file, I come to a conclusion that the attackers could use any number of those accounts, if not all, to trade and withdraw.

This is a snap of bitcoinmonitor during the attack, notice the last transactions leading to the 500K. Looks like the robber getting away with his heist.



Just hope I'm wrong...

[TurboK]

... I'm a little bit confused. It is obvious that the stolen database wasn't used to mass sell on every account. Does that mean that the 400k btc withdraw was unrelated? Or it was related in that the owner of that wallet had his password stolen from the mtgox database?

Who made the database public to begin with?

[BCEmporium]

Someone was offering it for sale 17 hours ago here:

http://apps.ycombinator.com/item?id=2670302

and here:

http://pastebin.com/ui0nusuZ

So I think they're well related. Somebody may had buy or the seller himself decided to go for it.

[ahtremblay]

I don't want to be guy carrying the bad news. Don't shoot me! I'm just the messenger! But I also believe MtGox's coins had been depleted.
MtGox has a 1000 USD limit or equivalent BTC, at 0.01 this means 100,000 btc can be withdraw at once.
By seeing the users file, I come to a conclusion that the attackers could use any number of those accounts, if not all, to trade and withdraw.

This is a snap of bitcoinmonitor during the attack, notice the last transactions leading to the 500K. Looks like the robber getting away with his heist.



Just hope I'm wrong...

Things are getting clearer.

The hacker has access to many accounts with high BTC. He cannot withdraw because of the limit of 1000$ equivalent BTC. What does he do? He sells offs tons of BTC to drive the price down to almost nothing. Then he empties any number of BTC he wishes. The coins are depleted, many people lost a fortune.

[dinzy]

Well I doubt they could get all accounts and know for a fact that mine did not sell any coins, but I also doubt that any one person would have such a huge amount of coins stashed on Mt Gox.  

I am betting either it was one person trying to dump stolen coins or that they hacked a significant number of accounts to accumulate the coins for the mass sell off.  

And what is the 400k withdrawal all about?  

[BCEmporium]

It was a 500K movement, maybe the attacker merging the coins to his main wallet. Even @0.01 he couldn't withdraw that many.