I'm Kevin, here's my side.

[flaxindo]

3) The precedent they're setting here cannot be maintained.

Exactly what happened here may never be fully known, but according to Mt Gox an unauthorized user accessed someone's account and placed a sell order. Passwords get guessed/leaked all the time, and any exchange that attempts to undo that in every case will undoubtably fail.

If I'm careless with my password and someone places orders on my behalf in my account without my permission, will Mt Gox revert an hour's worth of trading to fix it? What if I only had 2 bitcoins? Or 20? or 200? There is no way rolling back trades to handle a compromised password in any way that will scale to the size of bitcoin's current economy. Unless Mt Gox is wiling to explicitly say they'll give this same treatment to any user who has their account compromised, it's blatantly unfair to everyone else.

This also opens the door to allowing anyone to request equal treatment if they made some trades they later regret. Log in through a proxy to make it seem like someone from a distant country was using your account, make your trades, then later scream about how your account was compromised and you want a do-over.

This is the key right here.

Make no mistake, if they do a roll back and if my account gets hacked in the future I will be demanding a roll back no matter how many BTC are traded.  And I rather like the proxy idea you stated.  I might just have to go for a super risky trade and demand a rollback if it doesn't work and claim hacking.

Moral hazard, anyone?
https://secure.wikimedia.org/wikipedia/en/wiki/Moral_hazard

[1714024548]

1714024548

[1714024548]

1714024548

[1714024548]

1714024548

[Terpie]

It's fairly easy to see who has a horse in this race and most likely bought coins for cheap during the selloff. Sorry guys, but big time exchanges break trades even when all the trades are executed according to the explicit instructions of the trader. And the SEC allows the exchanges to define these rules:

http://www.cbsnews.com/stories/2010/06/17/business/main6592645.shtml

This MTGOX scenario has the added condition of criminality, including unauthorized access. It's beyond absurd that some of you think these trades should be honored. It's shows a shocking level of trading amateurism on the boards.

[Phil21]

I think a rollback is the first step. Put things back to before the crash. In fact, I would suggest a transaction-by-transaction examination of (at least) the last week. We need a disinterested 3rd party to do this. NOT Kevin, and NOT MT. I have no idea who, but I do not envy their headaches.

We absolutely agree on the 3rd party audit, this needs to happen.  I think we simply disagree on the time frames involved here.  I'd like, before we roll back, to actually know if we should roll back just this one 500,000 btc trade, or if there have been dozens, hundreds, or thousands of illegitimate trades for much smaller amounts of bitcoins that no one noticed?  Does the community just pretend these didn't happen and simply move on?  I honestly don't really have a good answer or solution here since no one knows the extent of the problem.  And this is why the rollback as a concept really concerns me.  MtGox is picking an arbitrary transaction to roll back from - granted an extraordinary transaction that had a large amount of publicity and upset users.  One thing I've learned from operating sites that are high profile targets for attack, is that if you do notice someone exploiting a hole - usually you can go back in forensics and see other people exploiting that hole in a much more quiet and smart manner.  Sometimes these attacks go back years, before being noticed.

I understand you're trying to get back to normalcy as quickly as possible, and that does make sense and I wish for it too.  I actually agree that a rollback is a good idea, if it can be relatively certain we know it will actually fix anything other than simply giving 500k btc back to mtgox, and then we go on merrily being robbed from unknowingly by some other (very likely to exist with the state this code is apparently in) exploit until someone comes along and fucks it up for the smart hackers again by drawing attention.  Rinse and repeat.

I stated this in IRC, so you don't think I'm making up hypothetical concerns here.  I trade bitcoins for cash, locally in person by executing a real-time trade on MtGox and letting them watch, to ensure I'm not charging them any more/less than up-to-the-minute market rate.  I get cash, they get bitcoins sent from MtGox to their wallet address.

If a rollback can happen now at any time, how am I to conduct this business any longer?  I could be buying "stolen" bitcoins unknowingly, and have them taken from my account at a later date (how long do I have to wait for the transaction to "clear"?).  I am now out real money, since I conduct an actual business that will make my customers whole in the event of one of my vendors making a mistake.  It's the right thing to do.

I simply want to know the extent of the problem, the fixes being implemented, and the policy/plan for such situations moving forward.  I personally believe MtGox has lost their "right" to claim privacy/business secrets on this one as they've already lost the benefit of the doubt by having their entire database stolen.  Considering none of these answers have been forthcoming, I think it's starting to become obvious this problem is quite a bit more complicated than a simple hacked account.  Once answered (and answered truthfully this time, if that's even a possibility any longer) I can then evaluate my risk exposure based on legitimate and truthful information, which I currently cannot do.

[Coaster]

Look at the broader picture. If they allow $10,000 USD worth of BTC to slip out for less than it's worth they get SIGNIFICANTLY LESS fees. By rolling back, and protecting potentially $5M+ USD, they stand to make tens of thousands more in transaction fees when the BTC are sold for a higher price. Obvious troll chooses more all the time. While the customer relations aspect could keep (possibly earn) them customers (as any business management course would teach) if they did the right thing... We all know how greed works.

[Terpie]

Look at the broader picture. If they allow $10,000 USD worth of BTC to slip out for less than it's worth they get SIGNIFICANTLY LESS fees. By rolling back, and protecting potentially $5M+ USD, they stand to make tens of thousands more in transaction fees when the BTC are sold for a higher price. Obvious troll chooses more all the time. While the customer relations aspect could keep (possibly earn) them customers (as any business management course would teach) if they did the right thing... We all know how greed works.

Think a little bit harder on that one, guy.

[bitsalame]

I believe that actually Kevin doesn't have to give back any of it.
He purchased them in good faith. Even if the market was crashing, I would have purchased it if I saw the opportunity.

• Now, even if it is on his right to keep them, IF the money belonged to MTGOX (and not a user, but actually the main fund of MTGOX, which seems to be more plausible the more I think) then I guess that for the betterment of the economy and its stability, Kevin should give it back to MtGoX.
  In exchange of the devolution, MtGox should give a compensation for the act of good faith and allow Kevin to keep the withdrawn amount
• If the account was a personal one, Kevin has less obligation to give it back to the owner of it. When you make the wrong call playing poker you can't undo it, if you fucked it up, you fucked it up. Period.
  But still, it would be a nice gesture, and this would be totally from Kevin's generosity, if Kevin gives back partially or totally to the previous owner. A generous compensation for this gesture would be appropriate.
  

BUT, Kevin has all the rights to keep it and not giving it back to anyone. He would be a total asshole by behaving like that, but it is in his right.
Now, everything depends on his will.

MtGox shouldn't rollback shit.
The least thing that MtGox can do is to compensate to all users for this scandal and for they negligence/incompetence.
The leaked userbase is embarrassing enough, and that needs a fair compensation to all of us who entrusted this site with our money, and in some cases, our life savings (doesn't matter if trusting one's savings is a unsound judgement, the point here is that our trust has been broken).

It takes decades to build trust, and only one second to break it.

Usually, one never recovers full trust with a person, but doing good deeds can help to reestablish the relationship.
I hope MtGox understands here that more than profit, trust is actually the backbone of a business.
If you don't offer a deal to keep your users happy, expect a bank run.

Wow this looks familiar.  Oh that's because you reposted it from another thread.  Are you looking for a kick back for brown nosing our new friend/pariah Kevin?

All I know is that the whole thing is rather confusing.  Between MT's side, Kevin's side and the myriad of responses coming down on all sides, it is impossible to keep up.  It certainly would be nice for someone to publish a timeline for those who cant stay by the computer all night.  A lot of people have a lot of money involved in this cluster fuck.

lol I edited the previous post, it was in the wrong thread.
And I wouldn't expect shit from him... I am just playing neutral here and find a fair result for everyone.

Summarizing: Kevin has all the rights to keep it, it would be really a nice gesture if he gave it all back to their owners.
In rewards for this gesture, both the hacked account owner (*cough*MtGox*cough*) and Mt.Gox should give him a compensation.
(like when you find a wallet and give it back to its owner)

On the other hand, MtGox has to take responsability for all of us who were directly impacted through the leak of the userbase.
MtGox must compensate ALL OF US for the leak of the personal emails, the passwords and for breaking our trust as customers.
Many people already got spammed because of this and many people became targets of phishing.
No transaction fees for a couple of months would be nice, for starters.

I think this would be fair for everyone.

PD: About the rollback I think this is a stupid move, and MtGox has no right to execute it.

[relmeas]

This is all a bunch of bullshit.

Kevin stepped up. Now it's time for the bitcoin loser to step up, and if no bitcoin loser shows to claim the loss, then it was Mt Gox all this time. Who owned the 500,000 bitcoins?

I think it was Mt Gox!

They either owned them first, or stole them and then tried to sell off, and buy back, but Kevin got half of them. Who else got the others, exactly in their orders? Could it have been Mt Gox that got many of them?

let's suppose there is no loser, it were MtGox' btc all along.

still the trade was initiated by a hacker since why would MtGox sell their own btc and then roll back the trades?

so we're back at the hacker version and nothing changes...

or, if your version if true (some person who did not care about the money decided to throw away 500000 btc to crash the bitcoin economy) - then we should have the person who did want to sell those 500000 btc he OWNED but his trade was rolled back by MtGox and 500000 btc stolen from him by doing so.

Now, where is THAT victim?

[Maged]

My advice to you would be to consult with an attorney. If he sees feasibility in moving forward, you will probably need to hire one in japan as well to work with your US attorney. MT Gox may very well hold fiduciary responsibility in honoring your trades, barring any unknown laws regarding fraud, theft, unregulated trade and commidities speculation. The very least that could happend would be a judge refusing to hear the case or throw it out. The best that could happen is that the bitcons and/or financial assets are frozen until case disposition.

With their servers in the USA, their operations in Japan, and doing world-wide trading, its hard to tell what jurisdictional relief you may have.

When a company does not adhere to their own terms and policies, the only recourse is through the courts.

The problem with that is that it could freeze a large portion of the Bitcoin economy for months, or even years! This is by far the most dangerous thing that could happen to Bitcoin.

[myrkul]

I simply want to know the extent of the problem, the fixes being implemented, and the policy/plan for such situations moving forward.  I personally believe MtGox has lost their "right" to claim privacy/business secrets on this one as they've already lost the benefit of the doubt by having their entire database stolen.  Considering none of these answers have been forthcoming, I think it's starting to become obvious this problem is quite a bit more complicated than a simple hacked account.  Once answered (and answered truthfully this time, if that's even a possibility any longer) I can then evaluate my risk exposure based on legitimate and truthful information, which I currently cannot do.

I think we're (mostly) on the same side here. Yes, there were probably vulnerabilities before the huge obvious one, and MtGox will probably have to (and should, IMO) eat those. But it is the huge obvious one that necessitates the rollback, because of the sheer size of it. As I've said previously, it's the easiest way to get the most people the most whole, which will give MtGox a place to start from to get everyone made as whole as possible. I don't think there's a bad precedent being set here, though. If something like this happens again (And I hope it doesn't) it will be just as clear as it was this time. 'Little' thefts don't need a rollback, the exchange will end up eating those.

[Nescio]

TLDR translation:

Hi, I'm Kevin. The other day I went to the gym and saw a guy get jumped and knocked unconscious in the locker room. The attacker rifled the pockets of the dude on the floor and took off. I smelled an opportunity but since there were others in the room I moved in closer to have the first go at him after the attacker. I quickly put the loot in my locker so noone else could get at it and immediately wanted to take as much as possible of it home, but found that my pockets could only hold a fraction. I knew there were loose bricks on the other side of the wall behind the lockers, but thought I might be committing something illegal if I went for it. Since my fingerprints were all over the place, I immediately went to the janitor and told him who I was and what happened, but he appeared to be on the phone. So I went to the library and put up a note explaining things, hoping for visitors there to gather on my side, and giving reasons why the dude who got jumped should let me keep the booty. I'm thinking some other looters may help me out a bit, and maybe some others who think the dude should have expected to be jumped, after all the gym locks were broken a couple of days ago and he didn't seem to care.

This isn't a legitimate opportunity, it's grave robbery.

I can't believe the greed dripping off my screen. You know it would be fair to roll back, but boy, being a millionaire does sound good. Whatever Mt. Gox' history, this is not right.

You are correct Kevin to take this approach. I believe Mt Gox tried to fuck everyone, especially you.  I believe they may have stolen bitcoins from accounts, then tried to sell them to buy them back up, thus laundering them into their own hands.

I think you better file suit, Kevin, or you are going to look like the hacker in everyone's eyes, maybe even my own.

Kevin, after what Mt Gox did in the "their side" thread to try and CONNECT YOU with the hacker, I sure as hell hope you file that injunction.

Agreed. It's ON!

There is and will be, and should be a full on WAR!

ROFL, so when and where does this fight between you and MyFarm take place? So far you were hanging over the precipice of the 'conspiracy researcher' ledge, hovering above the 'paranoid crackpot' abyss, but your FUD here (first attacking Mt. Gox, then turning on Kevin, as long as there is strife eh) makes me think you're a plant.

[cunicula]

This should absolve you of my claims you are the other Kevin Day.

Strange choice of words. Are you by any chance Charles Taylor?

[arkados]

+1 Nescio.

Ok I just kick in this thread to make some things clear:
You surely know what's about "deal in stolen goods" (dunno if the word "concealment" is right, only know in french it's "recel"). Will you accept getting bitcoins if you suspect someone stole these from another account ? Maybe not, you want to stay safe legally said, since this is more punished than the stealing itself.

Short: lots of people not wanting to deal with "probably stolen" bitcoins, selling them, making the bitcoin's value drop, and so on. Then, 250 000 bitcoins robbed:
- will be worth nothing if nobody want to pay for them
- still is illegal

Mt.Gox did the right thing, Kevin is already tracked down for stealing and possible relation with system intrusion and cracking (if he really did it). It's now your turn: give the stolen bitcoins back where they belong (Mt.Gox) and be less charged, or keep them and face more charges and massive bitcoin crisis of interest and value loss.

You can't fuck around thinking you're safe because it's virtual and looked legit to you, Mt.Gox has to hand over all their logs to the authorities and they will easily go up to you. Legally, they have to hand over everything they know to the authorities, may the community like the FBI sniffing on it, or not. Mt.Gox being a registered society, they have to comply to any law of the countries involved, french because of french bank and admin, american because of technical infrastructure, and japanese because of society establishment and admin home. The point is how hard you will be hit in the end, and what impact this will have on the whole bitcoin economy. And how Bitcoin will be treated by the govs.

TL;DR: give the bitcoins back. For the community, for the future of Bitcoin and for yourself.
inb4 domain names "bitcoin.org", "mtgox.com", "tradehill.com", "sourceforge.net"... get seized by ICE (they can, TLDs managed by american societies)

[Phil21]

TL;DR: give the bitcoins back. For the community, for the future of Bitcoin and for yourself.

TL;DR is a bane of society.  You obviously subscribe to this theory as well.

Kevin does not have possession of these bitcoins, so it is quite obvious you didn't even read the original post, much less the followup replies in this thread.  Yeah yeah, that'd be work and all.

Just to help out the reading-comprehension challenged...

~250k bitcoins = at MtGox.  They never left.
~650 bitcoins, the amount transferred by Kevin, are sitting in escrow waiting for this whole mess to be figured out.  He posted that he was working on doing this, and I'm certain he'll post the details in the AM for everyone to see.  Sorry this stuff isn't instant?  Lawyers don't tend to keep 24 hour law offices open.  I really don't think he expected everyone here to be up in arms about 650 BTC he said he'd give back, when there are 250k on the line...

Jesus get facts right before you go accusing people of shit.  It's starting to get pathetic here.

[Torminalis]

I was thinking about this overnight and if there was a serious database compormise, would you bother moving all of the coins into one account or would you just update a single field to say 500k?

I reckon the coins don't even exist, MtGox cannot afford to cover it and the rollback is therefore all but assured.

The bottom line Kevin (IMO) is that you were the fortunate recipeint of some one elses prank, but you cannot hold onto them because they do not exist. Do get over it, all this talk of running to the authorities to retain your gains is nonsence.

MtGox are going to take a panning over this and will probably go out of business, but the sad truth is that if you force MtGox to honour this trade, you will be taking the coins from the pockets of your peers and not from the security ignorant fools that let this all get so out of hand.

MtGox, you should be ashamed of yourselves.

[manifold]

Kevin you make good points, and I think everyone can put themselfs in your shoes, and understand that they would have acted very similar (since the whole situation was chaotic during the crash).

Since the whole problem is complex, I want to point out some key points:
1.) it has to be clarified what exactly has happed. That there were 500.000 BTC on one mtgox account is difficult to believe, but if it was, then the hacker obviously known that, and cracked exactly that password from the database.
2.) When it's clarified that Kevin bought "stolen" BTC i think he legally has to give them back, since the seller had no right to them.
3.) Even tough the rollback hurts a lot of people, I think it is the right way to go.


Who's fault?
f1) Well that lays definitely at the side of the hacker. mtgox gave the hacker the ability to steel BTC's. But mtgox didn't act (if everyone says the truth) criminally, just negligent.
f2) If the hacker would be found, he would be charged with the criminal intend to steel a few million $. Like a bank robber trying to get millions, and he got away with a few thousand (if it's true what mtgox says).
f3) mtgox acted negligent, but they don't must pay for the damage the robber has done.


All in all I think it's right to roll back everything.
But it will probably be impossible to get all the BTC and $ back, that where withdrawn (with no illegal intent (like Kevin)). This money "gone from mtgox" should be payed by mtgox , if they want people to trust in them again.  Otherwise mtgox will be known as the unsecure market responsible for nothing... (good luck finding traders...).

[arkados]

Phil21 -> well, guess I got some things not right then and the way it developed (nobody knows everything about all this mess anyway) _sorry_.
Still: I stated "if he really did it" in my post, since I've no proof of anything for or against -and there I am, waiting authority investigations make light on this. Meanwhile, my post applies to all massive bitcoin thieves.
//

Torminalis: be assured that MagicalTux is highly ashamed of himself for not forcing all users to update the password when he acquired Mt.Gox, making the passwords salted at the start. Not even mention the discredit on Mt.Gox and all the other services he's running, many people sure lost faith in his ability to secure websites. As a human, he can only do his best, not guarantee perfection: he may have more technical experience than the average, but he still has 24 hours time per day like everybody. Every expert knows that perfect security in computers is impossible, even the über-safe OpenBSD had 2 remote critical vulnerabilities at standard install in it's history. The internet in it's whole has been hacked and hacked again, making the network stronger everytime (would DNSSEC exist if there weren't any DNS poisoning vulnerabilities ? Buffer protection if there weren't "ping of death" attacks ? Antiviruses if there weren't viruses ?). Bitcoin economy is at experimental state, I prefer Mt.Gox exploited now and reinforce security massively (and anybody else taking lessons) than all markets hacked and coins sucked out while bitcoins are worth 4000 $ each. Preparing good times from the bad times, that's the philosophy.

btw: I'm directly concerned about all this, since I'm hosted on KalyHost and want to pay it with bitcoins - fed up about PayPal/MoneyBookers fees, plus bank tracing. So I really want Bitcoin to go back normal again and stay legal everywhere in the world.

[Batouzo]

Short: lots of people not wanting to deal with "probably stolen" bitcoins, selling them, making the bitcoin's value drop, and so on. Then, 250 000 bitcoins robbed:
- will be worth nothing if nobody want to pay for them
- still is illegal

And if the crash would be "just" to @5 then what? Is it some hacking or bubble bursting?
What if @3 ?

Here it happened, first it was drop to @10, then @5 then to @1 and so on.

There are more people involved then the @0.01 guy.

I would buy like hell if the price would drop to say @9, and most people on this forum would. With price @1 I doubt anyone would not buy (unless he started to think the entire bitcoin thing collapsed overall).

[Batouzo]

I can't believe the greed dripping off my screen. You know it would be fair to roll back, but boy, being a millionaire does sound good. Whatever Mt. Gox' history, this is not right.

What if people in china would rob some farmers. The farmers would be forced to work at slave wage or just for food at local factory. It would make new abibas boots from there cost x100 lower then you pay in normal shop. Someone would import them to your country, and you would buy them at x5 lower price at local baazar and then open up a shop.

No wait, not baazar.

You would buy it at most respectable and biggest imported good distributor in your Bitcoinville country.

Later police comes in and takes all your goods. Happy?

Again - I am not saying here necessarily that say mtgox is bad for doing the rollback or anything; Just trying to look at legal-moral problems that arise with trades triggered initially by some wrong doing; How should they reverse, who should refund which trader.

[bitbonga]

Folks, in the grown-up world, trades are unwound when the market malfunctions.

Kids, in the grown-up world, centralized currencies are used for trades.

[Andrew Vorobyov]

Totally agree with Kevin.