I'm MtGox, here's my side.

[tymothy]

Whether or not Kevin was at all involved with the hacker is irrelevant. He has taken possession of stolen goods. At the time he probably didn't know they were stolen.  Now he does. Now it's a crime if he keeps them.

There is no proof other than Mt Gox saying there was a theft.  I suspect there was never any hacker.  I suspect there was a bug in their code or someone at their company screwed up big time.  WHO with 500k bitcoins makes it easy for their account to be compromised?  Until PROOF of a hacking is provided, he has NOT accepted stolen goods.  

Completely reasonable.

[1714896227]

1714896227

[1714896227]

1714896227

[nelisky]

Agree 100%

Synaptic has to be the worst troll on this site.  He poisons nearly every thread.

He hasn't made any useful contributions that I can see.  If he has something productive to say, he should just say it, once, without profanity, if his infantile mind will allow him to do so.  Better yet, he should actually DO something, like start an exchange or a better fork of the Bitcoin software.

FUCK.

bobR, is that you?

Naah, you can't be, you are much more articulate at reasoning in colorful ways, though much less amusing to be honest

[Synaptic]

Better yet, he should actually DO something, like start an exchange or a better fork of the Bitcoin software.

Yea or maybe he could go get a life and move out from under that bridge he's living under.. 

*fistbump*

[MyFarm]

He logged in 3 minutes before the whole thing unfold.

Well I'm sure convinced!  Off to prison with Kevin!  /sarcasm

Good grief.  You're just terrible to make such connections.  

[flug]

Let me show you the login logs for our hacker guy on his account full of bitcoins, and Kevin:

Code:

[2011/06/19 05:00:02] Hacker login
[2011/06/19 05:12:10] Kevin login
[2011/06/19 05:15:10] Hacker login
[2011/06/19 05:22:35] Hacker login
[2011/06/19 05:45:39] Hacker login
[2011/06/19 06:08:18] Hacker login

I don't understand. Which account? Kevin and the hacker used the same account?

Yeah Please Explain this Jargon, And what is it that you're implying by it?

He is saying that Kevin logged in 12 minutes after the attacker logged in to start the attack.  Not damning by itself, and almost certainly a coincidence, but still a connection that needs to be followed up, particularly in light of how it all played out.

And placed a buy order at 0.01 USD per btc.

its quite odd that Kevin could login when the rest of us couldn't.  i watched the whole thing unfold and i certainly couldn't get in.
the other thing MT might be implying is that Kevin logged into the hacked acct?  now that would be damning.  please clarify?

He logged in 3 minutes before the whole thing unfold.

So the crash started 05:15?
Does that tally with the Windows time in this vid? http://www.youtube.com/watch?v=T1X6qQt9ONg

[YoYa]

TUX:

As a customer I only care about quality of service. As far as a lot of people are concerned, you've ff'd bad!

• It's not acceptable to have had your customers emails and Hashes leaked.
• It is not acceptable that you gave an unencrypted copy of your DB to a third party - THIS IS YOUR RESPONSIBILITY
• It is not acceptable that your DB contained account information alongside financial data - The auditor should have seen nothing but usernames

No doubt you're tired of posts like mine, but the most important thing you can learn is that your customers don't care for your hardships, only for your means to supply a service. I'm really hoping you can salvage the situation, but will happily let the door hit my ass on the way out if you don't start impressing with a genuine service that is worthy of being called world class. You have the opportunity!.......Dawdle any more, and you'll be but a footnote in history when a bigger fish takes a liking to BTC exchanges - I wish you luck.

[Prze_koles]

So the crash started 05:15?
Does that tally with the Windows time in this vid? http://www.youtube.com/watch?v=T1X6qQt9ONg

Probably. It took very long time before it reached $0.01.

[Enochian]

Whether or not Kevin was at all involved with the hacker is irrelevant. He has taken possession of stolen goods. At the time he probably didn't know they were stolen.  Now he does. Now it's a crime if he keeps them.

Money is generally treated differently than other stolen goods.  If every time I spent a $20, the serial number was checked to see if it had ever been stolen, so it could be taken away and returned to its rightful owner, money would be worth little.  

Kevin may very well be a "holder in due course" of the Bitcoins he purchased.  Namely, a party uninvolved in any drama between Mt. Gox and their hacker, and who needs to be kept whole with regard to a transaction he may have entered into in good faith.

[finack]

There is no proof other than Mt Gox saying there was a theft.  I suspect there was never any hacker.  I suspect there was a bug in their code or someone at their company screwed up big time.  WHO with 500k bitcoins makes it easy for their account to be compromised?  Until PROOF of a hacking is provided, he has NOT accepted stolen goods.  

I feel pretty neutral about this whole thing, but am I right that you're saying if this whole thing was the result of a bug or employee error and the huge trade that crashed the market was never even entered by a market participant that that somehow makes it MORE necessary for Mark to pay out the 260k or 500k or whatever?

Like, if you ever have a computer glitch there's no do overs and the exchange or broker should be instantly liable for the entirety of the bugged trades? Doesn't that sound just a weee bit unrealistic to you?

[Synaptic]

He logged in 3 minutes before the whole thing unfold.

Well I'm sure convinced!  Off to prison with Kevin!  /sarcasm

Good grief.  You're just terrible to make such connections.  

Sir, we're from the MagicalFBI and we'd like a word with you regarding your opinions.

Would you mid stepping over here for a moment.

Thank You, Sir.

[flug]

So the crash started 05:15?
Does that tally with the Windows time in this vid? http://www.youtube.com/watch?v=T1X6qQt9ONg

Probably. It took very long time before it reached $0.01.

It was down to 5.0 at x:47
Did it really take 30 mins to go from 17 down to 5?

[Phil21]

Whether or not Kevin was at all involved with the hacker is irrelevant. He has taken possession of stolen goods. At the time he probably didn't know they were stolen.  Now he does. Now it's a crime if he keeps them.

He does?  What proof?  Why does everyone immediately jump to the conclusion that this was a hack?  What is the BTC address of the guy who got stolen from?  I'll help refund 650 btc myself - it's completely irrelevant to this discussion.

MT posts some random selective login (why?) logs, and you immediately believe him? hmm.

Sucks, I was really hoping on a future for bitcoin and had a good 10 grand or so invested in development of some new services offering both physical products (food! omg!) for bitcoin, as well as some security-related services that appear to be sorely needed.  This doesn't even include the mining op which I do for fun.

I've put those projects on hold for the time being, until this mess is resolved in a professional or community-responsible manner.  The previous issue that was NOT resolved professionally AT ALL that I was not aware of, made my mind up.  The fact I know Kevin personally and know he is not in any way involved beyond what he has posted, just is icing on the cake.  You forcing to get lawyers involved just to get any semblance of truth on the table is pathetic.

Hopefully Tradehill, or another competitor, will prove to be better stewards so I'll have a relatively stable market to build products for.  I'd like to not have to worry about being accused of criminal behavior by engaging in commerce on their terms, should I so happen to login at the wrong time.

Yeesh.

-Phil

[Martin P. Hellwig]

<cut>
Option 4: Mt Gox signals this to the competent authorities
+ We are safe
+ We may even have a chance of catching our hacker if Kevin knows him
+ We can rollback without having to worry
- Having to deal with FBI, provide logs and proof

I would also recommend that option but question if the FBI is the appropriate authority, if the business you are running is done on US soil and the suspicious activity comes from US soil too, then yes FBI would be the most appropriate agency to contact although you should that via the local police. It is their job to elevate it to national, thus federal, level.

If either party is foreign, well things get a whole lot more complicated, to the level that it might be best just to report to the police and most likely never be heard of again.

It might be an idea to have this whole fiasco recorded, signed by a notary and publicized on a prominent accessible part on your site.

Although a whole lot of people carry the sentiment that this could have been prevented, this hindsight is of course 20/20. Security as a goal can not be achieved, though it is a path that should be followed. A common rule of thumb is that the effectiveness of countermeasures can be roughly divided in 75% organizational, 15% structural and 10 % electronically. Meaning that switching to an alternative OS with a more robust database and scripting language might seem the right thing to do, it is more effective to make rules that prevent or at least monitor suspicious activity.

I wish you all the best and strength to carry on, this mishap is naturally a lesson learned, but not as much as some on this forum make it sound. From where I stand this should not affect you on a personal level at all. It goes more in the oh-f* category, you already demonstrated you have a plan for contingency and are open to what is going to happen. The only thing that remains is doing that and rest is water under the bridge.

Believe me this is less of a screw up than when I accidentally shut down a banks main transaction mainframe (it was the end of the day and I typed shutdown -P now in my laptop terminal, which was actually an ssh session over to a box that was serial console attached to that SUN machine).

Luckily for me that bank had a hot fail over instance in another country, though waiting another 10 unpaid hours to verify the machine came up cleanly is synced and took over master role is not something I would like to do again :-).

[Synaptic]

There is no proof other than Mt Gox saying there was a theft.  I suspect there was never any hacker.  I suspect there was a bug in their code or someone at their company screwed up big time.  WHO with 500k bitcoins makes it easy for their account to be compromised?  Until PROOF of a hacking is provided, he has NOT accepted stolen goods.  

I feel pretty neutral about this whole thing, but am I right that you're saying if this whole thing was the result of a bug or employee error and the huge trade that crashed the market was never even entered by a market participant that that somehow makes it MORE necessary for Mark to pay out the 260k or 500k or whatever?

Like, if you ever have a computer glitch there's no do overs and the exchange or broker should be instantly liable for the entirety of the bugged trades? Doesn't that sound just a weee bit unrealistic to you?

I'm glad you brought this up.

And since we're all here in MagicalBacksiesLand, I'd like to do backsies on being an asshole to everyone here.

And everyone can have backsies on whatever too.

Backsies.

[bitbitcoincoin]

Whether or not Kevin was at all involved with the hacker is irrelevant. He has taken possession of stolen goods. At the time he probably didn't know they were stolen.  Now he does. Now it's a crime if he keeps them.

Money is generally treated differently than other stolen goods.  If every time I spent a $20, the serial number was checked to see if it had ever been stolen, so it could be taken away and returned to its rightful owner, money would be worth little.  

Kevin may very well be a "holder in due course" of the Bitcoins he purchased.  Namely, a party uninvolved in any drama between Mt. Gox and their hacker, and who needs to be kept whole with regard to a transaction he may have entered into in good faith.

However since the exchange itself was compromised and the price was not a accurate representation the transaction was not entered into in good faith by both parties.  Now that doesn't bode well for Mt Gox since you never want your currency exchange to be compromised like that, but its something Kevin and those in his situation will have to come to grips with since their purchases made during the flash crash were indeed illegitimate.

[Bimmerhead]

Why is it when a business hosted and administered from Japan is hacked from an IP traceable to Hong Kong the FBI gets called?  Have the Japanese outsourced their police work?

[Synaptic]

Why is it when a business hosted and administered from Japan is hacked from an IP traceable to Hong Kong the FBI gets called?  Have the Japanese outsourced their police work?

Apparently they're all tied up investigating strange tentacle monsters stealing schoolgirl panties...

..which, are actually worth more as a currency than bitcoins...

...in tentacle monster land.

[MagicalTux]

MT posts some random selective login (why?) logs, and you immediately believe him? hmm.

I posted all the logins on Kevin's and the hacked account for May 19th.

[MyFarm]

There is no proof other than Mt Gox saying there was a theft.  I suspect there was never any hacker.  I suspect there was a bug in their code or someone at their company screwed up big time.  WHO with 500k bitcoins makes it easy for their account to be compromised?  Until PROOF of a hacking is provided, he has NOT accepted stolen goods.  

I feel pretty neutral about this whole thing, but am I right that you're saying if this whole thing was the result of a bug or employee error and the huge trade that crashed the market was never even entered by a market participant that that somehow makes it MORE necessary for Mark to pay out the 260k or 500k or whatever?

Like, if you ever have a computer glitch there's no do overs and the exchange or broker should be instantly liable for the entirety of the bugged trades? Doesn't that sound just a weee bit unrealistic to you?

I fat fingered a trade at one point and bought 20 coins at 111 instead of 111 at 20 (numbers somewhere along those lines, I forget the exact numbers).  Should I get those back?

With that said, I'm not saying that he should get the coins because I don't know the answer to that.  That's one for the law to figure out once they have all the evidence.  There's just way too much fishiness going on.  I plain don't believe for a second that some unnamed person with 500k bitcoins had an easily hackable account that some hacker happened upon.  A lot just doesn't add up.

And that Mt Gox is now trying to connect Kevin to the hacker just puts it over the top.

[Synaptic]

There is no proof other than Mt Gox saying there was a theft.  I suspect there was never any hacker.  I suspect there was a bug in their code or someone at their company screwed up big time.  WHO with 500k bitcoins makes it easy for their account to be compromised?  Until PROOF of a hacking is provided, he has NOT accepted stolen goods.  

I feel pretty neutral about this whole thing, but am I right that you're saying if this whole thing was the result of a bug or employee error and the huge trade that crashed the market was never even entered by a market participant that that somehow makes it MORE necessary for Mark to pay out the 260k or 500k or whatever?

Like, if you ever have a computer glitch there's no do overs and the exchange or broker should be instantly liable for the entirety of the bugged trades? Doesn't that sound just a weee bit unrealistic to you?

I fat fingered a trade at one point and bought 20 coins at 111 instead of 111 at 20 (numbers somewhere along those lines, I forget the exact numbers).  Should I get those back?

With that said, I'm not saying that he should get the coins because I don't know the answer to that.  That's one for the law to figure out once they have all the evidence.  There's just way too much fishiness going on.  I plain don't believe for a second that some unnamed person with 500k bitcoins had an easily hackable account that some hacker happened upon.  A lot just doesn't add up.

And that Mt Gox is now trying to connect Kevin to the hacker just puts it over the top.

HEATHEN!

BE GONE WITH YOUR SORCEROUS TREACHERY.