Hacked Account Owner: is a Buddhist Monk

[bitsalame]

I seriously believe that the only account being compromised is Mt.Gox's.

See the psychological side here:
ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.
Anyone would be twitting about it, shouting about it, ranting about it, talking to the press, talking shit about Mt.Gox, and cursing God, the Devil, the Archangels and his own mother.

This is the critical factor I consider since I am a psychology major I am way more attentive on behavioral cues.
It is totally abnormal this silence from the account owner.
Either this user doesn't exist or he is a Buddhist monk with the lowest neuroticism level in the history of mankind.

According to Mt.Gox 500,000 BTC were stolen from ONE account, and that not only that such accumulation of wealth in a eWallet account is highly implausible, but observing the calmness of that supposed owner I am inclined to believe that that owner is non-existent.
The only one going bananas is Mt.Gox. Obviously you can claim Mt. Gox is simply protecting the credibility of his exchange site, but what is really interesting is that he insists on reverting back when actually there are other options.

Why would an exchange protect the interests of only ONE user? When accounts got hacked in the past, MtGox took the bullet and reimbursed partially to the hacked user, but never reverted back a whole history of transactions.
Also why is MtGox so adamant in defending this single affected user?

If that doesn't make sense then, we have three options left:
1) The REAL Account Owner: The hacked account "single user" account are Mt.Gox's or it belongs to someone closely related to Mt.Gox.
2) The PWNAGE Cover Up:The "single user account" is a cover story to hide the fact that actually the site got compromised much deeper than they are willing to admit. (loss of credibility would be the death of Mt.Gox)
If the auditor/attacker got access to the passwd file, he could have cracked hundred of accounts in hours.
I am currently testing that idea out, I've been trying to crack the hashes for 3 hours and I neared 600 accounts cracked, all of them from salted hashes and weak passwords. A simple script could have siphoned all the bitcoins out when the attack wasn't yet detected (maybe salami sliced, that's why nobody really noticed any thievery).
The worst case scenario is that the attacker has been in control of the site from a long time and he actually didn't need to crack any password, he simply got them all in plaintext.
3) The STOOPID Cover Up: We can never leave out the most stupid causes, since stupid mistakes happens everytime, maybe it was a typing mistake, a new employee, a girlfriend playing with the admin panel, etc...

These three possibilities makes Mt.Gox's claims understandable, it would be humilliating and his credibility would be completely stained forever. He wouldn't be able to admit such stupid mistakes.

But one thing is definitive: The argument about a single user being hacked makes NO SENSE AT ALL.

[1713484059]

1713484059

[1713484059]

1713484059

[1713484059]

1713484059

[1713484059]

1713484059

[Oldminer]

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

[bitsalame]

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

The point is Mt.Gox reputation is on the line.
If it is lying, as he probably is, then it is not reliable anymore.
We can't tell the real story behind it, we can't make a damage assessment from it.
We can't rely on Mt. Gox.

Neither the best case scenario (they are trying to save face) nor the worst (they got fucked very deep up to the colon) are really comforting.
Mt Gox CAN'T be trusted.

[Bit_Happy]

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

Often I agree with you Oldminer, and I'm not looking to pick a fight.

1) Despite the huge overload of Gox threads, this one has a new twist. The Monk idea is clever, IMO.
2) This is also pretty valid, "The single hacked user account makes NO SENSE AT ALL.". I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

[Hook^]

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

Because if it is Elmer Fudd, then Bugs Bunny will be getting the bitcoins vewy vewy soon.

[bitsalame]

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

Often I agree with you Oldminer, and I'm not looking to pick a fight.

1) Despite the huge overload of Gox threads, this one has a new twist. The Monk idea is clever, IMO.
2) This is also pretty valid, "The single hacked user account makes NO SENSE AT ALL.". I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

Uhm, that is a possibility I haven't considered.
But who would be willing to lose 8 Millions? What is their gain by crashing the market?

[nhodges]

passwd file != exchange user database

riddle me this

[Bit_Happy]

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

Often I agree with you Oldminer, and I'm not looking to pick a fight.

1) Despite the huge overload of Gox threads, this one has a new twist. The Monk idea is clever, IMO.
2) This is also pretty valid, "The single hacked user account makes NO SENSE AT ALL.". I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

Uhm, that is a possibility I haven't considered.
But who would be willing to lose 8 Millions? What is their gain by crashing the market?

What is that old Latin phrase for "who benefits?"

What is their gain by crashing the market?
I try not to be a conspiracy kook

CIA/NSA
If you are a Government who is threatened by BTC, and can print unlimited supplies of USD, would you have been a bug buyer either early on or the night it jumped from 14 to 19, then 19 to 24 in huge buy moves?


Much of this daily BTC drama is really being written in a Gov office somewhere, and then presented to us*?  

*HI, I'm Kevin Your New Guest Star In The Bitcoin Wars!  

[dana.powers]

perhaps the 500,000 BTC were transferred in from the stolen wallet files obtained via the trojan that's been circulating?  Not sure that makes total sense, but it might explain why someone with 500,000 BTC would have them all in mtgox.

[bitsalame]

passwd file != exchange user database

riddle me this

Don't be such a nerd, don't troll about terminologies, you know what I meant.
I am cracking the FreeBSD MD5 hashes of the leaked userbase from MtGox. Happy now?

[kjj]

ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.

Why do you assume that it is someone that knows they lost a bunch of bitcoins?

Why can't it be some dude that gathered up a shitload of coins when they were worth less than belly button lint, and has long since forgotten about the whole project?

[Bit_Happy]

ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.

Why do you assume that it is someone that knows they lost a bunch of bitcoins?

Why can't it be some dude that gathered up a shitload of coins when they were worth less than belly button lint, and has long since forgotten about the whole project?

I'm almost certain MtGox did not exist during the days of the 20,000BTC pizza, so the funds could not have been transferred then.

[GeniuSxBoY]

What if...



just...

WHAT IF....



the account was owned by the hacker!!! oMG revelation!!


hack account -> withdraw -> add fund to hacker's own account
hack account -> withdraw -> add fund to hacker's own account
hack account -> withdraw -> add fund to hacker's own account
hack account -> withdraw -> add fund to hacker's own account
.
.
.
profit

[Hook^]

I'm almost certain MtGox did not exist during the days of the 20,000BTC pizza, so the funds could not have been transferred then.

They didn't.  It was only BitcoinMarket back then.

[bitsalame]

ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.

Why do you assume that it is someone that knows they lost a bunch of bitcoins?

Why can't it be some dude that gathered up a shitload of coins when they were worth less than belly button lint, and has long since forgotten about the whole project?

Do you think that 500,000 BTC can be obtained from thin air?
Under the assumption that it really belongs to a single user:

• If they were acquired when Bitcoins where worth 0.01, it would still had been a significant investment: $5000 USD
• If he didn't buy it and farmed it, the farming of 500,000 BTC signifies that he knows the intrinsic value of it, so he was quite dedicated on the project.

Both scenarios make very implausible that the owner would suddenly forget about their generated/purchased bitcoins, it shows interest, dedication, appreciation and/or faith for the bitcoin economy.
In the event of forgetting about it for a while, that hypothetical person wouldn't neglect that the prices increased more than 200,000% from the time he acquired/generated them.
And certainly everyone who is marginally related to bitcoins must have heard about jumping to $30 USD = 1 BTC. IF he had forgotten, that news might have reminded him that he was awesomly rich. Such news sparks interest again towards the bitcoins.

Who ever was/is the hypothetical owner, MUST HAVE KNOWN about his WEALTH.
Considering all above, the "Ignored and abandoned" argument is highly, very highly implausible.

Now, who would put more than 500,000 BTC in one exchange? That really escapes me.
Anyone who has that much in one site must have close relationships with the owner, otherwise I don't see how you would trust such amount in one place.
On the other hand, it would also make sense that it is a government conspiration, but considering that the bitcoin economy is still experimental I wonder if they would take such preventive measures to try to destroy it.

Personally I rather the explanation of the cleaning lady cleaning the keyboard and pressing "Sell 0.01"... would you admit such error if this were true and you were MtGox? LOL

[Bit_Happy]

I'm almost certain MtGox did not exist during the days of the 20,000BTC pizza, so the funds could not have been transferred then.

They didn't.  It was only BitcoinMarket back then.

I wish I'd been here then, you folks had a great little group.   

[niemivh]

If that doesn't make sense then, we have three options left:
1) The REAL Account Owner: The hacked account "single user" account are Mt.Gox's or it belongs to someone closely related to Mt.Gox.
2) The PWNAGE Cover Up:The "single user account" is a cover story to hide the fact that actually the site got compromised much deeper than they are willing to admit. (loss of credibility would be the death of Mt.Gox)[/size]

Bingo.

My guess is that it was their 'bank' account or something to that effect which actually contained the total funds in BTC of the entire exchange or a sizable portion of it.  I'm about 90% certain that they are insolvent and probably shitting bricks right now trying to determine what to do about it.  It might not be up for quite a while.  If they are insolvent that raises an interesting question:

1) Is it a 'bank run' as soon as the exchange opens?  (expect X lawsuits)
2) Do all MtGox assets get triaged and we get a portion of what we held there?  (expect 10x lawsuits)
3) Does and can MtGox "eat" the loses and then pays to make everyone whole (definitely the best long term solution for them),but do they have the assets?
        a.  If they don't can they raise money to buy BTC over-the-counter to become re-solvent?  Or do they come clean about insolvency and not allow people to withdraw until they gain enough money in fees to make everyone whole.  (this would crush the price of BTC into the ground but probably have the least legal implications).
        b.  Remain insolvent, don't tell this and hope that there isn't a 'bank run' (hopefully nobody over there at MtGox is proposing this, this is a BAD idea)

On a side note should the Exchanges prevent this type of 'dumping'?  I would definitely say yes that a certain account can only sell so much at least making the user have to have multiple accounts in order to dump more, therefore lowering the security risk by having a single user with 500k BTC, if you buy that story.

Lol, I bet the 'free market' fanatics here are starting to see how regulation comes into existence. 

[Bit_Happy]

...
        b.  Remain insolvent, don't tell this and hope that there isn't a 'bank run' (hopefully nobody over there at MtGox is proposing this, this is a BAD idea)
...

Depending on the actual loses: The $1000/day limit will stop a bank run, or at least slow it down, while people get to trade.

[sortedmush]

I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

+1

[Bit_Happy]

I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

+1

Thanks, I'm tired of all this, and just want a secure MtGox to open soon.


New API @Gox
Changes to the API

Since we will migrate to a new system, I'll announce a few changes to the API so people can be ready. It shouldn't cause any compatibility problem for most people.

    It will be possible to issue API keys for your account, with limited or full access, and revoke those keys. You can however still use the API for full access with login and password
    Trade IDs will be much larger, and no longer in sequence. Old trades will keep their old IDs. New trades will have an ID which correspond to the trade execution time in microseconds, for example: 1308609708628581
    Order IDs will become UUIDs. Old orders will have an UUID assigned to them. An UUID is a 36 characters long string made of hexadecimal characters separated by a dash. Example: 1f0b3734-ddf3-47e8-badb-a85a700c61d9

It should also be noted that the way the whole system works will be a bit different. When an order is placed, it may have a delay before being executed, if the engine is busy. The trade will be put into queue. Additional API parameters will exist to allow trades to be non queued (return failure if engine is busy), have an expiration in queue, do not cause creation of an actual order after being executed if full execution was not possible, or have an expiration as an open order.

Other changes will also be made in the future, however they should be compatible with existing implementations.
https://support.mtgox.com/entries/20208658-changes-to-the-api