Hacked Account Owner: is a Buddhist Monk

[kjj]

Why the fuck would the exchange have an account in their own system that signified the collected accounts of all of their users?

Don't you understand that their site doesn't operate by moving bitcoins around?  When you make a trade on the site, no fucking bitcoins change hands or change wallets or anything of the sort.

Do you think that 500,000 BTC can be obtained from thin air?
Under the assumption that it really belongs to a single user:

• If they were acquired when Bitcoins where worth 0.01, it would still had been a significant investment: $5000 USD
• If he didn't buy it and farmed it, the farming of 500,000 BTC signifies that he knows the intrinsic value of it, so he was quite dedicated on the project.

Both scenarios make very implausible that the owner would suddenly forget about their generated/purchased bitcoins, it shows interest, dedication, appreciation and/or faith for the bitcoin economy.
In the event of forgetting about it for a while, that hypothetical person wouldn't neglect that the prices increased more than 200,000% from the time he acquired/generated them.
And certainly everyone who is marginally related to bitcoins must have heard about jumping to $30 USD = 1 BTC. IF he had forgotten, that news might have reminded him that he was awesomly rich. Such news sparks interest again towards the bitcoins.

Who ever was/is the hypothetical owner, MUST HAVE KNOWN about his WEALTH.
Considering all above, the "Ignored and abandoned" argument is highly, very highly implausible.

Yes, 500,000 BTC can be obtained from thin air.  In fact, more than 10 times that amount has been created from thin air.  A good portion of it by people that screwed around with the project for a while and then left, never to be seen again.

You don't know a damn thing about bitcoins, nor about how an exchange market works, so maybe if you repeat your assertions bigger, they'll seem less stupid

[1715303661]

1715303661

[1715303661]

1715303661

[niemivh]

Why the fuck would the exchange have an account in their own system that signified the collected accounts of all of their users?

Don't you understand that their site doesn't operate by moving bitcoins around?  When you make a trade on the site, no fucking bitcoins change hands or change wallets or anything of the sort.

Do you think that 500,000 BTC can be obtained from thin air?
Under the assumption that it really belongs to a single user:

• If they were acquired when Bitcoins where worth 0.01, it would still had been a significant investment: $5000 USD
• If he didn't buy it and farmed it, the farming of 500,000 BTC signifies that he knows the intrinsic value of it, so he was quite dedicated on the project.

Both scenarios make very implausible that the owner would suddenly forget about their generated/purchased bitcoins, it shows interest, dedication, appreciation and/or faith for the bitcoin economy.
In the event of forgetting about it for a while, that hypothetical person wouldn't neglect that the prices increased more than 200,000% from the time he acquired/generated them.
And certainly everyone who is marginally related to bitcoins must have heard about jumping to $30 USD = 1 BTC. IF he had forgotten, that news might have reminded him that he was awesomly rich. Such news sparks interest again towards the bitcoins.

Who ever was/is the hypothetical owner, MUST HAVE KNOWN about his WEALTH.
Considering all above, the "Ignored and abandoned" argument is highly, very highly implausible.

Yes, 500,000 BTC can be obtained from thin air.  In fact, more than 10 times that amount has been created from thin air.  A good portion of it by people that screwed around with the project for a while and then left, never to be seen again.

You don't know a damn thing about bitcoins, nor about how an exchange market works, so maybe if you repeat your assertions bigger, they'll seem less stupid

Didn't know that anyone still thought that these all came from 1 person (not affiliated with MtGox).  Thought we had buried that myth.

[bitsalame]

Why the fuck would the exchange have an account in their own system that signified the collected accounts of all of their users?

Don't you understand that their site doesn't operate by moving bitcoins around?  When you make a trade on the site, no fucking bitcoins change hands or change wallets or anything of the sort.

Do you think that 500,000 BTC can be obtained from thin air?
Under the assumption that it really belongs to a single user:

• If they were acquired when Bitcoins where worth 0.01, it would still had been a significant investment: $5000 USD
• If he didn't buy it and farmed it, the farming of 500,000 BTC signifies that he knows the intrinsic value of it, so he was quite dedicated on the project.

Both scenarios make very implausible that the owner would suddenly forget about their generated/purchased bitcoins, it shows interest, dedication, appreciation and/or faith for the bitcoin economy.
In the event of forgetting about it for a while, that hypothetical person wouldn't neglect that the prices increased more than 200,000% from the time he acquired/generated them.
And certainly everyone who is marginally related to bitcoins must have heard about jumping to $30 USD = 1 BTC. IF he had forgotten, that news might have reminded him that he was awesomly rich. Such news sparks interest again towards the bitcoins.

Who ever was/is the hypothetical owner, MUST HAVE KNOWN about his WEALTH.
Considering all above, the "Ignored and abandoned" argument is highly, very highly implausible.

Yes, 500,000 BTC can be obtained from thin air.  In fact, more than 10 times that amount has been created from thin air.  A good portion of it by people that screwed around with the project for a while and then left, never to be seen again.

You don't know a damn thing about bitcoins, nor about how an exchange market works, so maybe if you repeat your assertions bigger, they'll seem less stupid

Tell me who in his right mind would spend 500,000 away NOW just to fool around.
Think again, they weren't in a wallet, they were in MtGox.
I see it is simply a logical gap in your brain, unfortunately there are no patches for faulty brains.

[bitsalame]

Why the fuck would the exchange have an account in their own system that signified the collected accounts of all of their users?

Don't you understand that their site doesn't operate by moving bitcoins around?  When you make a trade on the site, no fucking bitcoins change hands or change wallets or anything of the sort.

Do you think that 500,000 BTC can be obtained from thin air?
Under the assumption that it really belongs to a single user:

• If they were acquired when Bitcoins where worth 0.01, it would still had been a significant investment: $5000 USD
• If he didn't buy it and farmed it, the farming of 500,000 BTC signifies that he knows the intrinsic value of it, so he was quite dedicated on the project.

Both scenarios make very implausible that the owner would suddenly forget about their generated/purchased bitcoins, it shows interest, dedication, appreciation and/or faith for the bitcoin economy.
In the event of forgetting about it for a while, that hypothetical person wouldn't neglect that the prices increased more than 200,000% from the time he acquired/generated them.
And certainly everyone who is marginally related to bitcoins must have heard about jumping to $30 USD = 1 BTC. IF he had forgotten, that news might have reminded him that he was awesomly rich. Such news sparks interest again towards the bitcoins.

Who ever was/is the hypothetical owner, MUST HAVE KNOWN about his WEALTH.
Considering all above, the "Ignored and abandoned" argument is highly, very highly implausible.

Yes, 500,000 BTC can be obtained from thin air.  In fact, more than 10 times that amount has been created from thin air.  A good portion of it by people that screwed around with the project for a while and then left, never to be seen again.

You don't know a damn thing about bitcoins, nor about how an exchange market works, so maybe if you repeat your assertions bigger, they'll seem less stupid

Didn't know that anyone still thought that these all came from 1 person (not affiliated with MtGox).  Thought we had buried that myth.

Which is interesting to see that MtGox still doesn't acknowledge it.
They are sticking to their version and that raises even more suspicion.

[kjj]

Tell me who in his right mind would spend 500,000 away NOW just to fool around.
Think again, they weren't in a wallet, they were in MtGox.
I see it is simply a logical gap in your brain, unfortunately there are no patches for faulty brains.

The standard story so far is that the person that spent the 500,000 now just to fool around was not their legitimate owner.
I have no idea what you are referring to in your wallet comment.  As far as I can tell, you think that I think that the coins were in a wallet, and the wallet was lost.  Which is silly, because not long ago I was trying to explain to you and niemivh that wallets and mtgox accounts are totally different and unrelated concepts.

[bitsalame]

Tell me who in his right mind would spend 500,000 away NOW just to fool around.
Think again, they weren't in a wallet, they were in MtGox.
I see it is simply a logical gap in your brain, unfortunately there are no patches for faulty brains.

The standard story so far is that the person that spent the 500,000 now just to fool around was not their legitimate owner.
I have no idea what you are referring to in your wallet comment.  As far as I can tell, you think that I think that the coins were in a wallet, and the wallet was lost.  Which is silly, because not long ago I was trying to explain to you and niemivh that wallets and mtgox accounts are totally different and unrelated concepts.

Precisely, that's my point.

[kjj]

Tell me who in his right mind would spend 500,000 away NOW just to fool around.
Think again, they weren't in a wallet, they were in MtGox.
I see it is simply a logical gap in your brain, unfortunately there are no patches for faulty brains.

The standard story so far is that the person that spent the 500,000 now just to fool around was not their legitimate owner.
I have no idea what you are referring to in your wallet comment.  As far as I can tell, you think that I think that the coins were in a wallet, and the wallet was lost.  Which is silly, because not long ago I was trying to explain to you and niemivh that wallets and mtgox accounts are totally different and unrelated concepts.

Precisely, that's my point.

Huh?  What is your point?  Which part?

[YoYa]

With regard to the 500'000 bitcoins........these weren't necessarily real bitcoins, it could have been the BTC units within MtGox's own system....which suggests more was hacked then they are admitting.......which actually makes sense because they don't have a fucking clue anyway......hence the long delay while they get some kind of Sec infrastructure in place.

[kjj]

With regard to the 500'000 bitcoins........these weren't necessarily real bitcoins, it could have been the BTC units within MtGox's own system....which suggests more was hacked then they are admitting.......which actually makes sense because they don't have a fucking clue anyway......hence the long delay while they get some kind of Sec infrastructure in place.

Since the sell off happened on mtgox's order books, the 500,000 coins could not have been real bitcoins.  They were accounting units internal to their system.  I still haven't figured out why people think it was some sort of master wallet, or collective account that was involved.  It was purely an internal representation, and this is obvious because only their internal representation can participate in their order matching.

[mp420]

Moderators, feel free to delete this comment, but I would say that no website developed with php can be trusted.

In my view php is inherently insecure and it encourages unsafe coding style. It's easy to code and "neat" at the expense of being very prone to unintended results. Take the php "require" directive as a case point. (I know experiensed php coders do not fall for this trap, but it demonstrates php's lack of safety.) It takes a url as an argument without so much as a shrug, making it a very attractive target for code injection attacks. The whole language is riddled with this kind of stuff. You have to be very careful when working with php, and even if you really know what you're doing it's still likely that there are big security holes left in your code.

[bitsalame]

With regard to the 500'000 bitcoins........these weren't necessarily real bitcoins, it could have been the BTC units within MtGox's own system....which suggests more was hacked then they are admitting.......which actually makes sense because they don't have a fucking clue anyway......hence the long delay while they get some kind of Sec infrastructure in place.

Since the sell off happened on mtgox's order books, the 500,000 coins could not have been real bitcoins.  They were accounting units internal to their system.  I still haven't figured out why people think it was some sort of master wallet, or collective account that was involved.  It was purely an internal representation, and this is obvious because only their internal representation can participate in their order matching.

Because MtGox officially stated it. And it is a massive bullshit, as you reasoned by yourself.
The thing is that they don't want to acknowledge that they were hacked. According to them, they weren't hacked ever.
Here is the citation:

Huge Bitcoin sell off due to a compromised account - rollback
 
The bitcoin will be back to around 17.5$/BTC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST).

One account with a lot of coins was compromised[/b][/color] and whoever stole it (using a HK based IP to login) first sold all the coins in there, to buy those again just after, and then tried to withdraw the coins. The $1000/day withdraw limit was active for this account and the hacker could only get out with $1000 worth of coins.

Apart from this no account was compromised, and nothing was lost. Due to the large impact this had on the Bitcoin market, we will rollback every trade which happened since the big sale, and ensure this account is secure before opening access again.

1st) The $17.5 it is arbitrary. That concerns me.
2nd) The One account story is being insisted by MtGox in several threads in the forum.
3rd) Rollback sounds like a game. There is no rollback in life. Shit happens, people lose, people win. Move on. Compensate for your mistakes, honor it.

Since this statement wasn't satisfying for the people who actually got a hold of the userbase with all the emails, usernames and passwords of all the users in MtGox.
So another statement was released:

[Update - 2:06 GMT] What we know and what is being done.

• It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.
• Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven't been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password.
• We have been working with Google to ensure any gmail accounts associated with Mt.Gox user accounts have been locked and need to be reverified.
• Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT.
• When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password.
• Once Mt.Gox is back online,  trades  218869~222470 will be reverted.

So here you see how they insist that they weren't hacked.
And Mark from MtGox keeps insisting:

We have evidence the problems found by phantomcircuit have never been exploited by anyone, and we have further evidence someone logged in on your account using your password. We cannot take liability for a case which is clearly not linked to any problems on our side.

Thanks,
Mark
MtGox.com Team

As you can see, by insisting the story of the "single user account hacked" they want to free themselves from all responsability, save their faces and blame their incompetence to the users.
There are stupid users with simple passwords (still cracking: more than 800 passwords already cracked) but someone with 500,000 BTC in a single account with a lame password doesn't seem to be probable (although it is totally possible).

Considering the reasons I detailed in my first post in the creation of this thread, I think everything is a lousy attempt of a cover up to hide their asses to not be held responsible.
This lie would save them money (from compensations) and somehow it would cause tranquility to some of their users since they would be relieved that "their systems weren't compromised", which I bet it is totally untrue.

We got all our usernames, passwords hashes and email addresses exposed. All of us are now in spammers' databases.
Most of us got really stressed out because we shared the same password in several accounts.
And some of us realized that their worst fears became true: they got victimized in other exchanges.

It doesn't matter if it was an external auditor, MtGox is trying to wash their hands from this.
They claim that the CSRF vulnerability discovered by phantomcircuit wasn't exploited because they checked their logs... this type of attack leaves no logs, and it's been confirmed from other users in the forum that it's been used before and after the fix.

This attitude from MtGox isn't acceptable.
It seriously makes me doubt about their moral integrity.
And as I said before: "trust takes a decade to build, and only one second to break"
MtGox, you better work hard to earn our trust again, all these lies/incompetence/negligence are simply not acceptable.

[passerby]

I seriously believe that the only account being compromised is Mt.Gox's.

See the psychological side here:
ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.
Anyone would be twitting about it, shouting about it, ranting about it, talking to the press, talking shit about Mt.Gox, and cursing God, the Devil, the Archangels and his own mother.

This is the critical factor I consider since I am a psychology major I am way more attentive on behavioral cues.
It is totally abnormal this silence from the account owner.
Either this user doesn't exist or he is a Buddhist monk with the lowest neuroticism level in the history of mankind.

According to Mt.Gox 500,000 BTC were stolen from ONE account, and that not only that such accumulation of wealth in a eWallet account is highly implausible, but observing the calmness of that supposed owner I am inclined to believe that that owner is non-existent.
The only one going bananas is Mt.Gox. Obviously you can claim Mt. Gox is simply protecting the credibility of his exchange site, but what is really interesting is that he insists on reverting back when actually there are other options.

Why would an exchange protect the interests of only ONE user? When accounts got hacked in the past, MtGox took the bullet and reimbursed partially to the hacked user, but never reverted back a whole history of transactions.
Also why is MtGox so adamant in defending this single affected user?

If that doesn't make sense then, we have three options left:
1) The REAL Account Owner: The hacked account "single user" account are Mt.Gox's or it belongs to someone closely related to Mt.Gox.
2) The PWNAGE Cover Up:The "single user account" is a cover story to hide the fact that actually the site got compromised much deeper than they are willing to admit. (loss of credibility would be the death of Mt.Gox)
If the auditor/attacker got access to the passwd file, he could have cracked hundred of accounts in hours.
I am currently testing that idea out, I've been trying to crack the hashes for 3 hours and I neared 600 accounts cracked, all of them from salted hashes and weak passwords. A simple script could have siphoned all the bitcoins out when the attack wasn't yet detected (maybe salami sliced, that's why nobody really noticed any thievery).
The worst case scenario is that the attacker has been in control of the site from a long time and he actually didn't need to crack any password, he simply got them all in plaintext.
3) The STOOPID Cover Up: We can never leave out the most stupid causes, since stupid mistakes happens everytime, maybe it was a typing mistake, a new employee, a girlfriend playing with the admin panel, etc...

These three possibilities makes Mt.Gox's claims understandable, it would be humilliating and his credibility would be completely stained forever. He wouldn't be able to admit such stupid mistakes.

But one thing is definitive: The argument about a single user being hacked makes NO SENSE AT ALL.

I might be wrong, but he didn't loose all of those monies, technically, only the monies the hacker managed to withdraw....

Also, the account with 8mil in coins could be held by an org, for all we know (and it's quite normal for corporate people to use retarded passwords. Trust me on this one)

[bitsalame]

I seriously believe that the only account being compromised is Mt.Gox's.

See the psychological side here:
ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.
Anyone would be twitting about it, shouting about it, ranting about it, talking to the press, talking shit about Mt.Gox, and cursing God, the Devil, the Archangels and his own mother.

This is the critical factor I consider since I am a psychology major I am way more attentive on behavioral cues.
It is totally abnormal this silence from the account owner.
Either this user doesn't exist or he is a Buddhist monk with the lowest neuroticism level in the history of mankind.

According to Mt.Gox 500,000 BTC were stolen from ONE account, and that not only that such accumulation of wealth in a eWallet account is highly implausible, but observing the calmness of that supposed owner I am inclined to believe that that owner is non-existent.
The only one going bananas is Mt.Gox. Obviously you can claim Mt. Gox is simply protecting the credibility of his exchange site, but what is really interesting is that he insists on reverting back when actually there are other options.

Why would an exchange protect the interests of only ONE user? When accounts got hacked in the past, MtGox took the bullet and reimbursed partially to the hacked user, but never reverted back a whole history of transactions.
Also why is MtGox so adamant in defending this single affected user?

If that doesn't make sense then, we have three options left:
1) The REAL Account Owner: The hacked account "single user" account are Mt.Gox's or it belongs to someone closely related to Mt.Gox.
2) The PWNAGE Cover Up:The "single user account" is a cover story to hide the fact that actually the site got compromised much deeper than they are willing to admit. (loss of credibility would be the death of Mt.Gox)
If the auditor/attacker got access to the passwd file, he could have cracked hundred of accounts in hours.
I am currently testing that idea out, I've been trying to crack the hashes for 3 hours and I neared 600 accounts cracked, all of them from salted hashes and weak passwords. A simple script could have siphoned all the bitcoins out when the attack wasn't yet detected (maybe salami sliced, that's why nobody really noticed any thievery).
The worst case scenario is that the attacker has been in control of the site from a long time and he actually didn't need to crack any password, he simply got them all in plaintext.
3) The STOOPID Cover Up: We can never leave out the most stupid causes, since stupid mistakes happens everytime, maybe it was a typing mistake, a new employee, a girlfriend playing with the admin panel, etc...

These three possibilities makes Mt.Gox's claims understandable, it would be humilliating and his credibility would be completely stained forever. He wouldn't be able to admit such stupid mistakes.

But one thing is definitive: The argument about a single user being hacked makes NO SENSE AT ALL.

I might be wrong, but he didn't loose all of those monies, technically, only the monies the hacker managed to withdraw....

Also, the account with 8mil in coins could be held by an org, for all we know (and it's quite normal for corporate people to use retarded passwords. Trust me on this one)

Hahaha, true I haven't thought of that.
If the 8mill were held by an organization it would be hardly any bitching publicly.
But considering that the bitcoin market is very volatile and very risky, I doubt that any organization would invest around 8 million dollars in it. This is a groundless assumption... but I really doubt it.

Most probably that "single" account belonged to Mark or one of his partners.

PS: Yes, MtGox didn't "lose" all that money, right now everything is still in their hands (most of it). The problem is what to do with the transacted bitcoins. On paper right now, almost everything belongs to Kevin.
But that is another discussion, the main thread here in this thread is to point out that the "single account hack" is most definitely either bullshit or they are protecting their own accounts or trying to free themselves of responsabilities and compensations.

[bcearl]

If it is true that he was a buddhist monk, we can be glad that he has lost the money for the next terrorist attack targeting Tokyo subway.

[tubro]

Here's one more conspiracy theory: The org that held the big account was ... the EFF! That's why they turned cowardly just now. Watch for the remainder of 500.000 BTC turning up at the faucet!

[Hunterbunter]

Maybe the owner was on holiday.

OR

maybe santoshi's account was the one hacked and played with.

OR

Didn't this happen like a few days after someone's visit to the CIA? so like...the CIA did it?

[d.james]

If the hacked account truly belongs to a Buddhist Monk, and his account is the only one that got hacked and suffered damage,
The monk would've voted NO ROLLBACKS as the saint he is. 

[passerby]

Hahaha, true I haven't thought of that.
If the 8mill were held by an organization it would be hardly any bitching publicly.
But considering that the bitcoin market is very volatile and very risky, I doubt that any organization would invest around 8 million dollars in it. This is a groundless assumption... but I really doubt it.

Most probably that "single" account belonged to Mark or one of his partners.

PS: Yes, MtGox didn't "lose" all that money, right now everything is still in their hands (most of it). The problem is what to do with the transacted bitcoins. On paper right now, almost everything belongs to Kevin.
But that is another discussion, the main thread here in this thread is to point out that the "single account hack" is most definitely either bullshit or they are protecting their own accounts or trying to free themselves of responsabilities and compensations.

What makes you think that the organization in question invested those money in the typical financial sense (to gain direct profits from bitcoin exchange)?
Of course, an alternative hypothesis would be that an organization such as, but not limited to, a corporation, would clandestinely move funds into a bitcoin market in order to obtain a fast, thoroughly laundered and plausibly deniable stash of "pseudocash" for blatantly illegal purposes, and most certainly, the idea that a corporation (or other organizational agent), would sink as low as to engage in acts of bribery, sabotage, espionage or other criminal acts, is outright unthinkable. UN-THINK-ABLE I SAY, GOOD SIR  

Or, an even better theory:
given the timing of Gavin's CIA talk, there is distinct possibility that those were CIA money, moved into bitcoin market for laundering and further use as a payment vector for assassinations or some other outrageous acts CIA would rather be able to absolutely deny connection with.
And CIA are hardly beyond using retarded passwords - they are, after all, merely human.

That would neatly explain why Gox folks are so adamant in protecting the interests of the Mysterious Millionaire Client With Lousy Passwords (that is, the Gox folks do not find oxidative phosphorylation to be a burdensome ordeal )

[Epinnoia]

Maybe the owner was on holiday.

OR

maybe santoshi's account was the one hacked and played with.

OR

Didn't this happen like a few days after someone's visit to the CIA? so like...the CIA did it?

Maybe the owner is dead?  People do die.

I think it's pretty likely that the account that was hacked was not just an ordinary user's account.  It was probably MtGox's account, or one of their owners.  I would also place some possibility in it being owned by the operators of Silk Road, and the hackers might possibly be government agents (auditors?) trying to ferret out those Silk Road operators...

[AbeSkray]

See the psychological side here:
ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.
Anyone would be twitting about it, shouting about it, ranting about it, talking to the press, talking shit about Mt.Gox, and cursing God, the Devil, the Archangels and his own mother.

I also think that it is unlikely that one user had 500,000 BTC in one Mt Gox account. However, if it was true, I don't think that user would necessarily come forward. Think about allinvain who claims he lost 25,000 BTC to a hacker. Some sympathize with him as a victim, but a lot of the internet see him as a laughing stock for not taking proper security measures.

I think a lot of people would come forward if they lost 500,000 BTC, but I think that there are a lot more than Buddhist monks who might decide to keep their mouths shut out of embarrassment.

These three possibilities makes Mt.Gox's claims understandable, it would be humilliating and his credibility would be completely stained forever. He wouldn't be able to admit such stupid mistakes.

You argue that Mt Gox has a motive to cover up his mistakes to save face. Couldn't the same be true for the alleged user who put 500,000 BTC into one Mt Gox account?