I posted this in IRC last night and had some good convo with MagicalTux and various others. Currently i'm at work so don't have the logs in front of me. Please have a look and tell me if you see some error in my analysis or basic understanding! This is not an accusation of any kind, just someone trying to get to the bottom of this thing.
After the claims by MT that Kevin's behaviour was 'suspicous' i started looking at the activity logs on the market when it crashed, specifically what happened right at the turn (i.e. the rise back up from 0.01 after the sell).
MT said many, many things, some in his post and some in IRC chat.
So according to MT:1) Kevin logged in at 5:12, just a few minutes before the market started crashing (~5:15 onwards).
2) Since he bought at 0.01 he must have placed that large bid BEFORE the market crashed...thus implicating him (after all who would place a ~$3000 bid at 0.01 unless they knew it was comming).
According to MT this makes Kevin looks suspcious. But there is more useful info to consider:
4) When a BUY order is filled, the only log recorded is the time of the FILL and the time the order was PLACED gets wiped out completely. Thus Tux cannot be sure of anything really.
3) Also important to mention from MT we know that you cannot place a buy when a sell is in progress. So Kevin had to have placed that order before or after the sell, but could not have done so during.
Now check:
http://www.youtube.com/watch?v=T1X6qQt9ONgThis is a video of the market crashing live, it shows a ticker. The part we are interested in is at ~5.23 into the vid, right at the turn.
What we see are three things.
1) Orders being filled with a timecode of 13:15:xx
I guess this is the time that the mega sell order was created. Here we are seeing the order book being processed and then finally getting wiped out, 0.01 and then being emptied. This take a long time.
2) Then notice time change. Ticker goes from 13:15:xx to 13:51:xx instantly. More than 30 minute gap!
This is when NEW buy orders start arriving, /after the sell has wiped out the book/
3) The 6th order down from the time change is *the big one* 13:51:16 0.01 261383.76
4) From there the orders start increasing in value, until the market bounces right back to $14 or so fairly sharply/
So some important questions and conclusions really. Looks very plain to me from these logs that Kevin did indeed get very lucky. He watched the market crash, prepared his bid and hit go just at the right time -> managing to get the 6th BUY order after the turn, not the first, the 6th.
>>>>>> Kevin placed the BUY order after the SELL and the crash, not before as he was accused of.
The login time does not proove anything, what is important is the time of the buy order was placed. But we cannot get this from MTGox because of the log issue i've mentioned so we must relly on our own understanding.
If we assume as i now do, that Kevin's really is innocent, then what was the motivation of the Hacker? We all assumed the hacker was trying to crash the markets so he could cash out, but this clearly didn't work if kevin is innocent!!!!
a) placing a large buy just after the crash ....
... the problem with a is that how would anyone be sure he could get the order in at the right time. We all know that mgtox is slow at the best of times and any half descent brain would realise that after a major market event like that, the site was going to be absolutely hammered and thus impossible to reliably connect to - just as many of you here have reported.
So unless Hacker person messed this up badly, or Kevin beat him at his own game, it looks to me like they didn't have any real intention of cashing out like this..
b) placing a large buy before the crash ... (which didn't happen as the market activity ticker seems to show)
A better stratergy would have been to use several other compomised accounts (if guy had DB access, this should have been no problem) to place 0.01 BUY orders before the SELL, just at or under the equivalent $1000 usd limit. They would have been filled and if he had withdrawn the BTC very quickly he may well have gotten away with a much, much, much larger sum.
Why not do that? Was he stupid, a kid or did he just not care about the money that much and doing it for some other purpose.
In any sense Kevin does not look like a guilty party to me but a very lucky guy who now seems to think he should be entitled to keep the profits of a crime. I wonder what his mother would say.
MagicalTux: I appreciate how busy you are trying to bring MTGox back. However, a full, indepdent analysis of these events and the others mentioned in this thread, is the only realistic way to address the concerns of your user base. Diverting attention by blaming others with very sketchy.->zero evidence is absolutely not cool.
