ISAWHIM
|
|
March 01, 2014, 07:11:46 AM |
|
You know... it is like a 1:987654982364832846873287468237648732684692423684683276483268463286 chance to find the pass-phrase to open a wallet...
However, that being said...
You can still find it in 1 shot...
However, I do believe the draining was a long-term thing. The only good thing about that, is that there is a record of every transaction that was "resent", since the coins were not drained "accidentally", and it could only have been done if someone purposely altered the txid that Gox was using to confirm the "sent transaction"...
Eg, They know everyone that they re-sent to... because they have double withdraw records. One of each transaction was just "nullified", so it didn't come off that accounts balance. (Even if they didn't have the original Txid, they have the resent txid, and can check the address, and find 2 exact transfers, one after the other.)
Now... hopefully the idiots doing this, (though doubtfully), had verified accounts. (Accounts which had multiple IP's show, were forced to verify. Large transactions were forced to verify. Thus, some verification must exist, as well as a list of IP's or one singular IP for each drained account used.)
If that is actually the case. (Which I honestly doubt.)
I find it more believable that "someone", not K, has drained the wallets. After having somehow gotten access to the wallet and with equal access to the records.
That, or his wallets got "crypted" by that BTC ransom virus... which is uncrackable, and would require the ransom to be paid, to decrypt it. (Until the gov catches that guy, and freely decrypts everyone's locked computers.)
Or...
There was this other "Issue" with wallets... kind of a little known annoyance.
After the first 100 addresses that are created in a wallet.dat file... You can create many more. However, unless you have those saved, knowing the actual created addresses... they can never be "recreated", from an older backup of the wallet. Thus, those funds are essentially "gone", unless you randomly find the randomly created prior addresses, by luck.
That would make them "not gone", but "not accessible", which is a word he used in an interview.
The only solution to resolve that, is to not let the wallet create the addresses, you use a wallet generator, which is external, and can re-create the same random addresses, if given a seed-value. Then you just add those addresses to your wallet.dat file, to use them. (If the wallet becomes corrupt, you can still recreate it, using the external address generator. But not the wallet itself.)
Only sad part of the above... it does not work for "returned change", which will go to a new random address, beyond the 100, and out of the scope of the address generator.
honestly, the wallet needs an overhaul.
There is always simple "espionage"... hidden cameras, invisible tracer-paint on keypads, key loggers, database prying, packet-sniffing... It is not like he hand-built the systems himself. Nor did he have 24/7 security control, with security-watchers watching them, like a casino has.
It is time Gox was purchased by a real trade-market manager, with the security and protections it needs. Including fraud detection, and live audits.
Also.. how the hell did the audits NOT detect this? They had to audit off something real. (That alone says it probably wasn't actually a draining of a wallet.)
Whatever... a real criminal investigation is now underway. The reality will be exposed, then a real auditor will re-evaluate the actual losses... since his estimations were not legally valued like they should have been. 10,000 BTC deposited 4 years ago, was not worth today's prices, if it was never sold. It was worth the value at the time of deposit or of the last trade it had. He estimated all values at today's prices, including his own coins.
Not to mention all the dead accounts that were fake, and not a loss, because the depositors are dead, or in prison, or can never legally verify. (Thieves will not be going through the verification process to get laundered money that they stole, and now have to claim, for fear of being caught. Those have to come off the top of the "losses" also, and have to go to "unclaimed funds", which will just become, "unclaimed losses".)
|