Hackers steal data from MtGox server and release it with Mark's reddit account.

[Phinnaeus Gage]

Opening the zip in an of itself shouldn't be a problem.

Correct (assuming it has been verified to be a valid zip without some hidden executable component), but he said he also opened a PDF file. That's dangerous.

yes, have to be careful with PDF's. Though I don't think that the CV contained a virus.

I do open PDF's all the time, but seem to be spooked by this one due to the warnings. This is the main laptop I use for everything. In fact, I even had it in Atlanta and stored it in BitPay's Coke (as in soda) locker that Friday evening, unlocked. The next day, it was under the table where the Bitcoin Magazine was being sold in the conference lecture room. If stolen, the thief could have easily gotten tens of thousands of dollars from me, and that's with not having a personal bitcoin wallet. Yes, I'm still using a third party service, not learning my lesson after InstaWallet went dark.

I guess my only concern is some keylogger program and password sniffer being in place now. Is such a possibility with any malware that may now be in place?

[smooth]

I do open PDF's all the time, but seem to be spooked by this one due to the warnings.

It's more than just warnings. We know for a fact^* that the very same zip file contained wallet-stealing malware. That makes the rest of the zip very suspicious as well. You are justified in being spooked.

^* Fact in the sense that someone claimed to disassemble it and posted the code. In theory that could be fake.

[Phinnaeus Gage]

Is the following site safe to visit: bitcoincorp.de/MtGox_Ba            lances.txt (broken up with spaces, so just connect the a to the l -- self-explantory)

[bananas]

It can't represent all of their customers if there's only 80K or so accounts, that's way too few.

At one point they were handling thousands of verifications a day weren't they? Or was it all just one big lie...?

The balance file states this:

mysql> SELECT * FROM platform.User_Wallet WHERE platform.User_Wallet.Balance != 0 ORDER BY platform.User_Wallet.Balance DESC;

Means that only accounts with balance different of 0 were retrieved.

[usabitcoinbuyer]

One more installment of random stats...

Most of the 16 accounts with negative BTC balances have no corresponding BTC deposit/withdrawal history.  I was hoping to find some evidence of the transaction malleability exploit there.  It looks like most of the negative balance accounts date back to 2011, so they could represent fallout from the database reset.  The negative balances "only" total about 300 BTC.

If you're keeping score on relative magnitude of goxxage, here's a CDF of the BTC balances:

Code:

Total = 88267 
Accounts greater than or equal to (BTC/satoshi)

10000    B = 5 (0.006%)
 1000    B = 101 (0.114%)
  100    B = 1367 (1.549%)
   10    B = 8658 (9.809%)
    1    B = 26470 (29.99%)
    0.1  B = 42766 (48.45%)
    0.01 B = 55324 (62.68%)
    0.001B = 69266 (78.47%)
10000    s = 79420 (89.98%)
 1000    s = 84957 (96.25%)
  100    s = 86350 (97.83%)
   10    s = 87069 (98.64%)
    1    s = 88251 (99.98%)

[coinage]

Is the following site safe to visit: bitcoincorp.de/M... [snip]

Currently, the URL you posted appears to return a plain 42MB text file with a columnar text report showing user identifiers, balances, withdrawal limits, etc. It currently seems safe to retrieve with a tool such as wget and to view with a simple plain text viewer.

Chances are the data is valid and the person posting it is providing a useful service.

However, don't let anyone categorically tell you a site or page is safe, unless they're in control of it and you trust them (and you believe it won't be hacked by the time you retrieve it).

Reason: sites can be programmed to return different data to different users.

Example: On linux, using wget (a file retrieval tool) with its default user agent string (not pretending to be using something else), I seem to be getting an ordinary text file (based on a quick view of the beginning, end, and some random points along the file). But a user on another OS, or using an actual web browser (or anyone tomorrow, or maybe just every 17th user) could be sent an entirely different file which could have an exploit. It's also possible this 42MB file could have embedded data which might attack a particular word processor should you try to open it in one.

So: always best to use a computer (or virtual computer) you don't use for financial transactions, and/or to use the simplest tools possible to do the job.

[coinage]

... here's a CDF of the BTC balances:

Code:

Total = 88267 
Accounts greater than or equal to (BTC/satoshi)

10000    B = 5 (0.006%)
 1000    B = 101 (0.114%)
  100    B = 1367 (1.549%)
   10    B = 8658 (9.809%)
    1    B = 26470 (29.99%)
    0.1  B = 42766 (48.45%)
    0.01 B = 55324 (62.68%)
    0.001B = 69266 (78.47%)
10000    s = 79420 (89.98%)
 1000    s = 84957 (96.25%)
  100    s = 86350 (97.83%)
   10    s = 87069 (98.64%)
    1    s = 88251 (99.98%)

Thanks for tallying that. It won't help users who were tragically harmed, but it's reassuring to see that only a small number still held large balances at gox, and hopefully most of them were also diversified into other investments or exchanges as well.

The site's mismanager claimed (in IRC as usual) that he kept all his own btcs on it. While few of us would ever believe that, it would account for many of the largest accounts, further reducing the apparent damage to customers.

[andy10000]

Rookie question: Am I reading this right? The accounts with a BTC balance total up to a liability of 950k BTC

Whereas what's at the bottom is a transaction balance sheet of actual transactions in and out of Gox wallets, which implies an actual balance of 500k BTC. That's if there were no btc in the wallets at the start of the relevant time period. Is that total referring to year zero?


Currency: BTC     Balance:     951,116.21905382     <--- What they owe to their 80k+ customers

Total BTC Deposits:  19,065,241.307202    <--- since what date?
Total BTC Withdrawl: 18,563,466.149383   <--- since what date?
------------------------------------
BTC Difference:         501,775.157819      <--- So is this what they have in their wallets? Or is this based on their off-blockchain accounting system. (in which case they knew they were running a fractional reserve!)


Gox also claimed in it's bankruptcy protection that it has about half the fiat it owes. So if it went to liquidation we'd all get roughly half our corn back?

I'm unable to download the zip as I'm on a 3rd world internet connection.

[sgravina]

I add up all those bitcoin balances in MtGox_Balances.txt and get: 997698.67233458 Bitcoins

If this database is old then customers withdrew 247,000 bitcoins between this database dump and when withdrawals were shutoff, leaving customers short the 750,000 bitcoins claimed in bankruptcy.  This large withdrawal is probably what caused the revelation of their insolvency.

[nmtrader100]

There is more and more mounting evidence that there was substantial BTC withdrawals after the hack was discovered and after Mark disabled withdrawals for everyone else.  This includes the accusation of withdrawals for some members of the bitcoin foundation.  Are we really supposed to believe that Mark allowed all of these withdrawals to these "insiders" but didn't get any of his own coins out???  No, they got out and left everyone else holding the bag, and again, this is criminal and it will have to be explained in the bankruptcy proceedings, unless no one shows up to dispute anything and it all gets rubber-stamped through- which is highly unlikely.  Anyone who lost a substantial amount of coins better have their lawyers present at those hearings.  It will be interesting to see what bank transfers occurred after the hack also.  Mark is going to jail.

[DeathAndTaxes]

Most of the 16 accounts with negative BTC balances have no corresponding BTC deposit/withdrawal history.  I was hoping to find some evidence of the transaction malleability exploit there. 

There are no transaction logs after Nov 2013.  It is possible the transactions you are looking for are the redacted ones.

[okashira]

Mark may not have stolen 750000 coins, but I am quite confident that he took advantage of the system to make a profit for himself.
Given his selfish nature, it's almost guaranteed.

Let's say that continuing to allow deposits while knowingly insolvent, and still continuing deposits and trading while locking withdrawals, is ILLEGAL, and CLASSIC PONZI.

People who lost their coins need to get off their ass and contact authorities. Contact the suing law firms, the DOJ, FBI, Japanese police, or somewhere in their court system.

People think that because bitcoin is not regulated, they won't see anything again.
So if gold coins weren't regulated, it's ok to steal $50,000,000 of gold from someone? "lol it's not regulated"
bitcoin has a well-defined value.



He has a history of jail time for financial crimes when he was younger:

http://johnbercow.tumblr.com/post/78352765925/mt-gox-guy-mark-karpeles-went-to-jail-before-for


He also scammed a French out of $30,000, which he used to purchase MtGox.
(the scammee took years to track him down and sue him in Japanese Court, which he won...)

" A €5,000 ($6,870 USD) down payment is placed.  Mr. Karpelès returns several months later with bad news.  His hired graphics artist failed to complete a subcontract on time, so the first stage of the three-step development process was stall...."
 
 "That was a complete lie.  According to court records, Mr. Karpelès could never provide any evidence that there was a subcontractor.  By all appearances he had simply taken Mr. Dubois' money, done no work, and then invented a fantasy to cover himself."


http://www.dailytech.com/Bitcoin+King+Mt+Gox+CEO+Mark+Karpels+History+of+Arrests+Firings/article34442.htm
http://www.dailytech.com/Bitcoin+King+Pt+II+Mt+Goxs+Dictator+Karpels+Proves+Tragically+Flawed/article34452.htm

[nmtrader100]

http://www.foxnews.com/tech/2014/03/10/does-mt-gox-ceo-still-control-stolen-bitcoins/?intcmp=features

Anonymous hackers claim to have published evidence that Mt. Gox CEO Mark Karpeles lied about the theft of more than $500 millionworth of bitcoin.

According to the hackers, Karpeles still controls all of the cryptocurrency he says was stolen recently in the biggest heist of bitcoin’s brief history. Mt. Gox was the world’s largest bitcoin exchange until about 850,000 bitcoin were allegedly stolen during a breach, forcing the exchange to shut down and file for bankruptcy protection.

According to new claims from anonymous hackers, however, the heist never occurred and Karpeles still controls nearly 1 million bitcoin worth approximately $596 million at Monday’s exchange rate.

According to a report from Forbes, the anonymous hackers took over Karpeles’s blog and published a post supposedly exposing fraud committed by the CEO. The post was also published on Pastebin.

“It’s time that MTGOX got the bitcoin communities wrath instead of [the] bitcoin community getting Goxed,” the hackers wrote. “This release would have been sooner, but in spirit of responsible disclosure and making sure all of [our] ducks were in a row, it took a few days longer than [we] would have liked to verify the data.”

The hackers’ note was accompanied by a file containing what they claim to be evidence of fraud. They say that they have managed to obtain various personal data belonging to Karpeles, including what they claim to be evidence that Mt. Gox’s current bitcoin balance is in fact 951,116, which would mean that the 850,000 bitcoin the exchange claimed was stolen is still in its control.

As Forbes noted, however, the evidence may in fact simply reveal remarkably poor accounting practices at Mt. Gox, a former hub for trading “Magic: The Gathering” cards, rather than fraud.

[chrisLG]

For what it's worth: I compared some of my trades with the leaked data. I found my transactions that I searched (although I just looked at a few transactions from october 2011).

Will try to import it to a db to get a better overview.

[usabitcoinbuyer]

Most of the 16 accounts with negative BTC balances have no corresponding BTC deposit/withdrawal history.  I was hoping to find some evidence of the transaction malleability exploit there.  

There are no transaction logs after Nov 2013.  It is possible the transactions you are looking for are the redacted ones.

I was looking at the btc_xfer_report, which as I previously mentioned, has transactions dating all the way up to Feb 19.

The btc_xfer_report shows withdrawals occurring well after the Feb 7 BTC withdrawal suspension.  There are 1360 withdrawals dated Feb 10 or later, involving 315 wallet ids, totaling 15541 BTC.

Many of these are paired with deposits to other wallet ids, so this suggests that the xfers document internal non-blockchain transfers as well.  

I pursued this line of investigation a bit further: All withdrawals after Feb 8 are paired with a deposit to another wallet id, so they all appear to be internal transfers.  In other words, if there were external BTC withdrawals allowed for "special" users, they aren't in the btc_xfer_report list.

There were a net 1295 BTC deposited on or after Feb 8, in 2666 transactions.  Most were for fractional amounts, but as an example, there were 32 1 BTC deposits, and 3 10 BTC deposits... and the largest was a deposit of 420.  

[nagnagnag2]

Those with disabled limits:

Code:

| 25e8721e-7ba2-495b-9174-171c521ae05e | e630f502-9f4a-4c23-b9a4-146a70840a23 | USD        |   62000969211 |           0 |   33119 | coinlab |          10000000000 |            50000000000 | Y              | 2014-01-05 16:50:51 |
| 8f06ca2a-4aab-4e36-81df-b456578d7848 | e630f502-9f4a-4c23-b9a4-146a70840a23 | BTC        |            11 |           0 |   48924 | virtual |        1000000000000 |                   NULL | N              | 2014-01-05 16:54:06 |
| 8f54e463-dc24-4941-a4f9-62e64bc92929 | 273f856d-1adc-4e8b-922e-198920a6c16b | BTC        |   57746164220 |           0 |   10060 | virtual |        4000000000000 |                   NULL | N              | 2014-02-07 01:10:07 |
| b5609f69-9560-44a9-81db-b0fab19ff107 | 273f856d-1adc-4e8b-922e-198920a6c16b | JPY        |      77851204 |           0 |    1874 | virtual |                 NULL |              100000000 | Y              | 2014-02-04 13:10:47 |
| 9309545d-f475-4c5a-83ea-a098bf75012e | 273f856d-1adc-4e8b-922e-198920a6c16b | USD        |        132850 |           0 |    3950 | virtual |           5000000000 |            50000000000 | N              | 2013-01-15 06:58:05 |
| 75dfd36c-fec5-4eae-a543-cef4b43fbf7f | 273f856d-1adc-4e8b-922e-198920a6c16b | CNY        |             3 |           0 |       7 | virtual |                 NULL |             1000000000 | N              | 2013-12-15 21:08:54 |
| 9c14d4c3-9fd7-4bea-9527-fdc7acc294d6 | ab5a061c-4067-467d-8cd7-81f96f03dba2 | USD        |          2117 |           0 |   15454 | virtual |          10000000000 |            50000000000 | Y              | 2013-08-16 01:42:03 |
| 1cda0dfd-77bf-4f1f-83d9-b273fd1b5b37 | fb38cb4b-5235-4b74-abdf-9e3559953d1b | BTC        |  105671423118 |           0 |    8954 | virtual |         100000000000 |                   NULL | N              | 2014-02-07 14:40:08 |
| c862c988-9305-445a-bd38-6506ffd5cb98 | fb38cb4b-5235-4b74-abdf-9e3559953d1b | JPY        |           539 |           0 |   13613 | virtual |          10000000000 |            50000000000 | Y              | 2014-02-07 03:39:22 |
| dfffcefd-be1f-4c8d-bfe0-bbb590fb0a27 | fb38cb4b-5235-4b74-abdf-9e3559953d1b | USD        |           328 |           0 |    1096 | virtual |                 NULL |                   NULL | N              | 2014-02-01 08:42:46 |

[nagnagnag2]

In mtgox_balances there are 128 166 unique user ids.

[ShroomsKit_Disgrace]

Is this credible??:

http://pastebin.com/u5N0W9nH

[Joshuar]

Is this credible??:

http://pastebin.com/u5N0W9nH

who knows.

[Phinnaeus Gage]

I'm trying to do some datamining on the files.  Here are some interesting initial observations:

- There are 88267 accounts with BTC balances; I was under the impression there should be more than that.
- There appear to be wallet ids in the transaction history that aren't in the mtgox_balances file.  This would explain the above.
- Some accounts have negative BTC balances (-85 BTC!).  Oops!

Edit: it looks like 0 balance accounts aren't in mtgox_balances, so you can't xref user ids with wallet ids for those.

Edit2: There are 39905 accounts with only fiat balances, for a total of 128172 unique user accounts in the mtgox_balances file.  The btc_xfer_report has 147079 unique wallet ids that have either deposited or withdrawn bitcoin.  That implies at least 18907 users who have shown BTC deposit/withdrawal activity got all their funds out.  I haven't yet gone through the trade history logs, so this is just a lower bound.

88,267 accounts now, but at the time of the last Mt Gox dump there were 61,020 accounts. You telling me that only 27,247 new accounts were created over the course of approximately two years, in spite of Mt Gox proclaiming that they've had reached 1M customers back in December, 2013?

I see a major Ripple (pun intended) effect in the works here, guys, stemming all the way laterally to the TBF. This saddens me.