Paper cites MtGOX malleability only accounts for 400 coins missing

[sgbett]

http://arxiv.org/abs/1403.6676

I'm not in the 'karpeles is a theif' camp, I don't think anyone can actually know, and everyone who is damn sure they do know needs to check themselves.

However, this is the kind of evidence that makes it more of a possibility.

[1713889127]

1713889127

[Tzupy]

From cryptocoinsnews: http://www.cryptocoinsnews.com/2014/03/27/malleability-bankrupt-mt-gox/

Quoting:

The transaction malleability problem is real and should be considered when implementing Bitcoin clients.

However, while MtGox claimed to have lost 850,000 bitcoins due to malleability attacks, we merely observed a total of 302,000 bitcoins ever being involved in malleability attacks. Of these, only 1,811 bitcoins were in attacks before MtGox stopped users from withdrawing bitcoins. Even more, 78.64% of these attacks were ineffective. As such, barely 386 bitcoins could have been stolen using malleability attacks from MtGox or from other businesses. Even if all of these attacks were targeted against MtGox, MtGox needs to explain the whereabouts of 849,600 bitcoins.

Assuming MtGox had disabled withdrawals like they stated in the first press release, these attacks can not have been aimed at MtGox. The attacks therefore where either attempts to investigate transaction malleability or they were aimed at other businesses attempting to imitate the purveyed attack for personal gain. The sheer amount of bitcoins involved in malleability attacks would suggest that the latter motive was prevalent.

It remains questionable whether other services have been informed by MtGox in time to brace for the sudden increase in malleability attacks. Should this not be the case then the press release may have harmed other businesses by triggering imitators to attack them.

[Definit]

in to resting...

[Amitabh S]

Nice read. If it is to be believed, MtGox is lying about malleability. What is more interesting is that SR2's story of 4k theft seems plausible because more than 200k bitcoins were involved in malleability attacks after Gox stopping withdrawals.

[Tzupy]

MtGox claimed that they work with the Japanese police: https://www.mtgox.com/img/pdf/20140326-investigation.pdf
If the paper in the OT is right and the Japanese police would read it / confirm it, then IMO the most likely explanation
for the still missing bitcoins is an inside job (by Karpeles or MtGox staff with access to the bitcoins).

[Imerman2]

http://arxiv.org/abs/1403.6676

I'm not in the 'karpeles is a theif' camp, I don't think anyone can actually know, and everyone who is damn sure they do know needs to check themselves.

However, this is the kind of evidence that makes it more of a possibility.

Malleability can cause huge accounting problems for an exchange that does not properly protect against it.  Mt. Gox just found 200,000 Bitcoins in an unused wallet.  This gels perfectly with the idea that has been circulating on Silk Road for a few days, where they allegedly posted the private information of the person who stole all of Silk Road 2's coins (Link http://www.deepdotweb.com/2014/02/18/alleged-silk-road-2-0-hacker-doxxed/ ).  Basically the person did steal some coins from Gox, but was really only trying to create huge negative media downfall to sell his coins at the earlier high price and buy back in at a low price.  The attacker that was named had also done work on the Silk Road, and was an insider there, which explains how he hit them when they had all their coins in their hot wallet. 

Karpeles is not an idiot, he knows he couldn't get away with stealing the coins, and if he tried he'd never be able to spend them or he would be killed.  If you want to find informed information on this look at the posts regarding Silk Road.  The developers there are more knowledgeable than almost anyone on Bitcoin and cryptography in general because if they aren't they serve hard time.  These two stories are very linked, but the claim that only 400 coins were stolen gels perfectly with the fact that transaction malleability can only be used to steal coins in a hot wallet at an exchange, and that Gox had been earlier verified to have been holding all the coins and had claimed it had up to 98% of its coins in cold storage. 

Transaction malleability doesn't actually change where coins are sent, it just makes them look like they went places they didn't meaning it makes perfect sense that Mt. Gox is saying they are finding coins in wallets they didn't know had any.  Why would Karpeles steal coins that he could never use when he had an immensely profitable job as the head of an exchange?  I'd be very surprised if Gox doesn't return at least 90% of user coins, and fully expect them to return 100%.

[Imerman2]

MtGox claimed that they work with the Japanese police: https://www.mtgox.com/img/pdf/20140326-investigation.pdf
If the paper in the OT is right and the Japanese police would read it / confirm it, then IMO the most likely explanation
for the still missing bitcoins is an inside job (by Karpeles or MtGox staff with access to the bitcoins).

The identity of the thief was supposedly posted on the Silk Road forums, and if you think Karpeles doesn't know this you are naive.  Gox almost certainly has a gag order placed on them so they can't talk about anything, but I can guarantee you that Karpeles knows that the identity of the alleged thief was exposed and that he has a copy of the information, even though it was deleted shortly after it was posted (the poster said they would continue to post the information because SR does not allow such posts, seeing as the post could be misinformation).  After losing all credibility to the thief you can be damn sure he's going to try to get justice.  The only story that makes any lick of sense is that Gox lost a few coins to malleability, noticed the problem, shut down, and then because of the fact that malleability makes it look like Bitcoins went places they didn't, they are now simply solving a huge accounting mess.

[alfabitcoin]

MtGox claimed that they work with the Japanese police: https://www.mtgox.com/img/pdf/20140326-investigation.pdf
If the paper in the OT is right and the Japanese police would read it / confirm it, then IMO the most likely explanation
for the still missing bitcoins is an inside job (by Karpeles or MtGox staff with access to the bitcoins).

The identity of the thief was supposedly posted on the Silk Road forums, and if you think Karpeles doesn't know this you are naive.  Gox almost certainly has a gag order placed on them so they can't talk about anything, but I can guarantee you that Karpeles knows that the identity of the alleged thief was exposed and that he has a copy of the information, even though it was deleted shortly after it was posted (the poster said they would continue to post the information because SR does not allow such posts, seeing as the post could be misinformation).  After losing all credibility to the thief you can be damn sure he's going to try to get justice.  The only story that makes any lick of sense is that Gox lost a few coins to malleability, noticed the problem, shut down, and then because of the fact that malleability makes it look like Bitcoins went places they didn't, they are now simply solving a huge accounting mess.

I think you are very naive with your speculation in those two post.
Sr2 was inside job by owner or dev of the site. Malleability were excuse. Either was a hack of some other kind of code exploit.
And some of 4k stolen coins does not influance things in any way, how that can be compared to gox?

Rumor that gox is under gag does not make sense. In that case they can not comence bankruptcy. One thing is when LE seize illegal site and funds from it what they announce when it happen and another thing is a exchange who operate legaly registered in Japan. If some coins are originate from sr, then mtgox would freeze those accounts holding them, but nothing else, unless you suggest that all mtgox users funds originated from illegal activity?

And no, malleability does not misplace coins. It change txid before inclination in the blockchain so you can not find it by txid. But you can with other means very simple. With normalized txid gox can do it pretty fast.