It's back. Now after bitcoinica publicized the thieves transactions the question is even more nagging. Everyone can follow where the money goes. MtGox support wrote in one thread that they don't expect those coins to come to them - but I think it is inevitable that at some point they will and MtGox needs to make some declarations. Will they accept coins with a track going back to the stolen amounts and let the thieves laundry them? What will do other exchanges? I have been asking this question ever since the first MtGox hack and it will be coming back again and again - so it might be a good time now to settle it down.
It's a very difficult question.
1. The attacker(s) who stole the coins is probably not dumb, so he won't shuffle the coins to mtGox and dump them right away.
2. The coins could be spent in numerous ways, they could be exchanged to fiat money through exchanges or otc-trades, or they could be used to purchase goods.
3. There exists no central registry of stolen coins, and since the exchanges are not regulated, attempting to have them all applying a black list will be futile.
Then, what if an exchange suspects that funds stem from illegal activity ? If they have reason to believe so, would the right way to go about it be to contact law enforcement and initiate an investigation, and if the investigation could not prove that the coins are stolen, then they would be returned to the account holder. But there are many what if's. What if a person buys 100 BTC online, and then transfers these coins to MtGox, and then mtGox freezes the coins, because they come from criminal activity, how can mtGox know if these coins are being held by an innocent 3rd party, or if it's the attacker that have just moved them between different addresses ?
Say the attacker offloads coins at an exchange that deals in virtual currencies only, does some trading there and then withdraws the bitcoins again, then he might have washed his coins, as the original coins from the heist are paid out to other customers or is still left at the site wallet.
As far as I can see, when coins are stolen, there are so many ways to hide your tracks and to get away with it that unless a thief is catched redhanded in a physical location, there's not much one can do really. And also if there were to be blacklisting of coins, what would stop anyone from blacklisting other people's coins ? I'm sure there could be clever methods of attempting to prevent that, but sooner or later it could happen. Imagine you moved 2K BTC to mtGox, and then for whatever reason (perhaps somebody just didn't like you), they claim that these coins are stolen, and then mtGox freezes your account, wouldn't be much fun, would it ?
I'm sorry to say this, but I think both customers and merchants needs to learn from the numerous security breaches and take appropriate measures to protect their funds. Once coins are lost, there's likely no recourse, unless you're lucky enough to work with highly specialized law enforcement that deals with computer crime. I guess most constables would just scratch their head saying, "Eh.. bitcoins you say ??", followed with a blank stare.
