61 comments

[ 2.4 ms ] story [ 132 ms ] thread
Slightly off topic, but there's a lovely little novel called "The Cryptographer" about an electronic currency set up by a man called "John Law" that runs in parallel to hard currencies (in the book it's referred to as 'soft').

http://www.amazon.co.uk/Cryptographer-Tobias-Hill/dp/0571218...

that's only half the truth, here's the story of the so called "fraudster": http://forum.bitcoin.org/index.php?topic=20207.0
BBC story seem to differ from the one offered by toasty. We might never learn what actually happened.
Note that there are at least two people involved (excluding Mt Gox): a hacker that managed to gain access to a large amount of bitcoins and started selling them all, and a person that profited of the low price by placing a large buy order at 1.01¢ per coin (so as to outbid sellers at 1¢ but still pay a very low price).

Kevin/toasty admitted to be the buyer, but he is not the hacker (at least, he claims he isn't and Mt Gox seems to agree). The article suggests that these two parties were either the same person or were at least in collusion, but there is no proof of that whatsoever.

>but there is no proof of that whatsoever

There is no independent proof of Mt.Gox's claim either is there?

Well, if there's no proof either way, then it makes sense for the BBC to 'take sides' and try to pick a winner, right?
Doesn't it make more sense for them to tell both sides and not take a stance? They're journalists--it's not their business to take sides if there is true cause for controversy.
How good of a source is a random forum post, though?

Compared to an official line from a company or government, it's pretty shaky.

Although it's a 'random forum post' it's hardly anonymous. The guy's full name (and I think address) turned up in the thread. The idea that something is 'just a random forum post' is usually because the poster is at least pseudo-anonymous if not fully anonymous.
(comment deleted)
Nothing new here. Just the standard speculation of what will happen to BitCoin after the MtGox hack.

The truth is, nobody knows where BitCoin is heading. It is still in it's infancy and Gavin, the lead dev, always describes it as an experiment.

FTA:

He also questioned the fundamental workings of the currency, saying that its emphasis on anonymity and decentralised nature meant there was little recourse for users when things go wrong

So just like... Cash?

Cash is actually numbered so you can for example trace bills payed as ransom
In Bitcoins all the transactions are publicly logged (by design - it's the public nodes that actually perform and verify the transaction), so you can do the same.

See http://blockexplorer.com

Bitcoins are less anonymous than cash, since all transactions are visible. Anonymous identities may be inferred from known identities in a step-by-step process.
(comment deleted)
(comment deleted)
"The system has proved popular with online criminals"

Citation needed. Are there any stats on where BitCoin are being spent? Everybody says BitCoin could be useful for criminals, but how big is the adoption so far? How much business did Silk Road generate?

There was a comment on the Silk Road forums (in the context of replying to someone wondering whether buying from a seller with 0 reviews was very risky or not) to the effect that the Gawker article had caused SR to jump from a few hundred accounts to over 9000.

A decent number, granted, but likely most of them have not engaged in any transactions and never will. On the other hand, another poster mentioned that there is another Bitcoin+Tor market site by the name of BlackMarket (or something), so SR is only part of the picture.

"...from a few hundred accounts to over 9000."

I see what you did there.

No, I was quite serious. I just checked, and the most recent account IDs are actually now in the 15,000 and 16,000s.

Seriously people, sometimes 'over 9000' is just a literal statement of truth and not a meme!

I imagine people thinking that Tony Soprano is sitting in his house, furiously mining BitCoins, while whacking snitches.
I have no clue if this one article I happened to pull up is accurate or conspiracy wackiness but it says that banks connected to the CIA pull in $10-15 billion in drug money each year. http://omasiali.wordpress.com/2011/06/08/cia%E2%80%99s-50-ye...

How much do federal/local cops actually steal in drug money each year? Silk Road is a worldwide thing too so it would really have to be compared to the millions that corrupt forces in Mexico and all over the world make each year using the anonymous money system.

I think people need to reevaluate who the criminals really are.

I really wonder who is the person whose coins were being sold off. I mean, that's the real story here: somebody had many tens of thousands of BTC that were stolen from his MtGox account and were sold off at a very low price. (The story that people were buying BTC at very low prices is a distraction, the real story is that somebody was SELLING at this low price.)

The other thing is that MtGox did not suspend trading once market moved 20%. I think if it had such failsafe it could have prevented this fiasco. (Should shut down the marketplace once market moves 20% in any direction to reassess the situation and check if there is technical error or panic, or similar event that requires additional intervention. Any mature market requires such failsafe.)

Why should a panic require intervention? If somebody wants to sell his Bitcoins way below the market price - why stop him?
Not a panic in itself is the problem. But as the grantparent mentions, there might be a technical issue (such as a hack, in this case) if such an irrational thing happens.

Safest action in that case is to halt the market temporarily (as well as delay withdraws) and investigate.

Circuit breakers give the exchange a chance to cool off and think things over. It isn't really intervention. It's just a halt to trades and they could take their BTC to Tradehill if they really feel like selling. Bitcoin fans like to pretend that all aspects of it should be unregulated, but when you take a decentralized currency and then place it in a centralized exchange, that mentality is no longer applicable and you have to deal with it like any other traded commodity. This includes security measures and circuit breakers on the exchanges.
In this case circuit breakers were not needed...it crashed down to .01 and was on its way to recovering (back up to $14) within minutes before the exchange was shut down...all this situation did for me was steel my resolve that it can handle a 2% market selloff at virtually zero.

I was in the forums and watching the Mt.Gox ticker while the "crash" happened.

If it wasn't a stolen balance then I would agree with you. A massive sell-off of BTC could've happened at any time. But in terms of self-preservation it would've been in MtGox's best interest to have a circuit breaker. I'm contradicting myself a little here, but I've been having a lot of cognitive dissonance over Bitcoin anyway :)
Exactly...had it been a real selloff by some crazy early adopter the market would have absorbed it and recovered. Circuit breakers prevent mass panic sells...I guess a lot of those panic sells were prevented by server load (inability to log in fast enough).

I doubt the real stock market could take something like what happened without serious issues remember 500k/~6M were exchanged in a matter of minutes at a rate that was obviously far below market value.

I personally doubt Mt.Gox had any bad intentions and I personally do not think they are lying now...but then again I had no money in the exchange at the time. Also, I am aware Mt.Gox is (was) the biggest exchange out there but there are many others...they are not the only fish...just the biggest, for some reason news articles typically imply they were the only option for BTC exchange.

If Bitcoin failed tomorrow I would still be glad to have been a part of it, history is being made as we speak...even if history just writes it off as a failure.

The amount sold was over 500000 BTC - more that all estimated deposits on MtGox. The likely explanation is that these were just virtual BTCs added through SQL injection. The alternatives are that a single person was keeping that much on an exchange rumored to be insecure and used insecure password (easily cracked from leaked md5 hashes), or the person decided to sell half his BTC for $0.01 - an extra $2500 in addition to hundred thousands.
That raises an interesting point.

The nature of Bitcoin is supposed to prevent things like fractional reserve banking, since the nature of the system means you can't give people BTC you don't have. It's impossible to create bitcoins in any other way except mining.

However, if people are making BTC transactions through a centralized exchange such as Mt. Gox, they are in effect moving numbers around in MtGox's database rather than actually transferring bitcoin. This means banks are able to effectively create BTC as they can with fiat currencies, leading to problems like the current case - problems that Bitcoin was designed to solve.

How would MtGox effectively "create BTC"? There is a difference between moving coins around in a database and creating new coins. All coins are deposited from users. The only way BTC would be "created" in MtGox is if MtGox was mining on their own. Coins need to be "mined" to be created - so MtGox couldn't even loan coins they didn't have.
MtGox could effectively "create" BTC by simply selling more than they actually had. This would of course only work as long as people were actually withdrawing less than MtGox had available to them. Until you attempt to withdraw the BTC from the exchange, you wouldn't necessarily actually know that they in fact exist.
The flaw here is there is typically more BTC sellers than buyers due to mining/dark pool. That combined with BlockExplorer tracking makes it pretty much impossible. Unless you are seeing something I am not.

I guess your theory will be tested when a large majority pulls their money from Mt.Gox...that is if that happens...we will all know in the next few days.

BlockExplorer won't help you in this hypothetical case because as I understand it MtGox doesn't even pretend to preform actual BTC transactions until you withdraw. Before you withdraw your "BTC" are only numbers in MtGox's internal system. They could be selling you additional of these numbers without having the actual BTC behind them available.

Anyway, I'm not saying they have sold more than they actually have, just that it is a technical possibility.

MtGox is a bank. When you put money in a real bank, it doesn't go into a box labeled "alttab's money", it goes in a box labeled "everybody's money" and there's a piece of paper called "alttab's account" with a number on it. When the bank robbers come, they take the box with money in it, but they don't take the piece of paper. Then when you try to withdraw your money, the bank manager opens the box of money and says "oops."
Indeed, if people would keep the money inside the exchange all the time, they would be able to artificially create more bitcoins in their system without being noticed.

In case all people would try to take all their money out, the exchange would be left with a deficit of money, practically not being able to return it to their users.

In anyway, it would be risky for an exchange to create more money than they actually have. For users, it would be best to keep as little money for as little time possible in exchanges, thats the whole point of bitcoin.

This is impossible...every bitcoin has to be verified every time it is transferred...there is tracking no matter what anyone says.

http://blockexplorer.com/

You can see any and all transactions.

Any bitcoin in/out of Mt.Gox has to be verified by the network...a "fake" bitcoin would never get out and it would not benefit Mt.Gox to transfer fake BTC around internally.

A bitcoin cannot be counterfeited easily...hence the beauty of the system.

People can claim that there was never 500k bitcoin in Mt.Gox but the fact still remains there was a transfer of 500k just days before this incident that was discussed as possibly being Mt.Gox moving their internal wallet around.

Now if someone controlled over 50% of the network hashing capability that would be a different story...possibly they could inject false info or something like that (I admit I know very little about this part, just briefly reviewed it enough to know its bad) but that's why you see postings in the forums telling people to switch "guilds" to spread things out. Deepbit approached 50% last month and there was a mass exodus. Most of the people involved in this know the risks and work very hard to self regulate.

My point exactly. I guess my explanation is lacking, but what I meant when I said that the exchange would be left with a deficit in bitcoins, is that they would not be able to create more "real" bitcoins, than there were initially deposited by its users. It's a zero sum game(if you ignore the fees).

But, that does not mean that MtGox could not create "fake" bitcoins inside their system, and extract their value by selling real bitcoins from the bitcoin pool that the users contributed to. For such a thing to pass under the radar, MtGox would need to keep enough real bitcoins in the system to satisfy the bitcoin liquidity the exchange needs. That would not qualify that much as an exchange anymore, but it would be more similar to a ponzi scheme.

No, you're missing the point. Mt. Gox is not publishing the transactions that occur inside their exchange to the blockchain; they are tracking them themselves. All the bitcoins deposited at Mt. Gox are in one big wallet. Only when a user deposits or withdraws coins does a transaction get posted to the blockchain. (I'm not 100% sure of this, admittedly, but I've seen no evidence to the contrary and lots of indirect evidence that supports it.)

So what could happen, as the result of bugs in their code, or of an attack, or (hypothetically) of deliberate fraud on their part, is that the total BTC balance of all account holders could become greater than the total BTC they have in their wallet. As the above posters noted, this would have the effect of creating BTC; no one outside the exchange would be able to tell that it had occurred until someone tried to withdraw their BTC and found it wasn't there.

Now what they could do is make a separate wallet for each user and post all trades to the blockchain. This would perhaps be more in the spirit of Bitcoin as it would prevent the totals from getting out of whack. But as I say, I'm pretty sure they're not doing that -- for one thing, if they were, rolling back trades, as they have recently done, would be impossible. (And although I was not involved in this 500k selloff, on either side, I think they have to roll it back to preserve any hope of Bitcoin being taken seriously.)

I assure you I get that point...I just doubt it...and I believe it could be easily figured out. Just a lot of speculation that this is actually happening...its funny how they can be criticized for not having their site secure enough and for not "rushing" to get it back up at the exact same time.

So far there has been no evidence that Mt.Gox did anything except get hacked...even Tradehill was using the same encryption that Mt.Gox was until the hack...everyone upgraded after the incident.

>The amount sold was over 500000 BTC

Source? I hope you're not quoting the guy from the "I'm the one who bought them" forum thread who accidentally add all numbers including dates to determine how many BTC were traded. He was almost instantly debunked.

And he came up with 51 million.

500KBTC is a pretty solid number, or at least, it's as solid as anything else that the public's been told.

A 20% trigger wouldn't have been a good idea. Bitcoin moved 20% many times over the last few months without a flash crash happening.
Bitcoin will recover, but right now it is going through a liquidity crisis:

Only a small percentage of BTC users were using Tradehill, a competitive BTC exchange. People have rushed to create accounts there, however it takes a few days to transfer money in, so right now there are more sellers than buyers, causing prices to go lower. In addition, apparently some people have their money tied up in unreachable MtGox accounts so are unable to trade.

MtGox has some serious issues to deal with. Finally yesterday, on the 3rd day after the exchange was brought down, they instituted an account recovery page, where you can provide information about your account and try to prove it is yours. Their support people are manually reviewing account information and will give you access when they feel you have sufficiently verified the info.

It looks very fishy, like MtGox is intentionally delaying access to people's accounts in order to prevent a run on the exchange. We don't know exactly how much money or coins were actually stolen from MtGox, but it is entirely possible that someone figured out a way to transfer a large amount of coins or real currency out of there. It might be possible that MtGox cannot make all investors whole again, so they are reenabling accounts just a few at a time and hoping that not everyone withdraws their funds at once.

Personally, I never kept a balance of either USD or BTC in MtGox. Their site looked too amateur to trust with money. I would sell my coins and transfer them to Dwolla immediately. Right now, all of the exchanges look sketchy. I would not trust a single VPS running MySQL at all with what could be millions of dollars.

Maybe we shouldn't be so trusting of Bitcoin Exchanges? http://nerdr.com/bitcoin-exchange-scam-bitcoins-are-worthles...
Interesting article. While it is entirely possible to do this, professional traders will soon move in and arbitrage any price differences between exchanges.

As competition increases, amateur exchanges that manipulate the price will suffer the consequences, for example, overpaying on the buy side because they've artificially inflated the price. Or traders will just move to another exchange if the spread is too high between bid and ask.

The delay with getting your money into/out of bitcoin is too long to allow for that kind of arbitrage. The exchange owner could easily get away with the described practices.
You just need an account with some liquidity on every exchange. You could automate an HFT bot that executes a buy order on one exchange and a sell order on the other simultaneously.
It looks very fishy, like MtGox is intentionally delaying access to people's accounts in order to prevent a run on the exchange.

Such a move, if it is what Mt Gox is doing, is completely legitimate. If they are indeed bankrupt, then an orderly winding down is fairer; if they could recover their business, then this avoids needless value destruction.

This is one of the most balanced coverage of the Bitcoin issue I have seen. "The system has proved popular with online criminals, keen to keep their financial transactions secret, although it has a wider, legitimate, user base." Nicely researched. Kudos to the BBC team. Shows why BBC is still the trusted source for many of us.
I'm also surprised that bitcoin is being covered in such a mainstream news source - I was under the impression that it was still only of interest to the techy early adopter crowd.
I had the opposite reaction. I thought it was poorly-researched, esp. in that it parroted MtGox's explanation for the compromise. I don't think the BBC should be so quick to accept that story, given this information: http://news.ycombinator.com/item?id=2676263
They are quoting an official statement from Mt Gox. Its not like they are accepting this line. But if there is somebody they can quote, its Mt. Gox, not somebody who claims something on a forum. In any case, not mentioning 'toasty' is not really relevant.
I see one quote, followed by non-quoted statements that read as facts.
At the very least, the BBC has avoided the BitCoin hype.

Lots of other websites mention it every other day, yet this crash was probably the first major event for the technology.

Your comment is a nice example for people wanting to read what they already believe.