4

I was reading Police suspect fraud took most of Mt. Gox's missing bitcoins, and its effectively claiming the missing 650,000 bitcoins vanished:

Of the 650,000 bitcoins unaccounted for -- worth about US$208 million today -- only about 7,000 appear to have been purloined by hackers, the newspaper reported on New Year's Day, adding that investigators have yet to identify who was responsible.

How does a bitcoin vanish? How can there be no record of the transaction?

Was this someone gaming the system with double-spending, or is this another attack?

  • That may just have been a bug in the platform and there were never 650k BTC. Or they lost access to the private keys of the accounts, which means the coins are lost forever. –  Jan 01 '15 at 22:10
  • @André - This smells funny (like the S&L scandal, Enron, derivatives and toxic mortgages stench). Maybe Mt Gox was doing the gaming, and then conveniently lost private keys. [This article](http://www.pcworld.idg.com.au/article/560529/kraken-help-probe-missing-bitcoins-mtgox-liquidation/) talks about a number of loans made by Mt Gox to Karpeles, Tibanne and two its subsidiaries for over ¥1.1 billion. It really raises suspicions. Has anyone modeled exchanges like Mt Gox for threats to the system? –  Jan 01 '15 at 22:47
  • The threats to something like Mt Gox are well-known: they're essentially those faced by a regular bank or currency exchange. – Mark Jan 02 '15 at 00:23
  • @Mark - not the threats ***to*** an exchange like Mt Gox; rather, the threats ***caused*** by an exchange like Mt Gox. For example, can an exchange game the system because of its unique position? Can an exchange post transactions to the wrong wallet on behalf of clients (something a client probably would not do, or could not do *en masse*)? Or can an exchange cause a change in the exchange rate? –  Jan 02 '15 at 06:02

1 Answers1

2

In the Bitcoin system, "coins" don't exist as such. Rather, there is a central list of transactions and the wallets that own the results of those transactions (the "blockchain"). In a simplified form, "spending" Bitcoin means generating a transaction that says "take this transaction output, which I can prove I own, and transfer ownership of part to wallet X, and part to wallet Y", and having that transaction accepted into the blockchain.

If you lose access to the private key for your wallet, the coins in that wallet are effectively lost forever: the relevant data is still in the blockchain, but without the ability to prove your ownership, nobody has the ability to spend them. Since wallet IDs are not tied to real-life identities, it's also impossible to tell who owns the coins in question.

Mt Gox is renowned for the incompetence of its programming. It's known that a large number of automatically-generated wallets were used for various purposes, and it's quite possible that the missing Bitcoins were transferred to wallets where the private keys were never recorded.

It's also possible that the "missing" Bitcoins never existed in the first place. Mt Gox had none of the internal control and audit systems a reputable financial institution would have, so it's possible that a bug, an outside attack, or even insider shenanigans artificially inflated the apparent balance of Bitcoins held by Mt Gox.

It's reasonably certain that the missing coins are not the result of a double-spend attack. To reliably perform such an attack, the attacker needs to control 50% of the Bitcoin computing power, and nobody has ever managed to accumulate that much.

Mark
  • 34,390
  • 9
  • 85
  • 134