The disappearance of 99% of the bitcoins missing from Mt Gox can be blamed on internal system manipulation and not any external attack, a major Japanese newspaper has claimed.
Citing an unnamed source connected to the ongoing police investigation, Japan’s Yomiuri Shimbun newspaper led with the story on the front page of its New Year’s Day edition. Only 7,000 BTC, or 1% of the total 650,000 missing, could be attributed to hacking attacks from outside the company, it said.
Yomiuri did not elaborate further on the matter.
That a company insider might have been responsible for the theft of 650,000 BTC from Mt Gox has been whispered about for some time, though no-one in particular has been named as a suspect, even unofficially.
No major hack attacks
Mt Gox had no full-time staff other than CEO Mark Karpeles, employing a series of contractors on temporary work arrangements. No-one associated with the case, however, is suggesting Karpeles might himself be responsible.
The ‘inside job’ theory is contrary to the official line the company has maintained until now, that the bitcoins’ disappearance was a gradual theft attributable to the ‘transaction malleability‘ flaw in bitcoin’s underlying code.
This claim was derided at the time by bitcoin core developer Gavin Andresen and other independent researchers. Mt Gox began using the transaction malleability line in early February, even before it was clear the exchange had been damaged beyond repair, saying withdrawals would resume as soon as possible.
Blame the bots?
The clearest sign of impropriety within the Mt Gox trading system came in March 2014, when leaked transaction data showed anomalous behaviour attributed to two automated trading bots, nicknamed ‘Willy’ and ‘Markus’. The Yomiuri report links “suspicious accounts” to the disappearance, but does not specify whether it means these known accounts or new information.
The ‘Willy’ bot appeared at certain times in late 2013 and seemingly under several different user IDs, all of which had irregularities in their records, such as “??” in place of a user location.
The bot would pop up under a new user ID, spend (for the most part) $2.5m buying bitcoins at the then-current market rate, and then cease trading. It is possible this helped push up bitcoin’s price in November 2013.
‘Markus’ was an earlier bot that ‘bought’ bitcoins at random prices, though appeared to never spend any actual fiat money on the transactions. The two bots acquired about 570,000 BTC until November 2013, after which no more records are publicly available.
Assuming the automated activity continued after that time and until Gox’s implosion two months later, one theory is those two bots were connected with the disappearance of the 650,000 BTC.
Image courtesy Akemi Miyashita