Missing Mt Gox Bitcoins Likely an Inside Job, Say Japanese Police

The disappearance of 650,000 BTC from Mt Gox was due to internal system irregularities and not external attacks, reports a Japanese newspaper.

AccessTimeIconJan 1, 2015 at 8:48 a.m. UTC
Updated Mar 6, 2023 at 3:33 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

The disappearance of 99% of the bitcoins missing from Mt Gox can be blamed on internal system manipulation and not any external attack, a major Japanese newspaper has claimed.

Citing an unnamed source connected to the ongoing police investigation, Japan's Yomiuri Shimbun newspaper led with the story on the front page of its New Year's Day edition. Only 7,000 BTC, or 1% of the total 650,000 missing, could be attributed to hacking attacks from outside the company, it said.

Yomiuri did not elaborate further on the matter.

That a company insider might have been responsible for the theft of 650,000 BTC from Mt Gox has been whispered about for some time, though no-one in particular has been named as a suspect, even unofficially.

No major hack attacks

Mt Gox had no full-time staff other than CEO Mark Karpeles, employing a series of contractors on temporary work arrangements. No-one associated with the case, however, is suggesting Karpeles might himself be responsible.

The 'inside job' theory is contrary to the official line the company has maintained until now, that the bitcoins' disappearance was a gradual theft attributable to the 'transaction malleability' flaw in bitcoin's underlying code.

This claim was derided at the time by bitcoin core developer Gavin Andresen and other independent researchers. Mt Gox began using the transaction malleability line in early February, even before it was clear the exchange had been damaged beyond repair, saying withdrawals would resume as soon as possible.

Blame the bots?

The clearest sign of impropriety within the Mt Gox trading system came in March 2014, when leaked transaction data showed anomalous behaviour attributed to two automated trading bots, nicknamed 'Willy' and 'Markus'. The Yomiuri report links "suspicious accounts" to the disappearance, but does not specify whether it means these known accounts or new information.

The 'Willy' bot appeared at certain times in late 2013 and seemingly under several different user IDs, all of which had irregularities in their records, such as "??" in place of a user location.

The bot would pop up under a new user ID, spend (for the most part) $2.5m buying bitcoins at the then-current market rate, and then cease trading. It is possible this helped push up bitcoin's price in November 2013.

'Markus' was an earlier bot that 'bought' bitcoins at random prices, though appeared to never spend any actual fiat money on the transactions. The two bots acquired about 570,000 BTC until November 2013, after which no more records are publicly available.

Assuming the automated activity continued after that time and until Gox's implosion two months later, one theory is those two bots were connected with the disappearance of the 650,000 BTC.

Image courtesy Akemi Miyashita

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.