Mt Gox’s missing bitcoins were stolen from the exchange over a period of time beginning in 2011, according to a new report released today by a group investigating its collapse.
They were gone long before the company’s collapse in February 2014, the report said. Gox had therefore been operating on a fractional reserve basis for most of that time, either knowingly or unknowingly.
The stolen bitcoins had been withdrawn and sold off on various exchanges including Mt Gox itself, and given the timing probably at prices far below the 2013-14 highs.
Tokyo-based bitcoin security firm WizSec, which produced today’s update and a previous one in February, has been conducting an unofficial investigation into Mt Gox’s collapse based on data pieced together from various leaks, hacks and other sources.
Bankruptcy trustee Nobuaki Kobayashi and his police team have still not made all transaction data available, including a list of all the bitcoin addresses Mt Gox used.
WizSec’s report says its team has assembled a list of over 2m bitcoin addresses related to Mt Gox by comparing leaked data with blockchain records and performing clustering analysis on addresses used at similar times.
The resulting chart shows a dramatic difference between the number of bitcoins Mt Gox should have held, and what it actually held.
The company held little or no more than 100,000 BTC from May 2013 onward. Interestingly, neither the ideal nor actual totals includes the 200,000 BTC ‘found’ in cold storage after the collapse.
One key question (until now) has been whether Mt Gox’s bitcoins were stolen or whether they ever existed at all, and records of their deposit faked.
Report author Kim Nilsson notes that the coins did in fact leave Mt Gox, meaning they definitely were deposited there at some point.
Speaking to CoinDesk, he said the WizSec team was “happy to finally have this breakthrough out in the public”, but noted that there is still a lot of investigative work to be done by those with access to more complete data.
How many bitcoins did Gox have?
After a prior security breach in mid-2011, CEO Mark Karpeles performed a transaction proving the company controlled at least 424,242.42424242 BTC.
Using that figure as a baseline, Nilsson measured changes in total BTC held since that day, arriving at 950,000 BTC on the day of Gox’s collapse in February 2014.
This matched total holdings stated elsewhere in leaked data, he wrote.
One surprising revelation from the latest report is that the bitcoins likely disappeared long before the appearance of Mt Gox’s infamous trading bot, nicknamed “Willy”.
Speculation surrounding Gox’s dying days in 2013-14 had implied Willy was related somehow to the theft, though WizSec’s report says that is no longer considered possible.
The bot may, however, have existed to convert the missing bitcoins into missing fiat currency amounts instead.
“The possibility exists that this kind of manipulation may have been the main purpose behind Willy as a way of coping with the practical problems caused by such a massive bitcoin shortage. This is left for later investigations to clarify.”
Cold storage not monitored
That nearly all Mt Gox’s bitcoins disappeared raises several questions about the nature of its cold storage system. How ‘cold’ was it?
The company was known to keep paper wallets stored under lock and key, which it added to and subtracted from as required. The cold storage system was also reportedly not monitored with any degree of scrutiny, meaning the thief was free to either compromise them or wait for the funds to be moved to a ‘hot’ wallet.
“A reminder to all bitcoin businesses out there: Always. Monitor. Your. Bitcoins,” Nilsson wrote.
To be continued
This latest report will again confirm suspicions many had about the way Mt Gox was run.
A newspaper report at the beginning of the year claimed the theft was an ‘inside job’ by someone with access to the company’s system. Today’s revelation that Gox was indeed running a fractional reserve will also surprise few – other than the sheer length of time over which it happened.
Trustee Kobayashi announced in November that exchange Kraken would assist with the investigation, as well as manage the claims process and distributing Mt Gox’s remaining assets to creditors at some point in future.
Nilsson wrote that his contribution to the research has been voluntary, and hopes the work will now prove valuable to the authorities in their continuing investigation.
Magnifying glass image via Shutterstock