March 12, 2014
The bankruptcy of the once largest Bitcoin exchange may be history, but now the real drama begins.
First, over the weekend, allegations surfaced that not the whole truth may have been revealed during the heartfelt announcement by Mt. Gox CEO, Mark Karpeles, who claimed that $400 million in Bitcoin were stolen by hackers. As Forbes reported, hackers took over the Reddit account and personal blog of Mark Karpeles, to reveal that the exchange he ran had actually kept at least some of the bitcoins that the company had said were stolen from users.
“It’s time that MTGOX got the bitcoin communities wrath instead of [the] Bitcoin Community getting Goxed,” wrote the unidentified hackers, referring to the multiple occasions over its three year history when Mt. Gox has gone offline, delayed trades or suspended withdrawals, events so common that Bitcoin users coined the phrase to be “goxed”–to suffer from Mt. Gox’s technical glitches.
In addition to merely allege, however, the hackers provided proof:
The hackers also posted a 716 megabyte file to Karpeles’ personal website that they said comprised stolen data from Mt. Gox’s servers. It appears to include an Excel spreadsheet of over a million trades, a file that purports to show the company’s balances in eighteen difference currencies, the backoffice application for some sort of administrative access to the databases of Mt. Gox’s parent company Tibanne Limited, a screenshot of the hackers’ access to those databases, a list of Mark Karpeles’ home addresses and Karpeles’ personal CV.
In the hackers’ summary of Mt. Gox’s balances in various currencies, they point to a claimed balance of 951,116 bitcoins, which they take as evidence that Mark Karpeles’ claim to have lost users’ digital currency to hackers is fraudulent. “That fat fuck has been lying!!” a note in the file reads.
It remains unclear at this early stage in the MtGox bankruptcy if indeed Karpeles ended up Madoffing some or all of the Bitcoin entrusted to him: Forbes notes that “the Bitcoin community has been puzzled by the apparent lack of movement of Mt. Gox’s bitcoins since the company declared bankruptcy last month. Despite stating that it lost 850,000 bitcoins in total in its bankruptcy filing, Bitcoin experts haven’t seen the movement of those coins in the Bitcoin blockchain, the public ledger of transactions that prevents fraud and forgery in the Bitcoin economy.”
But second, and far more important, “a user on the BitcoinTalk forum posted a message–since deleted by the forum’s moderators–claiming to be offering for sale a 20 gigabyte stolen database from Mt. Gox, including the personal details of all its users and even scans of their passports. “This document will never be elsewhere published by us,” wrote the user, who went by the name nanashi____. “Selling it one or two times to make up personal loses from gox closure.” The hacker asked for a price of 100 bitcoins for the database, about $63,600 at current exchange rates.”
An updated announcement by user “nanashi” can be found in the following pastebin, in which he explains just how much it will cost naive Bitcoin traders to retain their anonymity. The price to put this entire gruesome episide behind them: 0.25 bitcoin, or a little over $150.
Mt. Gox database sale: steps to remove yourself from dump before sales.
Most around here know we are selling gox customer info. Many have contact us requesting to pay to have their data removed before we sell. We are doing this for a cost of 0.25 BTC per person removed. We have already sold and release 20% of data to 2 buyers, so if you are apart of that it’s too late for you.
We are release the rest of this data to our buyers sometime this week, so after that happens it is too late for everyone who has not been removed already.
1) Email firstname.lastname@example.org with the email you used with mtgox.
2) I will check file already sold, if you are not part of that I will send you unique bitcoin address. If you don’t get response it means your data has already been sold in first batch or we have finalized sale of all data.
3) After you have sent .25 bitcoin payment, email us again to inform us of this.
4) Thats all, we will delete your personal data and passport scan from all copies of database.
DO NOT email asking to do this for cheaper unless you are doing 10+ accounts at once. Also do not email us asking to confirm what information we have about you. If gox had it, we have it, and as you can read on boards we have confirmed possession of this dump for many people. We let you use our same email for this as all other gox hack communication so you know we are same people. Doing this things will cause us to ignore all further message from you.
And to think – the whole point of Bitcoin once upon a time (long, long ago) was to preserve the anonymity of the users… Oh, and the “money” was safe and unhackable…
This article was posted: Wednesday, March 12, 2014 at 6:41 am