hackers-b-hackin1

Anonymous hackers have published financial data to support the claim that Mt. Gox, the Bitcoin exchange that suspended operations and filed for bankruptcy protection in February, still has in its possession more than 750,000 bitcoins previously reported as stolen.

The data, which includes a spreadsheet detailing millions of Mt. Gox’s financial transactions, was purportedly stolen from the exchange’s servers. It was first posted to Mt. Gox CEO Mark Karpeles’ blog and has been quickly mirrored by Bitcoin enthusiasts incensed by the scandal.

The data’s veracity has not been confirmed. Someone(s) might have fabricated the evidence to support a popular theory; they might also have infiltrated the exchange’s servers to seek some justice for those affected by its lax security. Even if the data originated from Mt. Gox’s servers, it might be a demonstration of the company’s inability to manage its books instead of proof it plotted to steal money from users and investors. No one outside the company knows.

But it is clear that Mt. Gox’s users haven’t escaped their troubles just yet. Besides showing their transactions, the breach also shows that the exchange’s security still isn’t up to snuff. (Assuming the data posted is accurate, of course.) Another hacker’s claim that he is selling passport scans and other personal information describing the exchange’s users to make up for losses related to Mt. Gox’s recent woes is also cause for concern. The controversies continue.

Reactions from around the Web

Forbes describes the data published by the hackers, which isn’t limited to financial transactions:

It appears to include an Excel spreadsheet of over a million trades, a file that purports to show the company’s balances in eighteen difference currencies, the backoffice application for some sort of administrative access to the databases of Mt. Gox’s parent company Tibanne Limited, a screenshot of the hackers’ access to those databases, a list of Mark Karpeles’ home addresses and Karpeles’ personal CV.

CoinDesk reports that some of the files in the hackers’ data might compromise their security and allow the hackers to steal their personal information:

There is good reason to believe that, while the data files may be genuine Mt. Gox data, .exe and Mac .app files within the dump are bitcoin wallet-stealing trojans. If you have somehow found a link to the files mentioned here, as we warned below, DO NOT OPEN THEM. If for some reason you have, transfer your bitcoins to another wallet immediately.

ZDNet notes that the information could be inaccurate — and notes that the stolen bitcoins have yet to appear on the public ledger meant to prevent fraud with the crypto-currency:

It is worth noting that this leak could show nothing more than poor accountancy practices — one aspect of the company which has been reported as a crucial factor which led to the original cyberattacks going unnoticed for so long — and the database may only show Bitcoins that were believed to be safe but were already gone. However, since Mt. Gox has filed for bankruptcy protection, the public ledger of Bitcoin transactions — the Bitcoin blockchain — has not registered the movement of “stolen” coins.

The BBC points out that getting screwed over by Mt. Gox’s issues was so common that its users had a name for it:

‘It’s time that Mt. Gox got the Bitcoin community’s wrath instead of [the] Bitcoin community getting Goxed,’ wrote the hackers in a message accompanying the data dump. The word ‘Goxed’ has been used to describe the sudden interruptions in trading Mt. Gox imposed when it was going through technical problems before its final closure.

Pando weighs in

Pando’s Tim Worstall wrote about Mt. Gox’s effect on Bitcoin shortly after it suspended operations in February:

The overnight news that Mt. Gox has gone down is naturally leading to swathes of speculation about what this means for Bitcoin. So, despite my having been consistently wrong about the currency since 2011 (when I first confidently announced its final end), here’s my addition to it all.

The end result is going to depend upon whether Bitcoin is actually doing anything useful or not.

Then, shortly after, he wrote that Mt. Gox is beyond redemption:

Which leaves us with just one last point. There’s also a $350 million hole of missing Bitcoins. We might, if we thought we could make more than that by running the exchange, try to figure out a way to cover that hole. An “investment” if you wish. But that hole is a decade’s worth of the highly speculative profits that are predicted to arrive two years out: that’s not a deal that is going to have prospective resuscitators of the site rubbing their hands with glee.

I admit that I’ve been wrong before about Bitcoin but at this point I think it’s about time to purchase the wreath for Mt.Gox and wave it a tearful farewell.

Pando’s Michael Carney wrote in February that Bitcoin’s problems are about trust, not about Mt. Gox specifically:

The bitcoin protocol solves a real problem by allowing digital transactions to be completed outside of the costly and cumbersome existing financial infrastructure, but for the value of this solution to be realized, people have to use it. Bitcoin may have emerged as an anti-establishment financial instrument, but for it to survive and more importantly fulfill its lofty potential, it will need to shed much of its early ideology. Trust is key, and trust does not grow in the shadows.

Mt. Gox’s unraveling doesn’t need to be the end of bitcoin, but it needs to be the end of its innocence.

[Illustration by Brad Jonas for Pando]