Why bitcoin's trust issues are about more than Mt. Gox

By Michael Carney , written on February 27, 2014

From The News Desk

As rumors have swirled of catastrophic losses at former heavyweight bitcoin exchange Mt. Gox, two questions above all others beg for answers: Who inside the company and elsewhere in the bitcoin community knew of these mounting losses, and when did they know?

For the first time, we have a partial answer to the first, courtesy of Ryan Selkis, the man behind the Two-Bit-Idiot blog, who was singularly responsible for blowing the lid off this scandal by posting Mt. Gox’s “Crisis Strategy Document.” The short of it, according to Selkis’ latest reporting, is that Mt. Gox, and moreover its CEO and all-around grand puba, Mark Karpeles, acted alone.

That’s good news on one hand, but on the other it illustrates the inordinate amount of trust that has been placed on the self-policing ability of the bitcoin ecosystem. If nothing else, this last week has offered further evidence that, at the very least, serious changes are needed in terms of transparency and communication on the part of the its largest companies.

Whether Karpeles was simply incompetent (to epic proportions) or nefarious in his failure to secure customer funds will be determined in the coming weeks, months, and years – likely through a combination of forensic accounting by bitcoin experts studying the crypto-currency blockchain (general ledger) and possible criminal proceedings.

As Chief Security Officer and prominent bitcoin developer Andreas Antonopoulos notes in a statement posted to his blog: appears [Mt. Gox’s] “cold storage” was not in fact “cold” – which is either a stunning misrepresentation of their security or an outright lie. “Cold storage” does not “leak.” The idea that the funds were stolen, unnoticed, from cold storage, due to Transaction Malleability, strains the credulity of even the most gullible observers.

There’s no doubt that something is seriously amiss at Mt. Gox. Either the company has been lying to the public about the services it offers, or its leader has been lying to himself about his (and his team’s) technical abilities to deliver those promised services.

After speaking to several industry insider sources, Selkis has reached the damning conclusion that:

Mt. Gox has allegedly never conducted a single audit of its customer deposits, and it is believed that Karpeles may have been the only one within the company to have knowledge of how to actually tap the exchange’s cold storage.

Holy Enron! If accurate, that’s beyond any reasonable explanation. Unfortunately, shock and outrage may be the only remaining recourse, because it seems that the damage has been done and the possibility of recovering the 750,000 lost bitcoins appears less likely by the hour.

The good news, if you can call it that given the magnitude of the bad, is that other cornerstone institutions like The Bitcoin Foundation, Antonopoulos’, Coinbase, and SecondMarket knew nothing of Mt. Gox’s solvency issues until the 11th hour, according to Selkis and his sources. Once they caught wind, executives at these companies took immediate action, which included contacting regulators and temporarily forbidding their employees from trading.

Selkis describes details of an emergency bailout meeting convened by Karpeles and advisors from the consulting firm Mandalah in which the failing exchange petitioned potential investors or acquirers, including SecondMarket and possibly other competitors, for aid. Gox’s going forward plan, according to a draft 2014-2017 business plan, was apparently to cover up the losses through a combination of capital injection (likely via a combination of cash and bitcoins) and arbitrage trading between Mt. Gox – which by this point was trading at heavily depressed prices – and other healthy exchanges.

According to Selkis, those investors “rebuffed Karpeles and his colleagues, demanded they come clean to customers and stakeholders immediately, and then notified other industry executives, including those at the Bitcoin Foundation, of the catastrophic losses at Mt. Gox.”

This group of executives contacted regulatory authorities and summarily released a joint statement condemning Gox’s actions, dissociating themselves from any involvement, and reassuring bitcoin users that the core protocol and other key platforms continued to function properly. That statement included the signatures of Coinbase founders Fred Ehrsam and Brian Armstrong Kraken CEO Jesse Powell, Bitstamp CEO Nejc Kodrič, BTC China CEO Bobby Lee, Blockchain CEO Nicolas Cary, and Circle CEO Jeremy Allaire.

Antonopoulos describes his understanding of Gox’s condition that likely applies to the bulk of his industry colleagues:

Since [April 2013] I have made repeated public statements advising people to avoid Gox... [due to] proven management incompetence, expressed by a variety of massive failures, and their failure to hire a competent security and management team.

...while I had serious misgivings about the competence of Mt.Gox executives and especially Karpeles, I had not seen any indication of bad faith or fraud in the past two years. Furthermore, Gox had stated publicly that they kept the majority of funds in 'cold storage,' so I believed that even if the exchange had been defrauded because of their poor implementation of withdrawals-based-on-transaction-ID, the damage would be limited to the 'hot wallet.'

The unusually direct and unified actions on the part of the above bitcoin leaders is a big step in the right direction for the community. That said, given the lack of detail about Mt. Gox’s solvency included in that statement and the fact that hundreds of millions of dollars worth of consumer wealth remains tied up within the exchange, you could forgive readers for questioning how much more this group knew and when.

Selkis’ assertion that these leaders’ hands are clean of any deception or other forms of wrongdoing is as good of news as the community could have hoped for, short of a miraculous recovery of the lost funds – something that technically remains a faint possibility, but which seems less and less plausible by the hour.

The question now is where does all of this leave bitcoin?

Moving forward, the alternative currency and its cornerstone institutions need to regain trust. Most early adopters and core users will jump right back in, but the casual and prospective users that represent the future growth of this financial instrument will not be so easily comforted.

There are plenty of people, including Antonopoulos, who have issued warnings about Mt. Gox reliability in the past and believe that Gox's failure was inevitable and should be celebrated as a necessary cleansing. These same people should ask themselves how such an institution was allowed to grow to control more than 70 percent of global trading volume in a multi-billion dollar market. If everyone was so sure of the company's ineptitude, were clandestine Reddit conversations enough action to protect the bitcoin ecosystem?

The several hundred million dollar answer, according to 750,000 mission bitcoins, is no.

Every financial market has suffered fraud and mismanagement at one time or another. The important question is whether such events reveal systematic weakness or are simply isolated incidents. With Mt. Gox it appears to be a bit of both. Yes Karpeles acted alone. But the fact that a leading exchange could operate with what  appears to be almost no financial controls, a shoddy code base, and amateur hour operational and technical teams is beyond fathom. That users had no way of knowing this from the outside begs for action on the part of the community's leadership to ensure this never happens again.

For Bitcoin to evolve into a ubiquitous global economic instrument it will need organizations and leaders that can be trusted and greater transparency. There are calls for exchanges and wallet providers to provide regular, audited reports to verify account balances and submit to security best practices. Coinbase offered a crude example of such transparency by inviting Antonopoulos -- one of its competitors’ CSO -- to audit its security protocols and verify the existence of customer funds, a review it passed.

Whether such audits will become a regular and systematic occurrence throughout the ecosystem will depend on market demand, industry leadership, and potential new regulation. Selkis, for one, believes that regulation is the only option, writing; “the Mt. Gox scandal shows that the bitcoin community has completely lost its self-righteous claim to self-policing.”

Call it nationalistic, but Bitcoin also needs a prominent and trustworthy US-based exchange (the creation of which regulatory ambiguity continues to prevent). It doesn't need to be the only, or even the largest exchange in the world, but must be meaningful in size and operated by credible leaders. This issue may resolve itself if-and-when SecondMarket, headed by Barry Silbert, launches its widely-anticipated New York-based bitcoin exchange targeting major banks and financial institutions.

At a macro level, the bitcoin industry could also use a chief spokesperson; an elder statesman of sorts that conveys trust and authority, while also speaking in a language that the general public can understand. That person could be the head of the Bitcoin Foundation or the CEO of a prominent company within the ecosystem.

Either way, there’s a trust and leadership void at the moment and bitcoins’ public image is suffering as a result. One of the most glaring shortcomings of the industry’s handling of this latest debacle is the use of impenetrable technical jargon in most of its public statements. Terms like “cold storage,” “hot wallet,” “transaction malleability,” “hash,” and so on, when used without proper explanation, hobble mainstream adoption for bitcoin. Industry leaders need to recognize that they are speaking not just to fellow developers, but to politicians, regulators, and the general public, all of whom who have far more input into the long-term success of this financial experiment than they get credit for. This is where a polished leader becomes invaluable.

In many ways this type of transparency and such a solitary leader are at odds with bitcoin’s foundational tenets: it was created as a decentralized and distributed system meant to remove the need for trust between parties. Rabid libertarians and cyberpunks may be ok with such a system, but average Joes, not to mention the regulators intent on protecting them, are not.

The bitcoin protocol solves a real problem by allowing digital transactions to be completed outside of the costly and cumbersome existing financial infrastructure, but for the value of this solution to be realized, people have to use it. Bitcoin may have emerged as an anti-establishment financial instrument, but for it to survive and more importantly fulfill its lofty potential, it will need to shed much of its early ideology. Trust is key, and trust does not grow in the shadows.

Mt. Gox’s unraveling doesn’t need to be the end of bitcoin, but it needs to be the end of its innocence.

[Image via yoshiffles, Flickr]