Report Analyzes New “Pieces to the Puzzle” of Causes Behind Mt. Gox Collapse
On February 14, 2015, WizSec, a Bitcoin security firm based in Tokyo, published a report that claims to shed new light on the causes for the infamous 2014 collapse of the bitcoin exchange Mt. Gox.
It has been over a year since Mt. Gox announced that approximately 850,000 bitcoins accounting for over $600 million in value based on bitcoin prices at the time, had “disappeared” from the exchange. Mt. Gox has attributed the loss to external hackers who exploited a “transaction malleability” bug associated with the bitcoin protocol. Mt. Gox declared bankruptcy soon after the announcement. Mt. Gox’s Tokyo-court appointed trustee has retained San Francisco-based bitcoin exchange Kraken to assist with the “official” investigation, but Kraken has yet to announce the results of its investigation. In the meantime, the collapse of Mt. Gox has sparked continuing speculation and debate about the truth behind the lost digital currency.
This month’s WizSec report provides a partial summary of the firm’s ongoing “non-official” investigation into Mt. Gox and follows up on the “Willy Report,” which was released last May by an anonymous researcher who claimed that the Mt. Gox exchange was permeated by multiple trading bots, including one identified as “Willy” that may have been designed to manipulate the market price by systematically buying bitcoin. Both reports are based on independent analysis of data from September 2013 to November 2013 allegedly leaked from Mt. Gox following its collapse. The Willy Report hypothesized that the data could be read to suggest a possible “inside job,” based on analysis of evidence including user location data, differences between full use logs and anonymized logs related to one of the bots, and one of the bots’ ability to continue trading during network downtime.
The WizSec report claims to highlight other indicators of potential insider control of the bots in the leaked data. For example, it identifies potential “user” interactions with the bots and breaks down the timing of these events to correlate with the activity of a person whose sleep cycle matches “normal sleeping hours” in Japan, where Mt. Gox is based (as well matching the activity of someone who takes off work on the weekends). The WizSec report also analyzes publicly available data to extrapolate from the leaked data to theorize that the Willy bot kept operating through January 2014 and potentially reversed its operation to begin issuing sell orders just before Mt. Gox collapsed in February.
The WizSec report comes in the wake of a December 2014 report by the Japanese newspaper, The Yomiuri Shimbun, that sources at the Japanese Metropolitan Police Department are attributing the missing bitcoins to insider fraud by someone at Mt. Gox rather than external hacking.
Although the WizSec Report itself is careful to note that its data is “scarcely sufficient for conclusions,” it has still garnered a great of deal attention from investors and digital currency market watchers starved for more clues about the demise of Mt. Gox (and potentially the whereabouts of the still-missing bitcoins). For some, the findings have added support to the theory that the theft was an inside job, but the report avoids such a firm conclusion. Indeed, it ends with a series of important questions for which there are no answers yet—such as how such large amounts of U.S. dollars were used to buy bitcoins without being detected. And as the long-term future of bitcoin remains a topic of fierce debate, uncovering the true the fate of Mt. Gox continues may be one of the key pieces of that puzzle.