Pages:
Author

Topic: [GOX] Crime Scene Investigation, Case #MG744 - page 10. (Read 47015 times)

hero member
Activity: 588
Merit: 501
I agree with this but some points will be hard to get audit.
I can compare an exchange as gaming platform. Example playtech software who is an author of casino software. So such software company make the exchange software and exchange operators buy licence. Software is created in profesional software firm where they gurantee bug free and hack proof software. It could be also usefull of prevention/detection if exchange operator doing inside trade with virtual coins/fiat.


you are right, however whatever can get done should be done, whatever cannot be done immediately should be placed on the 'things to do' list so that it is addressed at some future stage.

until this whole Mt Gox matter is finally settled btc will fail to soar like it is designed to do.

sr. member
Activity: 476
Merit: 250
hero member
Activity: 588
Merit: 501
Quote from: nwtrades on Today at 02:33:54 AM
Due to the news of rampant thefts at Bitcoin exchanges this past week (Mt. Gox, Poloniex, Flexcoin) it is becoming apparent that there's a dire need for some security standards in the Bitcoin community to ensure compliance and build client trust.  The media is jumping over every hack story that comes out and shouting that it's insecure.  You can't blame people for thinking this way, because at this point it's a legitimate fear.

There is no question that we need a standard process for third party security experts to be able to review exchange processes and software from top to bottom.  If you know of some sort of external security company that already does this, feel free to post.

Perhaps exchanges could be verified on a certain level of compliance and receive a letter or badge to post on their website for proof of audit.  Maybe someone like Andreas Antonopoulos would be interested to open this discussion further.

Items to address in audit:

- Source code, deployment and version control procedures
- Bitcoin software and protocol implementation
- Server platform (software versions, port scanning, server logging, brute force protections, DDOS protection, backups, redundancy, etc)
- Emergency shutdown and startup procedures
- Physical security (security cameras, electronic facility monitoring, alarm systems, swipe-cards, etc)
- Use of AML / KYC procedures and encrypted offsite storage of client documents
- Offsite cold storage (multiple locations) and use of keys, with logs of all activity
- Onsite hot wallet and use of keys
- Minimum of email verification or 2-Factor Authentication mandatory for withdrawals on all client accounts
- Options for clients to set a withdrawal limit on their account (similar to a bank)
- Alerts available for unusual activity on client accounts, with additional verification option (email or phone call) in case of sudden large withdrawals
- Staff background checks
- Staff fraud prevention training
- On-site restrictions for staff electronics and storage devices
- Restricted access areas for developers and system-critical staff
- Procedures for reporting illegal or suspicious activity to law enforcement

I will add to this as more feedback comes in.  PLEASE contribute!  This is a great community and the development of this ecosystem is happening and will continue happening thanks to you!
sr. member
Activity: 476
Merit: 250

http://newsbtc.com/2014/03/03/blockchain-info-ceo-nic-cary-big-news-dropping-tomorrow/


Blockchain.info CEO Nic Cary: “Big News Dropping Tomorrow”
Eric Calouro | March 3, 2014    | 1 Comment
Nic Cary Exciting News Tweet

That price spike we saw earlier today? There’s probably a good reason for it. Blockchain.info CEO Nic Cary sent out an interesting tweet Monday afternoon with some informaiton to get the bitcoin community’s hearts pumping a little harder:

“This is going to be an exciting week,” he proclaimed. “Some big news dropping tomorrow”.

Are your palms sweating yet?

Of course, no indication on just what that good news is, but it’s most certainly a change of pace from these last few weeks. From bitcoin price drops to the horrifying news that Mt. Gox had lost millions in user funds (and subsequently filed for bankruptcy protection).

We’re not going to speculate, but we’d imagine of Cary considers it “big news”, then it most likely is. Also of interest: Cary @-mentioned both the Bloomberg and Market Makers (a TV program on Bloomberg) Twitter accounts.

What do you suspect is on the horizon?

Huh? I believe you are in wrong thread.
That's good topic you are talking about. Just start new thread. Don't hijack the others.
Actually, this is thread where armis is op.  Wink
sr. member
Activity: 357
Merit: 250
damnnn
sr. member
Activity: 504
Merit: 250

5.7 million BTC, that's some address. That's...  3.3 Billion USD plenty for everybody and a bonus.
legendary
Activity: 1890
Merit: 1031
You mean he left tokyo?

btw it s not him on the picture

Yes he left Tokio
full member
Activity: 210
Merit: 100

http://newsbtc.com/2014/03/03/blockchain-info-ceo-nic-cary-big-news-dropping-tomorrow/


Blockchain.info CEO Nic Cary: “Big News Dropping Tomorrow”
Eric Calouro | March 3, 2014    | 1 Comment
Nic Cary Exciting News Tweet

That price spike we saw earlier today? There’s probably a good reason for it. Blockchain.info CEO Nic Cary sent out an interesting tweet Monday afternoon with some informaiton to get the bitcoin community’s hearts pumping a little harder:

“This is going to be an exciting week,” he proclaimed. “Some big news dropping tomorrow”.

Are your palms sweating yet?

Of course, no indication on just what that good news is, but it’s most certainly a change of pace from these last few weeks. From bitcoin price drops to the horrifying news that Mt. Gox had lost millions in user funds (and subsequently filed for bankruptcy protection).

We’re not going to speculate, but we’d imagine of Cary considers it “big news”, then it most likely is. Also of interest: Cary @-mentioned both the Bloomberg and Market Makers (a TV program on Bloomberg) Twitter accounts.

What do you suspect is on the horizon?

Huh? I believe you are in wrong thread.
That's good topic you are talking about. Just start new thread. Don't hijack the others.
hero member
Activity: 588
Merit: 501
This is exactly why we NEED government and regulation

You can't have it both ways. Bitcoin was explicitly invented as a way to exchange tokens of value outside of any regulatory system. Either a money system is outside of the government or its inside of the government. If you have all the functions of government private property rights and justice system involved then there is no need for a decentralized blockchain. It would be a waste of time. You can go one way or the other way, but you can't have both.

currently there is decentalized govt regulation, because there are many countried that has acknowledged btc, allowed it to exist, may have even classified it, and have made some rules pertaining to it. 

In fact, the US govt is not just a rule maker of btc they are also a btc holder, one of the larger holders I might add



sr. member
Activity: 274
Merit: 250
This is exactly why we NEED government and regulation

You can't have it both ways. Bitcoin was explicitly invented as a way to exchange tokens of value outside of any regulatory system. Either a money system is outside of the government or its inside of the government. If you have all the functions of government private property rights and justice system involved then there is no need for a decentralized blockchain. It would be a waste of time. You can go one way or the other way, but you can't have both.



Actually, the reality is that we always have it both ways. There is anarchy amongst government and government amongst anarchy. For me, utopia would be a life where we all follow a few simple rules, one of them being the Golden Rule.

In the case of Bitcoin, we are at least governed by math. However, if theft becomes prevalent, and the society of Bitcoin cannot prevent a theft of this size, then Bitcoin is no better than FIAT. Surely a Bitcoin "court of law" could be established to review the Blockchain and other evidence to determine rightful ownership and return it to the original owner. Same should be said for LOST Bitcoin. If a person accidentally throws their Bitcoin away into the trash, it should be recoverable provided the person can prove ownership. We might give up privacy for a system like this, but quite frankly, isn't every single action on the Internet recorded anyhow?

The NSA and other such entities will surely be able to tell us what happened in this heist.
newbie
Activity: 19
Merit: 0
This is exactly why we NEED government and regulation

You can't have it both ways. Bitcoin was explicitly invented as a way to exchange tokens of value outside of any regulatory system. Either a money system is outside of the government or its inside of the government. If you have all the functions of government private property rights and justice system involved then there is no need for a decentralized blockchain. It would be a waste of time. You can go one way or the other way, but you can't have both.
sr. member
Activity: 378
Merit: 250
You mean he left tokyo?

btw it s not him on the picture
legendary
Activity: 1890
Merit: 1031
http://www.bitcoinupdate.nl/1/post/2014/02/mt-gox-maanden-lang-gehackt-en-geplunderd.html

Update 3 maart 2014 20:05
Mark Karpelès is gevlucht met zijn lijfwachten richting de kustplaats Sendai.


I used goooooogle translate, Mark Karpelès, some guards are in Sendai Japan.
newbie
Activity: 2
Merit: 0
I think everyone needs to calm down trolling and think about the salient issues of contention here in a legal sense.

A bit of background, i'm studying for my phd in the law faculty at oxford and i have spoken to a specialist on property and the meaning of property as well as a judge who is an old friend at the international criminal court and a barrister who specialises in money laundering.

Now, the person is not an idiot. What is at issue here is the legal definition of what bit coins are.

There are two ways this can be established, firstly, through an emergency act of parliament, secondly, through a test case brought by the CPS to see whether or not bitcoin can be interpreted as fitting under an existing law.

You all operate on a folk misconception of law and ownership as if it is based on statute. Further, you all DECIDE what bitcoins are (your interpretation) and then make an argument on the basis of this (for example a previous poster who talks about the laws relating to cash in Germany). This is mere speculation. None of us have any idea how this might play out if a test case were brought or if an act of parliament was passed. Even legal professionals at the top of their game can only speculate. It is simply unknowable before the process is followed, though educated guesses can be made.

I know in the UK at least we have a common law system, which means that even something like bitcoin can come under the purview of an extant statute if this is deemed reasonable by a judge, a jury, or the lords (depending on the nature of the test case).

Now, it rests on a political or legal decision to classify bitcoin in a particular way. If the UK government came out today, or if a judge passed a ruling tomorrow, that stated that bitcoins were a good, not a unit of exchange, and furthermore that they are a good that can be owned in the sense of any other good, it would be the case that if you could follow your bitcoins from MtGox to another account on the blockchain you would be able to have an injunction served to freeze those assets, which could mean confiscating the server that the bitcoin is currently stored on. I am speaking specifically if these bitcoins have been passed through shill addresses (which seems to be the case) that exist only to throw people off the trail. Of course, if they go into an account already full of bitcoins and then leave again, it is more difficult if not impossible (again, depending on specifics) to trace *your* bitcoin. If however, they enter into an account before being split into a tiny transaction and a large transaction, and you follow these transactions to a residing address, than you can most certainly say that they are your bitcoins, your property, and take legal steps to have these recovered. Providing these bitcoins are held on a server, an injunction could be issued to freeze access to that account or failing that to confiscate the server (in the same way that you can confiscate a car containing stolen goods even if the majority of goods in the car are not stolen). If these bitcoins have gone offline, a warrant could be issued to find out which physical address was using an IP at the time that they took them offline (providing of course that these details are stored).

I am an idiot for storing my coins in Gox. And I am idiot for being so negligent and lazy. But it would seem that there is a prima facie case to answer here. When I follow the transactions from Gox it is very obvious that they have been sent through a rudimentary system that attempts to hide their final destination. The co-ordination of transaction times, the correspondence of amounts, all makes this very obvious. The notion that you cannot own a bitcoin, that bitcoins are not property, that bitcoins are like cash and should be treated so, is all pure speculation. Having spoken to as I said to a barrister who specialises in the idea of property and how property is defined, there is certainly a chance that if someone brought a case against say, an exchange or wallet service that was owning the funds, that a good barrister could set a precedent defining bitcoin as a particular kind of good. If bitcoins were defined in this way, they would be subject to the usual legal procedures to recover them, i.e. the assets would be frozen or seized whilst a legal process was undertaken.

A good analogy in the UK is the problem with the theft of copper. Previously, the problem was that copper, like bitcoin, was a commodity (i'm not making a claim here, please proceed for the sake of argument) which could be mixed up with other copper, it could be melted down and reformed into new things, and it became impossible to distinguish which bit of copper belonged to who. Now, however, they have a copper marking system, which means that even if copper is melted down and reformed into something new, it bears a trace that identifies it to its rightful owner. The copper is seized or the assets frozen and as soon as proof is established that you the rightful owner, it is returned.

I understand that for some of these bitcoins they will have entered into very large addresses and thus it becomes very difficult to follow the trail. But if you can show beyond reasonable doubt that the bitcoins were taken from your account and belong to you, like for example if it is the case that the coins have been split into shill addresses but it's very clear that this was a diversionary tactic and now they are rested in amounts of around 3 bitcoins in numerous addresses, that is at least enough evidence to have the assets seized or frozen pending an investigation.

As I said, this depends on either parliament taking action or the CPS or an ambitious young lawyer bringing a test case to attempt to classify bitcoin under existing law. But it is not some fantasy. It is not idiotic. In fact, what is idiotic are these uninformed ramblings of people who have no idea about political or legal process. I accept that this is unlikely to happen, but it is not an avenue to be dismissed. The sums involved are so large that there is clearly a public interest in the CPS bringing such a case. I am also meeting with my local MP tomorrow who I hope will bring an early day motion to parliament. Everyone here has an idea of what bitcoin is, but no-one, not even the top legal professionals, know how this might play out in a legal or political setting. So wind your necks in folks, and before insulting and trolling people, at least take some time to consider their argument. In the end you may be right, govt might not care, CPS might be unwilling to bring a test case, and departments are not going to take on this huge burden on their resources without being directed from the centre (exactly as we saw in japan, a declaration it was nothing to do with them followed by an assurance from the governments that ministries will be involved and investigations will occur).

Everyone keeps spewing out this libertarian nonsense, oh bitcoin is free from the government, we shouldn't intervene (forgetting of course where all the technology it runs on started on, in HUGE public projects, the internet itself, for example, coming from the US military —hardly free from government). But there has been no collective action. Big exchanges knew what was going on and kept customers in the dark. There is no sympathy but harshness, malice and callousness. When a lot of people look at this mud slinging, you know what they thing? This is exactly why we NEED government and regulation, this lot couldn't organise a piss up in a brewery, they couldn't decide how to make a cup of tea, never mind to participate collectively in that thing we call society. Ironically, the response of the bitcoin community is a massive argument in favour of an independent body that regulates contractual relationships between individuals. That's what a government is. The longer the bitcoin community fails to come up with collective action to at least aid and assist depositors, the more people in desperation will turn to what is familiar to them. I lost a modest sum, easy come easy go. Some people have lost their life savings. Sure, it was a bad move. Yes, it was stupid. But that does not make them to blame. It makes them complicit, which is a different thing altogether. No options should be dismissed, all should be pursued. And if this libertarian thing is ever going to work, it has to work now, in crisis. The bitcoin community could easily guarantee at least 50% of gox deposits, for example, through donations, whilst at the same time ridding the community of the stain that was gox. Punishing gox and punishing the people who use it, many of whom remember were early adopters who BELIEVED in this thing, are different things and must be seperated. 
legendary
Activity: 1652
Merit: 1016
OK I JUST TRACED BITCOINS I SENT TO GOX ON:

2014-02-03 06:29:00

SENT 5 BTC TO Mt.GOX ADDRESS: 1CdiTM1BCifFB5KpW8L5t51PUL8NW7vW9E

TRANSACTION: https://blockchain.info/address/1CdiTM1BCifFB5KpW8L5t51PUL8NW7vW9E

NEXT my 5 BTC get's sent to: 1GvYWVRPyq2mQFf8w64DZtyX4ekK5taa1d

https://blockchain.info/address/1GvYWVRPyq2mQFf8w64DZtyX4ekK5taa1d

NEXT my 5 BTC get's sent to: 1NRUPGCqCX56DvVptV2dvNPS2UwZMsUXvA

https://blockchain.info/address/1NRUPGCqCX56DvVptV2dvNPS2UwZMsUXvA

AND IT IS STILL THERE!

SO WHY CAN'T I CLAIM THAT BACK IN COURT?


It hasn't been stolen, it is just sitting in some dormant wallet of Gox's.

Who do you possibly know that address 1NRUPGCqCX56DvVptV2dvNPS2UwZMsUXvA belongs to Mtgox??
full member
Activity: 210
Merit: 100
OK I JUST TRACED BITCOINS I SENT TO GOX ON:

2014-02-03 06:29:00

SENT 5 BTC TO Mt.GOX ADDRESS: 1CdiTM1BCifFB5KpW8L5t51PUL8NW7vW9E

TRANSACTION: https://blockchain.info/address/1CdiTM1BCifFB5KpW8L5t51PUL8NW7vW9E

NEXT my 5 BTC get's sent to: 1GvYWVRPyq2mQFf8w64DZtyX4ekK5taa1d

https://blockchain.info/address/1GvYWVRPyq2mQFf8w64DZtyX4ekK5taa1d

NEXT my 5 BTC get's sent to: 1NRUPGCqCX56DvVptV2dvNPS2UwZMsUXvA

https://blockchain.info/address/1NRUPGCqCX56DvVptV2dvNPS2UwZMsUXvA

AND IT IS STILL THERE!

SO WHY CAN'T I CLAIM THAT BACK IN COURT?


It hasn't been stolen, it is just sitting in some dormant wallet of Gox's.

You just proved yourself you are an idiot.
What you have is an evidence that you have sent some BTCs to MtGox.
MtGox filed for bankruptcy, meaning all funds are frozen, and creditors can't touch whatever MtGox has until some court order. Go ahead read mtgox.com and get yourself informed. All you can do, at this moment, is to cross your finger, and pray perhaps, for a court order in your favor. And that Mark will remain faithful and accountable, that he will do his best to regain funds to return what's yours and other creditors. But can we trust his word? And when can we get our money back? Many creditors don't have enough faith for that. So, there even may be some deal that Mark will agree to pay only 50% (or whatever portion) of debts in timely manner. I will say it would be wise to be a part of that bargain. It's better than nothing, right?
Otherwise, you are on your own. And if you decide to take a different action, your legal fee would be 100 times larger than your initial loss. It sucks. The truth is too harsh, and difficult to swallow. You just spent 15BTCs for a lesson of life time. I will say it's well spent, and not too expensive.
If you haven't learned anything by being Goxed, you are really an idiot.
legendary
Activity: 2170
Merit: 1094
...
Part of these coins were sent on more or less 6 January 2014 to be sold on a very specific bitcoin exchange (there is one exchange that in certain aspect differs from the other exchanges and these coins could be sold only there).
...

Is it a Chinese exchange who's volume spiked up a lot for no apparent reason (at that time)? Why keep it's name secret for now?
BDD shows a huge spike on the 7th February, but not the 6th January. And another one in December, shouldn't these coincide with the thefts?
sr. member
Activity: 364
Merit: 250
American1973
member
Activity: 97
Merit: 10
The above theory has to explain why he did not just run the exchange normally and profit from it when he had 80-90% of all trades.

If money was the motive, he could have profited without even manipulating at all, or if he wanted some extra, just use the exchange powers to get that extra.

So adding to the above, maybe he decided to turn his customers' BTC into USD and settle the coinlab case along with whatever the US gov was squelching out of him for not having registered properly as a money transmitter when accepting USD funds from US customers.

He thought that maybe he would be able to get all this back via the arbitrage and other shady things i described, including fees from trades and deposits/withdrawals.

But then he got surprised by bitcoin shooting up like there was no tomorrow. We went from around 100 to 1200 in just a few weeks.

Now one might think, to get to 1200 there had to be a lot of USD coming into the exchange to get the price that high. But this is not true. All it takes to make the price shoot up is for people owning BTC, thinking it is more worth, not willing to sell for less, and others bringing new USD into the exchange willing to buy at those prices.

The problem here was not him not having the USD for the withdrawals, but him not having the REAL btc anymore. On the USD part, people would simply not have placed any orders on MtGox, so either the price would go down, or people would have to wait for someone willing to buy the goxBTC at such high prices with fresh USD coming in.

However, when people started to withdraw BTCs in masses, this is what collapsed the whole system. He simply did not have the BTC anymore as explained above.


The mistake was to use customer funds to pay out liabilities for court cases the exchange owned. He should have declared bankruptcy back then and pay out everyone his funds fully, then restart as a new business with a new CEO.
(or even better, pay out everyone fully, and THEN shut down and declare bankruptcy)


Pages:
Jump to: