Pages:
Author

Topic: [GOX] Crime Scene Investigation, Case #MG744 - page 13. (Read 47029 times)

hero member
Activity: 588
Merit: 501
February 28, 2014, 08:06:03 PM
#8
it may be simpler than that; the theft can have been

a) straightforward stealing from a wallet, not tied to a customer account, in which case there should be  a normal blockchain record of the transaction
b) malleability hacks - in this case the internal records may be compared to the blockchain records. In other words, the proper accounting that was not done in real time, could be done as part of an iterative forensic analysis using internal records and blockchain. Most accounts at Gox are probably OK and it should be possible to rule these out easily.

At least the total leakage from 2011 until now could somehow be determined if Gox has archived all their transactions...and 800K is a lot, even if BTC was worth a lot less back then, the volume was also a lot less...

And also, if someone stole that many coins, he will not have an easy time converting these, if exchanges do proper AML-KYC. Mixing such a large number of coins is hard. This mixer.io (or whatever its called) some people advertise, claims to have a queue of 2400, so mixing 800 000 coins is not realistic.

But first we need some forensic analysis to prove that these coins were stolen

I HOPE THEY WERE ONLY LOST ... that would be even good for the honest BTC owners  Tongue

I was expecting someone to bring up 'mixing' even with that the transactions can be tracked everything electronic leave a footprint, here's the thing about the mixers, if anyone is too lazy to figure it out they can just blame it on the owner of the mixer since they were the last ones on record to have the funds.   That would motivate the mixers to cooperate with the investigation.   



member
Activity: 97
Merit: 10
February 28, 2014, 07:48:46 PM
#7
There was some irc chat long ago, where Karpeles sent around 424k BTC to a particular address as in to prove that the exchange holds enough funds.


The address was this here

424k proof transaction:
https://blockchain.info/tx/3a1b9e330d32fef1ee42f8e86420d2be978bbe0dc5862f17da9027cf9e11f8c4 424k 06/23/2011

connected to this address are following addresses

50k 1P3S1grZYmcqYDuaEDVDYobJ5Fx85E9fE9 first input: 11/16/2011 05:59:08
40k 1cXNTyXj4xPGopfYZNY5xfSM1EPJJvBZV first input: 11/16/2011 05:59:08
40k 12HddUDLhRP2F8JjpKYeKaDxxt5wUvx5nq first input: 11/16/2011 05:38:46
40k 16Ls6azc76ixc9Ny7AB5ZPPq6oiEL9XwXy first input: 11/16/2011 05:38:46
30k 1MyGwFAJjVtB5rGJa32M6Yh46cGirUta1K first input: 11/16/2011 05:45:03

Unfortunately i fail to understand the blockchain.info chain of events completely, as there are some addresses which received less funds than they seemingly sent out.

you will notice that all of those addresses contain the bitcons still, AND all of those addresses have zero digits BEFORE the dot(sub the front digit of course). they are exactly 50000.whatever, 40000.whatever and so on...

if you head over to http://bitcoinrichlist.com/top100 you will be able to find similar addresses with 40k, 30k, 20k, 10k etc

one example being this

Nr 24, 25, 26 in the rich list are 40k with all digits in front of the dot are zero, AS WELL as one digit after the DOT.
There is one more 40k which has ALL digits in front of the dot zero, but not the digit AFTER the dot.
This would be this one

http://bitcoinrichlist.com/address/14j6jLececs66ZQ8ew6vTFNiEn2NupacWJ?charttype=balance


There is only 1 30k address which is already included in the list, showing this pattern, but there are two 20k addresses being at 45 and 46 in the rich list position, having all zeros after the "2" digit

http://bitcoinrichlist.com/address/15CVfJUC1LKn1GKZx6RM5UMbFfnTd8vTT4?charttype=balance
http://bitcoinrichlist.com/address/13ssxUjmQqemuiBfJSBsr7gFX7UWU7uXNK?charttype=balance

at 15k we have

http://bitcoinrichlist.com/address/1LDWDufjU5ATbozDZY3uChb7oPAbDaiB7K?charttype=balance
http://bitcoinrichlist.com/address/12WFth5HabiVrcj5waHtDP1b7gXSQPuDPz?charttype=balance
http://bitcoinrichlist.com/address/1Fd2RVn8Ha6K6qevPFgPLneJn8VNaLPGW2?charttype=balance

at 10k we have

http://bitcoinrichlist.com/address/1MeCzxxB8eDd17DaocFLQaQtH8seVjNM67?charttype=balance
http://bitcoinrichlist.com/address/1Gg9GGQWmRk1pp4vNkMqLaEiPVNdiNvz7E?charttype=balance
http://bitcoinrichlist.com/address/19PPeuu4jPjqtefSQ2FDgKmNJ88Z5wiuJt?charttype=balance
http://bitcoinrichlist.com/address/15jdxjFhXUsp2xuycmKnjw8yk1WsVon69c?charttype=balance
....

many more. The 10k addresses that follow this pattern are numerous going from 84-113 , meaning 30* 10k = 300k coins

194-235 5k deposits with same pattern  42*5k = 210k
 
So we would have

1x  50k
4x  40k (one of which does not follow the exact pattern as the other 3)
1x  30k
2x  20k
3x 15k
30x 10k
42x 5k

we get a total of 835k BTC.

Not all of those addresses are owned by MtGox for sure, in fact, maybe none of those are owned by Gox. It's highly speculative if those BTC are part of the lost 750k especially since i cannot understand the blockchain chain of events well enough to explain certain transactions from addresses that seem to have less in than they transact out.
legendary
Activity: 1372
Merit: 1014
February 28, 2014, 07:20:42 PM
#6
it may be simpler than that; the theft can have been

a) straightforward stealing from a wallet, not tied to a customer account, in which case there should be  a normal blockchain record of the transaction
b) malleability hacks - in this case the internal records may be compared to the blockchain records. In other words, the proper accounting that was not done in real time, could be done as part of an iterative forensic analysis using internal records and blockchain. Most accounts at Gox are probably OK and it should be possible to rule these out easily.

At least the total leakage from 2011 until now could somehow be determined if Gox has archived all their transactions...and 800K is a lot, even if BTC was worth a lot less back then, the volume was also a lot less...

And also, if someone stole that many coins, he will not have an easy time converting these, if exchanges do proper AML-KYC. Mixing such a large number of coins is hard. This mixer.io (or whatever its called) some people advertise, claims to have a queue of 2400, so mixing 800 000 coins is not realistic.

But first we need some forensic analysis to prove that these coins were stolen

I HOPE THEY WERE ONLY LOST ... that would be even good for the honest BTC owners  Tongue
hero member
Activity: 588
Merit: 501
February 28, 2014, 04:05:52 PM
#5
And what is it that you want to do when you find the BTC? Beat the private keys out of anyone that has even a satoshi of them in their wallets? Who's can say those BTC have long been used/traded for good or services? Or even if they ended up in a cold storage wallet long ago?

I think you really need to think about what your suggesting; a witch-hunt plain and simple.


What I'm suggesting is 100% sound

Let's examine your excuses individually:

1)  "And what is it that you want to do when you find the BTC?"
A)  return it to it's rightful owner, that's what you are supposed to do with stolen money.  Sure that's not news to you?

2) "Beat the private keys out of anyone that has even a satoshi of them in their wallets?"
A) I try not to operate like that any more

3)  "Who's can say those BTC have long been used/traded for good or services?"
A)  Oh, goodie, they were spent for "good or service", so now you have names, faces, addresses, email addresses, phone numbers, cities,  countries ... to add to all of the other electronic connections.  At that point anonymous becomes a less anonymous.

4)  "Or even if they ended up in a cold storage wallet long ago?"
A)  cold storage doesn't represent a dead end it represents a good idea of where it is, who has it and that it is still available.


Even if someone attempted to wash the dirty money it will show on the block chain. 

The whole cryptocurrency economy suffers when irresponsible behavior is rewarded with a blind eye.
hero member
Activity: 588
Merit: 501
February 28, 2014, 03:30:07 PM
#4
And what is it that you want to do when you find the BTC? Beat the private keys out of anyone that has even a satoshi of them in their wallets? Who's can say those BTC have long been used/traded for good or services? Or even if they ended up in a cold storage wallet long ago?

I think you really need to think about what your suggesting; a witch-hunt plain and simple.

I think we have our first suspect... Wink

hahahahaaa





newbie
Activity: 21
Merit: 0
February 28, 2014, 02:52:36 PM
#3
And what is it that you want to do when you find the BTC? Beat the private keys out of anyone that has even a satoshi of them in their wallets? Who's can say those BTC have long been used/traded for good or services? Or even if they ended up in a cold storage wallet long ago?

I think you really need to think about what your suggesting; a witch-hunt plain and simple.

I think we have our first suspect... Wink
full member
Activity: 140
Merit: 100
February 28, 2014, 02:46:08 PM
#2
And what is it that you want to do when you find the BTC? Beat the private keys out of anyone that has even a satoshi of them in their wallets? Who's can say those BTC have long been used/traded for good or services? Or even if they ended up in a cold storage wallet long ago?

I think you really need to think about what your suggesting; a witch-hunt plain and simple.
hero member
Activity: 588
Merit: 501
February 28, 2014, 02:39:02 PM
#1
Do you want to know where the Mt Gox money went?
Do you want to know who is responsible for the loss?
Do you want to help find the missing btc?

Given that the bitcoin block chain is a public ledger and that each and every transaction from the beginning of btc time to present is documented, I propose a CSI type forensic investigation of the block chain to account for all of the btc that went through Mt Gox from their first deposit to their last withdrawal.

Clearly this would be a massive undertaking because you are not just looking at 1 level of deposits and withdrawals, but you are looking for patterns, and anomalies on multiple levels.  Most of the transactions will be relatively easily to account for, many won't, but all btc can be accounted for.  

I think such an effort would give the btc community a major boost.







 
Pages:
Jump to: