Author

Topic: [GOX] Tracing the money. (Read 4135 times)

member
Activity: 98
Merit: 10
March 01, 2014, 10:56:19 PM
#15
  Moving to the topic=492776 thread.


I'll add coin to the reward.  I just want to expose what's going on with MtGox and perhaps even help them as the case may be.


sr. member
Activity: 332
Merit: 253
March 01, 2014, 10:48:48 PM
#14
There is also a reward now for part of this puzzle. I suppose it may get larger. Perhaps you can claim it.

https://bitcointalksearch.org/topic/reward-find-the-cold-storage-wallets-of-mtgox-before-supposed-theft-495089

sr. member
Activity: 332
Merit: 253
March 01, 2014, 10:18:24 PM
#13
Perhaps also see this other thread, which has some interesting results:

https://bitcointalksearch.org/topic/gox-crime-scene-investigation-case-mg744-492776
member
Activity: 98
Merit: 10
March 01, 2014, 10:11:36 PM
#12
If someone points me towards the tool that lets you lets you parse the ledger so I can create records to insert into a local DB (mysql or postgres), I'll do that.    I think Gavin made some tools to do this.


I can use the MtGox address 1LNWw6yCxkUmkhArb2Nf2MPw6vG7u5WG7q  to look for a double spend pattern.  
It won't be hard to parse that DB for where double spends happened from that address by looking for dupe amounts, addresses and padded transIDs.

If you do a google search for "Warning! this bitcoin address contains transactions which may be double spends. You should be extremely careful when trusting any transactions to or from this address."
You can see this double spend via trans malleability came up years ago with Satoshi Dice, where a bot was dumping recreated transactions with altered transID's back into the pool right after the first version shows up.  Someone had a bot just recreating transactions with the transID padded.  
If someone did that all along with MtGox, or recently, then they may have just been malicious and caused double spending to a wide variety of addresses, not only their own.  Forcing the Gox bug to give people extra coins who did not deserve it.  If this is what happened, it's going to be very hard to get the money back, but certainly some of it will be linked to people  who they know the identity of.    If the attackers were dumb enough to only double spend to their own addresses, then we can find them more easily.

member
Activity: 98
Merit: 10
March 01, 2014, 08:29:51 PM
#11
After looking at some reddit posts, I found this adress that was directly linked to Mtgox money movenments back in 2011 when Mark was proving they had coins.
https://blockchain.info/address/1LNWw6yCxkUmkhArb2Nf2MPw6vG7u5WG7q?filter=1

When I set the filter to 1 (sent), I got the error message at the top saying "Warning! this bitcoin address contains transactions which may be double spends. You should be extremely careful when trusting any transactions to or from this address."


We should be able to identify addresses that did the double spend against Mtgox by looking at the ledger (via malleability trick).  We can create a breakdown of the addresses to see if they (thieves) used many addresses to double spend to, or only a few.

Since anybody double spending against mtgox must have been using a mtgox address to double spend from, MtGox must know who this was (who owned the accounts).
full member
Activity: 218
Merit: 100
March 01, 2014, 04:31:08 PM
#10
Somebody will offer Meiklejohn a bounty of, say, $100,000, or better yet, a cut of recovered BTC.  She'll find the coins.

If she does it for free, people will be amazed.
+1
legendary
Activity: 1638
Merit: 1001
March 01, 2014, 04:27:12 PM
#9
Somebody will offer Meiklejohn a bounty of, say, $100,000, or better yet, a cut of recovered BTC.  She'll find the coins.

If she does it for free, people will be amazed.
member
Activity: 98
Merit: 10
March 01, 2014, 03:42:05 PM
#8
However, with the addresses listed above, there's no bitcoin going out of them. The bitcoin have been sitting there for quite some time, and they are still there.
If someone was going to steal the bitcoins, would they not immediately start transferring them all over the place and breaking them up?

I find it hard to believe that someone would have stolen the bitcoin and then just parked them in increments of 10k and then just let them sit there?

Agreed, in this Gox case.  Where did you see increments of 10K.  that's interesting becuase of the 10K sell on bitstamp last monday.

But It might just be dumb thieves who don't know what to do next given that their transactions can be traced, so they are trying to figure out a strategy.
Once they do, it will all be traced, at least address transfers.  I love public ledgers.


full member
Activity: 129
Merit: 100
March 01, 2014, 03:31:45 PM
#7
However, with the addresses listed above, there's no bitcoin going out of them. The bitcoin have been sitting there for quite some time, and they are still there.
If someone was going to steal the bitcoins, would they not immediately start transferring them all over the place and breaking them up?

I find it hard to believe that someone would have stolen the bitcoin and then just parked them in increments of 10k and then just let them sit there?
legendary
Activity: 1316
Merit: 1000
March 01, 2014, 03:14:41 PM
#6
following
sr. member
Activity: 378
Merit: 250
March 01, 2014, 03:12:15 PM
#5
ok following this thread

need to find out what they have done with our btc
member
Activity: 98
Merit: 10
March 01, 2014, 03:07:52 PM
#4
The only other avenue I can think of beyond exchanges that large scale thieves might have is trying to create groups of brokers on localbitcoins who take a cut of each sale.  Likely some of the popular big thefts are doing this now  (sheep, silk2). But that will only be limited in its scale that they can sell I imagine, so they would be forced back to exchanges at some point.

Reality too is the US gov and others have already been targeting these brokers.  All it takes is one broker who gets caught and his addresses can be traced into the flow.  That broker gets traced back the folks with the coins at scale.
Anyone who thinks the US gov hasn't already started to do this is silly.  Last news story was a localbitcoins guy in Florida who got arrested.  I wonder what news story is next once they get him to spill some beans, and some sting operations to follow.  


full member
Activity: 129
Merit: 100
March 01, 2014, 02:42:35 PM
#3
FWIW:

It APPEARS ( Huh) that 90,000 of the bitcoin (~$49million USD) are sitting in these 2 wallets untouched:

https://blockchain.info/address/1cXNTyXj4xPGopfYZNY5xfSM1EPJJvBZV

https://blockchain.info/address/1P3S1grZYmcqYDuaEDVDYobJ5Fx85E9fE9

To me, their claims of assets simply don't add up:
https://bitcointalksearch.org/topic/how-does-mtgox-only-claim-37-million-in-assets-doesnt-add-up-494710

Without having access to their records, there is no 110% provability that those two wallets are in fact owned by GOX, however, if this were a civil matter, with the information provided at http://letstalkbitcoin.com/the-ghost-in-the-machine-at-mtgox/#.UxImAuNdUhM, there's pretty good probability that they are.

member
Activity: 98
Merit: 10
March 01, 2014, 02:33:38 PM
#2
I'd also argue that if the exchanges wanted to really step up, they could easily be helping with this analysis.    Even sophisticated thieves need to cash out.   Tracing backwards from the largest customers who cashed out should provide another avenue for further finding the theives.   A top down and bottom up approach at the same time (start at the theft and work forwards, and start at the cashing out and work backwards).  Even folks using tumblers shouldn't be able to escape that analysis as the addresses will show a path to the tumblers. 

The community needs to pushing and helping to do this analysis, and the exchanges, including GOX need to help.   Anyone with clear ties to stolen coins should be passed to authorities.

member
Activity: 98
Merit: 10
March 01, 2014, 01:43:56 PM
#1
This is who we need to be working with to trace where the GOX coins are.  They already compiled a nice list of addresses and institutions.   The institutions have the ID's of the users.
http://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf

Given the size of these thefts, it shouldn't be hard to start placing some names to thefts. We need Gox to release some internal transaction info or at least contract with these folks to find who has it.
My bet is the US government has already been working with this group in tracing silk road transactions, perhaps sheep marketplace as well.

Never rest until these folks are caught, nor allow bitcoin to grow without showing there is some self policing going on, or deep regulations.


"With these thefts, our ability to track the stolen money provides
evidence that even the most motivated Bitcoin users (i.e., crimi-
nals) are engaging in idioms of use that allow us to erode their
anonymity. While one might argue that thieves could easily thwart
our analysis, as Heuristic 2 is admittedly not robust in the face of
adversarial behavior, our observation is that — at least at present —
none of the criminals we studied seem to have taken such precau-
tions. We further argue that the fairly direct flow of bitcoins from
the point of theft to the deposit with an exchange provides some
evidence that using exchanges to cash out at scale is inevitable, and
thus that — again, at present — Bitcoin does not provide a partic-
ularly easy or effective way to transact large volumes of illicitly-
obtained money."
Jump to: