First: thanks to phantomcircuit and jarpiain for helping me out with #mtgox irc chatlogs!
What happened?On September 11th, 2011, some weird trades showed up on MtGox' ticker. They seemingly executed way out of spread, as can still be seen here:
http://bitcoincharts.com/charts/mtgoxUSD#rg5zig5-minzvztgSzm1g10zm2g25MtGox' explanationMtGox' explanation (
https://support.mtgox.com/entries/20433652-resolved-outage-11804-unexecuted-trades) talks about possibly compromised accounts in relation to the CosbyCoin-hack on this forum.
As a result of this event, some of the Bitcoin Forum users` accounts may have been compromised. Subsequently, some of the information have been used to conduct unauthorized orders, resulting in unusually high trade activities.
The Press Release, if I may call it that, then goes on to talk about these "unusual activities" and says that staff has nullified these trades. It then educates us users about password security and states
Please be advised that trades can now be conducted in full confidence.
This explanation is not satisfactory for me.
So I came up with a highly speculative explanation myself.
What I speculate really happenedI'm largely basing my speculation on things that were said in #mtgox irc channel and quoting from that, not sure about the timezones in the quotes, since the logs are from different sources.
9/11 - 18:32 molecular, I blocked ~2000 accounts created most likely for the purpose of killing bitcoin on 9/11
Now let me introduce you to a bug that was found Aug 14th 2011 (short description: orders (can) get temporarily disabled when being partly filled):
01:15 < molecular> weird, the following order did not get filled: 9bd49edb-2073-44e3-8f68-34971a1a4d45 bid 4.835 9.73 - 1 open, although the price just dropped to 9.72 by this trade: 00:14:00 6.93168 for 9.72 ask
01:15 < molecular> that order has existed for a whle
01:17 <@neofutur> an older order could have been filled before
01:17 < molecular> at what price?
01:18 < molecular> price dropped from 9.8 to 9.72 and my order at 9.73 did not get filled
01:19 < molecular> part of it got filled before: 00:10:12 5.165 for 9.73 ask
01:24 < deego> The only explanation I could think of is a queuing issue: If your older, though pre-existing to it, was in fact newer to the executing engine - that is, the engine executes them in the order they arrive to it. And, the engine saw a 9.72 first, and your 9.73 arrived later to the engine.
01:25 < molecular> but 9.73 is higher than 9.72, it surely should fill higher bids first, right?
01:25 < molecular> deego, that bid existed for at least 10 minutes
01:26 < deego> I see.
01:27 < molecular> deego, also it was partly filled before: "00:10:12 5.165 for 9.73 ask"
01:27 < deego> ^ Ah.
01:27 < molecular> maybe... ah!
01:27 < molecular> I think I have an explanation:
01:27 < molecular> maybe when an order is partly filled, a new one is created in "pending" status
01:27 < deego> heh, just what I was thinking
01:28 < molecular> then the other bid at 9.72 got filled while my order was still pending
01:28 < deego> and, it's requeued..
01:28 < molecular> so an order goes to pending when part of it is filled...? that shouldn't be the case and would be a bug, right?
01:28 < deego> shouldn't it ideally retain its position in the que, somehow?
01:29 < molecular> the position in the queue is secondary. it should, however, stay in status "open" alle the time (while I don't know exactly what that means)
01:29 < deego> IIUC, Pending should be equivalent to: "waiting to get queued."
01:30 < molecular> deego, I don't know any details of the trade matching engine... but I think we might've figured out what's happening roughly
01:30 < deego> agreed.
01:36 < deego> I think, in principle, the requeuing should be considered a bug - because then I can, in principle, negate others' orders - I can move anyone's orders "into the future" by filling 0.001% of them; and I can get my own fill at the currently lower price.
So far for the bug and possible analysis of how it works.
Now deego and me come up with some evil ways to exploit this bug:
01:38 < molecular> if you put your order at the same price, you jump the queue
01:39 < molecular> even worse: you can even buy at a lower price if you time it just right. should be very hard to do, but theoretically possible, because it takes some time to requeue the "disabled" order
01:39 < deego> or ever lower price: If I negate every order at 9.73 (like yours), so that the first thing engine sees is 9.72..
01:39 < deego> exactly.
01:39 < molecular> yeah
01:40 < molecular> wow, didn't think of doing it to multiple orders successively
And this is exactly what I think happened:
this bug got exploitet by use of a botnet (or similar) creating 2000 accounts on mtgox and "disabling" orders successively in order to get an order filled way out of spread.MtGox then hastily nullified these orders and tried to calm people down talking about compromised accounts and CosbyCoin, maybe in order to avoid having to shut down trading to fix the bug.
Why am I publishing these wild speculations?While this speculation might be accurate to some extent, I don't think it is.
By publishing this, however, I hope to put some more pressure on MtGox to explain what happened on 9/11 in more detail, because I think this should be made transparent.
Why does MtGox not transparently publish more detailed information?There might be legitimate reasons not to do this at this point.
In case there are, I apologize to MtGox for trying to put pressure on them to do so. Following excerpt might shed some light on this (this was on September 12th):
[09:05:50]
What the hell? Just read: https://support.mtgox.com/home. no mention of a bug or anything. How can a user with a compromised account make deals much higher/lower than the market? No explanation for that is given, why not?
[09:06:59] molecular: it's a known bug, we are still tracking it
[09:07:19] ok, but why try to "cover it up" talking about compromized accounts?
[09:07:36] because right now to cause this bug to happen, you need to trade unholy amounts of coins
[09:07:58] wat
[09:08:13] Hmm, ok. Still: why not explain that in the news-release?
[09:08:20] more exactly, you need to have your large trades be disabled in the system
[09:08:57] what does that mean? "have large trades disabled"?
[09:08:58] molecular: because most people wouldn't understand what this means. Also we cannot put too much info in the public until we finish our declarations to the MET
So maybe the "legitimate reason" is that there are some ongoing investigations and MtGox is not allowed to give us info.
Maybe it's just that he doesn't want to, using "people wouldn't understand" as an excuse.
What do you guys think?