Topic: Peter R Rizun's theory on the collapse of MtGox and its effect on the price of bitcoin - page 5. (Read 77183 times)

I apologize if I didn't give credit where credit was due.  I actually don't know who first noticed Willy nor do I know who named him.  The only place I've read about him is in the Wall Observer thread, so yes I was too quick in assuming that fellow Wall Observers were the first to notice him.

But your Reddit posts says its from "about a month ago."  Weren't we talking about Willy in December on the Wall Observer thread?  Does anyone remember when exactly the web and API interface went down and we watched Willy execute trades all alone?  Wasn't that November or December?  Were we calling him "Willy" at that point?

It was even 9235k the 16th. I considered the total output volume too, but it made no sense to me that the thief would need any change, because he has no reason for not spending the entire inputs, except to obscure what he's doing.
OTOH, the volatility of the total output volume was so high those days, that I find it impossible to see an indication for a $1000k move.


Now I have a reason to get more popcorn and hope for a happier ending.

Regarding the discovery of Willy, it wasn't "Wall Observers," whoever that is...

I discovered and named him. My original thread here:
http://www.reddit.com/r/BitcoinMarkets/comments/1uhjrb/intriguing_bot_activity_on_gox_for_the_last_2

Not a big deal, but kinda rude to take away what might be my only contribution to the upcoming Mount Gox movie...

PS: not a bad theory.

Thread in question:

I'm Kevin, here's my side.
https://bitcointalksearch.org/topic/m.252680

Thanks for looking into this.  The link you posted reports the estimated transaction volume, where Blockchain.info has attempted to subtract off the change.  We must consider the total output value as the "change" could have gone to the thief too.  The total output volume on June 19, 2011 was 1,301,575 BTC (EDIT: and 5,000,000 BTC on the 20th and I don't know the time zones assumed.)

https://blockchain.info/charts/output-volume?showDataPoints=false×pan=all&show_header=true&daysAverageString=1&scale=0&format=csv&address=

Furthermore, although unlikely, it may be possible that the robbery didn't happen all at once, but over a few days.  When the thieves hit their target, then they set off the alarm bells by faking the huge sale that took out all the bids.  


Why?  I'm curious.

I wasn't paying attention to Willy, but 2011 was exciting. Thank you for the write-up.

Meanwhile I checked for confirmation of a $1000k steal the 15th of June 2011, but found none.
The estimated transaction volume on that and the following days is about 230k for the entire bitcoin system.
See here.
It is not plausible to me that a thief would risk a reversal of his theft, when all he needs to do is to spend the coins to a new address.

The saying is that about 2000 btc were stolen that day, conjectures about many more stolen coins, e.g. 500k, seem to be widely rejected.
Since the 1000k theft is key to your plot, I wonder if you have a particular source. Anyway, I now like your plot even better, guess why 

agreed with others, good write up and sounds quite plausible. once things unfold a bit more, you should publish a book, "Empty Gox"

This was terrific.

Cross-link to Reddit:  http://www.reddit.com/r/Bitcoin/comments/1zdnop/peter_rs_theory_on_the_collapse_of_mt_gox/

I remember a thread after the june/2011 hack from an user that bought ~200k coins at $0.01, and, theoretically, it saved mtgox from losing it all because he was able to buy before the thief had a chance to withdraw, and that drove the price back to $0.30, and the thief only got ~2600 coins. (Edit: because of the U$ 1000,00 daily limit at the time). That was the "oficial" story.


+1

This would explain why Mark's attitude recently doesn't reflect that of someone who just lost all that money. It's more like a sense of resignation at a long-since bygone mistake that has been eating at him (and causing him to stress-eat) for years.

The million bitcoins sent to MtGox in early June would have been deposited to several unique addresses and over several days, as these coins came form several unique customers.  The thief would have stolen them with several transactions (over a shorter period of time), rather than merging them into a single 1,000,000 BTC TX.


The just-dice.com deposit addresses are "hot."  I think this is common in fact.  Just-dice uses recent deposits to pay out new withdrawal requests, thereby minimizing transfers to and from cold storage.  If you request a just-dice withdrawal, your coins will almost always come from someone else's deposit address.  [People have reported on the troll box that they've spontaneously received free coins.  This happens when someone erroneously sends just-dice.com coins to the address that sent them a withdrawal.]  Just-dice.com automatically transfers coins to cold-storage when the amount of hot coins crosses a certain threshold.  These coins are transferred manually back to the hot wallet when needed.  

My theory would have MtGox in its early years using a similar system, except automated transfers to the cold wallet were not yet implemented.  Yeah they should have been, but I believe it's plausible that they weren't given how quickly the price (and thus the risk of not doing so) increased.  

You raised one of the objections yourself in a previous reply.

There is never a need to put the key to a user's deposit address on an online computer, any wallet system which could remotely be considered 'cold', by definition, would not do that.

Also if there was such a jumbo tx, I am sure it would be very visible on the blockchain.

Great write up, thank you.  So basically the theft happened long ago and malleability is just a smokescreen.  There were thieves, but long in the past.  Willy at least kind of explains the huge trading volumes on Gox during it's end of days which to me is an interesting side note of this mystery.

Thanks!

What's the objection from a technical perspective? It all seemed plausible to me. (I'm genuinely curious)

Sorry for interrupting the party, but in case anyone is taking it seriously please remember from a technical perspective it's all BS.

Now please carry on.

Thank you for the comments.  

I agree that this process could have and should have been automated, but I also think that it's plausible that it wasn't:

1.  Prior to the run-up from $1 - $30, I imagine that the amount of bitcoins on Gox was roughly constant.  Mark never bothered to write code to automate this process since it was rarely needed, and the security was really designed to protect $100,000.  Not $30,000,000.  He knew he should write code to do this as the price was climbing, but was just too busy from the explosion of business.  

2.  I assume that MtGox was flooded with bitcoins deposits in the days before the crash from $30 to $10.  So it would make sense that the hot wallet would be very full.  If indeed transfers to the cold wallet were not yet automated, then I think what I described is still plausible.  

^^

Oh right, I didn't think of this. Couldn't most exchanges have deposits go straight to cold storage? *shrugs* Maybe Mt.Gox didn't run that way.

I wished I found a flaw in your plot, because it is devastating for anyone's hope of ever getting stuck assets out of Gox.
But so far I didn't find any. Congrats, that all sounds quite reasonable to me.

Looking at the volume charts between mid 2011 and today, Gox may have gained about 200k-300k btc in total from fees.
That lines up well with about 800K btc missing, operating cost can probably be neglected in that calculation.

Keeping the keys for 1000000 btc on the server would not have been necessary. Once there was a substantial amount of btc on hot wallet addresses, they could have sent them to cold storage with one click, even if this was a paper wallet being locked in a bank safe.

What's left, at least for me, is to check for any confirmation of a $1000k steal on that day. We are looking for $1000k coins which mostly entered Gox during the weeks before and then were all spent more or less at once. The thief would have had to do the latter in order to prevent Gox from spending them first using a backup of the wallet, after the theft had been detected.

I wonder how plausible it is that the fact of such an amount of coins being stolen could be kept secret. But never verifying your wallets against the blockchain would  certainly be helpful. In that context, the late detection of of double-spends due to TM is even plausible without introducing TM on purpose.