Topic: URGENT: What is next and legitimate on MtGox after the security issue? - page 3. (Read 7839 times)

I just want to know how they can handle a rollback when a lot of people transferred BTC out that bought at sub $10.

How can you roll back a btc transaction?  You can't.  How does one simply create BTC's?  You can't.

So now MtGox has a database with X number of bitcoins in it, when in reality it is actually X-y (y being the number that were successfully transferred out after the fraudulent sale)

Even if they do a roll back, their wallet will download the updated block chain and show that they have less BTC than what their user database shows they have.  They are short BTC of an unknown amount.  They can only roll back their database, not the block chain (that's what we love about bitcoins, isn't it?)

I think they should tell us how much they are short, and what they plan on doing about it.  Not that half of the people on MtGox ever plan on using them again anyway.

But if everyone on Mt.Gox tried to withdraw their BTC tomorrow, MtGox wouldn't have enough BTC to cover it.  BTC would be fine, but users at MtGox may get screwed.  We will find out tomorrow when everyone on MtGox tries to cash out.

I'm glad that they have horrible support and I pulled my BTC and USD out days ago.  Who would want to do business with such a basement operation?  I'm just going to keep mining and holding on to my BTC until a better exchange comes around.  (hint, there already is one, I'll omit the name for fear of being accused of advertising)

I normally respect your views on things quite a bit, so I'm willing to consider that I'm on the wrong side of this debate. Just to be clear, I don't have any trades that would be cancelled, I assume you don't either?

I have a more practical question. Is Mt. Gox likely to have the capital to eat the bad trades if they didn't do a rollback? I understand some ~260k were moved at $0.01 Beyond the trades on the compromised account that they'd have to eat, I assume everyone who sold into the market as it crashed would want a refund based on the idea that it was MG's negligence that caused the move. Let's make it overly simple and say they have to come up with 500,000 BTC (todays volume-avg. volume) to make good.

So simplistically 500,000*$17.50= $8.75MM. I've never paid too much attention to how much money they've been making on trading volume, but it'd surprise me if they have that kind of liquid assets. If they couldn't cover all of the wrong side of all of the trades it seems they'd end up insolvent and potentially be unable to pay out even some regular depositors. That hardly sounds like an optimal solution.

I think you are wrong. The message at mt gox clearly states:

"One account with a lot of coins was compromised and whoever stole it (using a HK based IP to login) first sold all the coins in there"

One account, that's all. Not to mention, I was trading at the time of the crash. My coins and USD were not compromised.

-GPG signatures must be added to all orders. Authentication is moved client side.
-If the market goes +-(plus or minus) 10% in a day it should be closed for 6 hours to allow orders to accumulate and prices to stabilize.
-Market must be closed on weekends; orders can still be put in without showing the market depth.
-Even if the API is removed bots would still be able to continue.
-Orders cannot go +- 20% of the 24 hour moving average.

This are just some ideas.

As far as other stuff goes:
-MtGox must cover the losses, they claim only 1K USD worth of coins were stolen, this is way beyond their daily earnings in fees
-Market must be closed for 6 hours. Orders must be allowed to accumulate.
-MtGox must additionally leave the site closed until all security issues are solved.

Agree with you. The comparison to the flash crash is not making sense.

Maybe Bitcoin should Call in Greenspan, Bernanke and co to offer advice on setting up a fair market trading system, anyway, it's a currency trading system, shouldn't bitcoiners be investing in startup companies offering real goods and services.
All these exchanges are is Casinos, trying to profit from fluctuations in relative prices between currencies, Bitcoin will fail unless there is investment in real start up companies. 

the exchange as an exchange was not compromised. at most, mt. gox as a broker, or an individual user account, was compromised (putting aside the leak of information, which hasn't been cited as a reason for a 'rollback'). the analogies to the 'flash crash' in the us stock markets is inapposite.

indeed, there is no 'fruit of the poisoned tree' theory in currency or commodity exchange. if i innocently sell you something of value for currency that you've stolen, i cannot generally reverse the transaction, even in legal systems in which that would not be true for stolen consumer goods (versus stolen currency).

Yeah. I don't know that they cancelled everyone's trades, but I know they cancelled quite a few. It's possible they saw market makers and HFT as suitably responsible for their own actions. But I personally had a stop that was blown through that was cancelled that evening. I also remember reading about it in the journal the next day.

I didn't spend much time searching, but here is a mention by the NYSE of the cancels:

http://www.nyse.com/about/nyseviewpoint/1275386358825.html


So it seems they didn't cancel them all, but it seems it would be "fairest" to do so. I absolutely guarantee that if the NYSE or NASDAQ lost control of their system and hackers made huge market crashing trades they'd stop trading and walk everything back.

a 'rollback' in a situation like this would be extraordinary for an exchange in any currency market. it would be unprecedented in those markets to break a trade that resulted from a fraudulent conversion of funds. fraudulent conversion of currency is overwhelmingly conceived as being the problem of the person whose funds were wrongfully converted and those who insure against that (such as financial intermediaries and possibly the exchanges themselves) either by contract or by regulation.

this wasn't a breakdown of a currency exchange. this was the correct operation of a currency exchange following a theft of funds. the two are very different things, ethically and legally. that mt. gox is both a broker and an exchange is confusing people's intuitions. the problem here was with the broker side of the 'mt. gox' entity, not the exchange side of the entity. a lone broker would never be permitted to break a trade with counterparties as a result of theft; the only reason it's even on the table here is that mt. gox happens to have the power (though not the legitimate authority) to do it.

indeed, how would anyone (including mt. gox) even know there was a theft here? what would prevent a speculator from staging a theft and then insisting on a reversal of trades if he or she didn't like the way things turned out? that would let a large owner of coins play both sides of the fence, inappropriately.

in case it matters, i don't have a financial account at mt. gox. (apparently fortunately, in view of the leak, given that i have attempted to remain anonymous) and don't have any other relationship with them.

This reminds me of the Flash crash from 5/6/2010.  I saw the Mt Gox crash happen real time.  Totally wild.  If anything this suggests the need for a circuit breaker of some sort.  While they may be able to roll back some trades, I don't see how the can claw back coins already transferred.  I guess this is the reason I don't keep funds in any currency (bitcoin or USD) in these online sites until I am ready to trade.  Yes, I miss out on some opportunities, but these sites are run by a few individuals.  Obviously I have a fairly high tolerance to risk because I am trading with this currency, but leaving funds in an online account such as Mt Gox just seems too risky, even for me.
 

Oh and on larger exchanges, these events are usually cause by more benign means

Yes, it's legitimate. If the exchange was compromised, as it was, then trading after that was revealed was "fruit of the poisoned tree." Because, no matter the exchange, there is going to be a period of time between the event and market stoppage, they would either need to verify each and every trade, or just roll back to a point prior to the compromise.


Who cares? If they acted on knowledge of what happened on Mt. Gox, then they were making their own open-eyed decisions. The real concern is people who had orders on Mt. Gox and, if not for the exchange being compromised, would not have otherwise allowed or had their orders be filled. In other words, activities on other exchanges were in full control by traders, while Mt. Gox orders were filled, initially, erroneously and out of traders' control.


If they don't have a day-long period wherein people are permitted to change orders BEFORE the market is opened, then they might as well kiss the business goodbye. It's one thing having security compromised, on which blame could be placed elsewhere so long as Mt. Gox followed acceptable practices. It's another thing to roll back and then disallow traders to reconsider their orders before the market reopens. The security issues might be excusable, but the latter act would just invite a shit ton of lawsuit potential, as orders need to be made while traders have historical knowledge and have ample time to act. In other words, orders that were filled and then rolled-back CANNOT be filled again.

In the very least, they also need to provide time for the average trader to check out their account, change their password, and potentially remove or add funds before the frenzy of market opening begins. Otherwise, we're setting up for a crash just as bad.

I agree.

--> zdmas

I am an expert in trading and market analysis, but not on exchange regulations.

Are you certain this happened? It is not my understanding that the May 2010 flash crash transactions got reversed

+1 this makes a lot of sense.

And on top, if this takes long, people having funds on MtGox should be able to withdraw them (BTC and USD) and trade them on other exchanges if they want.

The classic libertarian free-market response is that they need to keep their customers happy in order to encourage future business.
In this case, without the roll-back they might not have a future.
The drama continues, stay tuned...

You tell us, you're the expert on this kinda stuff right?

I feel this is gonna seriously jack up the willingness to accept bitcoin now.

I think the roll-back is fair, but my opinion doesn't matter, IMO.  
It's their right to decide, and you have no legal recourse in an unregulated exchange.

Yes, it's legitimate to rollback the trades. If something along these lines happened on a major public exchange, they'd strike all of the affected trades there as well. Think 2010 NYSE flash crash.

Probably nothing will be done for other exchanges. In the future they'd all probably benefit from an agreement to be able to suspend trading together in extreme circumstances or at least agree on standardized levels of circuit breakers, but it's possible the players might not see the long term benefits of such a strategy.

To act like a professional market, they should only open after a complete security review and at a pre-announced time. Customers should have 12-24 hours advance notice before trading begins again if they want to have any hope of an orderly restart. They should also make sure that people can get into their accounts, perform their password resets, move money in or out at their preference and book any new orders they want before trading begins.

They absolutely need to cancel all standing orders.

I agree with this. Mt Gox is responsible here. Mt. Gox needs to pay up. Something like this could realistically kill BTC if people see things like this are possible and exchanges dont back them up.

This is what typically also happens on other exchanges, correct.