Topic: URGENT: What is next and legitimate on MtGox after the security issue? (Read 7866 times)

I have proof that names and bank accounts were compromised. MtGox did not answer my request for clarification on this matter,

What happens with stock exchanges is completely different.  There is a period of time over which the trade is, for lack of a better term [since I don't know what the term is], held proxy.  Depending upon the brokerage, if you buy a stock in the morning and then sell it in the afternoon, there is often a fee or a potential fee associated with that.  Bitcoin doesn't work that way and can't work that way [there is no such thing as a transaction reversal ... just a new transaction that where a trade could be opposite of the original thus leaving a net of 0BTC changing hands].  Even with a brokerage, your stock is available for sale immediately.  Unless an exchange requires you to leave your BTC and USD from trades in their exchange for a period of time to supposedly mitigate something like the crime that occurred, they can't solve that problem.  I for one do NOT trust my funds (BTC or USD) in Mt.Gox or really any exchange for any period of time.  I have been given every reason NOT to trust it to be held safely and every reason to move funds in and out as quickly as possible.


With high volume, we see how fast that can be done.  Volume is only going to increase.  Sorry, case by case is not a solution.


Clearly people did since they have a claims page setup.  Also, private information was lost which is a clear breach of trust, and it was done via a breach of a security auditor's computer?!  Even if true, which I have significant doubt about, that auditor will NEVER have another client again.  The effect on the market is damage to some and benefit to others.  You claim they should know better.  How do you know that bitcoin isn't collapsing when you see something like this happening [say the government steps in and shuts down key network points to stop bitcoin trading and mining].  Nobody knows whether bitcoin will grow to a feasible online currency or go bust like previous virtual currencies.  It is riskier than the stock market BY FAR if you are investing money in it.  Tangible losses?  At least one person lost approximately $1000 worth of BTC it sounds like [at what USD price ... how many coins?].  It looks as if several accounts were used, so it seems several accounts suffered a loss.

I suggest you dont use bold text for your main text, as it makes it difficult to read.

Bitcoin-central wasn't effected, as far as I can see.  But this is not the point.  Any exchange would have done the same if a criminal got illegal access to a brokers funds, and sold them all to manipulate prices and create havoc in the market. The only difference is that most normal stock exchanges would halt trading automatically and investigate the situation as a soon as there was unusual activity with no known reason.  MtGox should behave like any other responsible exchange, and nullify the affected trades.  Other exchanges roll back trades more often than you think.  Even Bitcoin exchanges.  It has happened on Bitcoin-Market and Bitcoin7, at least.  Hopefully MtGox will implement a few safeguards for later as well, and pause trading for a while to investigate when it gets to hot.

Of course there are complications, which would have to be handled on a case to case basis.

Did anyone lose anything?  People who traded at a loss on other exchanges based on a sudden change from 17.5 to 0 on mtgox should know better, IMHO.  I don't think you will many, with the exception of mtgox, who actually lost money on the rollback.  More likely a lot of people suffered a loss due to the unusual buying and withdrawals from stolen accounts during the previous days, but this would be impossible to prove.

veldy, thanks for a competent opinion!

Nah ... MtGox, in the U.S. as Mutum Sigillum LLC, would simply go bankrupt and pay what it could via the few lawsuits that resulted in awards.  There is no crime here [on the part of MtGox, at least not that I am aware of], and thus, it would be difficult to prosecute anyway.  It would almost certainly be a civil case as opposed to a criminal case.  Same probably goes for Japan, but I don't know how similar their legal system is to ours and how many people would sue them in Japan.  So, either MtGox survives and comes back [in some form large or small], or they close up, but as for legal; I think it would cost most people more than they would recover [in most cases probably hundreds of times more].  Of those remaining, the cases could be tied up for years if defended, but I think, legal or not, MtGox would likely just throw in the towel and pay until they fold rather than lawyer up and fight ... it is just two guys and an extremely sloppy and incompetent security analyst [supposedly .. never heard of the analyst until after it was suggested that they should have used one and after they blamed the breach on one ... anybody know who this analyst is?].  As an LLC with no criminal wrong doing [as far as I see it .. rolling back is unethical in my opinion], they are only liable for the assets of their company and not the assets of the share holders [owners] which is likely few or even one person.

@1. If a trade is proven illegitimate it is perfectly fine for the exchange to rollback, to reduce the losses for everyone (including them).
@2. There were a few "halts" at the different exchanges which gave ppl time to cancel their limit orders. So IMO nothing happens.
@3. Mtox should CLEAR the entire orderbook before enabling trading again, otherwise it will screw anyone who had orders before it got halted (fundamentals have changed).

MtGox has made obscene amounts of money by running an insecure primitve exchange website. All losses should be covered by MtGox, not other parties.

I am against and for none of the reasons that you mention.  It is wrong to reverse honest trades (all other exchanges were affected and are not rolling back trades, nor should they.  It is an ethics breach.  I think half of the people that traded will be happy about it (thinking purely about the bottom line) and the other half unhappy.  Further there are significant complications around trades that occurred and bitcoin proceeds immediately withdrawn (which is what I always do).

Mtgox should simply pay the victim(s) back for their losses and be done with it (and take their lumps).  The market properly reacted to an event that occurred.  No different than other toys of exchanges (I was one of those that lost a lot of money when Tyco (the company, not Tycho the man) was busted by the SEC.  Some people received restitution via legal means and similar, but I wasn't one of them.  There was nobody to reverse my trades and if there was, who would the victim be then?

Look, I am not saying that rollbacks good or bad. I do not know this. I am just saying that this all will end in tears, either way, and lawyers will have a "field decade" over this.

I think the rollback is the right way to do things, I think a good portion of the people who are against it got orders in for <1 USD/BTC and are upset they didn't strike it rich like they thought they would

Did they lose anything? No, did people who sold lose anything? No, did people who bought immediately before it crash lose anything? No. No one lost anything, no one gained (well, some people did, whether moral or not I'm not sure, I wouldn't feel right having done it, but that's me) anything (sales/buys alone, not counting withdrawals)

I guess they could try, but if I was on the jury I'd definitely find in favor of the defendant. They bought stolen money. If you bought a stolen credit card, you don't get to sue Visa for shutting the card off.

Rollbacks will cause lots of legal issues down the road. Someone who bought 100 BTC at 3$ and got rolled back might not find it viable to file lawsuit in Japan now, but once BTC hits 100$ these people all of the sudden will find money for lawyers.

Chances are that Mt.Gox will be haunted by lawsuits for years should they decide to continue shifting their liabilities and risks to users and traders.

@bitdragon, note that the normal exchanges to get that kind of flexibility to null and void trades make all market participants to sign hundreds of pages worth of small script in contracts and other paperwork. How many pages in mtgox contracts and terms and conditions? Right, just about 0, isn't it?

From my point of view it looks like they have no qualified legal counsel at all.

I'd like to see each exchange continue to be free to operate in whatever way they see fit, and let the customers decide. If they can catch a crook, and prove he did it - great.

As for me, this whole thing proved my suspicions that mtgox was too big for this stage of the game, and in relation to their competition. They were either going to be a target for TPTB, or they actually were already co-op'd. Either way, I was out.

There are a whole bunch of other exchanges - most of them are better than mtgox. People should do themselves a favor and use them.

And I still don't think even that should be "reversed".  MtGox can choose to pay for the damages to the victims.  It can choose to go after and possible catch the thief/thieves and maybe even get the bitcoins returned [or perhaps a fiat currency equivalent].  These are new trades [although, perhaps unwilling if it is the thief giving back his loot] and remain part of the market.  Even in highly regulated trading environments, things like this occur.  The housing bubble and the trading of exotic derivatives [who the hell wants to buy bad debt ... but they do! ... they gamble that they will sell it at a profit before getting stuck and burned by the hot potato], the Enron collapse, and the list goes on.  All of these are because of dishonest and greedy people.  Many in the market will suffer for it; many may gain as well.  It is the nature of markets and the risks of participating [which in the case of the nation that you live in the fiat currency daily business is done it, you have very little choice ... you still suffer from bubble bursting recessions and benefit from times of growth [reasonable or artificial]. 

If there is no trading exchange .. or people simply don't trade in exchanges, then an already [relatively] small "economy" becomes very many micro economies and will simply stagnate potentially die since nobody would have any reference to bitcoin value.  The bitcoin exchange, which MtGox can be applauded for starting, was a necessary adaption to the needs of the free market of the bitcoin economy and played a big part taking it to the next level.  Additional exchanges [perhaps some that only do small amounts, or only large amounts .. or some niche that needs to be filled] will naturally form and evolve.  TradeHill is certainly different than MtGox and yet performs largely the same central functions with significantly different [or perhaps additional] peripheral functions.

Trading is essential and it won't stop because of or in spite of MtGox.  As is the case with all economic events, good, bad and ugly, they benefit the market in some way and that is to harden it, allow it to adapt and evolve [not so different than Darwinism]; people learn from it, adapt to it and protect it as a natural result of their participation (and thus personal interest) in the market.

I don't think that's necessary for anyone but the person who actually had their bitcoins stolen.

i go even further and say 'don't use any exchanges at all, at present'.

but for people who have, it's important they understand that they're not merely at the whims of mt. gox. they have other options, from public pressure to lawsuits to dwolla/bank chargebacks.

I say don't use them, or at least don't leave too many bitcoins on their site. Use their competitors.

right, the governing law is unclear, but at least contract law would apply. japan is a signatory to the CISG, too, so if bitcoins are treated as 'goods' (an open question under the relevant law) then the contractual relationships between bitcoins and its users will be governed mostly by that body of contract law, which is quite sensitive to trade usage and custom.

mt. gox cannot simply do as it pleases, unless it hopes to escape all regulation and private lawsuits.

the calls like 'mt. gox should be arrested' are obviously too extreme, but i think many people would be a lot more comfortable if mt. gox were investigated or at least if it were able to verify some of its claims. it has proposed taking a course of action unilaterally that, for all anyone knows, merely serves mt. gox's private interests. the people raising hypothetical questions like 'how do we know the hacked account was mt. gox's?' and 'how do we even know the account was hacked?' are asking the right sort of conceptual questions.

i'm not condoning particular conspiracy theories, but it doesn't take an especially cynical mind to avoid giving blind faith to an oligopolistic foreign exchange whose regulatory status is unclear, which allowed accounts to be compromised and sensitive customer data leaked, and which has not put forward a complete and consistent story of the events that justify its proposed unilateral decision to cancel trades.

with each new thing they say, i am less and less impressed with their response to the situation, particularly their unfounded accusations that the 'hacker' and one of the beneficiaries of trades with that hacker were coordinating their efforts. (if that is true, the case for a rollback would be very strong, but mere allegation is obviously not proof.)

The reversal rules cited for regulated exchanges don't apply quite as it might seem to this situation.  The criminal act caused a significant change market price.  Also, unlike securities exchanges, there is only one thing for sale in this market, bitcoins.  This is like a very small market with a single company's stock.

Damage is done.  I saw part of the youtube interview of Adam at Mtgox and I have to say the interviewers were not prepared or very knowledgeable.

Thanks for the diligent perspective. Very helpful+++

Still, it seems like MtGox can do almost anything with this unclarity...

Wanting to tie this in with the fiat stock market approach on mistrades

http://www.boerse-frankfurt.de/EN/index.aspx?pageID=44&NewsID=356

"By means of the Mistrade Rule, at Frankfurt Stock Exchange Scoach protects investors and issuers against erroneous order execution. This rule enables the cancellation of a trade if it has been made at a price that is not in line with the market. Such non-market-driven prices can arise from technical errors or wrong entries.

First of all, it is determined if a Mistrade application is perusable. On the basis of a comparison between the determined price and the price of the underlying instrument at the time of the transaction, a procedure involving trading participants examines whether the order was executed at a non-market-driven price.
"

And our Swiss friends:
http://www.six-swiss-exchange.com/participants/trading/on_order/mistrades_en.html
"
SIX Swiss Exchange may investigate trades on the stock exchange. If it identifies mistrades, it will declare these null and void. The stock exchange may investigate specific trades on request or at its own discretion.
When can an investigation be carried out?

    * If the parties concerned have doubts about the validity of the trade in question.
    * If at least one of the two parties requests a decision as to the validity of the trade.

When does the stock exchange declare a trade null and void?

    * If the price of the trade deviates significantly from the market price.
    * If fair and orderly trading is not guaranteed.

How does the stock exchange proceed in the event of a suspected mistrade?

The stock exchange establishes an appropriate market price for the trade in question. It then decides whether the effective price deviates significantly from the market price and thereby represents a mistrade. Although the stock exchange is entitled to ask other parties for their opinion, its decision is final.

Provided the market price is fair, any trade executed on the basis of incorrectly entered information for orders or quotes remains valid.
"
Such rules are not outlined on Mtgox in my opinion, but it seems not uncommon in our world to have mistrades and the operator of the exchange has some discretion it seems- These rules seem broad in my view.

For examples of such mistrades: http://www.scoach.de/EN/Showpage.aspx?pageID=86    mistrades tab

Just say it since just about everybody knows it anyway.  It is TradeHill.  If you didn't post a referral to get discounted trade rates then you aren't advertising; simply stating an opinion or communicating your experience.

I have used both obviously, and the only thing that TradeHill was missing is volume of trades [so prices tend to move slowly and lag a bit].  I think MtGox has just changed that to TradeHill's advantage; especially if they are up to the task [of the increased volume which ought to be moderately to massively significant].

I suspect those with a high number of coins are not the people panicking.  I think it is the little guys, the flood of new people that jumped in without knowing what they are doing and buying on the way up and selling on the down [which almost always results in net loss if not extreme loss].  There are no traditional fundamentals to use for investing in virtual currency like there is in conventional currency [which is backed in part by the issuing nations and their economic output and monetary policy ... i.e. the US Federal Reserve and their redistribution of wealth via monetary easing a.k.a. legal counterfeiting].  I can't claim to know enough about securities trading to make a reliable and good analysis and even less about monetary trading/investing, but the mob sure looks like a mob and acts like a mob and the mob is not full of financial experts doing the trading, it is full of gamblers and risk takers.

The free market response suggests that MtGox may suffer anyway, however, the mob psychology of the bitcoin traders is that if MtGox comes back up, they will probably start using it, maybe at high volume, or maybe at low volume.  There will be a mass exodus to TradeHill however, but, I am not at all sure that TradeHill is prepared for THAT rapid of an expansion.  Maybe they are preparing for it during the halt in trading; but I am not sure they have load tested their system at anywhere near the volumes of MtGox [nor am I sure that they have not ].  The better TradeHill does responding to the new comers, the less likely MtGox will recover the overwhelming dominance of the volume of trades that it had previously [as a percentage of the market as a whole].  This all assumes MtGox even survives.  I have already posted that they have a problem with rolling back "half trades" meaning that if somebody traded currency for bitcoins and withdrew the bitcoins to their secured wallet during this time then MtGox will have to come up with that amount in bitcoins [not currency] to roll back the trade.  Do they have enough?  Anybody even have an idea what that amount might be?  Most were legitimate trades, many of which were reacting to the market adjustment to the illegal activity [selling on the way down is the downfall of risk averse investors and thus they shouldn't be trading bitcoins purchased with cash .. mined coins might be considered differently due to the cost of actually acquiring them in the first place, but I digress], but that is a free market response [which is why the exchange should not be tampering with it, but instead, paying for the losses of those affected by their lack of security resulting in the theft of their property].  Either way, since the price dropped as a natural [to this market] reaction to a crime and not a more fundamental cause, I think that as long as people can trade, the price will recover rapidly if not almost immediately when trading is in full swing [well, can maintain volume to the point of satisfying most traders enough to continue with bitcoin as opposed to abandoning them for whatever they can get].  Probably there will be a bit of volatility due to low volume at first [due to MtGox not trading for awhile at least .. my supposition and TradeHill taking in much of the slack, but not ready to take on the high volumes at once thus spiking the price for the few that like to trade on volatility [adrenalin junkies buying and many of those selling have large supply of bitcoins to take advantage of the spike with low relative risk ].  I think it all hinges on volume in the few days following when trading restarts [and an imminent restart of trading at that].  TradeHill holds all the cards; if they are up to the task, they may split the market with MtGox assuming MtGox survives [and they seem to be quite resilient and nobody knows the extent of their outlay if the follow through with this stupid rollback; or for that fact, what it would cost to payback the victims accordingly if they do not do the rollback].

It will be interesting how it plays out, but the mob has proven fairly predicable (mostly "gut" ... said "emotional" based trading) for the most part, which is making some people rich I suspect [since they can see almost precisely when and why an event will happen ... except the crimes of course].

If anything I have written is some or all not agreed with by anybody, there is one thing that nobody can deny; the need for more stable and significant exchanges (and maybe the only reason why I don't want to see MtGox go dark at this point).

Multi-millionaires are very common in the USA compared to a couple of decades ago, due to the decline of the Dollar. For some lucky people tens of thousands of currency is still just play money.
^^^
So why do they panic so much when the price falls?   

Perhaps you know by now your speculation was not correct.

It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.


https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback

Better how? A huge bid/ask spread and almost no trading is better? MtGox is still the leader.
FYI: Their latest update says the site was not even compromised; The stolen data come from the computer of an auditor who had read-only access.

There is a limit on BTC withdrawals of $1000 worth.... But if you dropthe price to 0.01 first, that's 100,000 BTC.

They can't do a full rollback.  Anybody who has bitcoins in their wallet (withdrawn from Mtgox) from a trade during that timeframe has possession and is by no means responsible for reversing; by the very nature of bitcoin they are not responsible.  That means that money and bitcoins MUST come out of the Mtgox coffers to complement the half of the trade that they still have control of and want to reverse.  If they don't have the capital and coins to cover this, then they will have to announce that they cannot reverse transactions as announced and take true licks.  If they have the money, but not the bitcoins then they still have a problem as they would have to purchase the coins to cover the transactions reversed that would result in bitcoins.  They can't buy then on the open market as their exchange is down and volume definitely low (people would sell at a premium knowing that they must buy coins at any cost which would spike the price on low volume ... only real damage is to Mtgox).  So, if they have the money and not the coins then I expect they will either make a private trade with somebody with a large hoard, but more likely they will get a bitcoin loan ... and the first place that I would look to for that are the large pool operators.  It is in the interest if the pools to see trading resume and confidence renewed in trading (with our without Mtgox is irrelevant).  I think the likely case is that Mtgox is coin shy only or both coin shy and currency shy.  If the latter, I would expect an announcement soon about their inability to reverse and what they intend to do, if anything.  If they started rolling back transactions without doing the obvious accounting to cover the coin loss from trades that occurred and  bitcoins withdrawn and find out while doing this that they can't complete it, they may be in a mess that they can't get out of. We will know soon enough without a doubt.

First up, I use Mt Gox, but keep balances in BTC/dollars as low as makes no difference if it all vanished.

We all rushed into this happy anarchistic world of 'our money' without big brother looking over our shoulder with glee and excitment - the shackles falling from our feet.
The relished the startup trading sites and the idea of shadowy Keyser Soze masterminds lurking behind the scenes making out like bandits.

The moment something goes wrong, we all immediately start reaching for our pitch-forks, demanding regulation and over-sight and bleating about our consumer rights.
Nobody apart from me seeing any irony in this?

I assume the next step is that the exchanges will be stressing that they're based in the US, comply to all US laws, are audited by the banking authorities and withdrawals are only allowed upon the recipient faxing in a copy of their passport..

Either bitcoin is free-market-anarchy, Mt Gox can do what they want and we decide whether we want to use them, or another site, following this - we have the right to choose, but that's about it.
Or we regulate the arse out of it and make the entire thing pointless.

Possibly the (good) outcome is that it'll just fragment the trading market - you want to use the one that charges 1% on transactions and under-writes your cash, or the nice scuzzy one that runs in Belize.

My understanding of what happened at MtGox was that somebody hacked their way in, got a load of BTC, flogged them all trashing the market and then found out they could only pull out $1000 of their BTCs?
If this is the case, rolling back everything seems the only sensible thing to do - with MtGox covering any of the coins/cash that left their little ecosystem out of their own pocket.
Assuming the limit on withdrawal is $1000 with of BTC though, was that worked out on the average over the last 24/48 hours, or at the last traded price the market was pushed down to?
Anyway, I've wondered away off the topic now.

thanks for the kind words. i agree it's a complicated question, and reflection is useful.

to answer your question, you're correct: i don't have any trades that would be canceled. indeed, i don't even have a mt. gox account, having not trusted them for a long time (though i don't mean that specifically to impugn anything about their service - i simply lack trust in it). as usual, i'm not writing to the forum out of a narrow financial self-interest.

the best way, in my view, to understand the problem is to recognise that the part of mt. gox that implements a currency or commodity exchange was apparently not hacked or compromised in any way. if it had been, then trying to break executed trades would clearly be appropriate. but all that's reportedly happened is that mt. gox has identified what it believes is a theft, or a collection of thefts. to identify, after the fact, a theft that moved a market provides little reason to break a trade. as analogies, consider: (1) if the stolen amount had been only 500 btc, you'd never consider taking the money back from someone on the other side of a trade from the thief, and (2) if someone had stolen us dollars and used them to buy bitcoins on mt. gox, aiming to transfer them out before being detected, similarly mt. gox would probably not have thought to break any trades merely because the price of bitcoins temporarily doubled.

thus, if what they propose is done only in response to events on one side of the market, and only in response to arbitrarily selected events, it appears unprincipled and of little value to anyone. that said, i don't personally have a strong opinion about it; largely it's a contractual matter between mt. gox and its customers, and it threatens bitcoin as a technology only to the extent it undermines confidence in what is unfortunately a very concentrated market for currency exchanges. i think that on balance it would be a bad idea, systemically speaking.


reports were that it was making $70,000 per day, but not presumably for very long. i doubt it would have the capacity to insure all user accounts or even this one large one, and it's not clear that it would have a responsibility to do so. but that's a separate question from whether they break trades made in good faith.

You are correct.  However, this is a clear attempt by "Durr" to manipulate the market to his buying advantage ... even if it is a long shot, it didn't cost him much to do it.  It isn't so different than the issues with truth and lies going around Yahoo Groups to manipulate stock prices in the years leading up to the DOT COM collapse in 2000 [so many attribute it to 9/11/2011 as the needle that popped the bubble, but fundamentals of the entire market were clear to me, a total stock NEWBIE in 2000, that prices were way to high for my own company, which was PSINET at the time [so I didn't buy options like so many of my co-workers did], and the price fell from over $50 to less than $0.25 very quickly and was delisted BEFORE 9/11/2001.  It was over and people were just starting to see it like the coyote who runs off a cliff while by chased by the road runner and then just sort of hangs there in mid-air with a "GULP" and then drops. 

In the real world, MtGox would be done, dead done, nailed to the wall and executed [meaning criminal proceedings, senate hearings, prosecutions and convictions .. well, in the US anyway].  However, this isn't the real world, it is the virtual one and people act very irrationally here and the market is very small and there is no regulation or law broken [other than by the person/people that committed the crime].  So, I don't predict the demise of MtGox, but nor do I dismiss it.

People like Durr though, should take a leap.

Dude you have it backwards.  They can't invent bitcoins, you are right, so they CANNOT rollback!  You can't go backwards with bitcoins!  The BTC transferred out of MtGox that were purchased at $10, $1, and $0.01 are gone from MtGox.  GONE.  They are in someone elses wallet now.  MtGox doesn't have them.  Their database says they have x users with y bitcoins, and their database will be WRONG.  They DO NOT have enough BTC to cover everyone's accounts.

Lucky buyers who got their BTC out to their wallets DONT CARE IF THERES A ROLLBACK BECAUSE IT WONT EFFECT THEM!!!!!!  THEY ALREADY HAVE THE BTC!  YOU CANT REVERSE A BTC TRANSACTION!

What part of that doesn't everyone understand?  MtGox should NOT do a rollback, and they should be financially responsible to the user whose account was hacked.  I don't even have money in MtGox but this is BAD for the community, to do a roll back.  Their exchange cannot be trusted, they do not have enough BTC to cover their deposits.  Is it 1 BTC Short, 10BTC Short, or 10k BTC short?  They won't say.  I wonder WHY?

He is not wrong.

And whis is why mtgox HAVE to roll back.

They cannot "invent" bitcoins to cover the 550k bitcoins stolen.

The only thing they can do is roll back everything. It will make all lucky buyers sad, but it is the "less worse" thing that can be done.


Not rolling back, or mtgox will have to become fractional reserve (you want that, are you SURE of it?) or mtgox will become bankrupt, pay a fraction of what each person own and close doors.

Yes, they made a lot of money, but they do not made 500k bitcoin.

Wrong.  This is more equivalent to a hacker gaining access and adding money to their account, and WITHDRAWING some of it before the bank finds out and corrects the error.  Too bad they already hit up the ATM machine for an undisclosed amount of BTC.

Will we ever know?  It wouldn't be hard to find out but I doubt if MtGox will ever say how much BTC was transferred out.

I find it both ultra sad and ultra hilarious people still have not understood the implications of this very thing.

I have yet to understand how anyone, and I mean anyone, could have put in a lump sum over the price of maybe 2 xbox games and a bag of cheetohs into BTC.
(Mining I can understand - that's some cents and spare time, but investing tens of thousands of currency onto uninsured, unregulated accounts? Well done! Financial Darwinism, hooooo!)

If you have access to the database, you can change your account to read anything you wish - the BTC in MtGox aren't real before they are transferred to someone's wallet.dat. That's probably why MtGox is doing a rollback - the 'lost BTC' aren't from anyone, they are just virtual coins which were just added to his account. This is exactly like hacking a real-life bank -- you can change your account to read what ever you wish, but before you actually get your money out from a counter or spend it somewhere, it does you no good. Exactly in the same way, the hacker changed his account to read an arbitrary number of BTC (which do not really exist), sold them for the virtual USD, and when he tried to withdraw those, he couldn't get out more than 1k USD due to the MtGox limit.

That's why a rollback is needed and is justified: the people who bought the 'BTC' for 0.01$ didn't actually buy any real BTC, they just bought MtGox monopoly-money BTC's which do not really exist.

Just my .02 BTC.

I just want to know how they can handle a rollback when a lot of people transferred BTC out that bought at sub $10.

How can you roll back a btc transaction?  You can't.  How does one simply create BTC's?  You can't.

So now MtGox has a database with X number of bitcoins in it, when in reality it is actually X-y (y being the number that were successfully transferred out after the fraudulent sale)

Even if they do a roll back, their wallet will download the updated block chain and show that they have less BTC than what their user database shows they have.  They are short BTC of an unknown amount.  They can only roll back their database, not the block chain (that's what we love about bitcoins, isn't it?)

I think they should tell us how much they are short, and what they plan on doing about it.  Not that half of the people on MtGox ever plan on using them again anyway.

But if everyone on Mt.Gox tried to withdraw their BTC tomorrow, MtGox wouldn't have enough BTC to cover it.  BTC would be fine, but users at MtGox may get screwed.  We will find out tomorrow when everyone on MtGox tries to cash out.

I'm glad that they have horrible support and I pulled my BTC and USD out days ago.  Who would want to do business with such a basement operation?  I'm just going to keep mining and holding on to my BTC until a better exchange comes around.  (hint, there already is one, I'll omit the name for fear of being accused of advertising)

I normally respect your views on things quite a bit, so I'm willing to consider that I'm on the wrong side of this debate. Just to be clear, I don't have any trades that would be cancelled, I assume you don't either?

I have a more practical question. Is Mt. Gox likely to have the capital to eat the bad trades if they didn't do a rollback? I understand some ~260k were moved at $0.01 Beyond the trades on the compromised account that they'd have to eat, I assume everyone who sold into the market as it crashed would want a refund based on the idea that it was MG's negligence that caused the move. Let's make it overly simple and say they have to come up with 500,000 BTC (todays volume-avg. volume) to make good.

So simplistically 500,000*$17.50= $8.75MM. I've never paid too much attention to how much money they've been making on trading volume, but it'd surprise me if they have that kind of liquid assets. If they couldn't cover all of the wrong side of all of the trades it seems they'd end up insolvent and potentially be unable to pay out even some regular depositors. That hardly sounds like an optimal solution.

I think you are wrong. The message at mt gox clearly states:

"One account with a lot of coins was compromised and whoever stole it (using a HK based IP to login) first sold all the coins in there"

One account, that's all. Not to mention, I was trading at the time of the crash. My coins and USD were not compromised.

-GPG signatures must be added to all orders. Authentication is moved client side.
-If the market goes +-(plus or minus) 10% in a day it should be closed for 6 hours to allow orders to accumulate and prices to stabilize.
-Market must be closed on weekends; orders can still be put in without showing the market depth.
-Even if the API is removed bots would still be able to continue.
-Orders cannot go +- 20% of the 24 hour moving average.

This are just some ideas.

As far as other stuff goes:
-MtGox must cover the losses, they claim only 1K USD worth of coins were stolen, this is way beyond their daily earnings in fees
-Market must be closed for 6 hours. Orders must be allowed to accumulate.
-MtGox must additionally leave the site closed until all security issues are solved.

Agree with you. The comparison to the flash crash is not making sense.

Maybe Bitcoin should Call in Greenspan, Bernanke and co to offer advice on setting up a fair market trading system, anyway, it's a currency trading system, shouldn't bitcoiners be investing in startup companies offering real goods and services.
All these exchanges are is Casinos, trying to profit from fluctuations in relative prices between currencies, Bitcoin will fail unless there is investment in real start up companies. 

the exchange as an exchange was not compromised. at most, mt. gox as a broker, or an individual user account, was compromised (putting aside the leak of information, which hasn't been cited as a reason for a 'rollback'). the analogies to the 'flash crash' in the us stock markets is inapposite.

indeed, there is no 'fruit of the poisoned tree' theory in currency or commodity exchange. if i innocently sell you something of value for currency that you've stolen, i cannot generally reverse the transaction, even in legal systems in which that would not be true for stolen consumer goods (versus stolen currency).

Yeah. I don't know that they cancelled everyone's trades, but I know they cancelled quite a few. It's possible they saw market makers and HFT as suitably responsible for their own actions. But I personally had a stop that was blown through that was cancelled that evening. I also remember reading about it in the journal the next day.

I didn't spend much time searching, but here is a mention by the NYSE of the cancels:

http://www.nyse.com/about/nyseviewpoint/1275386358825.html


So it seems they didn't cancel them all, but it seems it would be "fairest" to do so. I absolutely guarantee that if the NYSE or NASDAQ lost control of their system and hackers made huge market crashing trades they'd stop trading and walk everything back.

a 'rollback' in a situation like this would be extraordinary for an exchange in any currency market. it would be unprecedented in those markets to break a trade that resulted from a fraudulent conversion of funds. fraudulent conversion of currency is overwhelmingly conceived as being the problem of the person whose funds were wrongfully converted and those who insure against that (such as financial intermediaries and possibly the exchanges themselves) either by contract or by regulation.

this wasn't a breakdown of a currency exchange. this was the correct operation of a currency exchange following a theft of funds. the two are very different things, ethically and legally. that mt. gox is both a broker and an exchange is confusing people's intuitions. the problem here was with the broker side of the 'mt. gox' entity, not the exchange side of the entity. a lone broker would never be permitted to break a trade with counterparties as a result of theft; the only reason it's even on the table here is that mt. gox happens to have the power (though not the legitimate authority) to do it.

indeed, how would anyone (including mt. gox) even know there was a theft here? what would prevent a speculator from staging a theft and then insisting on a reversal of trades if he or she didn't like the way things turned out? that would let a large owner of coins play both sides of the fence, inappropriately.

in case it matters, i don't have a financial account at mt. gox. (apparently fortunately, in view of the leak, given that i have attempted to remain anonymous) and don't have any other relationship with them.

This reminds me of the Flash crash from 5/6/2010.  I saw the Mt Gox crash happen real time.  Totally wild.  If anything this suggests the need for a circuit breaker of some sort.  While they may be able to roll back some trades, I don't see how the can claw back coins already transferred.  I guess this is the reason I don't keep funds in any currency (bitcoin or USD) in these online sites until I am ready to trade.  Yes, I miss out on some opportunities, but these sites are run by a few individuals.  Obviously I have a fairly high tolerance to risk because I am trading with this currency, but leaving funds in an online account such as Mt Gox just seems too risky, even for me.
 

Oh and on larger exchanges, these events are usually cause by more benign means

Yes, it's legitimate. If the exchange was compromised, as it was, then trading after that was revealed was "fruit of the poisoned tree." Because, no matter the exchange, there is going to be a period of time between the event and market stoppage, they would either need to verify each and every trade, or just roll back to a point prior to the compromise.


Who cares? If they acted on knowledge of what happened on Mt. Gox, then they were making their own open-eyed decisions. The real concern is people who had orders on Mt. Gox and, if not for the exchange being compromised, would not have otherwise allowed or had their orders be filled. In other words, activities on other exchanges were in full control by traders, while Mt. Gox orders were filled, initially, erroneously and out of traders' control.


If they don't have a day-long period wherein people are permitted to change orders BEFORE the market is opened, then they might as well kiss the business goodbye. It's one thing having security compromised, on which blame could be placed elsewhere so long as Mt. Gox followed acceptable practices. It's another thing to roll back and then disallow traders to reconsider their orders before the market reopens. The security issues might be excusable, but the latter act would just invite a shit ton of lawsuit potential, as orders need to be made while traders have historical knowledge and have ample time to act. In other words, orders that were filled and then rolled-back CANNOT be filled again.

In the very least, they also need to provide time for the average trader to check out their account, change their password, and potentially remove or add funds before the frenzy of market opening begins. Otherwise, we're setting up for a crash just as bad.

I agree.

--> zdmas

I am an expert in trading and market analysis, but not on exchange regulations.

Are you certain this happened? It is not my understanding that the May 2010 flash crash transactions got reversed

+1 this makes a lot of sense.

And on top, if this takes long, people having funds on MtGox should be able to withdraw them (BTC and USD) and trade them on other exchanges if they want.

The classic libertarian free-market response is that they need to keep their customers happy in order to encourage future business.
In this case, without the roll-back they might not have a future.
The drama continues, stay tuned...

You tell us, you're the expert on this kinda stuff right?

I feel this is gonna seriously jack up the willingness to accept bitcoin now.

I think the roll-back is fair, but my opinion doesn't matter, IMO.  
It's their right to decide, and you have no legal recourse in an unregulated exchange.

Yes, it's legitimate to rollback the trades. If something along these lines happened on a major public exchange, they'd strike all of the affected trades there as well. Think 2010 NYSE flash crash.

Probably nothing will be done for other exchanges. In the future they'd all probably benefit from an agreement to be able to suspend trading together in extreme circumstances or at least agree on standardized levels of circuit breakers, but it's possible the players might not see the long term benefits of such a strategy.

To act like a professional market, they should only open after a complete security review and at a pre-announced time. Customers should have 12-24 hours advance notice before trading begins again if they want to have any hope of an orderly restart. They should also make sure that people can get into their accounts, perform their password resets, move money in or out at their preference and book any new orders they want before trading begins.

They absolutely need to cancel all standing orders.

I agree with this. Mt Gox is responsible here. Mt. Gox needs to pay up. Something like this could realistically kill BTC if people see things like this are possible and exchanges dont back them up.

This is what typically also happens on other exchanges, correct.

Agree that it is difficult...

and there is one important overall question:

Is the fact that the BTC market was unregulated equaling that the exchange owner can just do anything?

I guess many people buying bitcoins at MtGox  were -  rightly or wrongly -  assuming that standard exchange practices were followed. Shouldn't now standard exchange principles apply?

The fact that bitcoin is unregulated does not automatically mean that an owner can just ignore standard existing practices of exchanges (and that's what it is).

Does someone have some standard knowledge of how normal exchanges would need to treat the issue that happend today on bitcoins?

Including placing bid / asks order again where they were or not?

Don't sell, bitcoin wasn't compromised.

But bitcoin doesn't have to suffer from Mt Gox problems.

I've heared only good things of Trade Hill.

It's great time to close your Mt Gox account and move somewhere else to make it clear that such a poor-secured service is not acceptable.

Orders should not be reversed.  That's just MtGox trying to cover his rear.  What SHOULD happen is all trades should be processed as normal, and MtGox should refund the guy who was hacked.  It was MtGox's fault, so they need to step up and fix it.  Fixing it does not mean reversing all trades.  Fixing it means restoring what was stolen due to their incompetence.

And we had to learn the hard way.

I would say drop ALL outstanding orders (buy and sell), no rolling back (just not possible) and let MtGox handle things with the person whose account caused this trouble (instead of handling things with 60000 people).

MtGox earned a lot from trading with last 6 months (the 0.65% fee), they should be able to cover most of the costs. Having roll backs would cause law suits, which might even cost more.

1) Is it legitimate to rollback trades or should the exchange cover the risks?

Yes, legitimate to rollback trades, since they are unregulated and all members are aware of that status. It is legit for them to decide, IMO.

2) What happens to people trading on the other exchanges who where negatively/positively affected by what happened at MtGox?

That is part of the risk of trading.

3) How / when should the market reopen?
Should orders of users on MtGox be put back where they were before the crash? or is it fairer to ask them whether they want or not?

Open orders is a tough call. Again, it is MtGox's decision to make, and I have no clue on what is fair in that case. If you remove the buy orders, how is that fair to the sellers?

Thank you for an interesting thread...

I suggest a few options-

1)  The exchange needs to be closed for 1-3 hours a day for maintenance and security upgrades.
2)  The exchange should be closed when there is not an actual person representing the exchange online and ready to support the functions of the exchange
3)  The exchange should be closed on Saturday and Sunday since most people cannot get funds in and out on these days anyway.  It can also be used for an extended maintenance period.
4)  The exchange should limit the maximum amount of BTC to be placed in a buy/sell order (I think 1 to 5 thousand BTC is MORE than reasonable).  Users should only be able to have a certain amount of buy/sell orders open.
and what I think is the most important one-
5)  GET RID OF THE TRADING API!  BOTS ARE NOT GOOD FOR EXCHANGES!  They have been manipulating the market non-stop.  Get-rid of the API and the bots go away.

Mt.Gox has been resting on it's laurels too long, the site owner(s) have been sleeping at the wheel and dreaming of all their profits.

Having followed and covered the market since Oct 2010, I am concerned about all people investing / trading / loving bitcoins after what happened today.

There are a couple of questions:

1) Is it legitimate to rollback trades or should the exchange cover the risks?

2) What happens to people trading on the other exchanges who where negatively/positively affected by what happened at MtGox?

3) How / when should the market reopen?
Should orders of users on MtGox be put back where they were before the crash? or is it fairer to ask them whether they want or not?
... many more questions...

It would be great to have some people experienced in exchanges helping to get an unbiased assessment quickly - to protect all users, and to at least have a chance to re-establish some trust on bitcoins.

I am sad, because this was predictable and many including me have warned that we need better, more secure exchanges.