I For One....

1. Gov Most Certainly Seized Gox’s Coins
2.  
3. Transaction Malleability
4.  
5. A Perfect Lie
6.  
7. But Numbers Don’t Lie
8.  
9. Why do we fall?
10.  
11. Turtles All the Way Down
12.  
13. TM, Janitor, Hacker, or Perhaps the Cat Ate them All
14.  
15. Whatever Remains, However Improbable, Must be the Truth
16.  
17.  
18.  
19. This analysis will begin with a process of elimination of all possibilities to conclude with the one scenario that remains standing.
20.  
21. Transaction Malleability
22.  
23. MT Gox stated on the 7th of February that due to transaction malleability (“tm”) they lost 850k btc. How this happened is further explained not by gox itself but by some prominent members of the community. It is suggested that over the past 3 years, by hacking the bitcoin protocol, gox was fooled to believe that a withdrawal did not happen, therefore Gox re-issued the withdrawal to, according to null, the blockchain address itself. The two withdrawals, again according to null, do not necessarily have to be for an identical amount. Therefore, it is impossible by analysing the blockchain to identify these double withdrawals.
24. The question of how could Gox not have realised is again answered not by Gox itself, but by the prominent members of the community. Firstly, according to these information, gox did not actually have a cold wallet, but rather an automatic process whereby what they called a cold wallet “leaked” or automatically re-filled the hot wallet when it went dry.
25. Mt Gox was hacked in 2011. MK would have realised just how dangerous it is for him to hold all the coins on a hot wallet. It is therefore almost certain that they did actually have a cold wallet. He himself has stated that this cold wallet is a paper wallet. There is no reason to doubt this statement. Therefore, when this “leaking” scenario is pressed by asking how can a paper wallet automatically do anything, the scenario shifts to Mark Karpels himself manually refilling the hot wallet. We are told that he did not realise the cold wallet was going lower and lower because when he checked his internal system it told him that everything was perfectly fine.
26.  
27. A Perfect Lie
28.  
29. At this point we have a perfect lie. There is no way to verify that these coins have actually been stolen. There is no way to put blame on Mark Karpels himself because in a court’s view it is probably completely reasonable for MK to have trusted his system and therefore never passed his mind that he might want to check the cold wallet blockchain addresses. Therefore either this is the truth or we have a perfect lie – i.e. fraud.
30. However, there is one crucial problem which proves that this is a lie or that exposes the fraud. On July the 28th 2013 someone makes the first ever public post stating that there are btc withdrawal delays from gox: https://bitcointalk.org/index.php?topic=263781.0
31. His experience is shared by a number of other users and a reddit post is also made. These complaints continue, becoming numerous in November then culminating in late January when almost no one can withdraw.
32. Ne0futur, who has worked as support personel for MT Gox since 2011, stated on IRC that there were always withdrawal delays, going all the way back to 2011. He was pressed further:
33. <Aquent_> there is no public post of withdrawal delays on mtgox until july 2013
34. <ne0futur> Aquent_: because they were fixed within 2 hours before july 2013
35.  
36. The first question is, if the cold wallet truly automatically filled the hot wallet, then why would there have been any delays at all, let alone for 2 hours. The second question is, if it is a paper wallet, how exactly do you fill a hot wallet from a paper wallet held in 3 or 6 different locations which, according to Gonzague Gay-Bouchery, Manager Business Development, “is Logistically and legally [a] difficult” process in 2 hours? There would have been lengthier delays if the hot wallet was previously filled from the cold wallet. There would have been public posts complaining about such delays. However, there are none, until July 29th 2013.
37.  
38.  
39. But Numbers Don’t Lie
40.  
41. The leaked database contains a file called btc_xfer_report.scv. This is a database of more than 3 million entries detailing all withdrawals and deposits. This database is fully correct in that it includes all data after June 2011 as tested by many users, including null. According to the semi-official story this data is fictional in that it does not account for TM. However, that does not make the data irrelevant as prior to February the 6th 2014 it was taken by Mark Karpels (“MK”) and gox to be reflective of reality.
42.  
43. These data tell a story. It begins with the hack in June 2011. At that point MT Gox made a proof of solvency transaction showing they had 430k bitcoins. From this point onwards MT Gox continues to grow. 500k coins are deposited 6 months after june 2011. Gox continues to grow by 200k up to 1.1 million in June 2012 another 150k up to around 1.3 million in Dec 2012. Another 40k is added up to 1 May 2013.
44.  
45. What is inevitable to conclude from the above data is that MT Gox was experiencing a period of stupendous growth up to May 2013. Therefore, there was no reason whatever to fill the hot wallet since deposits constantly outweighed withdrawals. If the hot wallet was manually filled during this period then even someone with no brains would have wondered why is that necessary. To be told that this was done numerous times is simply not credible.
46.  
47. If this filling was done automatically that would mean that MT Gox did not have a paper wallet. Thus, we are to believe that after the hacking in 2011 MK nonetheless thought it was fine to keep 1.3 million btc in a hot wallet where they could easily be stolen from a simple hack as it almost happened in 2011. Why on earth would someone even with no brains reach such a conclusion? Why exactly would MT Gox not have a paper wallet? It is simply not credible that MK lied when he stated in 2011 that he kept the coins in a paper wallet in 3 different locations or when Gonzague Gay-Bouchery stated in 2014 that they are kept in 6 different locations.
48.  
49. If we are a jury or a judge it would be inevitable to conclude that MT Gox did have a paper wallet, that it was impossible to automate re-filling of the hot wallet from a paper wallet, that in fact the hot wallet was never re-filled prior to July 2013 as deposits outweighed withdrawals by far, and that if in fact the hot wallet was refilled TM would have been obvious, therefore there was no TM prior to July 2013.
50.  
51. In October 2013 Gox started requiring ID for withdrawing btc. Therefore any TM would be limited to 2 or 3 months between July 2013 to October 2013. That translates to 10k btc per day. Almost 100k per week. That would mean that Gox had to re-fill its hot wallet almost every week. Thus public posts about withdrawal delays would have been numerous and perhaps would have reached fever pitch as it did in November. That is not the case. Instead the public posts seem to reflect what the data show.
52.  
53.  
54. Why do we fall?
55.  
56. Let’s zoom into May 2013. Before this day deposits kept outweighing withdrawals. However on the 16th of May news is received that Gox’s dwolla’s account is seized. Gox states that there is a fiat withdrawal delay. There is panic. A bubble had just collapsed due to a DDos of gox. The price had plummeted from 200 to 70. The community had started to turn against gox. This news could have not come at a worse time.
57.  
58. Between May the 1st and June the 1st 270k btc are withdrawn. No one however reported btc withdrawal delays. Gox has stated that they keep 5-10% of their coins in a hot wallet. This translates to about 130k btc at the higher end or 60k at the lower end. News of the dwalla seizure would have been received by Gox prior to it being made public. A btc withdrawal rush was obviously coming. Gox therefore would have taken precaution and would have increased the amount held in hot wallet. The bank run therefore went smoothly.
59.  
60. By July the first the storm seemed to have passed. Only 20k btc withdrawn. By August the 1st however 60k btc were withdrawn. The storm had not passed. The hot wallet needed re-filling. There are withdrawal delays. There are the first public posts by few unlucky goxers who became frustrated with the unusual delay.
61.  
62. By the 1st of September another 30k are withdrawn, but finally it seems that the storm had passed. For the first time since May the 1st 10k btc were received in deposits more than withdrawn by the 1st of October. After that it is only downwards, the noise about btc withdrawal delays becomes louder and withdrawal continue at a relentless pace, first 5k, then 13k, then 17k, then 37k then gox shuts the doors.
63.  
64. Between May the first and Febuary the 7th 450k btc were withdrawn out of 1.3 million btc leaving gox with 950k btc on the 7th of February 2014.
65.  
66.  
67. Turtles All the Way Down
68.  
69. This bank run perhaps showed that gox was a Ponzi scheme from the start, running on fractional reserve, even though they have publicly stated that is not the case. However, the data does not fit. Gox had 430k btc as proven in 2011. This increased to 1.3 million in May 2013 and went down to 900k in Feb 2014. Everything adds up, therefore the fractional reserve scenario is not true.
70.  
71.  
72. TM, Janitor, Hacker, or Perhaps the Cat Ate them All
73.  
74. Gox states that this 1 million btc has been stolen through TM. The thorough analysis of TM above shows that this is almost impossible, if of course we are to assume that MK is honest. Fraud can not be discounted because in my opinion we have an almost perfect lie which only fails due to there being no public post of btc withdrawal delays prior to July 2013. This shows that the hot wallet was never refilled unexpectedly, thus no delays. If the hot wallet was refilled then it would have been obvious to even a child that there is something wrong because from June 2011 to May the 1st 2013 there had always been more deposits than withdrawals. The system would have told that to MK. MK would have asked why does the hot wallet need refilling, TM would have been found the first time the hot wallet needed refilling as was found by other exchanges or btc banks that have been pray to TM. The paper wallet can not automatically refil the hot wallet. The paper wallet can not leak.
75.  
76. The TM story therefore is only for public consumption. Any internal investigation of gox’s activities most probably would show that there simply no TM at the scale of 850k btc.
77.  
78. The fact that MT Gox had a paper wallet also shows why a Janitor attack is impossible. The most a Janitor could get away with is the hot wallet. The cold wallet could not be accessed through gox’s online system. The los therefore would have been bearable and gox would still be open.
79.  
80. Again the same applies in regards to a one off hack. Furthermore such huge movements of 950k btc or 850k btc by the janitor or the hacker or anyone else would have been noticed. There has been no such movement in such huge amounts.
81.  
82. A coding error or lost keys is out of the question. Gox has moved 200k btc showing that the system is not to blame nor are lost keys.
83.  
84.  
85. Whatever Remains, However Improbable, Must be the Truth
86.  
87. On May 16 2013 Gox’s dwalla account was seized. “Recent testimonies by federal agencies indicate that the account seizures were in fact related to the multi-year pursuit of Silk Road operators, rather than a crackdown on money transmission infractions for their own sake.” Clearly therefore Gox’s accounts are relevant to investigating Silk Road (“sr”). In fact, they are sufficiently relevant that they are seized. Considering that all transactions on sr were done through btc, then how much more relevant are the btc wallets to investigating sr? Perhaps 100 times more relevant. Therefore, the btc would have been seized too around May 2013.
88.  
89. The Federal Agencies did not in 2013 state that the fiat was seized to investigate sr, but because it was operating without a license. The same reason could not be given for btc as btc is not fiat. As there was no reason to be given and as the publication of the seizure of the btc would have jeopardised the sr investigation a gag order would have been necessary.
90.  
91. In May 2013 btc was hardly known to the public. The r/bitcoin subreddit only had 20k subscribers. The btc community was quite small consisting of mainly libertarians who didn’t like the government anyway and a btc back then was worth 70 dollars. Weighing these facts against a billion dollar drugs operation where more than 4k vendors sell to almost 1 million customers, the decision was probably easy as the federal agencies might have not foreseen that the seizure would lead to bankruptcy protection due to a loss of half a billion and headline news in every newspaper and news programme.
92.  
93. 03:12 <@ne0futur> when I were insisting , telling mark to disclose stuff
94. 03:12 <@ne0futur> saying things like "fuck the lawyers, disclose"
95. 03:12 <@ne0futur> he answered me once
96. 03:13 < shadylog> ne0futur: with...
97. 03:13 <@ne0futur> 2014-02-20 10:40<MagicalTux> le gouv. US veut pas qu'on disclose hein
98. 03:13 <@ne0futur> US gov doesnt want us to disclose
99.  
100. <prof7bit> this again brings me to the question that many people have wondered about: what is the meaning behind the mysterious remark "temporarily unavailable" (assuming this irc chat where you mentioned that actually took place). It almost sounds as if there were a real reason for hope. I'm constantly floating between hope and despair, is there anything you can say (even if its just a small hint about what happened and how it can be so
101. [03.03.2014 00:26] <MagicalTux> Unfortunately I can't comment further on that
102.  
103. [07:15] <GrandHeirophant> [14:21] <GrandHeirophant> so the coins were really stolen?
104. • [07:15] <GrandHeirophant> [14:21] <MagicalTux> I cant really talk about that.
105.  
106. [14:17] <MagicalTux> It's up to the US govt when we can access the cold storage
107. [14:17] <MagicalTux> We never got it back after they confiscated it last summer
108. [14:18] <MagicalTux> They let us keep running the exchange but they did freeze all our assets in relation to the SR to investigation
109. [14:19] <MagicalTux> It never accrued to us that we would have to access the cold storage
110.  
111.  
112. “Logistically and legally in would be difficult to replicate the transfer “trick” Mark previously employed at Gox to prove their solvency.”
113.  
114. • 14:19:06 <MagicalTux> [19:59:22] <anarchystar> we are interested in getting ownership of the exchange, but we dont want you to be the CEO.. just help with the transition <- already got quite a few candidates lined up by the potential new owners
115. 14:20:35 <anarchystar> what do you mean with potential new owners?
116. 14:26:50 <MagicalTux> [22:20:34] <anarchystar> what do you mean with potential new owners? <- we've been in discussion for more than a week with different investors willing to buy mtgox and cover the missing funds
117.  
118. <MagicalTux> Well, technically speaking it's not "lost" just yet, just temporarily unavailable
119. <MagicalTux> we'll try to return btc as btc
120.  
121. These are the facts. Not speculation. The FBI together with the IRS Criminal Investigation Division, ICE Homeland Security Investigations and the Drug Enforcement Administration seized the cold wallets in or around May 2013. All who have lost coins must wait, until at least the 1st of April, the latest being the 16th of May, before considering any drastic action. After that, if the facts do not change, there is sufficient evidence to apply for an injunction ordering the US Government to release the seized property.