1st May 2014

I’m back in Tokyo! While I was doing an interview with TV Tokyo, Mark Karpeles suddenly turned up in the background. He came out of the MtGox office wearing a suit and was waiting to get into a chauffeur-driven car. We were across the street so he didn’t see us until the TV Tokyo reporters ran over. One of them tried to talk to him and Karpeles got into the car quickly and closed the door on him, trapping the reporter’s tie! He wouldn’t open the car door to free him, it’s possible he didn’t know why he was knocking on the window. We were half expecting the car to drive away dragging him down the street. Eventually he opened the door and the reporter was freed, fun over. I wonder what he was doing at the MtGox office if he has nothing to do with the company any more. It looks like it was something official.

It barely needs to be mentioned that the idea of MtGox suddenly finding 200,000 missing bitcoins is ludicrous. I have strong faith in the incompetence of Mark Karpeles but I don’t believe for a second that he was unaware of these coins. There are few people in the history of the world who could claim to have lost all their assets yet completely forgotten about $150 million they had lying around.

I’ve been asked countless times in interviews whether I believe MtGox deliberately defrauded their customers. I do believe that they perpetrated fraud against their customers, but I didn’t necessarily believe that they were behind the missing bitcoins. Now it’s getting harder and harder to believe they were not involved in some way.

If 200,000 bitcoins were found, this means there could have been no record of them being taken in the first place. If this is the case, why would Karpeles have claimed/believed they were stolen? Let’s just check what MtGox actually claimed:

“We found that a large amount of bitcoins had disappeared […] We believe that there is a high probability that these bitcoins were stolen”

That’s a nice way of implying that they were stolen but in a way they can retract later if need be.

Recently a technical analysis by ETH Zurich University in Switzerland has showed that no more than 386 bitcoins could possibly have been stolen through any transaction malleability attack at MtGox, and it was probably far less. If that is the case then Karpeles would certainly know this because he has all the records. Why has he been deliberately spreading the belief that they were stolen via malleability problems?

Why won’t Karpeles explain where the “missing” coins have gone to or which wallets they were stored in? If they were taken, the evidence will all be there both on the public blockchain and internally on MtGox’s computers. All we need are the bitcoin wallet Ids and we can see for ourselves where they were transferred to. I can’t think of any possible innocent reason to conceal this information. In fact, Karpeles is required by law to disclose it to the creditors but he will not do so. Similarly, he won’t explain where the missing $28 million of customer cash deposits has gone.

If Karpeles suddenly found 200,000 bitcoins in a secure offline wallet, why would he immediately upload them into a hot wallet on the MtGox online system which he knew has been breached by hackers in multiple ways? This system was still connected to the internet at the time, and he left them sitting in there for a week! MtGox later claimed in a court statement that they did it for “security purposes”. MtGox also claimed in court documents that the last remaining 2,000 bitcoins was left sitting in the online hot wallet in March. If he believed the other coins had been hacked why on earth would he do this?

This is all very reminiscent of the pre – bankruptcy protection times when we couldn’t get our money out. We were all left to guess what was going on. We were served up with a menu of misdirection, half-truths, withholding of information, and probably all-out lies. I have to think that there is still quite some cover up going on here. I think it’s likely the coins were not stolen from outside the company, at least not during any recent hacks. It’s possible the bitcoins have been missing for years, and the company could have been fraudulently taking people’s deposits all that time and trying to cover it up. If this was the case it would have been a classic ponzi scheme.

On Thursday 27th March Mtgoxrecovery.com published 3 court documents in their case against MtGox. They are doing a great job of forcing the company to account for their actions and ensuring they don’t get away with cheating the system. It is their belief that Karpeles would not have announced the finding of the 200,000 bitcoins on 20th March if he had not been forced to by mtgoxrecovery.com reporting it to the court on 11th March. (And I know that other parties have been reporting it to the court too).

The monthly civil rehabilitation report which MtGox filed on March 10th does not mention the found 200,000 bitcoins. This bitcoin “discovery” is by far the most important event since the start of the civil rehabilitation. Why would this have been concealed from the monthly report?

In the court documents, mtgoxrecovery.com highlight several inconsistencies in the official court statements of MtGox, some of which are covered in this blog post. It’s quite shocking that they are submitting what clearly seems to be unfactual information to the court. Their explanations for their suspicious actions do not make sense. In my view they are blatantly trying to mislead the court and their creditors, and they are making a mockery of the civil rehabilitation process.

Some quotes from Mtgoxrecovery.com in the court documents:

“[MtGox] has been conducting transactions that raise a danger of hiding most of its assets”

It is becoming increasingly questionable whether any ‘loss of bitcoins’ actually occurred”.

We cannot help but coinsider that [MtGox] had hidden such enormous assets of approximately 200,000 bitcoins at the time of filing for commencement of civil rehabilitation proceedings”

As is well known, Mr Karpeles […] lacks credibility”

MtGox’s real plan?

The civil rehabilitation procedure is MtGox’s attempt to keep the company running in the long term, it is not any form of bankruptcy procedure. It protects them from lawsuits and bankruptcy. They have made it clear that their plan is to reopen the exchange. The question is how? I have no doubt that their hope is to use our bitcoins as part of this.

In the application for Civil Rehabilitation proceedings, they claimed the value of the lost bitcoins was 13,472 yen ($130) per bitcoin! Clearly untrue. They used the crazy fake trading price on their exchange at the time it closed down. If they were able to get away with only paying us back at a rate of $130 per bitcoin whilst keeping their company running, they might be able to use the ‘found’ 200,000 bitcoins to not only ‘fully’ pay us back, but they could end up left over with a huge 9-figure dollar profit at the end of it – depending on the price of the bitcoins when cashed in.

Mtgoxrecovery.com are pushing to end the civil rehabilitation, which would be a good thing for all of us. Karpeles should not be allowed to continue running the company and continue controlling our assets in mysterious, unexplained ways. Hopefully the court will do the right thing and we will see the procedure struck off. There will be a hearing on May 9 to decide this.

If it’s allowed to continue, we will still have the ability to vote against whatever the plan might be but it could add several months onto the time we wait to receive any money back.

I will be putting an article up later this week which shows how you can help to stop this from going ahead.

We’ve spoken to insiders who have given their accounts of happenings inside MtGox. There’s too much to put into one post so this is part 1.

Security

We asked about the security of the MtGox computer system.

There was money and bitcoins being sent into MtGox. It’s supposed to be a secure environment right?”

<laughs>

“Ha ha. That’s funny”

“Security’s pretty lax.”

We were told how it was common for outside security researchers (not affiliated with or working for the company) to find security bugs and send these in. They were generally not accepted and ignored. Regarding the support staff we were told:

“They didn’t know anything about security. They’d say ‘Well I tried this and it didn’t work, it’s not a bug.’ Obviously [the security researchers] would go full disclosure because we wouldn’t accept it as a bug.”

This means that security bugs in the MtGox system would be published openly on the internet by well-meaning researchers in an effort to force a solution to be found. The fact that MtGox allowed this to happen is absolutely staggering. It’s a double-whammy – the bugs were not fixed AND they ended up being made public on the internet. Any company with responsibilities like this should have at least 1 dedicated security professional who will respond thoroughly to any security bug reports, and preferably they should have a team of them. A single bug could end in disaster.

January/February meltdown

Everything started to go visibly wrong at the end of January, with bitcoin withdrawals getting “stuck”. Customers were finding the coins they tried to withdraw went through the normal withdrawal process but didn’t appear in their destination wallets. This went on for 2 weeks before withdrawals were finally deactivated completely. During most of that time, no explanation was given. We asked what was going on there:

“They didn’t really understand what was going on. They didn’t realise the seriousness of the problem.”

”So everyone who tried to withdraw found their bitcoins disappeard and it took MtGox 2 weeks to actually care about it ?”

“Well they just figured it’ll go its course.”

“Mark distracted himself very much from this thing using the Bitcoin Cafe and his cash register [for the Bitcoin Cafe] and Shade 3D [a company Karpeles recently bought], and pretty much anything other than day-to-day business affairs.”

“Marion [who worked on payments] was… I’m not sure what she was doing. But things were just getting lost. And reappearing. There was no tracking going on. ”

“What about customer complaints and support requests about this?”

“They had lots of templates and canned responses and it was CLICK CLICK next.”

“No one really cared. Marion told those guys just do whatever. To be fair there were a couple of support guys who really did care. But depending on who you got it could get really bad.”

My own experience with their “support” backs this up. That is why I had to fly out to Tokyo to find out for myself.

Widespread account hacking at the time of the withdrawal problems

“One guy[‘s account] got hacked and he got so desperate he emailed every single Tibanne email address he could find on the internet. Just because support would not answer him for days. ”

”He got hacked?”

“Yeah his account got compromised. Support just told him to file a criminal complaint.”

“So did it seem like someone hacked into the customer’s computer?”

“No no no no. What was going on was – this was the 4th February – they were talking that there must be an unfound security flaw somewhere in the codebase. We don’t know where, we don’t know what. We don’t really have access to the logs that can prove anything.”

We were told that a very large amount of accounts were being hacked at this point, in a very short period of time. This was why MtGox suddenly introduced an automatic email telling users when someone logged into their account and what the login IP address was.

“Because we just didn’t know any other way we could track this. And it was mostly chinese IP addresses. Probably proxy servers or something like that. Just someone, somewhere had insider knowledge that we did not have. Accounts were being hacked left and right. …  It’s not random. This was from approx 31st jan onwards”

“They got an email informaing them of their withdrawal. Telling them to contact support if it wasnt them.

Then theyd contact support and wait 2 weeks and nothing would happen.”

Faced with such a serious situation, any exchange like this should have without question immediately shut off account logins and traced the bug. Back in September 2013, a Reddit user called Belkor described a similar hack into his MtGox account. He had a hardware security YubiKey (similar to an online banking password generator device) but his account was still accessed. He was asleep at the time. Bypassing the YubiKey would indicate the breakin was done either internally at MtGox or by someone who had control over MtGox’s computer system.

On 10th February MtGox made an announcement to customers about a malleability bug and blamed it on the bitcoin protocol. There was a large community backlash because it was clearly a fault within MtGox and not with bitcoin. It seems very likely that this statement was a cover-up of the hacking and other problems – such as having lost everyone’s bitcoins. However it was enough to put many customers at ease, believing the problems may have really been just a techinical fault which would be fixed. MtGox continued to accept people’s deposits.

A big question is whether there is a link between this hacking and the missing 850,000 bitcoins. They are not necessarily related. Maybe if the exchange was already running low on its coin supply and a lot of account withdrawals were suddenly being made by hackers this could have pushed the situation to crisis point and caused the exchange to hit empty.

We asked a source if he thought that the malleability problem was really what caused the main bitcoin theft.

“I think it’s bullshit.”

There are community suspicions that MtGox may have been behind a restructuring proposal which has seemingly originated from a 3rd party source, in what could be an astroturf campaign to gain acceptance.

We’ve been contacted by multiple creditors who are worried about the supposedly neutral proposal to continue MtGox trading, authored by a group called Humint.

This post on Reddit points to the document:
http://www.reddit.com/r/Bitcoin/comments/1zj1rm/humintis_proposal_for_mtgox_recovery/
The comments to this show the immediate community reaction. Many creditors feel that this document is suspicious and is not in their interests.

The plan would effectively mean that people’s bitcoins would be converted to another tradable currency, “GoxCoins”, which would have a much more ephemeral value. If stolen bitcoins were officially recovered, owners of the GoxCoins would share their value via dividends. This is an interesting idea but our concerns about it are very considerable:

• The bitcoin debt of MtGox would be magically wiped clean, allowing the company off the hook to continue trading, and resetting everyone’s bitcoin balance to 0. The responsibility for the bitcoin loss would be shifted to the creditors.
• Bitcoin creditors would lose out on their fair share of the fiat cash reserves currently left in the company, so it’s likely they would end up losing even more money. This plan seems to strongly favour fiat holders, but the document spins it like it’s a good thing for coin holders.
• Whoever is behind the missing bitcoins, be it someone/people external or internal to the company, would be able to become the legal owner of much of their value, because they could buy up the GoxCoins at a very low rate before allowing the bitcoins to be found. This could be used as a handy method of laundering.
• If someone on the inside of MtGox had an idea of if/when they might be found (which clearly they would more than the creditors, even if there was no foul play) they could ‘play’ the creditors. Those with access to the records and the most knowledge of what happened, eg Karpeles, could end up the big winners.

Our opinion is that creditors deserve to fairly share the value of any recovery of coins. By trading their rights away in the form of GoxCoins against people who potentially have more knowledge of their value, they could be at a serious disadvantage.

So why the suspicion of this new plan?

This “GoxCoins” controversy is reminiscent of the furore over the famous restructuring document leaked 2 weeks ago by TwoBitIdiot. That document was suspected to have been secretly authored by Mandalah, a consulting business closely tied with MtGox and Tibanne who were said to be tightly integrated into the running of the company. One source told us:

“Mandalah has its tentacles really really deep inside that company. And they pretty much run the show.”

Despite the sinister tone of this quote, Mandalah were said to have come up with some good ideas and plans to improve the customer experience and transparency of MtGox – something which was badly needed.

This article on CoinDesk exposes links between that original document and Mandalah:

http://www.coindesk.com/leaked-mt-gox-document-linked-consulting-firm-mandalah/

This new GoxCoin document appears to have similar roots. An internet “whois” query on the Humint.is website domain shows that it is in fact owned by Mandalah. Michael Keferl (of Mandalah) who worked closely with Karpeles is listed as one of the authors of the GoxCoin document, though there is no disclosure of his links with MtGox.

One creditor summed up his concerns:

“I think it basically boils down to an attempt by Mark to cheat himself out of Bitcoin liabilities.”

One insider who was formerly close to MtGox has been investigating developments with growing alarm. He told us that he has been hit by multiple legal threats from Karpeles to silence him.
Here he gives his theory on the situation:

“Now the question is: Why would Mandalah, a contractor that is close to Tibanne, make a petition to Mark Karpeles?

A much more likely case: This was an idea by Tibanne in order to rid itself of the BTC debt. Mandalah was to execute the plan in order to make it look like the community is making the proposal. Mark can then accept the proposal under the pretense that this is what the community wanted. This is the working theory in ##mtgox-chat on Freenode IRC.

This would mean that:

(1) Tibanne wants to create its own alternate currency to get rid of its BTC liabilities easily

(2) They ordered Mandalah to create a website for it and do publicity so it looks like it is a community effort

(3) Tibanne effectively wants to make its users work for getting their money back, by advertising a relaunched MtGox website and GoxCoin.

It would have been perfect if Tibanne had its way: Mark simply owns some of these Goxcoins, and uses them to pool the debt and give people liquidity. Then Mark buys it all up for pennies. Next, a bunch of BTC are magially found and/or recovered. Because Mark holds a large amount of these Goxcoin, the discovery of bitcoins means that he is able to reap huge profits.

While writing this, the whois for http://humint.is was changed. Mandalah/Tibanne were obviously not pleased we found out about their little scheme. They were lurking in the ##mtgox-chat room while the investigation was taking place.

By the time you read this, the page contents may already have been removed or altered further.”

 

Update:  A signatory of the document Adam B Levine claims to have come up with the plan and has put a lot of time into responding to the comments on the Reddit page. However, seemingly users remain unconvinced. Michael Keferl has been removed from the signatories list. CoinSearcher, who was the very first MtGox protester and who briefly came to Tokyo from Australia a month ago to protest, worries that if there was any coin seizure by the authorities and gag order, this method could be used by an insider to gain control of those coins once they were returned. His request for a definitive statement from all those involved in the document that they know of no seizure has gone unanswered.

 

 

Been to MtGox building for TV & press interviews.

The lights are on on the Tibanne/MtGox floors.

 
“Inspector Gadget”-style guard
still posted outside the office.

Tried to phone the new customer helpline 4 times
and was treated to a relaxing selection of ambient lift music. No answer.

The helpline is located inside the building.

Many people assume MtGox have filed for bankruptcy. They have done the opposite, they filed for bankruptcy protection.

They are applying for Civil Rehabilitation, this is a process whereby Karpeles proposes to keep himself in charge of the company, along with its records and customer funds, and keep the company running. It would also protect the company from lawsuits seeking reimbursement of funds.

To have Karpeles remain in charge of customer deposits and plan the process of any returned funds is a very frightening prospect. Offhand I can think of approximately 7 billion other people in the world who I would prefer to be doing it.

In my view, this process is a sham as it’s hard to imagine how the company could keep on running. I see it as another delaying tactic. Any plan he comes up with would require a majority vote from creditors, which is unlikely to happen. It is possible to file for a motion to discontinue the civil rehabilitation which is what we are seeking to do.

I would like to see Karpeles removed from any further control of the company and customer deposits and for the company to enter formal bankruptcy, meaning a court-appointed professional would take over and redistribute any possible funds to its creditors.

TV and press still hanging around outside the empty MtGox offices.

Protest started late at 4pm and consisted of a series of interviews until 6pm.

 

18:00:  Mark Karpeles makes a statement to the press in Tokyo explaining the company has filed for bankruptcy protection. Finally an admission of insolvency and loss of all the bitcoins. This is what everyone has been waiting for since the website went down on Tuesday, and what the protest has been trying to achieve since the start.

It brings a welcome end to the false hopes Karpeles has been feeding his customers on the MtGox website this week, and an end to the protest in its current form.

18:45: The MtGox protest is packed up for the last time outside the empty former MtGox office. I do an exit interview with Asahi TV, and head home to spend the next couple of hours giving out final statements. Despite the sad ending in relation to customers’ deposits, I feel some satisfaction that the protest has outlived the company. This is not the end from us though, please see updates. We will be continuing.

The protest outside the office is over but we will be continuing!

Our aim is to shed new light on what has been going on at the company, fight for the prosecution of those responsible for crimes there, report news, and help gox victims with information and updates on claiming their funds.

Coming soon will be a series of revelations on what has been going on inside MtGox, as well as details of events during the protest which haven’t been made public.

Update 3 March 01:00: As I’ve had criticism for not updating regularly and saying “Coming soon..” I will explain the situation. I am in Tokyo on the opposite side of the world from my home where I’ve been for 3 weeks now at my own expense (but I’ve had some donations, thanks!), working almost every waking hour to shed light on the MtGox situation and ensure these people don’t get away with losing everyone’s money without an explanation. If Aaron and myself hadn’t been doing that they might still be operating the site and taking more people’s deposits. I spend most of my day answering emails from concerned people, interviewing with the press, trying to initiate legal action to ensure things are investigated properly and the bankruptcy procedure is not opaque, and trying to source new information. As a result I am not able to update the blog as often as I would like to – but I am doing my best.

Sorry for the lack of timely updates in the past day. Things have been very busy.

AM: There are press outside the Cerulean tower waiting for something to happen, there are reports they are moving to the original MtGox office.

I will be arriving at the original MtGox office at around 3pm.

12:30: It appears that there is no chance of an MtGox bailout, meaning customers have little chance of seeing their funds again. The bailout document on the net was apparently written by Karpeles himself. From Two-Bit Idiot:

Due to some angry Gox depositors, I’ve been advised to disclose that Karpeles was overstating the fact that he had “lined up” investors. The truth is, in a move of desperation, Mark asked several investors for a bailout, all of which seemed to have immediately notified the authorities once they learned the extent of the fraud, negligence or incompetence at Mt. Gox.

http://two-bit-idiot.tumblr.com/post/77967162725/breaking-full-mt-gox-story-coming

Karpeles now is clearly in complete desperation, as are his customers. I think we’ll find him hiding inside a drainpipe, somewhere near a Starbucks outlet. What we’re waiting for now is a statement on the MtGox website saying it’s all over but don’t hold your breath for that. Even if/when he’s in jail I expect him to still be sending out messages about technical problems.

Stay tuned for more updates today.

Follow me on Twitter @The_K_meister for instant updates.

*****  16:00: We’ve been given some very interesting information about what has been going on behind the scenes at the company. Stay tuned for updates.

18:00: Neighbours of Karpeles say his family left his apartment a month ago

 

Today the story hit the Japanese media like a bomb. There were large numbers of TV, newspaper and web journalists staking out the original MtGox office in wait for us. I arrived late at 3pm and after pulling out my protest sign I was soon overwhelmed by the media.

Nobody from MtGox or Tibanne is reported to have been sighted at the office but that doesn’t necessarily mean that nobody is there.

The Japanese government made a statement saying that the police, the Finance Ministry and other agencies are now investigating MtGox.

A conversation purported to be with Karpeles has appeared on the net, where he insists he is at home. A linked photo also shows a Cerulean Tower keycard possibly put there for show. People have been to his home and reported that his mail has been backing up so it seems unlikely that he is really there.

A couple of disaffected MtGox customers arrived outside the Cerulean tower in the evening, followed by several TV and print journalists.