Mt Gox LEAKED Bitcoin for years before heist, says WizSec

When the crooks struck, freedom was just another word for nothing left to lose

WizSec, a Tokyo-based group that's been investigating the Bitcoin thefts that eventually led to the unravelling of Mt Gox, reckons the crypto-currency was going missing from the trading firm long before it collapsed.

The group's analysis suggests that the pilfering goes back as far as 2011, leading to a shortfall when Mt Gox collapsed of around 650,000 Bitcoin.

That's particularly interesting in the light of the March 2015 arrests of two US agents – one from the Drug Enforcement Agency and the other from the Secret Service – for stealing Bitcoin from Mt Gox from 2013.

WizSec, however, suggests that thefts far pre-dated the efforts of the Americans Carl Force and Shaun Bridges.

The group says it's compiled “a surprisingly dependable list of over 2 million MtGox addresses”, allowing it to plot the holdings of those addresses over time.

Their conclusion: “By the end of 2011 we are past most data gaps, but we are seeing a clear discrepancy of several hundred thousand BTC between expected holdings and actual holdings. Furthermore, if we look closely, this discrepancy seems to be growing over time” [emphasis added].

With thefts taking place since 2011, the report claims, “MtGox operated at fractional reserve for years (knowingly or not), and was practically depleted of Bitcoins by 2013”.

“Bitcoins continuously went missing over time, but at a decreasing pace,” the report states, flatlining in 2013, perhaps because “there may not have been any more Bitcoins left to lose”.

The flatness of the line, say WizSec, makes it unlikely that the decline in the 2 million accounts' holdings resulted from transaction volumes or price, since these see much sharper variations.

Bitcoin holding decline

Smooth decline suggests low-and-slow pilfering, suggests WizSec

Another hint is in the pattern of some transactions: “One recurring pattern eventually stood out: Mt Gox Bitcoins would suddenly get sent to a new non-Mt Gox address, without any withdrawal log entry, often in fairly recognisable amounts of a few hundred BTC at a time.

“Shortly afterwards, these addresses in turn would get gathered up into bigger addresses holding a few thousand BTC. From there, the coins would get deposited in chunks of some hundred BTC at a time onto various Bitcoin exchanges.”

While the researcher, Kim Nilsson, couldn't identify all the destinations of the aggregated coins, he was able to pick out accounts at Mt Gox, BTC-e and Bitcoinica.

The report was prepared with an eye to an upcoming creditors' meeting, WizSec says. ®


Biting the hand that feeds IT © 1998–2017