There has been a ton of speculation as to what happened in the catastrophic failure of MtGox. The only thing we know for sure is that it somehow “lost” upwards of 750,000 of customer BTC, valued around $450 million. A number of theories have been circulating on the internet. Here I’m going to talk about the one that seems the most plausible to me. H/t to /u/PuffyHerb on Reddit for most of this.
The theory is essentially that the U.S. Government seized MtGox’s cold storage wallet and Karpeles can’t disclose that information due to a gag order.
Before getting into that let’s recap the “official” story of what is believed to have happened.
- MtGox was ignorant of the transaction malleability issue despite it being known for years and there being a wiki page dedicated to it.
- They tracked transactions improperly given the malleability issue (this may or may not have happened).
- They automatically reissued transactions when the transaction ID showed an unconfirmed transaction rather than requiring human intervention by a customer support agent.
- They had the cold storage wallet actually connected to the internet, essentially making it a hot wallet. And automatically refilled the hot wallet when empty without throwing up any red flags.
- All this went unnoticed for years and MtGox only realized when their wallet was completely empty.
The amount of incompetence necessary to lose that many Bitcoin this way is truely unfathomable. I know we all have a low opinion of Mark Karpeles, but I’m not sure he could be that incompetent.
So what’s the evidence that MtGox had their cold storage wallet confiscated?
Let’s start with the fact that Karpeles was pretty explicit in the past (see bitcointalk) that MtGox does indeed use cold storage:
On average 98% of customer bitcoins are held in cold storage, with possible variations on large bitcoin moves (large deposits or customers asking for large withdrawals). [...]
Offline wallets are generated from an offline system and kept in paper format in three separate locations, using a technology based on raid. It will likely be changed to use Shamir’s Secret-Sharing method in the future, and all existing offline wallets will be converted to this.
So if that is true there is no way MtGox could have lost bitcoins as described above. Either this quote is a bold faced lie, or something else is going on. Karpeles strikes me as less than competent, but not this big of a liar.
Continuing, last year MtGox had it’s U.S. bank account confiscated by the U.S. Government for allegedly operating without a license in the United States.
In January we learned from the testimony of Federal officials that the claim that MtGox was operating with a license (which it may have been) was largely used by the Federal Government as a cover for an investigation into the Silk Road. Here’s how it was reported by The Genesis Block:
Recent testimonies by federal agencies indicate that the account seizures were in fact related to the multi-year pursuit of Silk Road operators, rather than a crackdown on money transmission infractions for their own sake. In particular, the written statements not aired on television provide additional insight into the motives behind the seizures.[...]
Looking backwards, it’s clear why the Silk Road connection couldn’t be noted in any court filings that would become public. If federal agents made known at the time that they were actively pursuing Silk Road it could interfere with their ongoing investigation. This also means that, at least in this case, it appears money transmission laws were enforced on Mt. Gox not simply for their own sake, but to gain insight and hinder the capital flow to Silk Road without exposing the larger goal of shutting down the international narcotics marketplace.
It’s very likely that Karpeles knew about all this but was under a gag order. In fact, he largely admitted as much in an IRC chat:
03:12 <@ne0futur> when I were insisting , telling mark to disclose stuff
03:12 <@ne0futur> saying things like “fuck the lawyers, disclose”
03:12 <@ne0futur> he answered me once
03:13 <shadylog> ne0futur: with…
03:13 <@ne0futur> 2014-02-20 10:40<MagicalTux> le gouv. US veut pas qu’on disclose hein
03:13 <@ne0futur> US gov doesnt want us to disclose
Also, MtGox’s business development manager, Gonzague Gay-Bouchery, admitted to ongoing investigations when confronted by an angry customer.
This person posted the story of his one-man protest out front of MtGox and his run in with Gay-Bouchery on Reddit.
His first question to Gay-Bouchery was, “What is causing the withdrawal delays?”
• Well, because Gox is the best known of all the exchanges, we have been under the regulatory spotlight.
• This has created problems with government agencies, and also with our banking partners.
• There are also some ongoing investigations, which we cannot talk about.
So it seems plausible that in the course of investigating Silk Road the U.S. Government confiscated MtGox’s bitcoins in addition to its bank account but that information was never disclosed because it would have thrown up red flags for DPR.
Karpeles even alluded to such in the only interview he’s done since this crisis began with Jon Fisher on IRC:
[12:02] <JonWickedFire> How much did you lose yourself?
[12:04] <MagicalTux> Well, technically speaking it’s not “lost” just yet, just temporarily unavailable
What does that mean? If the coins were stolen they aren’t just “temporarily unavailable”, they are lost for good. This quote makes a lot more sense if the bitcoins were, in fact, seized.
Also, in the same interview when asked if he had anything else to say Karpeles linked to a meme on the site 9GAG:
<JonWickedFire> Anything else you’d like to say to everyone before all the pissed off people start going nuts, even more…?
[12:09] <MagicalTux> not really
[12:09] <MagicalTux> maybe just a link? something like that: Why do we fall? – 9GAG
So here’s how I think this all went down:
- MtGox probably kept 85% or so of its customer’s bitcoins in deep cold storage. That is, in multiple safe deposit boxes in Japan. Probably ~10% in cold storage somewhere more accessible that was used to top off the hot wallet without making trips to the bank, maybe an office safe. And ~5% in the hot wallet.
- The U.S. Government likely seized MtGox’s safe deposit boxes in its investigation into Silk Road, probably with the cooperation of the Japanese Government.
- MtGox couldn’t disclose this information due to the gag order and figured it would try to replenish the seized coins out of its profits.
- What likely started its problems was a bad implementation as initially reported. The Bitcoin protocol changed to partially fixed the malleability issue and MtGox never updated its code. Specifically, it continued to broadcast non-DER encoded transactions despite miners ceasing to support this format. This caused MtGox to broadcast invalid transactions that were rejected by the network leading to widespread complaints of customer withdrawals failing.
- As the withdrawal issues intensified it started a run on BTC. MtGox’s hot wallet and what little it had in cold storage were drained.
- To the extent MtGox lost BTC due to malleability it was likely only a small amount. Not 97% of all BTC.
- Karpeles made an effort to fix the code and get withdrawals back online as soon as possible, but it quickly became apparent there was no way he could cover the BTC needed to satisfy the requests.
- Karpeles takes MtGox offline still unable to disclose exactly the source of its problems.
- Karpeles reaches out to Bitcoin industry insiders for a bailout but can only tell them he doesn’t have the BTC and doesn’t disclose why. The insiders freak and notify Coinbase, Blockchain, etc. of the insolvency. They proceed to release a joint statement.
- Karpeles tried but failed to find an buyer for MtGox to restore the firm’s solvency and make the customers whole.
- MtGox declares bankruptcy and Karpeles had to bow his head in shame while apologizing to the Japanese press.
So this theory may turn out to be completely wrong, but given the circumstantial evidence and the extreme improbability of official story this seems the most likely explanation at the moment.