If you’re a Bitcoin user, you’ll know that 2014 was a bit of an annus horribilis for the “freedom currency.”
Bitcoins are effectively cryptographic puzzles that are claimed by the first person to solve each one, and thereafter traded at a value agreed between buyer and seller.
That makes them into a cash currency, more or less, but without any central backing or, for that matter, regulation.
There’s a good side to that: no government body can summarily devalue or disown your Bitcoin stash.
That can, and has, happened with centrally managed currencies, as for example in Zimbabwe in 2009.
Hyperinflation over a number of years rendered the Zimbabwe dollar so worthless that the government eventually disowned it altogether, leaving the economy to operate on other countries’ money, notably the US dollar and the South African Rand.
Effectively, the exchange rate against all other currencies officially became zero, so that any Zimdollars you had were quite literally worthless.
But no government, reserve bank or monetary authority can summarily wipe out your Bitcoins.
Of course, there’s a bad side to that: no regulator means that there are no regulatory protections, and no operating requirements for companies that offer to look after your Bitcoins for you.
Bitcoin exchanges
In theory, you don’t need to entrust your Bitcoin holdings to anyone else, provided that you can find buyers who will accept them directly.
But that doesn’t give you a whole lot of liquidity – you might be fiendishly rich in the Bitcoin world, yet unable to pay your rent, meet the loan repayments on your car, or even buy a loaf of bread.
So Bitcoin exchanges sprung up to act as an interface between the world’s official currencies and the world of Bitcoin.
Loosely speaking, you give someone some Bitcoins, and they let you at an agreed amount of regular money in return.
You might “deposit” BTC1, for example, and be given a balance of, say, $320 (the approximate rate on 2014-01-02) to spend in more familiar ways, or to transfer into a regular bank account.
In short, Bitcoin exchanges act much like banks, with deposits, withdrawals, balances and transaction records.
Yet they aren’t banks, any more than a retail store is a “bank” when it issues you a credit note for goods you’ve returned.
After all, Bitcoin isn’t really a currency, so, generally speaking, it’s not covered by any of the laws relating to currency trading, brokerage, banking and so on.
In other words, if the company to which you entrusted your precious Bitcoins suddenly tells you, “So sorry, they seem to have vanished,” then, well, that’s that: you’re out of luck.
Indeed, the Bitcoin ecosystem has regularly suffered just that sort of confidence-sapping announcement, though usually on a fairly modest scale, at least in global terms.
Examples prior to 2014 include:
- May 2012. An exchange called Bitcoinica allegedly had $225,000 stolen, followed by another $90,000 later the same year.
- September 2012. $250,000 was stolen from boutique exchange Bitfloor after an encryption lapse during a server upgrade.
- November 2013. Small exchanges in Australia, China and Denmark “vanished along with the money” after claiming they’d heen hacked.
Mt. Gox implodes
But in 2014, the Big Daddy of Bitcoin exchanges, Japan-based Mt. Gox, made a “So sorry, they seem to have vanished” announcement about a whopping 650,000 Bitcoins, worth approximately $800 each at the time.
The mystery of the missing BTCs was at first blamed on a cryptographic flaw in the Bitcoin protocol that Mt. Gox’s coders hadn’t defended against properly – something they really ought to have done, considering that they were sitting on half-a-billion dollars worth of other people’s assets.
But that story didn’t wash with everyone, not least those who thought that any abuse of the flaw concerned (it’s euphemistically known as transaction malleability if you would like to look it up) ought to have been visible, albeit too late, in the transaction record.
→ Greatly simplified, transaction malleability means that two transactions can be rigged to have the same supposedly-unique identifier. Crooked transactors can use a deliberately created duplicate-yet-different transaction pair to trick naive exchanges into thinking that something has gone wrong, and demand a refund. (Smart exchanges use additional checks to help repudiate bogus transaction repudiations.)
Some people suspected Mt. Gox insiders of simply taking the missing Bitcoins – or some of them, anyway – for themselves.
Ironically, the very sort of incautious attitude to coding that would make a transaction malleability exploit possible would probably also make it possible for rogue insiders to get away unnoticed with large-scale Bitcoin larceny.
That’s where the story sat throughout the second half of 2014: something bad happened, but no-one quite knew whom to blame.
The New Year’s bombshell
On New Year’s Day, however, Japanese newspaper Yomiuri Shimbun dropped a bit of a bombshell.
It openly stated that there was “strong suspicion” that most of the missing Bitcoins were ripped off from inside.
Yomiuri Shimbun is claiming that the loss of about 7000BTC can be explained by cyberattack – in other words, crooks outside the company’s network were the perpetrators – but that there is no evidence of cyberattack around the loss of the remaining 643,000BTC.
In short, 99% of the crime was an inside job.
Is that really what happened, do you think?
If so, is there a chance, however slim, that some of the missing funds might yet be recovered?
Tell us your opinions in the comments…
gatomalo
Every Bitcoin is traceable in the BLockchain. The only thing that matters in the Bitcoin network is the TX-transaction and the ledger follows it all from owner to owner. You can’t cheat Bitcoin very easy and we all knew Mt.Gox was an inside job and pretty easy to track. Come on the Fed’s had this and they messed it up, Oh yes even today I can go back in time and still track it down, but why should I waste my time, not my coins.
monker1911
All bitcoin transactions are public and traceable… At some point, some of those 650.000 bitocoins should interact with some public service or product vendor. That’s when we will be able to start a trace back on the actual crooks.
Its a hide and seek game, and what the crooks didn’t realized is that the massive theft all it did is send down the bitcoin price and made the common people to loose the small faith it had on bitcoin.. :S
Unless, that’s what the “crooks” where looking for…
Ghost Hin
I won’t be surprised if it was an insider job. Working in retails taught me something that I would have never know if I wasn’t. almost 60% of loss are due to insider theft and another 20% from vendor. Outside theft only account for about 15% and out of the 15%, 99% of it were done by professional theft rings (The remaining are bad bookkeeping). The lost prevention department in every retail store only look out for insider theft and they are the bigger fish and easier to catch.
Matt
“All bitcoin transactions are public and traceable…”
Go have a read about bitcoin laundering services like bitcoin tumblers
Paul Ducklin
I don’t think what the OP meant was that if you were to steal Bitcoin X, any attempt to spend it would inevitably lead law enforcement back to you, given enough effort to trace it. I think he meant that if you have a specific interest in Bitcoin Y, then you can always watch out for it being used. (IIRC, none of the BTCs that Satoshi is assumed to have mined right at the start of the BTC “experiment” have ever been spent…but if ever someone were to spend one of them, it would make news. We’d most likely have no idea who it was and could only speculate how they acquired it, but that wouldn’t affect the transaction itself. Might have an interesting effect on the perceived value in real money, but it would be a BTC like any other.)
So…IIRC, the Mt. Gox “loss” constituted about 5% of the BTC currently in circulation, and 2.5% of the BTC that will ever exist.
If none of the lost/missing/stolen bitcoins are ever recirculated…would that not have the very long term effect of pushing prices up by constraining supply somewhat?
ar18
The money will never be recovered because I believe it was an insider and an outsider job — with outsider meaning tax collectors and banking officials of some major world gov’t. They want to undermine *any* trust you have in any non-official, non-gov’t currency. It’s called FUD and it is working.
gadget1st
How about the fact that maybe 7000BTC were in fact lost due to cyber attack and then MT.Gox thought we’ll have the rest and blame it on the cyber crooks, wait for the dust to settle then sell them.
Paul Ducklin
I’m not so sure about the “wait for the dust to settle” bit :-) Could be hazy for a long time yet…
Jim
I recently attended a CPE class in which the speaker was a Homeland Security Agent and the topic virtual currencies and money laundering. It was very interesting and amazing how much attention virtual currencies are receiving from the Fed.
Of course since virtual currency isn’t sponsored by an government the Fed doesn’t care much to investigate it’s theft or possible “counterfeiting”. But they are extremely interested in who is using Bitcoin and for what purpose. So people who are using Bitcoin to stay “off the grid” are actually bringing themselves to the attention of several US agencies.