The Tangled Tale of Mt. Gox's Missing Millions 191
jfruh writes "What went wrong to produce the spectacular implosion of bitcoin repository Mt. Gox? Well, according to some preliminary investigation from the IDG News Service, pretty much everything. There was a lack of management oversight and 'culture,' the code running the site was a mess, and the CEO seemed more concerned about his plans for a 'Bitcoin cafe' than he was about his Japanese bank closing the company's account."
"Sight"? On slashdot? (Score:5, Interesting)
Re:Shouldn't it be understood... (Score:4, Interesting)
Wasn't it obvious that governments are going to have a problem with it due to a lack of ability to regulate/tax,
No, just the opposite in fact, because of the block chain. It's clearly more trackable than regular money. Governments might oppose it, but not for this reason.
banking systems are going to have a problem with it due to their not having a role in something that could be lucrative
Yes, this is obvious. The problem with bitcoin for banks is that inflation is mathematically defined - they can't just print more on a whim, they have to actually do something to generate more.
I imagine it is possible that a bank-designed crypto currency could have properties that are favorable to the banks in this way, but I think those might have a hard time gaining adoption. We've already got a currency that robs its holder of 2% of its value every year by design, why would we need another?
criminals are going to be interested in exploiting the lack of government oversight in order to either profit through its use or through outright theft?
Did you not already mention bankers? Non-banker criminals who are wise will stay well away from anything that has a list of all transactions ever associated to it by design. I think that we probably want criminals to choose crypto currency because they will be easier to prosecute!
Wise criminals probably just go into banking.
Bit coin is highly misunderstood by many (Score:5, Interesting)
The only anonymity the users have is the notion, these bitcoin wallets exist only in the bitcoin universe and it can not be linked to real life entities. This is a big assumption to make. Whenever bitcoin universe intersects real universe there is potential for the anonymity to be broken. A vendor delivering goods maintaining records like "bitcoin wallet xxx placed order for yyy delivered to address zzz" will link the wallets to real identities and clues.
I thought "These blocks go well into the past, so people who have conducted illicit transactions in the past also have their wallets linked to the transactions. These can not be erased or modified. Multiple copies of the blocks exist. So the law enforcement can catch them years from now". More informed slashdotters explained that those "expired" blocks have been purged from most miners. Only their final checksums were carried forward. So past transactions to buy drugs or something can not be decrypted.
But NSA and other agencies have been sucking up internet traffic like a giant vacuum. They know more about the value of the blocks being validated (Mining is a misleading term. Mining is repeatedly validating the block till the checksum meets a criterion). Those blocks exist in the vault.
So yes, every time a drug dealer or a hired assassin gets nabbed and his/her bitcoin wallet gets decoded, all the wallets that dealt with him will be recovered. The web will grow. There is potential for a very large number of people to be caught by the law years after their "illegal" activity happened. If it is a time bound offense they might be lucky. But there is no statuette of limitation for murder and other higher felonies. Bitcoin blocks might turn out to be a huge law enforcement tool after all.
But most likely to catch illegal downloads than drug dealing, given the tenacity and connections of MPAA and RIAA.
Total lack of controls (Score:5, Interesting)
The main problem with Mt. Gox was not that the code was a mess. It was a lack of basic financial controls. Mt. Gox lacked a chief financial officer, a controller, inside auditors, outside auditors, a board of directors, an audit committee, and a compliance officer. Yet they were doing a billion dollars of transactions a year. It's not even clear that they have a general ledger listing all transactions. Lack of financial controls is usually considered an indicator of fraud. I've been making this point on bitcointalk for the last year. None of the "Bitcoin exchanges" have proper financial controls. None have an outside auditor and published audits. Yet they're handling far too much money to operate that way.
As for "The National Police Agency seems to lack the ability to analyze the bitcoin trading history of Mt. Gox", that seems to be correct. One would think that the Japanese National Police Agency would have a cyber-crime division, but they don't. In 2013, they were trying to beef up their capabilities in the computer area. [japandailypress.com] This is embarassing for a developed country. Today, any sizable financial mess involves computers, and Tokyo is a major financial center. Untangling any business collapse requires computer forensics and forensic accountants.
The Tokyo police have a backup option - putting Mark Karpeles through one of their standard 23-day interrogation sessions. That's probably going to happen at some point.
Mt. Gox didn't have that high a transaction rate. They only did two or three money transactions a minute on average. They had a lot of traffic from people querying their site for market info, but that's all read-only traffic, and they had nginx and Amazon AWS to help with that.
Their use of PHP wasn't the real problem. From the leaked code, a big part of the problem seems to have been that the front-end system that talked to web users also handled the money. Banks have a separation between the front-end web system and the money system, with standard-format transaction items flowing between them. All those transaction items are logged, often by a third system that just does logging. This allows auditing. It's separation of function that's important, not the language. As far as anyone can tell, Mt. Gox had nobody on staff who understood this.
This all screams "inside job". If you're running a business that handles a lot of money and you lack financial controls, you're scared that someone will rip you off. Unless you're the one doing the ripping off.
Also with a phone size is an issue (Score:4, Interesting)
The blockchain is currently about 15GB, and grows every time there's a transaction. That's a problem. Most phones don't have 15GB of free space. You'd have to get an SD card, just to hold it and that is only a temporary solution, since it'll keep growing.
Also this would be a real problem if BTC was actually used like a major currency and not just played with by speculators as the number of transactions would be orders of magnitude higher, and thus so would the growth.
So it would be totally unrealistic to just store it on mobile devices, which is something you'd probably want to do if you were going to use it as a general purpose kind of payment system, security issues aside and those are not minor.