Mt. Gox CEO's blog goes blank after alleged hack

Hackers claim internal records show Mt. Gox has more bitcoins than it claims it lost

Hackers claim to have compromised the blog of Mt. Gox CEO Mark Karpeles, which went offline on Sunday, and stolen a database belonging to the defunct exchange.

Hackers claim to have compromised the blog of Mt. Gox CEO Mark Karpeles, which went offline on Sunday, and stolen a database belonging to the defunct exchange.

Hackers attacked the personal blog of Mt. Gox CEO Mark Karpeles on Sunday and posted what they claim is a ledger showing a balance of some 950,000 bitcoins based on records they obtained from the defunct exchange for the virtual currency.

They said the sum contradicts Mt. Gox's claim in a Japanese bankruptcy protection filing Feb. 28 that it had lost about 850,000 bitcoins.

Neither Karpeles nor Mt. Gox officials could immediately be reached to verify the claims.

Karpeles has maintained a low profile since the filing in Tokyo District Court. Mt. Gox, which pulled the plug on its website three days before the court filing, had announced that about 750,000 customer bitcoins it held are missing along with 100,000 of its own bitcoins and $27.3 million in customer deposits.

Karpeles' blog was titled "Magical Tux in Japan -- Geekness brought me to Japan!" Karpeles, who is French, often used the nickname "MagicalTux" when posting on public message or chat forums. His blog went offline on Sunday shortly after it was attacked.

Karpeles did not immediately answer a query sent to his personal email address.

The attackers claim to have obtained database records containing transaction details from Mt. Gox. They wrote they purposely withheld users' personal data. Mt. Gox had as many as 1 million customers as of December.

The data included a screenshot of what appears to be an internal SQL database administration tool, Karpeles' CV and a Windows executable called "TibanneBackOffice," among many others. Mt. Gox is a subsidiary of Tibanne, a company owned by Karpeles.

The release of the data adds to the mysterious circumstances around Mt. Gox, which at one time was the largest exchange for buying and selling bitcoin.

Mt. Gox's demise has enraged its out-of-pocket customers as efforts continue to derive clues from bitcoin's public ledger, called the blockchain, that might indicate the fate of its virtual currency holdings.

Mt. Gox in part blamed a security issue called transaction malleability for its bitcoin losses. In some instances, transaction malleability can allow an attacker to manipulate transaction identification numbers in order to steal bitcoins.

The long-known security problem is being addressed by the custodians of bitcoin's core software who've said it is usually only an issue if a bitcoin exchange has not coded its own software correctly.

Meanwhile, intense efforts are underway to analyze the blockchain to figure out where large stashes of bitcoins once held by Mt. Gox may have been transferred.

The blockchain records the movement of bitcoins from a user's public bitcoin "address" or "wallet," which is a 32-alphanumeric character. It is possible, for example, to attribute addresses to a person or company based on past transfers.

Adam Levine, who writes a blog dedicated to bitcoin, investigated Mt. Gox's bitcoin balances along with four colleagues. The group found two addresses, one with 90,000 bitcoins and another with 200,000, that may belong to Mt. Gox.

In a phone interview last week, Levine said those two stashes were found by analyzing a transaction Karpeles made in 2011 when Mt. Gox was pressured to prove the company was solvent.

At that time, Karpeles is believed to have moved just over 424,242 bitcoins between two Mt. Gox addresses. Since the transaction was recorded in the blockchain, it would ostensibly be proof that Mt. Gox had the bitcoins.

Levine, who wrote about their findings, cautioned though that their conclusion may not be accurate. There are a lack of technical tools to perform deep analysis of the blockchain that could make it easier to elicit more definitive conclusions, he said.

"There's a lot of technical depth, but when it comes to attributing it to individuals, it's very, very difficult, and it's tempting to draw conclusions because sometimes it seems like it's just obvious," he said.

The 850,000 bitcoins that were lost from Mt. Gox, 100,000 of which were its own, were worth an estimated US$474 million. If stolen, the incident would be one of the largest cybercrime thefts on record.

An academic paper published last year that analyzed noted thefts of bitcoins found that following a trail of bitcoins was hard if a thief used certain techniques, including splitting balances into many other addresses, but few did.

"For the thieves who used the more complex strategies, we saw little opportunity to track the flow of bitcoins (or at least do so with any confidence that ownership was staying the same), but for the thieves that did not there seemed to be ample opportunity to track the stolen money directly to an exchange," they wrote.

Because bitcoin is just five years old, law enforcement may still be just catching up with how bitcoin works, let alone honing blockchain forensic techniques.

"A lot of people think of bitcoin as funny money," said Bruce Fenton, board member of The Bitcoin Association, a nonprofit industry organization. "This is serious money for serious people."

Another possible scenario that Mt. Gox simply lost the private keys to the bitcoins, which are required to transfer the virtual currency to another address, through a hardware failure or a software error.

If that's the case, it would appear by looking at the blockchain that Mt. Gox would still have bitcoins sitting in an address known to be under its control, but transferring the bitcoins is impossible.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Mt. Goxsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?