Missing Mt Gox Bitcoins Likely an Inside Job, Say Japanese Police

The disappearance of 650,000 BTC from Mt Gox was due to internal system irregularities and not external attacks, reports a Japanese newspaper.

AccessTimeIconJan 1, 2015 at 8:48 a.m. UTC
Updated Mar 2, 2023 at 10:31 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

The disappearance of 99% of the bitcoins missing from Mt Gox can be blamed on internal system manipulation and not any external attack, a major Japanese newspaper has claimed.

Citing an unnamed source connected to the ongoing police investigation, Japan's Yomiuri Shimbun newspaper led with the story on the front page of its New Year's Day edition. Only 7,000 BTC, or 1% of the total 650,000 missing, could be attributed to hacking attacks from outside the company, it said.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Yomiuri did not elaborate further on the matter.

    That a company insider might have been responsible for the theft of 650,000 BTC from Mt Gox has been whispered about for some time, though no-one in particular has been named as a suspect, even unofficially.

    No major hack attacks

    Mt Gox had no full-time staff other than CEO Mark Karpeles, employing a series of contractors on temporary work arrangements. No-one associated with the case, however, is suggesting Karpeles might himself be responsible.

    The 'inside job' theory is contrary to the official line the company has maintained until now, that the bitcoins' disappearance was a gradual theft attributable to the 'transaction malleability' flaw in bitcoin's underlying code.

    This claim was derided at the time by bitcoin core developer Gavin Andresen and other independent researchers. Mt Gox began using the transaction malleability line in early February, even before it was clear the exchange had been damaged beyond repair, saying withdrawals would resume as soon as possible.

    Blame the bots?

    The clearest sign of impropriety within the Mt Gox trading system came in March 2014, when leaked transaction data showed anomalous behaviour attributed to two automated trading bots, nicknamed 'Willy' and 'Markus'. The Yomiuri report links "suspicious accounts" to the disappearance, but does not specify whether it means these known accounts or new information.

    The 'Willy' bot appeared at certain times in late 2013 and seemingly under several different user IDs, all of which had irregularities in their records, such as "??" in place of a user location.

    The bot would pop up under a new user ID, spend (for the most part) $2.5m buying bitcoins at the then-current market rate, and then cease trading. It is possible this helped push up bitcoin's price in November 2013.

    'Markus' was an earlier bot that 'bought' bitcoins at random prices, though appeared to never spend any actual fiat money on the transactions. The two bots acquired about 570,000 BTC until November 2013, after which no more records are publicly available.

    Assuming the automated activity continued after that time and until Gox's implosion two months later, one theory is those two bots were connected with the disappearance of the 650,000 BTC.

    Image courtesy Akemi Miyashita

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.