To all the HN members who lost a lot of money in this closing, remember the community is here for you. Don't do anything too rash and if you need someone to talk to, myself and most other people would be happy to lend an ear.
Something bad happened. Some people are sad. Let's bring up the topic of suicide and make sure they are all aware of it!!!!!!!!!!!!!!!!!111111111111 And then feel good about how kind and helpful we are.
People already know suicide hotlines exist. If they want one they can google it or siri it or whatever. You aren't giving them new information, just telling them, basically, that you wouldn't find it surprising if they killed themselves over this.
Emotions run high when something of this magnitude happens. Judgement gets clouded. A reminder is very important as a way to intercept those without a clear head before they do something rash.
Until Mt. Gox publicly confirms that no one will be getting their BTC and/or fiat money back, I think it's wrong to assume money owed to the users has been lost. Please have faith that they will do the right thing.
It seems highly unlikely that anyone will get all of their money back. They announced that they have debts of 6.5 billion yen and assets of only 3.84 billion yen. If they can liquidate 100% of their assets that's only enough to pay back 59% of their debts.
The only faith I have in this story is that, perhaps, people will learn from this example and will be able to spot a con man next time when they see one.
When you make a deposit you are extending credit. In the case of Mt. Gox, or any other Bitcoin exchange, that credit is secured by nothing and insured by noöne.
Advice, going forward, for managing counterparty risk:
(1) Split a $100 transaction into 10 $10* transactions executed incrementally (send $10 of BTC to Mt. Gox, exchange it, transfer it out, and only then send the next $10 of BTC over). This keeps exposure at any given time at a manageable level. The downside is it increases exposure to BTC/USD volatility.
(2) Split a $100 into 5 $20 transactions executed simultaneously on many exchanges. This keeps exposure to any single institution at a manageable level. The downside is it increases the number of institutions which must be dealt with.
(3) Draft a special arrangement with the institution for a large transaction. This should include credit and speedy withdrawal guarantees. The downside is the legal cost.
*edit: I am illustrating a hypothetical $100 transaction. Substitute, in place of $10, the most you are willing to lose in the event the exchange proves insolvent.
I believe MtGox users have unfortunately learned the definition of "counterparty risk". This is one of the major overlooked risks that almost took down the global financial system in 2008. People would hedge their worthless bonds using AIG as a counterparty, and once things blew up, these people realized their insurance policies were completely worthless because AIG was about to go under itself, causing them to almost go bankrupt as a result.
Unfortunately, in a world where none of the bitcoin exchanges have any sort of regulation, there's no way that BTC use can expand via BTC financial institutions until people have full confidence they can get their money back in the case of another collapse like mtgox.
The collapses we've seen with traditional currencies stem from the inherent risks of fractional-reserve lending.
Is this a risk with Bitcoin? According to my limited understanding, it doesn't seem to be. That should in theory reduce the need for things like FDIC and complicated risk calculations, like counter-party risk.
MtGox doesn't seem like a "bank failure" or "bank run" to me. It seems like a bank that forgot to lock the doors at night.
At least if your money is held in an FDIC insured bank and the bank goes under, you can rely on the government to insure your investment. With bitcoin you have no such thing.
That sounds very smart, however if your money is held in an FDIC insured bank, then it's likely to be in a national currency that is systematically devalued by the issuing institution through progressive year-on-year inflation. (Note that I use the term institution instead of government as two major issuers, the Federal Reserve and the Bank of England, are private organizations).
PS. I'm not characterizing inflation as bad, nor am I a goldbug. I am merely pointing out that the entire population of FDIC-insured banks are paying constantly for the mystical "it might happen some day" promise of a bailout, due to an inflationary system that reserves priveleged access to a central clique - ie. it's not like the conservative viewpoint of "faith in <the national central bank>!" comes without strings. (I am most aware of this perspective as someone who used to live with someone on the interest rate committee for the Bank of England.)
> That sounds very smart, however if your money is held in an FDIC insured bank, then it's likely to be in a national currency that is systematically devalued by the issuing institution through progressive year-on-year inflation.
Which may be a good reason to limit currency holdings to what you need to use as currency (that is, short-term medium of exchange for things of value), and invest the rest in productive assets, whether those are stocks, bonds, real estate, or digital collectibles like internet funbucks. But if you aren't directly holding those productive assets yourself but are trusting them to account held by someone else who promises to transfer them to you on demand or dispose of them at your direction, you probably want to do some consideration of their ability to keep them securely and execute the trust you are placing in them.
Inflation isn't bad and the only people that think it is are goldbugs with no understanding of economics. Asset backed currency have had MANY more crashes than fiat currencies. Bitcoin is a wonderful experiment in how long it will take people to learn the lessons the world learned over the previous 200~ years.
Just to add to some of the other great responses here:
The British empire was built on the back of the Pound -- the first truly international, modern fiat currency. It reigned until it was muscled out by the fiat Dollar.
An immense amount of wealth has been generated for humankind on the backs of fiat currency.
And one more thing...
Bitcoin is also a fiat currency in the sense that it does not contain intrinsic value. It is only as valuable as its network effect. If the network falls in love with a different coin, bitcoin dies.
Fortunately there's ways of proving available deposits when using bitcoin. In theory at least, this can address the issue of counterparty risk. Hopefully all the exchanges will start adopting this.
Not really. If the exchange says "We have 500,000 BTC" and they publish their wallet, but their actual customer liabilities are 2M BTC, everyone can still lose a lot of money. What they really need is to be externally audited and undergo consistent regulation.
However, it looks like you don't/can't address all of the counterpart's liabilities. So salaries, tax dues, rents, loans, and other obligations denominated in fiat currency don't appear in the calculations. But any of these can destroy a counterparty as surely as insufficient reserves. Crucially, depositors don't really care where the risk is, they care that there is some external entity (like the SIPC or FDIC) that can insure that risk.
You are right, those other factors cannot be accounted for with this approach, it only proves that the business is not running with fractional reserves.
I've been wondering if the systemic portion of this risk mightn't be helped by allowing judges the power, during bankruptcy proceedings, to magic a small percentage of the balance owed into existence for the lender if the lender also forgives some (larger portion) of the balance provided that the loan is determined to have been a real loan made in good faith. This could help inject liquidity precisely when and where it's needed, while the requirement of someone undergoing bankruptcy, forgiveness of some of the debt, and judicial discretion would help check abuses.
The main feature of BTC is that it's unregulated, so indeed, if you don't provide the security usually enforced by governments, there isn't any.
Usually, when using online services such as MtGox, you're secured by the fact that their reputation is worth more than what they can scam out of you. It's vital for eBay, AirBnB, the Silk Road etc. that you trust them, so they won't let an horror story unfold publicly just to steal you a couple of grants.
If a service / person is in a position to pull off a scam worth more than the reputation / survival of the service, it's dangerous to trust their good will. MtGox was predictably dangerous. Given the poorly aligned interests of MtGox, and the target they represented for black-hat hackers, all this is a (very expensive) lecture in basic economics for libertarian masses.
> The main feature of BTC is that it's unregulated
The main feature of BTC is that, independently of regulation by any other entity that may be applied to it, it is "regulated" by the design of the protocol, which, among other things, provides decentralized issuance and transaction verification, and predefined supply constraints.
A popular myth about BTC is that it is unregulated (and, in some forms of the myth, impossible to regulate) by government.
Which is as close to "unregulated" as useful definitions go: once unleashed and bootstrapped, no human nor political organization can directly drive it. It's only self-regulated the way a free market is self-regulated, which is almost the exact opposite of what one has in mind when they talk about "regulations".
(Actually governments can influence its value significantly, by stating on its legality, and the legality/taxation of its conversion into state moneys / commodities).
What boggles the mind is Mt Gox started as a site for trading Magic The Gathering cards. I suppose in the code btc was just a special type MTG card? Incredible it got this far.
Indeed, it seems relatively apparent that the name was originally related to MTG, and the original person had plans to create a MTG website, but I have never seen any evidence to suggest that a MTG trading website was actually created, let alone then re-purposed to be a bitcoin exchange.
There are plenty of things to find stunning or hilarious about mtgox without making things up.
Well if that's so untrue then you should take your mythbusting campaign to the Mt Gox page on WikiPedia where it clearly states this was the original intent of their business. Mt Gox stands for "Magic The Gathering Online eXchange", does it not?
Stripe.com once hosted a gallery of Furby pictures. Does that mean we should blame any bugs in their payment platform on misbehaving toys? No, previous hypothetical uses of the domain (by a different owner no less; Jed McCaleb who registered the domain and Mark Karpeles who owns it today are different people) are irrelevant, and mtgox.com does not stand for that.
It was almost certainly the intent on purchasing the domain, but that doesn't establish that one was actually running. My understanding of what evidence is available leads me to think it never was (particularly a lack of anyone posting anything about the domain in conjunction with Magic anywhere except comments like the above).
>(1) Split a $100 transaction into 10 $10* transactions executed incrementally (send $10 of BTC to Mt. Gox, exchange it, transfer it out, and only then send the next $10 of BTC over). This keeps exposure at any given time at a manageable level. The downside is it increases exposure to BTC/USD volatility.
This is an old anti-scamming solution and is very useful in some settings but this isn't really one of them. The main problem here isn't really losing your money immediately after making the transaction. Just making the transaction in one swoop and immediately withdrawing your money after is much more efficent (in terms of both time spent and fees).
Most people weren't screwed because they made one large transaction just before things went wrong - they were screwed because they kept money for long periods of time on gox. And yes, you can argue that some people just couldn't withdraw for months - but if they wanted to use gox and use your scheme it would've taken a year to execute all of those transactions.
Assume, a deposit-trade-withdraw transaction takes 1 hour, and the chance of an exchange failing in a given hour is 0.01%.
If you perform a single $100,000 transaction, there is a 0.01% chance you will lose $100,000. So on average your loss is $10 but in the worst case your loss is $100,000.
If you perform 100 transactions of $1,000 (taking 100 hours) there's (roughly) a 1% chance you'll lose $1,000 so your average loss is still $10 but in the worst case your loss is only $1,000.
I agree that performing 100 transactions over 4+ days sounds like a right hassle, and prices might change by the time your trade finishes - whether this precaution is worthwhile depends on your taste for risk and whether you're trading $100 or your entire life savings in bitcoins :)
Personally if I had a million dollars of bitcoins, the last person I'd trust with it would be a bitcoin exchange :)
It's a pity your post isn't at the top of the thread. It is sound advice.
I find it fascinating that there are (apparently) people in this thread who lost $500k at MtGox and despite the loss would still have no problem paying $250k in taxes on it if they were required to do so.
I would hope if you're making that kind of money you'd either have a sound sense of financial risk management, or the wisdom to hire somebody who does to manage it on your behalf.
Of course, it's easy to criticise with the benefit of hindsight.
My comment below highlights the clawback risk for those that were successful at pulling money out. If this turns out to be a Ponzi scheme there is a real chance that people who profited and were able to get their USD out may actually be forced to forfeit all of their profits depending on the jurisdiction.
I'm not sure I've heard any claims that would point towards MtGox being a Ponzi scheme. It was a straight forward exchange, not an investment with returns of any sort, let alone those derived from later investors.
The allegations are generally much more straight forward, either some sort of incompetence in the form of transaction malleability, or some sort of malfeasance (pilfering the bank for operating costs, outright theft of the funds). Ponzi schemes these are not.
I find it fascinating that people take at face value the words of a throwaway account who is quite likely making the whole thing up, given that you'd want wealth of 100m to just shrug off 250k like that. (Based on the fact that someone worth 100k can just about shrug off 250 like its nothing).
They claim to be a miner. If I made (say) 1m, then lost 250k of it (due to risks which I was aware of when I started playing the game), I'd still be pretty happy.
I think they are just chalking it up to a cost of doing business.
If they lost 250k which they'd made from a different source, they'd be more upset. As no doubt may people are right now.
I'm not sure if it's rational. But ... that's the way people often respond.
Given that most miners have been operating at a loss (after power, space, hardware, etc) for quite some time, I'd also take that statement with a pinch of salt.
Dude, I'm poor has hell and I'm not crying about the €30k I lost there. And those 30k are several multiples of what I got left with. Not everybody commits suicide for losing money, you know...
Mt. Gox and many other exchanges have put into people's minds that you HAVE to forfeit your rights to your Bitcoin when using online services. It doesn't have to be that way, though.
You could just use a system like we use at Bitalo [1], where fractional reserves or funds misuse are impossible because of use of multi-signature Bitcoin addresses, which means funds are specifically tied to user wallets and exchange operators cannot use them, because the user has to sign all transactions by himself.
This isn't realistic for an exchange. They have an enormous transaction volume, which is represented as internal/off-chain transaction in an internal accounting system.
Using multi-signature transactions requires every fund transfer to be represented as a Bitcoin transaction, which the Bitcoin neAtwork simply can't handle.
Since we are a P2P exchange, we don't foresee to have more than few dozens transactions per minute when we grow big. I'm sure the Bitcoin network can handle such volume.
Why would bitalo ever require users ID themselves or provide bank details? multisignature scheme already adds a latency on transaction. just not clear how this exchange works. Is it P2P where users transact between each others bank accounts. If so the AMA/KYC seems unnecessary.
The reason is two-fold. One is legal/regulation stuff, as jccooper said (for seller account especially). Second is seller protection - if a buyer wants to scam sellers, we can blacklist him based on his ID, so he cannot scam anyone again.
Legal reasons, almost certainly. I don't know about Finland or Germany or EU specifically, but it seems likely they have "money transmitter" requirements to combat money laundering. I doubt the regulators and/or law know or care much about multi-sig transactions. If they touch money changing hands, they almost certainly have to comply.
You can't move money without the government's permission, you know. Very naughty.
The only problem with doing multiple transactions is the amount of time required to both withdraw and send. If I waited, the price could fall (or rise...)
What's needed is a non-governmental/industry-driven method of showing solvency and competence. Blockchain-transfers and signed messages to show bitcoins solvency maybe? I'm not sure how to show solvency in a national currency. I'm also not sure how to show full compliance with the protocol without an auditing organization.
Also, users need to pay attention. As soon as mtgox started making bad transactions people should have started questioning them more. When they didn't properly fix those transactions, people should have started moving away.
>The only problem with doing multiple transactions is the amount of time required to both withdraw and send. If I waited, the price could fall
There are two risks: the risk of the (1) price moving against you (delta risk) and (2) exchange defaulting (CP risk). The longer your funds spend waiting to transact, the greater your delta risk. The longer your funds spend at the exchange, the higher your CP risk.
Bitcoin is a volatile asset, making delta risk expensive. But the exchanges are opaque and operate in a legal grey area, amplifying CP risk. The risks are also correlated - if BTC/USD falls, the odds of the exchange collapsing increase. This makes the problem complicated. What I can say is this: the solution is far from either end. You should never have a significant fraction of your liquid net worth in any of these exchanges.
The most innocent excuse for taking weeks to process withdrawals is operational inefficiency. Even this increases your CP risk. Do not react to long wait times by increasing your transaction size. Instead, aggressively seek out alternatives.
> The longer your funds spend at the exchange, the higher your CP risk.
But we're talking about doing 10-$10 transactions versus 1 $100 transaction. The difference in time that money is at risk for the exchange defaulting is negligible in this scenario.
> You should never have a significant fraction of your liquid net worth in any of these exchanges.
Agreed. The other side of that coin, I would say, is that a "significant fraction of your liquid net worth" shouldn't be used in a single transaction either.
> Do not react to long wait times by increasing your transaction size.
I agree, you shouldn't make a transaction larger than it should be or force a transaction to be sooner than you'd like because of the wait time, but specifically breaking up one transaction seems a bit much.
> Instead, aggressively seek out alternatives.
Agreed. I did a long time ago. Their invalid transactions should have been a huge red flag.
How would you transfer out $10 from an exchange? My bank charges more than that in fees for any transfer at all... Also, it always took weeks to get anything out, so you'd be waiting for months to transfer $100.
You wouldn't transfer $10; that's just an example. You would split your transaction in such a way as to reflect the maximum permissible exposure you are comfortable with (the largest amount you're willing to risk losing - not forgetting the other transactions you may have on the table elsewhere). If this value is $100 you probably have no business dealing with Bitcoin anyway.
If, on the other hand you're the guy trying to cash out $500k worth of BTC, a $25k loss is probably acceptable risk so you might exchange your $500k over 20 independent transactions of $25k each. In reality, you're not going to be able to sell $500k of BTC in a day anyway, so it's difficult to see this process as onerous -- it's just part of the game.
It's kind of sad to me that this even needs to be written out, it should be obvious: If you can't trust somebody, you have to break any financial transaction with that person into little pieces.
To be fair, I'm guessing most people burned by MtGox in a big way were day trading, where this advice won't work.
This is part of the reason I never day traded bitcoin- The counterparty risk is (and clearly was) too great.
In this incident I lost a bit more than $500,000 USD that was in my MtGox account. I sold my Bitcoins a few months back, but the USD have been sitting in my account waiting to be withdrawn.
This was a massive fuck up by MtGox, but I really do feel sorry for Mark Karpeles. He seemed really enthusiastic about Bitcoin. Right by MtGox's offices in Japan was a Bitcoin Cafe being built. You can [see here](http://si.wsj.net/public/resources/images/BN-BS458_mtgox0_G_...) the sign of a Bitcoin logo waiting to be unraveled.
Bigger than all the victims (no pun intended) was Mark himself. He lost more Bitcoins than any of us, and it's likely he'll be going to jail. Not to mention the death threats he has and will be receiving.
--
One of the (features?) of Bitcoin is its inherent irreversibility. You only have one chance to get things right. Combined with Murphy's Law, something like this was bound to happen.
I've been a Bitcoin enthusiast and have been mining since early 2011, and Bitcoin has been a huge part of my life, but I will admit my confidence in Bitcoin ever _practically_ succeeding has diminished a little.
Did you try to get your money out of MtGox? A friend of mine has been trying to get his money (CAD) out of MtGox for 2 months. He received his money yesterday.
I would advise him to close the bank account the money went into. Wire transfers can be cancelled... and if the bankruptcy folks are quick on their feet the first thing they'll do is cancel every completed wire transfer they can.
Where is he? I've read about a few people getting their money, but they were all in Japan moving $ into Japanese bank accounts.
I tried to withdraw a couple hundred at the start of January into a US bank account and I'm curious if I'll ever get it. It's a very small amount of money (and I paid even less to get the BTC originally), so it's not a big deal at all if I lose it all but I'd still like to get it.
MtGox might not be responsible for the delay. All I know is that he started the process months ago, they kept saying that "money was on the way", and he eventually received it.
probably because the withdrawals to bank havent worked for months, the writing was on the wall for a long time, people who lost money in it took a huge gamble
he should have transferred the bitcoins to bitstamp when transfers worked and cashed out.
It was only up until these few months that Bitstamp became of any competition to MtGox. Its liquidity sucked, which was why many early adopters like me stayed.
I'm only making this comment because you used the term "hindsight".
Let me first start off by saying I feel very, very sorry for all the people who lost funds in MtGox. It'll take awhile before you get over the pain of losing a life-changing amount of money. But let's be very clear about this; hindsight wasn't needed here. The warning signs that MtGox was a house of cards became visible a long time ago. Definitely before the disabling of BTC-transfers. A lesson should have been learned here and nothing like this should happen to you again.
"Some signs of a strain were visible early on. The exchange was quick to accept purchases but slow in giving them back. Additional proofs were asked for. The site also had technical issues; some users complained that passwords were displayed in plain text. Users are now left wondering if the small hints portrayed deeper crises."
The signs were there, we all knew that. It's just that hindsight makes you believe the signs meant 100% probability Gox will go down. But back then with the limited information everyone had, that was definitely not the case. At some point Gox's bitcoin price had a 20% premium over the rest of the exchanges. So, if he wanted to get out of Gox immediately, he'd have to buy BTC, withdraw and sell at another exchange. Which means 20% loss or $100K. At that point he'd have ask himself if the probability of Gox being completely insolvent is really that great to be worth taking such a hit. And I don't think it was - the loss of 700K BTC came as a surprise even to the biggest Gox critics.
I will say that the article you linked is almost garbage. It glances over the "clues" very quickly which I will assume due to lack of knowledge.
The complaint that passwords were displayed in plain text is not anywhere near recent. Even in 2011 when I started using MtGox, passwords were hashed. Granted, early on the passwords were only hashed with 1 pass of SHA256, but later on passwords were stored to much better standards.
How do I know this? Because they got hacked twice in 2011, both through SQL vulns. Once a database dump being leaked, and another time a user's account balance was changed and the attacker cleared the bid side of the market book. Trades were rolled back, and MtGox took the loss; nothing remote of this severity ever happened again.
Another thing I do remember [is this](http://imgur.com/xMeW43a), and it seems much more aligned to what the article is talking about. But seriously, look at the URL. The only issue is when someone looks at that user's browsing history, but even this wasn't an issue in 2011.
--
Banking problems were not apparent until last year. It was well understood that banks and Bitcoin exchanges had harsh relationships. Bitfloor, the most popular US-based exchange was shut down due to banking problems; they were unable to find any banking partner that were willing to accept them. MtGox having delays in fiat withdrawals were understandable since it was by far the biggest exchange.
--
Most people who call us idiots for not connecting the dots earlier are those who haven't been here long enough. For many of us, MtGox went down over the years but all to recover. Both Luke-Jr and gmaxwell (core dev) had a significant sum of coins stored on MtGox too. It shows the trust we had in MtGox over the years.
--
One last thing though, is that I will attribute Bitstamp's late popularity causing them to dodge a bullet. The reason MtGox had written their own bitcoin implementation was because the bitcoin reference client was unable to handle their volume of Bitcoin transactions at the time.
Transaction malleability was documented, but not well known issue for Bitcoin. Even the reference Bitcoin client was affected.
So the fatal flaw that MtGox's implementation made when resending transactions (because a different transaction id was accepted and their system did not see it) was it did not reuse the same inputs when resending the transaction.
In the reference bitcoin client (bitcoind), it makes sure to use at least one of the same coin inputs, so if the original transaction (but different tx id) did get accepted into the network, the client would attempt to resend using the same input, but it would get rejected by the network because it was a double spend.
>Most people who call us idiots for not connecting the dots earlier are those who haven't been here long enough.
I've been a spectator for quite a few years and after their first hack I was out of MtGox. It was tempting to go back, but time-and-time again they proved their incompetence to a degree that I was not going to risk my holdings. They are amateurs and I have my doubts as to whether they've properly applied any knowledge they've gained over the years.
I've been advocating Bitcoin and trading with it since early 2011. Yes, MtGox was unstable. But so were other platforms.
I've tested withdrawal on MtGox every three years, to see and experience their current liquidity: Getting out Euro's was easy: getting out BTC has never been a problem. Probably them being my three-monthly-test, only a few hundred Euro or a fraction of a Coin at most, made it go through just fine.
Yes, there were apparent problems, and yes, these were highlighted everywhere. But in that case: with very little searching you'll read about people having problems bitstamp, kraken, btc-e, and whatnot.
This is a confusing market; one that requires you to keep a keen eye on the social-workings of some niche-forum, a reddit-community and a blogosphere around all that. In that sense, it might not be hindsight, no. But in that sense, /any/ problem was predicted. By someone. On some Forum. Or Blog. Or reddit-self.post.
I can't really say anything you're saying here is false, but I still hope the lesson has been learned by most people affected. This wasn't 100% unavoidable bad luck and this kind of thing shouldn't happen to MtGox's victims twice.
But perhaps I'm taking for granted my tech-knowledge(or bias opinion). Let me say some things that jumped out at me immediately as mistakes that should have never happened to begin with when making an application dealing with people's money.
---The password in URL thing.
The issue with that password in browser's history is that it becomes an easy target for malware. Just like there's malware that knows the default location of wallet.dat, malware that scrubs your web history will find it. Making it worse is the fact that there are already a lot of malware that hijack browsers and monitor where it's going. At least wallet.dat can have a passphrase. Then you have those tools that are designed to help end-users by keeping their web history synced with other computers and/or devices. In short, web history is constantly exposed to 3rd parties so no personal info should end up there since you don't know how secure the 3rd parties are handling your data. At least, not passwords, SSN, etc. Another thing is servers tend to keep urls in access.log which tend not to get the same level of security consideration as the rest of the webapp. They should have sent it in POST body which isn't stored in access.log(at least not by default).
----The password hashing thing
Security 101; you don't just hash passwords once with no salt. Existence of rainbow-tables make that insecure and even a novice should have known that before starting. Also, according to this article[1] it was a "saltless MD5"[2?] hash.
----SQL vuln
I don't claim to be a DB expert but I do know using stored-procedures, instead of concatenating a bunch of strings together partially from user-input to form an SQL statement, makes SQL injection nearly impossible. I also believe there are some nice SQL sanitation libraries out there. But I can't judge this too hard because I don't know exactly where the SQL injection happened. Sometimes hackers do something really clever and put the malicious SQL in a place that's not normally user-input; like a cookie value for an authtoken.
----Trades roll back
I did not see that solution as a valid way to do things. I still don't fully understand how that didn't screw over all kinds of people. Can etrade.com decide to roll back 1 day of activity?
I dunno; all these things put together just gave me the feeling that one day these guys would be in trouble. The right thing to do after first, or at least 2nd, hack was a full audit of their whole system by someone who knows about these things. They just didn't show any signs of learning from their mistakes. e.g., like the postmortems that other companies sometimes post up detailing the problem and steps to recover. MtGox seemed to just be reactionary and only enough to solve the immediate problem. I'd advise anyone going forward that if you see similar behavior in anything you deal with, not just bitcoin-related, you run away. Also, a red-flag for me is any system where it's easy to put money into but hard to get out without a very sensible reason.
> I also believe there are some nice SQL sanitation libraries out there.
This is not the right approach. Separating the query structure from the data is the right way to go - parametrized queries are much safer than sanitization, which is subject to all sorts of encoding headaches.
About the SQL injection thing: you do not need to use stored procedures, just parametrized queries. And do not 'sanitize' input text to prevent SQL injections, ever. It will bite you in the future.
You also don't need hindsight to know that investing/trading/speculating in a brand new type of asset in a space with nearly zero regulatory controls is not for the faint of heart.
Just like the handful of people who realized that the Bernie Madoff claims were too good to possibly be true, they didn't need hindsight. There's a great This American Life story about one such person: http://www.thisamericanlife.org/radio-archives/episode/376/w...
Yeah, call in the regulators to get some back. Thank a US fiat tax payer. You're welcome.
It's the biggest load of hypocrisy that people who enthusiastically wanted to play in the libertarian paradise of an unregulated currency think they should be able to turn around and request the help of the regular, regulated, tax-supported economy to make them partial or whole.
First, we'll crap a bunch of processing resources into thin air, ponzi up value in the system, scream self-righteous screeds to the nay-sayers... then, when it goes to shit, call in the cops you were giving the finger to a second ago.
You took your chances. You relished in the freedom of the risk. You eat your pudding.
I know why you are annoyed, but many libertarians (of the non-anarchist variety) still believe in the court system to recover damages. If they use the courts to recover part of their losses from MtGox's assets there's nothing hypocritical there.
If they want a bailout, ie a cash injection, then I'm with you.
Given all of the rhetoric around the distributed, untraceable, unregulated nature of BitCoin, I think an initial assumption of hypocrisy is still not a bad place to start.
But you do realize that those arguments are for _bitcoin_ and not for _exchanges_? The decentralization of _bitcoin_ is supposedly an advantage precisely because _exchanges_ (like MtGox) and other central organizations like banks are prone to failure due to fraud and mismanagement.
So, they are essentially saying "We need bitcoin because we don't want to trust institutions like MtGox because they might fail" and you say "They are hypocritical because the failure that they are warning us about and that they suggest a solution to did indeed happen". You have a strange definition of hypocrisy.
OTOH, it should be also clear that there is a problem with the pro-bitcoin argument here, as bitcoin hasn't yet solved the need for instititutions like exchanges. Which shouldn't be surprising, as the thing that bitcoin directly decentralizes (transaction validation and currency issuance) aren't the functions that exchanges serve.
Apart from allowing you to find someone to trade with, validating the actual trade/settling the trade is an important part of an exchange as well, and those at least in principle could be solved using bitcoin-based technology.
And also, bitcoin at least partially could "solve" the problem by just not requiring the use of an exchange anymore once it has sufficient adoption. After all, most people don't directly need an exchange in order to use their local currency either.
And finally, there are suggestions how an exchange could prove its BTC liquidity using the bitcoin system, which would also solve at least part of the abuse potential of a centralized institution.
But yeah, it's not fully solved (yet?) and I simplified things a bit, but I think nothing that has any impact on my argument.
I'm not saying that anybody who had money in Bitcoin is a hypocrite. But anybody who had money in MtGox, lost it, and now wants help getting it back is hypocritical if they were also singing the praises of Bitcoin in those ways. And that presuming that people with money in MtGox were Bitcoin proponents is not a giant stretch.
>And that presuming that people with money in MtGox were Bitcoin proponents is not a giant stretch.
It is a giant stretch given that most people who knew a lot about bitcoin and the bitcoin economy, the proponents of bitcoin as it were, have had concerns over mtgox for quite some time. Actually I imagine many people who lost btc and/or fiat at mtgox were relative newcomers who were unaware of the ongoing problems and just saw mtgox as the largest exchange and most public facing one at that. So you are making a huge assumption on which you base your choice to condemn people for their choice.
There have been plenty of these sorts of comments all over the internet since mtgox collapsed,essentially saying:
"champion that it is not regulated, go running to the regulators when a problem arises"
the thing is that never has any one of these comments been followed up with an example or instance where the same person has espoused both beliefs/statements. This is generally because they dont exist and/or the commenter doesnt want to do any work to prove their point they just want to denigrate people they think they are smarter than. An exercise in self-pomposity essentially.
I think you completely don't understand their position. Noone is "celebrating uncontrollability" (well, someone probably is, but it's certainly not a majority). If anything, proponents of bitcoin celebrate independence - which you might frame es trading controllability by institutions for controllability by individuals.
Their argument is that the decentralized nature of bitcoin allows an individual to secure their bitcoin balance without having to rely on any particular institution, which means one can avoid the risks associated with corrupt or otherwise potentially not trustworthy institutions.
Now, this argument obviously does not apply to MtGox - MtGox obviously was/is a centralized company that also obviously has all the risks associated with such a centralized company, and also all the institutional controllability of a centralized company, it's registered in Tokyo, it falls under Japanese jurisdiction, the state could easily have frozen balances people held with them, be it in bitcoin or in USD or EUR or JPY or whatever, ... in short: It is pretty much a Japanese bank, which incidentally allowed trading and storing bitcoin with them. As such, why is it hypocrisy to expect it to be treated like a bank? You have all the risks of using a bank, why not the advantages of using a bank?
But also: Well, even if this was about some stealing someone else's bitcoins (well, it kindof is, as far as MtGox itself is concerned, at least if they are to be believed): Why would it be hypocritical to ask for help from others just because you tried to minimize the need for such help and this also caused the help that you need in the end to be a bit harder to provide? It might even still be an overall benefit to society.
I guess that you might disagree with some of the supposed benefits that proponents of bitcoin claim - but that does not make them hypocritical, just possibly wrong, and it would probably be more constructive to point out where you think their idea will fail in reality or where you disagree with their goals than to accuse them of being hypocritical.
The reason I still find it hypocritical in this case is that Bitcoin is currently approximately useless. People were using MtGox to essentially place bets on the future of Bitcoin. Some people surely didn't get as far as hypocrisy; having no clearly formed views on the purpose and future of financial infrastructure, they were just chasing tulip bulbs. But I think betting on a technology whose major feature is independence from traditional regulation and then expecting traditional regulators to bail you out when it's not all wine and roses is essentially hypocritical.
Yes, people used the bank called MtGox in order to bet on the future of bitcoin, just as they use other banks in order to buy stocks of companies in order to bet on their future, often without having a clearly formed view on what the company will be doing in the future, and more often than not with the hope that some particular company will disrupt how a certain business is being done, sometimes even some financial business. That's what we generally call financial capitalism. Just because you are betting on some not fully determined future does not make it a tulip bulb bubble.
Also, "independence from regulation" is not about "not paying taxes" or "not helping other people" or whatever your preconceptions might be, it is about achieving the same things that regulation is supposed to achieve, just without regulation. One major purpose of regulation is to make sure that a bank that you put your money in does not do overly risky things with your money so that you can be sure your money is still there when you need it. The value proposition of bitcoin is that the nature of the technology prevents the abuses in the first place, so there is no bank that could possibly do risky things with your money, so there is no need for regulation in order to keep it safe. Bitcoin proponents are not necessarily "against regulation", but rather "for a better alternative to regulation where there is one". Hence, it's not inconsistent at all, let alone hypocritical, that they expect to make use of the advantages of regulation where it is needed - such as the MtGox bank, which is not bitcoin, and thus does not provide the technical protection promoted by bitcoin proponents, and has to rely on regulation instead.
By the way, are you possibly confusing regulatory protection from bank failure with some kind of protection against a failed investment? If at all, this is about recovering the balances people held with the MtGox bank, not about reimbursing them for money they lost because they invested in bitcoin - it's just like when any other bank fails, really: If you buy IBM shares through your bank, you might expect that the financial industry as a whole would make sure that those shares really are there and you can transfer your shares to a different bank when your bank fails, even if those happen to be shares of a competing bank - but if IBM went bust, you obviously would not expect to be able to recover the money you paid for the shares from anyone, that's your investment risk.
And no, just because you promote some way of doing something does not make it hypocritical when you don't actually do it. Just look up the definition, it just isn't. Hypocrisy is when you claim to be doing something which you actually are not. Plus, there isn't even any inconsistency - when you bet on a technology that would make regulation unnecessary in the future, why should that mean that you should not make use of regulation where it actually is necessary?
If all of the people putting money into Bitcoin had put this much thought into their investment, there wouldn't be a problem.
The people I think are likely hypocrites are the group I think of "glibertarians". A fine example is Wall Street and its army of fluffers. They are deeply opposed to government intervention, except suddenly when government intervention is in their favor that's ok. It's not libertarianism; it's IGMFY wearing a bow tie.
Also, a writing protip: basing an argument on a dictionary definition is an almost universal sign of a weak argument. It means you've given up trying to engage with what other people are actually saying, and are just trying to "win".
And it's even worse when you're just wrong. If I type "hypocrisy" into Google, the first definition is "the practice of claiming to have moral standards or beliefs to which one's own behavior does not conform; pretense." E.g., the advocacy of (or betting on) independence from or the obsolescence of existing regulatory structures and then turning around and asking for protection from those structures.
A writing protip for you: Trying to change the accepted definition of words is a universal sign of a weak argument. It means you have given up on actually defending your position, instead clinging to a word that has some connotation in your favour, and are just trying to "win".
And a writing meta protip: Attacking the form of your opponent's argument instead of the content is a universal sign of a weak argument, too.
Also, you better should not confuse "basing an argument on a dictionary definition" with "pointing out that the conclusion of your argument only works because your definition is flawed". Your argument is based on the implicit premise that hypocrisy is generally considered bad. There are reasons why hypocrisy is generally considered bad. Those reasons depend on the common definition. Now, you are using a definition that differs from that common definition in a way which happens to invalidate the reasoning that leads to hypocrisy being considered bad. So, when I am pointing out that you are not using the commonly understood definition, I am doing that because it invalidates your implied conclusion that MtGox users asking for regulatory help are/would be behaving badly.
Advocating for something but doing something else is not hypocrisy (and in particular is not necessarily bad, which is why it is important to point out that it is not hypocrisy), not even by the definition you quoted.
You have to distinguish between someone suggesting to change some common behaviour because that would supposedly be beneficial and someone claiming that they have actually changed their behaviour. If someone just says that they think doing X would be good without claiming or implying to be doing X, there is no pretense. It is perfectly normal to consider some behaviour better than one's own and even advocating for it without it being one's moral standard, for all kinds of reasons, often having to do with the practical impossibility of (completely) changing one's own behaviour unless the suggested better behaviour reaches some critical mass of supporters.
For example, someone could be convinced that only traveling by train would be better than using a car (for whatever reasons). Now, in order to achieve that everyone travels only by train, he starts advocating for train travel. But unfortunately, the rail network is in bad shape and it really is currently impossible to travel by train only. That's why he still has a car and uses it where necessary. The point is that he advocates for train travel and against cars, but his moral standard is not that one only should be traveling by train right now - his moral standard is just that one should advocate for train travel in order to enable the transition away from cars to trains and that one should be using trains where it's easy enough to do so, and that is in complete agreement with what he actually does, he doesn't claim to only be traveling by train, he doesn't judge you for using your car, he only judges you by whether you advocate for trains and maybe whether you use trains where that is practicable. That's obviously the only way that could possibly lead to the idea gaining critical mass so that a better rail network could be built and thus it could become realistic for people to actually travel by train only - it's completely idiotic to expect this person to essentially stop travelling at all until a good rail network exists just because he suggests that that would be a better thing to do, or to suggest that he'd be hypocritical if he expected to be rescued if he had a car accident.
If your moral standard is that one should advocate for the use of bitcoins, and you state that one should advocate for the use of bitcoin, and you do indeed advocate for the use of bitcoins, then you do behave according to the moral standards you claim to have, that's why it's not hypocritical, no matter whether you also do use bitcoins or not.
Only if you claimed that your moral standard was that one should not be using any currencies besides bitcoin right now (so, you would judge people for using USD, for example) but were actually using USD, then that would be hypocrisy.
The reason why that distinction is important is that hypocrisy is considered to be bad because it is a form of deceit (and then there are deeper reasons why deceit is considered to be bad). But just saying that you would consider some behaviour to be better ("advocating for it") without claiming or implying to be behaving in that way is not deceitful, hence not hypocrisy, and hence not necessarily bad.
I agree with parts of what you say, but I don't see it as relevant to my point. It seems to be an energetic effort in missing the point that I'm making. Of course, it could merely be that I'm making the point poorly, but either way I don't think further long exchanges will get us closer to a mutual understanding. Either way, thanks for trying.
Perhaps there is some hypocrisy, but I think your comment borders on a common fallacy.
The fallacy says that an idealist is hypocritical for using real-world resources which wouldn't exist in his ideal world.
It says a communist is hypocritical for wearing shoes made by private enterprise, and a libertarian is hypocritical for buying liquor at the state liquor store, in a state which has that system.
It ignores the issue of bootstrapping. Those who dream of the future must necessarily exist in the present and use the resources of the present.
If (and I'm not persuaded of this) some BitCoiners want a future without regulators, they presumably want some other mechanism to replace regulators, just as the communist wants a people's shoe factory to replace the capitalist shoe factory.
Losses can only be taken on your initial investment amount if you have Bitcoins in MtGox. This means that if you invested $10k a year back, and your Bitcoins are now worth $1000k, you can only take $10k in losses.
Luckily I have realized my gains which means I can deduct $3k every year in losses with infinite rollover.
I believe your understanding if the situation is flawed, if you are a US citizen. The $3000 per year applies to capital losses. You did not suffer a capital loss. You suffered a loss due to bank insolvency.
If you realized your gains in 2013, you actually owe taxes on $500,000 for your 2013 taxes, which is roughly $250k.
I believe your losses due to bank insolvency will apply to your income for 2014. But you may be on the hook for $250,000 in income taxes this year. But it probably won't offset your tax liability from 2013.
And the state of NYC subpoenaed MtGox's records so they may share this with the IRS.
I would consult a CPA if I were you, you could have a huge tax liability with no adequate way to offset it.
Yep, talk to a CPA. One key issue is you may not have a capital loss, but rather a casualty, which by my read of the flowchart becomes a miscellaneous itemized deduction. Those are limited to 2% of MAGI and I don't believe they carry over. Also, there is a hard cap at $20k for lost deposits. See publication 547. It may be to your advantage to file it under a loss to personal property (form 4648) - the math isn't straightforward for me to work out.
Talk to a CPA. This is the sort of thing they live for.
If it is not a technical problem, and is rather a Ponzi Scheme, the tax implications may be much different since there are IRS rules that handle Ponzi Schemes. Additionally, those that gained profits in the exchange may be required to pay back those profits to victims through clawback lawsuits+.
This IRS link below is a brief overview of how victims of Ponzi Schemes are treated. The most important piece of information is that there is a real chance of a clawback for the people who withdrew and currently think they made money.
+My guess is that the clawback lawsuits would yield very little real money since much of the value of Bitcoined gained was due to price appreciation which may keep lawsuits against those who gained fairly minimal since there isn't much money for lawyers to sue for in complex litigation.
A Ponzi Scheme is legally defined as a fraudulent investment operation that pays earlier investors returns out of the investments of subsequent investors. A promise of returns is not necessary.
Well, and how is "give us your money and you'll later get it back, just minus some fees" possibly an investment operation, be it fraudulent or not? I mean, where did MtGox ever suggest they would pay any returns, let alone where did they ever pay returns?
You bring up an interesting point. I reviewed a wiki list of Ponzi schemes and assuming that is an exhaustive list I have to agree with you that the generally accepted definition is that you must say you are doing something with the money to benefit the investors for it to be a 'Ponzi Scheme'.
The fact that it doesn't fit the wiki or generally accepted definition of a Ponzi Scheme does not rule out the possibility that it still may be considered one but after spending some more time considering it, it does not look like a true Ponzi Scheme, even if the CEO did directly steal the money and use new money to pay old BTC buyers.
Well, what pretty much rules out that MtGox will be considered a ponzi scheme is that if it were, "ponzi scheme" would essentially be a synonym for "fraud".
Suppose MtGox wasn't a bitcoin exchange, but rather sold cars, which had to be ordered and paid for in advance. Now, suppose further that the CEO "stole" cars from the company and then bought new ones using the money from new customers when he needed to deliver a car to one of the earlier customers. That's just plain old fraud, not a ponzi scheme, and it doesn't become a ponzi scheme just because it's money instead of cars - and in particular, you as an earlier customer certainly are not liable for the losses of later customers.
edit: I mean, MtGox under the assumption that the loss was not due to a technical problem, if it way due to a technical problem, it's obviously not a ponzi scheme anyway.
Well, I guess I phrased it badly, but I didn't mean a guarantee of returns, but rather just anything even suggesting it being an investment - that is to say, suggesting that it might possibly produce returns.
Madoff did not say "give me your money and you'll later get back the exact same amount, just minus some fees", I suppose? But that's what MtGox did - there was just no investment aspect to it.
You are confusing the thing sold through MtGox with the thing sold by MtGox. MtGox sold the service of storing your money and of connecting you to trading partners and settling trades with those trading partners, that is what exchanges do - they didn't sell bitcoins.
It's like confusing eBay and paypal with some eBay seller: eBay and paypal don't sell clothes, say, they only help you find someone selling clothes and then (optionally) help with the settlement, the payment in particular.
And that's not just a formal distinction: On an exchange (like MtGox or any foreign currency exchange or stock exchange ...), the price for the traded commodity is not set by the exchange, but by the traders using the exchange. The exchange only sets the price for its service of connecting you with a counterparty, but the price for the stocks or bitcoins or whatever sold through the exchange is set by the trading partners, and the exchange also never takes on any of the investment risk, when you sell stocks, the counterparty gets the stocks, you get the money they paid, the exchange only does the bookkeeping.
Lets see if I understand this (I am not in the US) - the bitcoins count as an asset, you sell these bitcoins for dollars at MtGox and at this point the tax is due regardless of whether you actually get the dollars out of MtGox?
So any time between you selling bitcoins and actually getting the cleared funds out of an exchange leaves you with the risk of a fairly serious tax liability if the exchange can't actually give you the kind of currency you can pay tax bills with...
[I've had very close calls with seemingly small matters introducing potentially horrific tax liabilities so I am a bit oversensitive to these things!]
Bingo. Works the same way for shares. Unless you're investing in a tax-advantaged account, if you have a $10k basis in a stock/fund and liquidate it for $20k, you just realized a $10k gain regardless of what subsequently happens to that $20k. Park it at your brokerage, plow it into a new stock, withdraw it and buy a vat of chocolate to go skinny dipping in, the IRS doesn't care, but it will have its cut.
Poorly timed realizations of capital gains used to routinely bankrupt people in the startup community, which is why that 83(b) election paperwork is actually really important.
Just a friendly reminder if someone is reading this - you have 30 days to claim 83(b) after you offer yourself shares in your business, otherwise you'll be in a heap of legal/tax issues that can be quite painful (i.e. cost a lot). Make sure you bring this up with your accountant/lawyer.
During the dotcom boom, many, many people faced tremendous tax liabilities because of ill-timed tax strategies. For example, they had stock options that were worth millions, but instead of selling them, they exercised them in order to hold them to get long term capital gains. So for example, they had options worth $10M, and they exercised them. They faced an immediate tax liability for $10M, but then the dotcom bust hit, and they lost all $10M, leaving them with $10M in taxes but nothing to pay it back with. I personally knew several coworkers that suffered this.
I believe it was only recently, over 10 years after the fact, that the IRS changed how they treated this so that people didn't go bankrupt from this.
That's more or less the rule: the gain is taxed when it is "realized" which is roughly when it becomes "yours." It doesn't actually have to be cash in your hand (otherwise it would be quite easy to get around tax laws simply by trading assets on accounts without taking cash out). See: http://en.wikipedia.org/wiki/Realization_%28tax%29.
> If it turns out that I do owe $250k in taxes, I won't be in trouble.
It sounds like you have little to complain about really. it sucks you lost half a million dollars, but if you're not upset about the possibility of losing a quarter more I imagine you're probably set for life as it is.
Bitcoin sits on top of both of those sharp pyramids.
Yesterday someone on HackerNews compared a Bitcoin account to a pressurized system where the slightest failure means you lose everything irretrievably and instantly which is a great analogy.
You don't need Good Enough for this. You need Perfect for this.
I feel bad for Mark Karpeles but the way MtGox communicated & lied to its users makes me sad. It's those nameless individuals who believed in him, whose trust was betrayed - those are the ones that deserve the affection of the community. I've been following the news and I think MtGox was handling so much money that they should have focused on better security practices and audits.
I arrived at MtGox early, approximately 8am, and stood outside with a sign reading “MtGox, where has my money gone”. I got some curious looks, and a lot of questions from passersby about my protest.
Then at approximately 9.20 am, Mark Karpeles himself came along carrying a large, and very fancy coffee in his hand that could have passed as a dessert. I immediately confronted him and told him we needed a chat. So he stopped to hear me out.
I told him he was playing with people’s lives, and some people stood to lose their entire savings. Like Gonzague told me the night before, he mentioned technical issues, and that he would look into my case.
I was told that up until a few weeks [at time of the interview] ago, there was hardly any development environment to test changes. Most changes were done straight on the production environment. Typing this made me throw up in my mouth.
> and some people stood to lose their entire savings.
While I am not defending MtGox, having your entire life savings wrapped up in Bitcoin is hardly a sound, proven financial decision and evokes absolutely zero sympathy whatsoever. Losing it all in a get-rich-quick frenzy is sad - but it's sad in a "I can't believe people are willing to bet their lives on this" way, not a "this poor person lost his/her entire life savings due to the corruption of the financial industry" way.
Highhorses are fun to ride, but if you put in 5% of your networth at any point > 8 months ago, it is likely that you ended up with 90-95% of your net worth in Bitcoin.
I had not considered this, and you have a very good point. Most of those people had been getting used to the idea of being rich, that it will be very rough for them to adjust.
Besides, the way their money is lost made it so much worse. The global value of btc crashing would be one thing, corruption would be another, but this level of incompetence.. it's almost harder to digest since they most likely are not guilty of any crimes either, unless stupidity would be a crime.
Too true. It is interesting that rationally speaking, considering windfalls or lottery winnings "house money" is incorrect--money is money. This attitude can lead you to cognitive errors that cost you more money in the long run.
On the other hand, if we think about the coping strategy for people who've been Goxed, I can see where if you can disregard the winnings as "paper gains" it is much easier to get on with life thinking "I only lost 10k."
This thread is awesome. Goxed is now my new favorite word (sorry for the more initiated if I'm already late to the party). It's just like being doxed - you exposed yourself in some way, and some clever bastard got the better of you for it.
Given the huge price increases bitcoin has experienced, many people bought bitcoin with a small portion of their net worth that later grew into the vast majority of their net worth. Some of these people were unable to withdraw from MtGox (their USD withdrawal issues were ongoing since June).
And in the same vein, while I'm not defending those who put their entire life savings into Bitcoin, to put their entire balance into an online wallet strikes me as the worse way to go about that. Paper wallets aren't comparable to dollar bills. They're comparable to security vaults from everyone online who would seek to separate people from their money.
"There was some weakness in the system, and the bitcoins have disappeared."
They've "disappeared". Curious choice of words.
Karpeles didn't say they were stolen, or misplaced, or destroyed. And he didn't say when the mysterious disappearing act occurred.
The most likely explanation is that Gox's crappy system lost the private keys to cold storage long ago, and they've been running fractional reserve since then, hoping to close the gap.
Transaction malleability was probably an insignificant fraction of the loss.
Another hypothesis is that the US gov't might be in control of the bitcoins having connected them to SilkRoad or teh terror-izm and have Kerpeles under gag order preventing him from revealing this.
> FWIW, #3 is from the original owner who sold the site to Karpeles in 2011.
Interestingly, the leaked business plan mentions McCaleb apparently still owns ~12% of Mtgox shares. Why? My theory is that it's related to the hack shortly after the sale: McCaleb had said on Bitcointalk that he no longer had an interest in Mtgox but was going to be paid royalties for a time. So perhaps after the hack, McCaleb, to avoid putting cash pressure on Karpeles's damaged Mtgox, agreed to turn the royalty debt into equity.
>The company's lawyer also said at a news conference at the Tokyo District Court that Mt. Gox had outstanding debt of about ¥6.5 billion ($63.6 million) with assets worth ¥3.84 billion.
This implies a debt ratio of 170%. Assume: (1) no outside debt (only customer deposits) and (2) only 100% liquid assets (only currency). Even in that case, a depositor would recover no more than 59 cents to the dollar (the maximum recovery rate).
Fifty-nine cents is clearly rose-tinted. Assets include office leases, computers, and other things not easily liquidated at book value. And outside debt is senior to deposits. That is the bite of being unregulated (deposits are at the top of regulated banks' capital structures). After factoring in the cost of chasing bankruptcy claims in Japan I do not see depositors recovering a penny.
They're also staring down the barrel of last year's taxes, which are due in two weeks. (For filing - they might get an extra month to pay them.) They're almost certainly going to miss that deadline and the National Tax Agency is going to make some guesses as to their situation.
It would not be out of character for the NTA to say "You had $50 million in incoming wires? In the absence of a timely return accompanied by an income statement and balance sheet prepared in accordance with Japanese GAAP, we are forced to impute $50 million in income. Your bill comes to $20 million. Thank you for banking in Tokyo; we do so love not having to call the international desk to do collections."
> a depositor could expect to recover no more than fifty-nine cents to the dollar
59% is a wet-dream scenario. Apparently they are trying really hard to value the lost 750K BTC at the closing MtGox price which was around $100. And Bitcoin is actually $566 now. It looks more and more that if anyone gets anything at all it will be under 10 cents to the dollar.
>Apparently they are trying really hard to value the lost 750K BTC at the closing MtGox price which was around $100.
Comical. The equivalent of a shipper, having sunk its cargo, claiming the damages it owes are diminished by the cargo being worth less for having dropped to the sea floor.
My employer emerged from Ch. 11 bankruptcy a few months ago. Never underestimate legal fees and consultant fees. Japanese laws may be different, but I would be surprised if these fees did not consume a significant fraction of the assets.
It's easy to be angry at them and/or see how stupid they were about accounting, security, etc.
But I guess on the other hand we do have to realize they are victims of massive theft, as far as we know this massive loss was not due to their own profiteering or internal theft, it was an organized outside force targeting them.
It occurs to me it is like blaming someone for getting mugged, although they were stupid enough to walk down a really bad street at a bad time of night with their cash out in their hands, it did take a criminal to make the crime happen, not the victim.
You are running an antique accessory business. You have a van to carry all the valuable stuff you borrow from people to sell in their name. Your van starts to leak oil. You figure out how to fix it yourself. Check engine light of the van is still blinking though, but you happened to put a post-it in your dashboard blocking it. By the way, you also never have it serviced. You keep driving for years while the situation in your engine gets worse and worse. Finally, you end up causing an accident. You didn't have anything to protect your cargo even from a bumpy ride, let alone a crash. You lost too many of your antiques because you were carrying them around with you everywhere. You also don't have resources or any insurance to cover the expenses. You think it may be a good idea to hide this fact from your customers because the antique business in your town is still new and you don't want them to lose trust for the whole sector. You first tell your customers they can't sell or take back their stuff. Then you take off your signboard. Then you sell your van. You eventually close down your shop as well. Meanwhile, you keep telling them there is something wrong with how the van is designed, so you may have lost some valuables here and there. You end up filing for bankruptcy.
Indeed. However, the whole point of crypto-currencies is decentralization: you give up both (some of) the constraints and (most of) the protection that goes with government-backed currencies. Choosing who you trust then becomes your own problem, your fully personal responsibility.
So yes, MtGox is at least criminally negligent, and maybe simply criminal. But the (largely libertarian) crowds who chose to trust them are fully responsible for their own poor assessment of MtGox' trustworthiness. That's the flip-side of choosing deregulation.
In addition to this being the usual hindsight horseshit, it also displays startling ignorance of how markets work.
If every time I want to buy a pack of gum I have to investigate every entity in the production and distribution chain, then I will never buy gum because the transaction cost is well above the value.
This is why businesses, who have substantial lobbying power, are generally ok with government regulation and often impose substantial self-regulation.
For example, take food. Restaurants here in San Francisco are all obliged to display their latest health department score. Almost everybody loves the system. Consumers love it because it tells them how safe their food is. Well-run restaurants love it because they can prove that their place is well run. Badly-run restaurants probably hate it, but that's fine; they're not good marketplace participants in the first place.
So your notion that you should go and check the oil level on every vehicle that ever contains any of your stuff is ridiculous. It's a handy way for you to feel smug blaming people who are suffering, not a reasonable suggestion for marketplace design.
I'm not talking about checking every screw of the truck. I'm saying that an unmaintained truck with lots of valuables in it is suspicious, and you should tust it for what it is.
I'll get negative poins again just because people don't like to be told what they should have known:
Bitcoins smell like a Ponzi scheme and, until they have proven themselves opposite, you should remain very wary of the money you put in. Do you invest in penny stocks? Nope. Why? Because they smell bad, even if their promoters make it look like they've quadrupled their value in just 4 months!
An online safe with millions of valuables? Shouldn't you wait for the proof it's good? Or do you assume it's a good safe as is? Is it really wise to assume something is safe? Oh I see negative HN points will rain on me. Not wise from me to put people in front of their responsibilities.
I'm sorry for people who lost money. Some of them will have a hard life. Losing money is never a good experience, I myself lost a quarter of my savings when the Australian dollar dropped. But do I blame the Australian gov? The EU gov? The regulators? Nope. It's my job to know when the AUD drops. Even if i can't inspect all parts of the economy. As a revenge, give me negative points.
Personally, I think Bitcoin is currently a tulip bulb mania, not a Ponzi scheme. (It might one day also be an interesting payment mechanism, but that's not why most people at MtGox bought Bitcoin.)
That said, I don't think the average investor has the chops necessary to fully evaluate a bank, which is effectively what MtGox was. The information asymmetries are just too severe. In this case, depositors didn't lose money on Bitcoin itself, but in what was basically a bank collapse due to negligence or fraud. (Or both; we don't know yet.)
One solution is to always blame the victims. You can't go wrong there! But the solution that I prefer is to regulate banks, and forbid unregulated banks from operating in the regulators' jurisdictions. This oops-the-money-is-all-gone horseshit is exactly the kind of thing an auditor or a bank regulator would have spotted in their first week.
Any 10-minute Google search over the past year would reveal that Gox had been having absurd problems for awhile and that there were several more reputable exchanges available to would-be day traders. Over the past year, a visit to any bitcoin forum wouldn't be complete without a highly visible 'Gox screwed up and their support sucks. Stay away!' thread. Unsurprisingly, the Gox market share had shrunk to a fraction of its former might months ago. Sad as it may be for those affected, this is how a market learns to value one competitor over another. The free-market result of the Gox situation is that exchanges and other custodial companies in the space are now differentiating themselves with enhaced security, transparency and 'proof of reserves' features. No cumbersome regulatory framework required.
Foresight too, e.g. I didn't do it. Because hosting BitCoins in an online wallet looks like a scam from a hundred miles. In a foreign country. On a website.
Hosting my emails in Gmail doesn't look safe either, to be honest, but at least it's not plain money and Google still needs to keep their reputation. For now.
Isn't it more like walking down the same bad street every night with other people's cash in their hands, getting mugged repeatedly, not telling anyone and still taking more money?
> But they were also dumb enough not to realize they were getting mugged, or so they claim.
This is what I don't get, and which makes it hard to trust that they indeed "lost" this many coins. At the very least one would expect that for a company like this, they would regularly reconcile what the blockchain states the content of the wallets they control is, and what their internal customer records says should be there.
That's the very barest minimum I'd expect anyone to do. And the moment they found a discrepancy they should have suspended everything until they'd figured out why there was a discrepancy.
If they've truly managed to keep losing coins over years, it means they had no effective audit mechanisms in place at all.
Whoever took these coins certainly also is to blame, but if they've managed to lose the coins that way, this ought to be criminal levels of negligence.
Your analogy is terrible. They are actively in the financial services industry, and by default protection from criminals is one of their mandates. People put money into mtgox expecting them to be secure. They claimed to be secure.
For them to turn around and lose 750,000 BTC is not analogous to being innocently mugged. It's more like a taxi driver guaranteeing a safe trip, actually driving drunk, then crashing and killing the passenger.
The point is that you should be prepared for this type of loss due to the speculative nature of Bitcoin. Here is a note from Morgan Stanley on alternative investments:
Investing in alternative investments is speculative, not suitable for all clients, and intended for experienced and sophisticated investors who are willing to bear the high economic risks of the investment, which can include:
-loss of all or a substantial portion of the investment due to leveraging, short-selling or other speculative investment practices;
-lack of liquidity in that there may be no secondary market for the fund and none expected to develop;
-volatility of returns;
-restrictions on transferring interests in a fund;
-potential lack of diversification and resulting higher risk due to concentration of trading authority when a single advisor is utilized;
-absence of information regarding valuations and pricing;
-delays in tax reporting;
-less regulation and higher fees than mutual funds;
-funds of hedge funds often have a higher fee structure than single manager funds as a result of the additional layers of fees;
-risks associated with the operations, personnel, and processes of the manager.
Almost all theft at financial institutions is internal theft.
There is not one single official statement from anyone to the effect that there has been an external theft from Mt. Gox. No one has reported a theft to police.
There is zero basis to believe an external theft has occurred.
If Mt. Gox does file a police report, at least then someone has done something (with official penalty for false statement) indicating that they believe a theft has occurred, and some possibly-accurate information would be available. But for now, there is nothing to stand behind a claim of external theft.
When someone gets mugged it's simple to be sympathetic to what's happened.
When someone gets mugged and you gave them assets to hold and/or transfer, and they didn't take due care of the security of these assets, this makes them culpable and negligent.
Yes, MtGox are probably having a really shit time right now, and yes I'd feel sorry for anyone who'd just fucked up this royally (assuming there was definitely no intent to defraud on their part), but that sympathy is tempered by a recognition that they've made the world vanish from under thousands of peoples feet as they see assets they trusted with the exchange float away into the ether.
This is why managing risk and having rules that protects consumers is so useful. Everyone's a hedgefund investor until suddenly the rug gets pulled out from under their feet.
I would have some sympathy for them, if they had shut down immediately after realizing they would not be able to pay their debts. Instead we were fooled with "everything is ok, we are reopening soon" PRs while massive insider trading was going on. Victims or not, the way they handled this is probably criminal.
Please correct me if I'm wrong, but they still have not said how much of the (700k + 100k) BTC was stolen and how much was just "lost" by technical incompetence, right?
As another Mt. Gox loser (sent my money back a few months before the end, of course they never arrived) this is one question that pains me the most. I don't care too much whether Karpeles goes to jail or not, but I want to know whether theft was made or just gross incompetence.
they still have not said how much of the BTC was stolen and how much was just "lost" by technical incompetence, right
Unfortunately, they are known liars. Right up until days before bankruptcy filing they were telling people they were working to resume withdrawals. It doesn't matter what they say at this point or anything they've said in the past because their words do not in any way reflect reality.
The only thing left is to investigate and if the facts show fraud has occurred, then prosecute.
If only Bitcoin exchanges had some degree of regulation to ensure they were properly securing their users' funds, or perhaps some level of insurance to prevent their users from suffering financial losses due to the exchange's misfortune.
On one hand, there may be a chilling effect if Karpeles is sent to jail, because fewer companies may be willing to participate in an area where the penalty for failure is time behind bars.
On the other hand, it feels very inequitable and unjust that Karpeles made millions off of MtGox, lost our money and then is free to enjoy life. But that's a vengeful mindset, and it seems counterproductive.
Is it really just a bad situation with no recourse? Karpeles walks, MtGox shuts down, and everyone's money is gone. Poof.
The most persuasive argument for jailtime seems to be that if he's not penalized, then others may attempt to orchestrate similar disasters. Bitcoin has a very, very small chance at becoming the next gold standard, but it's a chance nonetheless. Therefore whoever is willing to flaunt the law and steal >5% of all bitcoins that will ever be created has a very, very small chance at becoming extremely powerful in the future, and wealthy in the short term.
I don't know. There's probably nothing to be done, and taking away years of a person's life out of a sense of retribution probably isn't the best answer.
At least in the United States, an officer or director's right to stupidity is enshrined in law. But fraud isn't. If Karpeles knew and understood that there was a problem, there should be criminal charges. Further, there may be grounds for Mt. Gox and its investors to pursue Karpeles on civil grounds.
But this is philosophical. The operation of an unlicensed, dollar-based financial institution will attract the sharks. "Move fast and break [laws]" sometimes works, but only if you win.
My observation is simply that the future is unknown, and therefore a greedy actor would benefit greatly from stealing >5% of a currency. The most straightforward way to do this is to set up a popular exchange and orchestrate a disaster which is secretly a theft. Since there's no way to prove it, and since bitcoin wallets can lay dormant for decades, there's at least some incentive to do this. Should jailtime be on the table for gross negligence? I'm just interested in everyone's thoughts on the matter.
Personally, this fiasco hasn't affected in the slightest my beliefs about the protocol. Hell, if anything it might've been a small point in favour of decentralization.
I would've preferred to let the banks fail in 2008, short-term economic consequences be damned. That experiment is now playing out in the unregulated crypto-economy. (I've got my popcorn.)
Gold is a physical asset. People understand physical security.
Gold can't be lost due to a hard drive crash, and it cannot be stolen over a network. More importantly, I believe a majority of people (myself among the number) do not understand bitcoins were stolen from mtgox.
Besides, "understanding" is very slippery verb in this context, what do you understand about gold? You know where it all is? You know who is in charge of protecting it and who is the owner? You know its location? You know who is digging for it? You know where are they digging? I don't clearly see what "understanding" you have about it.
There's a disconnect between what I think of as Gold investment and what you're talking about... Perhaps you're referring to Gold stocks, or notes or something?
What I'm talking about: In India, my family buys a small amount of Gold every 3 months or so. Gold coins, each a few grams in weight. I know exactly where they are -- I have a safe deposit locker at my bank, and some of them have been converted into jewelry for my wife.
Cool! Somebody like you was at work 160 years ago in California - recently 6 cans of gold were discovered buried under an ancient oak tree after a rain.
I think it's far to early to have a meaningful discussion about this. There are so many rumors and poorly sourced "facts" floating around right now. We have almost no concrete information about what actually happened at Mt.Gox and what role Karpeles may have played.
My take: If the money was stolen this year, it was theft by a third party and they were maybe incompetent, however, this is not punishable, see politics.
If it was stolen last year, they made all existing (and even worse: new) costumers since the time of the theft believe that they would get their money back. This is fraud.
What I wonder, is if Mark was actually the only one internally who had access to the cold storage wallets, what would happen if he got hit by a car and died? Have other exchanges got plans for this sort of thing? Some corps don't let their programmers fly on the same aeroplane.
I wouldn't want to own that many Bitcoin and be the only one who has access also because someone could profit considerably from your death.
At Bitalo [0] we use multi signature wallets all over the place - for user wallets (so we cannot move them without users permissions), but also for company wallet for storing fees. For the latter, all board members have keys for them, but you only need a subset of them to access the funds. That way even if one of them loses the key or something bad happens to them, coins can still be moved by the others.
For example, you can have 2-of-4 wallets, where 4 people hold the keys, and you need only 2 of them to move funds.
Please, don't ever send money nor coins to these guys, they're scammers. M4v3R used to run http://bitmarket.eu and lost all the users' coins while running some sort of (according to his own words) "hedge fund" around December 2012. Around April 2013, with bitcoin around $50 he "kindly" offered to reimburse everyone over time, valuating each coin at 10€ arguing that it was their value when he lost them. I told them wanted my 10btc, not money, and they still owe me to this day.
So are they claiming they literally lost ALL of their bitcoin? How is that even possible to have happened without them noticing... It just seems much more likely somebody got greedy on the inside.
I am sure they lost some. But I can't help but wonder if that was taken as an excuse to loot the ship as it was sinking.
No one stole anything from them. Or at least not something remotely close to what is reported. How can 800k btc go missing?
Even people with few hundred btc split them between several different offline wallets. Can't be stolen. Their hot wallet being hacked is a total possibility, but it would contain no more than 5% of their coins. So, they just emptied the cold storage until it was completely empty?
No.
Something else is going on and we will all know soon enough. Don't let yourselves be manipulated like that.
I was selling a significant amount of Bitcoins in January. I wanted to use Mt Gox because of higher rate. I did not think there was a real possibility of the whole exchange going down. However, I did not pass identity verification because of some minor problem. So I sold the Bitcoins on Bitstamp and had money in the bank a day later. I was really really lucky.
Pirates buried their treasure in hidden locations rather than let someone hold on to it for them [1] :-).
[1] I realize this isn't strictly true, as there were organizations the pirates did use, but they had the same challenges with them being crooked or getting captured by England or some other authority at the time.
>One Japanese small-business owner that accepts bitcoin as payment said Japanese banks had expressed skepticism toward the payment method, and that the business's lenders this week asked that the company wouldn't use bitcoin in the wake of Mt. Gox's stopping all transactions on Tuesday. "They're approaching bitcoin very conservatively," the owner said.
I don't think that the demise of mtgox will destroy the ecosystem. However, I suspect this will be a major setback in mainstream adoption as a method of payment. Bitcoin speculation (and difficulty of shorting) may very well prop up the price for the foreseeable future, but... so what? The interesting thing about the Bitcoin saga is seeing it work its way into mainstream.
And is this because it will make you rich with your bitcoin stash, or because somehow "Society Needs This" and you'll just happen to get rich while being so magnanimous. It's a new paradigm, I know.
Everything you use for your benefit made someone else rich, from your toothbrushes till the banks you use... and you know this to be true, so your discourse is only an attempt to be rude and cynical.
Just like everything, until we decide to give it value. Gold is completely and absolutely worthless to us humans, we don't need it to function and it serves no biological function in our organisms whatsoever. But because we like it and there is a scarcity of it, we will trade goods for it. Just like with bitcoins.
I get what you're saying, but gold is not 'completely and absolutely worthless'. It conducts electricity very well and does not corrode very easily. It is used on satellites to reflect electromagnetic radiation. It can be used as a glass coating to help prevent ice formation (airplanes). A gold isotope is used for cancer treatment. It can be used to tint glass red. It can be put into cinnamon schnapps...
Unless you interpret what I said literally,and are going to point out that no one trades apples for gold rings, then the answer is - literally everyone who buys gold. You might pay with a fiat currency,but then you obtained it by either selling something that you produced or work that you carried out - so "goods".
My experience suggests otherwise, in addition I know many people who have made money from them.
I get what you're saying though, something along the lines of "if no government is behind it, it is inherently worthless".
I disagree, many commodities hold value even though our governments do not assign that value, instead it's their inherent value that is worth something.
To me and many others, a token that can be sent to anyone, be split into a million smaller parts, is not issued by the wills of a handful of men, that isn't forced on a population, is used of our own volition and limited in quantity deserves some inherent value.
I just don't see how they missed it. Since they used a hot-wallet system this had to be over a pretty substantial period of time. Surely if you're running an operation with that much cash involved you've got some kind of rolling reconciliation between debt owed vs reserves available?
Who misses a 500MM hole in their assets? Or is reckless enough to hide it (trading whilst insolvent)?
Perhaps naïve question but can't see any info on this one. So, the Bitcoin ledger is still intact. 750,000 is quite a lot of Bitcoins to be stolen. Mt.Gox may have been shitty built but they must have kept some logs, account databases, etc. What are the odds of recovering the coins/exchange money that was lost? Technically sounds like pretty good odds? No?
The company's lawyer said at the news conference that Mt. Gox had outstanding debt of about ¥6.5 billion ($63.6 million) with assets worth ¥3.84 billion.
That can't include the value of the bitcoins lost can it? So presumably the assets doesn't include the value of any bitcoins that they still have which all makes this statement rather meaningless.
It seems like the bitcoin community should collectively decide to not honor transactions for the stolen bitcoins.
Not only will it prevent the market from completely crashing as the thief eats up remaining buy orders, but it would moderately discourage future thieves if such a mechanism were in place.
Unfortunately I get the feeling more and more everyday that this really is just a ponzi scheme built on really cool new technology. I mean honestly most people who buy bitcoin aren't looking to spend it or use it because of convenience, they are looking to hold it in the hopes that the price continues to go up and on the way encouraging everyone they know to buy in to drive up the price.
> I mean honestly most people who buy bitcoin aren't looking to spend it or use it because of convenience, they are looking to hold it in the hopes that the price continues to go up and on the way encouraging everyone they know to buy in to drive up the price.
Even if that's true, that doesn't make it a Ponzi scheme. A Ponzi scheme is an investment in a phony entity run by a fraudster (the Ponzi) who's promising guaranteed returns and lying about the existence and nature of what the investment is. New money making early investors rich is not a defining feature of nor unique to Ponzi schemes.
Ponzi schemes require a Ponzi, intentional fraud, and a fake investment. Bitcoin is none of these things; it's not even remotely similar to a Ponzi scheme. No one is being lied to about what Bitcoin is, there's no fake investment here, Bitcoin is a real and functional payment network. There's no guarantee of returns here. Stop spreading FUD. Gox is not Bitcoin, Mark being a criminal doesn't make Bitcoin a Ponzi scheme.
Yeah, the technology fascinates me as well, it's very cool.
It's said that the real-world economics of it make no sense at all. The technology will survive though, the ideas will make their way into other pieces of software.
Economics is merely a form of social contract. For god's sake, humans have turned gigantic immovable rocks into currency: http://en.wikipedia.org/wiki/Rai_stones
BitCoin will thrive (or not) based on the community that grows around the technology. While it's equally feasible that it becomes a major world currency, or that it collapses in value and held only by a handful of "crypto-enthusiasts", I don't think it will ever go away.
Yes, a failure of a single financial institution proves the currency is a completely failure. I mean, it's not like the USD and EUR markets had any institutions that failed or needed bailouts - well, except for Northern Rock, IndyMac, Lehman Brothers, Merrill Lynch, Fannie Mae, Freddie Mac, Washington Mutual, Wachovia, Citigroup, and AIG.
Those failures proved that USD and EUR have a system that works the way most civilized people want it to - individual investors were covered, losses were spread out, no individuals suffered catastrophe. Whereas most of the bitcoin "community" seems to take an ideological position of "everyone for himself".
Are you planning to buy it as an investment, or to use it as a currency? If the latter, this is not a good time because the currency is less stable than ever. But it could arguably be a good time to "invest" if that's your thing.
The way that exchanges work is that they hold a wallet for you, you deposit money into it, and then you do off-blockchain trades with other users. At some point, you ask to withdraw, and give them your local wallet address, and then they send you the coins.
ok so Mt.Gox should still have the digital wallets. The whole point of bitcoin is that you don't need a central bank/exchange holding your wallet. But people used one anyways and now Mr.Gox doesn't know where the money went.
Bitcoin hasn't suffered any loss; the exchange rate has been relatively flat all year. People who let a third party hold their assets lost those assets due to that entity's negligence. That can happen to shovels in a storage unit -- the underlying asset is irrelevant to this particular risk.
