About a week ago, Russian hacker “Nanashi” leaked the entire source code for Mt. Gox. Unsurprisingly, considering how unprofessional Mt. Gox has been, the code is pretty bad.
Some random red flags:
Now, it seems like Nanashi and the rest of his/her group have turned to extortion. If you were a Mt. Gox customer, Nanashi claims to have your personal information, including passport scans, and will sell it unless you send 0.25 BTC (~$160 at the time of this post). Apparently 20% of the customer database has already been sold to two unknown buyers, and the rest will be sold sometime this week. If a customer was part of the 20% already sold, “it’s too late for you.” However, Nanashi outlines the following steps for everyone else who wants to remove himself/herself from the database before it’s sold.
Furthermore, Nanashi states, “do not email us asking to confirm what information we have about you,” after receiving over 3000 emails asking for confirmation within the last 36 hours. Instead, the hacker simply states,
“If gox had it, we have it, and as you can read on boards we have confirmed possession of this dump for many people. We let you use our same email for this as all other gox hack communication so you know we are same people.”
One reddit user sent a fake email to Nanashi claiming to be a rich Saudi Mt. Gox customer, and asked if his information had been sold yet. Nanashi replied with the following:
Of course, this could mean that the hackers actually do not have the database and that this is just one huge scam. On the other hand, the email states that any data associated with the fake email has not been sold, which is a true statement since there is no data to sell. Nanashi stated that he/she checks the email against a list of addresses that were a part of the “sold” list instead of checking against a list of all people in the database. Furthermore, even if Nanashi does actually have the database, there is nothing to stop him/her from selling it even after people send the 0.25 BTC ransom. After all, how can you trust an extortionist?
Unfortunately for Mt. Gox customers, this seems like a no-win scenario.
Last modified: March 12, 2014 00:46 UTC