The role U.S. government agents played in bitcoin thefts at Mt. Gox in 2013 has generated a lot of media coverage recently. But one security firm investigating the Mt. Gox thefts, Tokyo-based WizSec, believes the agents did not play a significant role in the missing bitcoins.
The Mt. Gox exchange collapsed in early 2014 and declared bankruptcy.
In a recent blog post, WizSec provided an update on its investigation. “First of all: no, we don’t think these agents are main characters in the story of the missing MtGox bitcoins, and the story doesn’t begin in 2013 either,” the blog post noted.
What role for U.S. agents?
In recent weeks, reports have surfaced that U.S. agents caused bitcoin thefts in early 2013. In the wake of this, there has been speculation that what happened at Mt. Gox may have been related to these agents.
WizSec noted there has been a lot of speculation about happened, but little actual evidence, leaving more questions than answers.
Below us a chart showing actual Mt. Gox bitcoin holdings versus expected bitcoin holdings from April 2011 through February 2014.
By the end of 2011, there is a discrepancy of several hundred thousand BTC between expected holdings and actual holdings.
“Furthermore, if we look closely, this discrepancy seems to be growing over time- By the middle of 2013, there are practically no bitcoins left at all.”
Barring some major unexpected revelation going forward, investigators have concluded Mt. Gox was operating at a fractional reserve since at least 2012.
By the middle of 2013, the curve goes flat, matching the hypothesis that there may not have been any more bitcoins left to lose.
Record indicates internal theft
The post noted Mt. Gox bitcoins would suddenly get sent to a non-Mt. Gox address, without any withdrawal log entry, often in fairly recognizable amounts of a few hundred bitcoins at a time. Shortly afterward, these addresses would group into bigger addresses holding a few thousand bitcoins. From there, chunks of some hundred bitcoins at a time would deposit onto various bitcoin exchanges.
Such activity would be hard to interpret as anything but intentional theft, investigators concluded. They observed the following destinations for the stolen bitcoins: Mt. Gox itself, BTC-e, Bitcoinica, and other as-of-yet unidentified wallets.
So far, an estimated 300,000 BTC have been identified as removed from Mt. Gox in this fashion between late 2011 and the end of 2012, but this number could grow as the investigation continues.
Whether or not coins were secured in cold storage is hard to know since there is not enough information about the handling and historical use of MtGox’s cold storage, the post noted.
Little impact on the bitcoin market
As for the impact of the Mt. Gox bitcoins on the bitcoin price, investigators believe the coins moved “relatively slowly over time.” Hence, the monetary effect on the market “may well have been pretty limited.”
WizSec is not optimistic about creditors’ hopes for recovering more bitcoins.
“Realistically, we are left to hope the payout percentage might improve as invalid and illegitimate claims could potentially be filtered out.”
Willy, the automated bitcoin bulk buying bot described in the Willy Report and the previous WizSec blog post, came along much later during 2013. By this point, most of Mt. Gox’s deposited bitcoins were already long gone. As such, Willy and similar irregularities cannot have been responsible for the bulk of the missing bitcoins, the post noted.