Start the conversation
Several surprising developments this week deepened the mystery of where the Mt. Gox bitcoins are.
Much of the Mt. Gox-related Bitcoin news this week has contradicted official statements from the bankrupt exchange and Mt. Gox Chief Executive Officer Mark Karpeles about how the bitcoins were stolen.
Over the weekend a March 11 petition that was filed with the Tokyo District Court by the lawyers working on the Chicago-based Mt. Gox class action suit became public. Using data from the Bitcoin tracking website Coinsight, the petition alleged that an astounding 530,000 bitcoins were withdrawn from the exchange's accounts between March 7 and March 10.
That was more than a week after Mt. Gox filed for bankruptcy protection, declaring that nearly all of its bitcoins were gone, and two weeks after the exchange went dark.
"How is it possible to perform transactions with something that is supposed to have disappeared?" the petition asked.
Suspicions deepened further on Wednesday with the publication of a study by two Zurich University researchers that punctured a huge hole through the explanation that Mt. Gox had given for how the bitcoins were stolen.
The study came to the stunning conclusion that "transaction malleability" – the flaw in the Bitcoin code Mt. Gox said hackers used to steal most of the 850,000 missing bitcoins – could explain the loss of no more than 386 bitcoins.
Using this flaw, hackers can make a transaction appear not to have occurred, which then enables them to make a second withdrawal from the same account.
Even if true, the notion that Mt. Gox officials never would have noticed the flood of bitcoins out of their accounts until nearly all were gone never passed the smell test.
The Zurich University researchers found that only 302,000 of all the bitcoins in existence were vulnerable to a transaction malleability attack. Since the study showed that such attacks failed 78.64% of the time, that left only 386 bitcoins that could have been stolen by hackers exploiting the flaw, from Mt. Gox or anywhere else.