The Bitcoin community has been angrily pressing for details on what the Bitcoin exchange Mt. Gox has described as a massive hacker attack that stole hundreds of millions of dollars worth of its users’ bitcoins and left the company bankrupt. Mt. Gox’s staff isn’t talking. So another group of hackers say they’ve broken into the company’s servers to provide answers of their own.
On Sunday, hackers took over the Reddit account and personal blog of Mark Karpeles, Mt. Gox’s CEO, to post an angry screed alleging that the exchange he ran had actually kept at least some of the bitcoins that the company had said were stolen from users. “It’s time that MTGOX got the bitcoin communities wrath instead of [the] Bitcoin Community getting Goxed,” wrote the unidentified hackers, referring to the multiple occasions over its three year history when Mt. Gox has gone offline, delayed trades or suspended withdrawals, events so common that Bitcoin users coined the phrase to be “goxed”–to suffer from Mt. Gox’s technical glitches.
The hackers also posted a 716 megabyte file to Karpeles’ personal website that they said comprised stolen data from Mt. Gox’s servers. It appears to include an Excel spreadsheet of over a million trades, a file that purports to show the company’s balances in eighteen difference currencies, the backoffice application for some sort of administrative access to the databases of Mt. Gox’s parent company Tibanne Limited, a screenshot of the hackers’ access to those databases, a list of Mark Karpeles’ home addresses and Karpeles’ personal CV.
A screenshot posted by Mt. Gox’s hackers, seeming to show administrative access to the company’s database of trades.
In the hackers’ summary of Mt. Gox’s balances in various currencies, they point to a claimed balance of 951,116 bitcoins, which they take as evidence that Mark Karpeles’ claim to have lost users’ digital currency to hackers is fraudulent. “That fat fuck has been lying!!” a note in the file reads.
I’ve reached out to Karpeles for comment, but haven’t yet heard back from him. Mt. Gox’s embattled chief executive has remained almost entirely mum as his company has imploded over the last weeks.
In a possibly related incident, a user on the BitcoinTalk forum posted a message–since deleted by the forum’s moderators–claiming to be offering for sale a 20 gigabyte stolen database from Mt. Gox, including the personal details of all its users and even scans of their passports. “This document will never be elsewhere published by us,” wrote the user, who went by the name nanashi____. “Selling it one or two times to make up personal loses from gox closure.” The hacker asked for a price of 100 bitcoins for the database, about $63,600 at current exchange rates. ‘
I’ve reached out to nanashi____ via an email address he or she provided, and I’ll update this post if I hear back.
I couldn’t verify that Sunday’s database dump was real, or that it showed any of the “lying” that the hackers claimed. In fact, it may simply show how Mt. Gox’s accounting mismatched with its actual store of Bitcoins–that it was counting bitcoins as being safe in its coffers when they had already been stolen by thieves.
But as Bitcoin experts pore over the hacked files, they may yet offer clues to the mystery around Mt. Gox’s fate. The Bitcoin community has been puzzled by the apparent lack of movement of Mt. Gox’s bitcoins since the company declared bankruptcy last month. Despite stating that it lost 850,000 bitcoins in total in its bankruptcy filing, Bitcoin experts haven’t seen the movement of those coins in the Bitcoin blockchain, the public ledger of transactions that prevents fraud and forgery in the Bitcoin economy.
Moderators on the Bitcoin subforum on Reddit deleted the hackers’ post a few hours after it first appeared, stating that posting stolen content violated the forum’s etiquette rules. But users on the forum didn’t hesitate to draw their own conclusions: the top post on the forum Sunday afternoon read “Mt. Gox scam was just exposed — MK [Mark Karpeles] officially stole our funds.”
“We’ve been goxed!” it added.