By Jeremy Wagstaff
SINGAPORE, March 6 Some of those who have lost
bitcoins in the collapse of Mt. Gox have turned to internet
sleuthing to find out where their money has gone - but they're
unlikely to have much luck.
That's because the crypto-currency is a lot more complex
than it looks, even to those who believed in it enough to invest
their savings, bitcoin experts say, illustrating the scale of
the challenge facing investigators trying to unravel the
multi-million dollar mess at what was once the world's dominant
Forum websites like Reddit and internet relay chatrooms have
attracted hordes of users as the Mt. Gox debacle unfolded in
recent weeks. But their crowdsourcing investigations have
uncovered little in the way of real evidence about what
"The crowdsourcing so far has been a miserable failure,"
said Emin Gun Sirer of Cornell University, who posted his own
analysis challenging several theories about what may have
happened at Mt. Gox.
The problem, Gun Sirer and others say, is two-fold: users of
such forums are not always methodical or disciplined in their
research on one hand, and on the other, bitcoin's combination of
transparency and complexity invites the unwary to draw false
Mark Karpeles, the 28-year-old French CEO of Tokyo-based
bitcoin exchange Mt. Gox, filed for bankruptcy on Friday
admitting that some 850,000 bitcoins - worth more than $560
million at today's prices, and about 7 percent of all bitcoins
minted - were missing. Karpeles blamed hackers for the theft,
based on a so-called "malleability" bug in bitcoin software.
The collapse of Mt. Gox has left thousands of bitcoin users
bereft. Driven in part by a desire to find the missing bitcoins,
and in the absence of any solid explanation by Mt. Gox or
Karpeles, Reddit users and others have shared links, studied
bitcoin transactions and traded rumours online.
One forum, mtgox-chat, has become the starting point of much
of the digging, so much so that a user claiming to be Serbian
chose it to first share links to files apparently stolen from
Mt. Gox's own servers, including computer code and what appeared
to be a tape recording of a conversation between Karpeles and
Japanese bankers in late January.
Some of the research, however, has been less useful.
One user on Reddit, for example, suggested that Karpeles had
been blinking a hidden message in morse code during a press
conference in Tokyo last Friday, prompting some to replay the
video frame by frame to try to divine the message.
Other efforts have been more serious, and borne fruit.
A European in his late 20s who works in the legal profession
and goes by the name of Aquentin ONLINE traced the movement of
some of the bitcoin Karpeles had moved from one wallet to
another back in 2011 as proof that Mt. Gox was insolvent.
His research, he said in an email interview, showed that
these coins were among up to 200,000 moved again recently, in
late December and in early February - indicating that not only
were there bitcoins still somewhere in the system, but that they
seemed to belong to Mt. Gox.
Aquentin's research was followed up by others, among them a
PhD student in the UK who calls himself Oakpacific. Both
declined to give their names or other identifying information.
Their conclusion: the movement of coins they investigated
did not square with the explanation given by Mt. Gox that the
exchange lost its coins to a malleability attack. Says Aquentin
of their findings: "They show that at the very least we have not
been told the whole truth."
Their conclusions have been, at least in part, backed up by
more established figures. Ken Shirriff, a software engineer at
Google who runs a blog at righto.com, analysed
transactions in early February on Mt. Gox and raised questions
about the company's claims that it had come under attack prior
to Feb. 7.
Shirriff was cautious in his conclusions, but he said in a
blog post that the malleability attack he looked into could not
have been responsible for Mt. Gox's problems at that time.
Shirriff declined to be interviewed for this article.
Indeed there are, potentially, rich pickings to be had from
Because the transaction history of bitcoins is public, says
Italian computer security researcher Stefano Zanero, it's
possible for anyone to investigate. Moreover, if a bitcoin owner
is not careful in detaching the keys - his PIN number - from
anything that may identify him, he would effectively remove
anonymity from a transaction.
But researching this is not easy, he warns. Zanero has with
colleagues from Italy's Politecnico di Milano developed software
called BitIodine which studies bitcoin transactions to cluster
addresses likely to belong to the same user, or group of users.
BitIodine will be demonstrated at a financial cryptography
conference in Barbados this week.
But he warns that even BitIodine only supports, but doesn't
replace, any traditional investigative techniques - as well as
requiring a lot of computing power and memory, not to mention
analysts skilled enough to make sense of it.
"It's no silver bullet," he said in an email interview.
TOO MUCH INFORMATION
Indeed the problem with tracing bitcoins is almost too much
Bitcoin's ledger, called the blockchain, that records all
transactions, makes public a chunk of information that would
normally require many subpoenas to extract, Gun Sirer says. "So
that's fantastic, but it's the perfect set-up for armchair
experts to end up getting in over their heads," he said.
The danger arises when drawing links and patterns between
wallets and transactions that are spurious, he says. From there
to implicating unrelated people is a short and dangerous step.
Gun Sirer points to a paper by Israeli academics Dorit Ron
and Adi Shamir published in November which inferred a
relationship between Satoshi Nakamoto, the pseudonymous
'founder' of bitcoin, and the creator of Silk Road, a website
for trading drugs. Silk Road was shut down by the FBI last
October. Its alleged founder, Ross Ulbricht, has pleaded not
guilty to charges including money laundering.
The paper was withdrawn after a cryptographer called Dustin
Trammell said he owned the bitcoin address the researchers had
"The crowds are capable of making far worse mistakes with
bigger consequences," said Gun Sirer.
Indeed, Reddit is still smarting from last year, when its
users misidentified two young men as suspects in the Boston
Marathon bombings. Reddit later apologised for fuelling "online
witchhunts and dangerous speculation."
Some users say the lessons from that episode have only been
An Oklahoma-based soft drinks distributor called Michael
Bennett dug up what he said were 29 wallets containing about
690,000 bitcoins traded heavily in the weeks leading up to Feb.
24. But when he posted his findings on Reddit he found little
interest in following up or joining him in doing more research.
"It's really showed just how poor the community is," he said
in an online interview. "People just look for the juiciest
leads, they want drama, they want excitement."
Emma, a 20-something female based in the United States, who
frequents the mtgox-chat channel, says that in some ways it's
understandable. She has 120 bitcoins stuck in Mt. Gox, which she
had been buying since 2011. At current prices, that sum would
pay off all her debts and allow her to go to college, she said.
Many of those in the chatroom, she said in an online
interview, are simply struggling to find even the basic pieces
of the puzzle, while at the same time smarting from having lost
"People are feeling helpless and desperate. I know I am."