Japanese newspaper makes bold claim about Mt Gox’s giant 2014 Bitcoin loss

If you’re a Bitcoin user, you’ll know that 2014 was a bit of an annus horribilis for the “freedom currency.”

Bitcoins are effectively cryptographic puzzles that are claimed by the first person to solve each one, and thereafter traded at a value agreed between buyer and seller.

That makes them into a cash currency, more or less, but without any central backing or, for that matter, regulation.

There’s a good side to that: no government body can summarily devalue or disown your Bitcoin stash.

That can, and has, happened with centrally managed currencies, as for example in Zimbabwe in 2009.

Hyperinflation over a number of years rendered the Zimbabwe dollar so worthless that the government eventually disowned it altogether, leaving the economy to operate on other countries’ money, notably the US dollar and the South African Rand.

Effectively, the exchange rate against all other currencies officially became zero, so that any Zimdollars you had were quite literally worthless.

But no government, reserve bank or monetary authority can summarily wipe out your Bitcoins.

Of course, there’s a bad side to that: no regulator means that there are no regulatory protections, and no operating requirements for companies that offer to look after your Bitcoins for you.

Bitcoin exchanges

In theory, you don’t need to entrust your Bitcoin holdings to anyone else, provided that you can find buyers who will accept them directly.

But that doesn’t give you a whole lot of liquidity – you might be fiendishly rich in the Bitcoin world, yet unable to pay your rent, meet the loan repayments on your car, or even buy a loaf of bread.

So Bitcoin exchanges sprung up to act as an interface between the world’s official currencies and the world of Bitcoin.

Loosely speaking, you give someone some Bitcoins, and they let you at an agreed amount of regular money in return.

You might “deposit” BTC1, for example, and be given a balance of, say, $320 (the approximate rate on 2014-01-02) to spend in more familiar ways, or to transfer into a regular bank account.

In short, Bitcoin exchanges act much like banks, with deposits, withdrawals, balances and transaction records.

Yet they aren’t banks, any more than a retail store is a “bank” when it issues you a credit note for goods you’ve returned.

After all, Bitcoin isn’t really a currency, so, generally speaking, it’s not covered by any of the laws relating to currency trading, brokerage, banking and so on.

In other words, if the company to which you entrusted your precious Bitcoins suddenly tells you, “So sorry, they seem to have vanished,” then, well, that’s that: you’re out of luck.

Indeed, the Bitcoin ecosystem has regularly suffered just that sort of confidence-sapping announcement, though usually on a fairly modest scale, at least in global terms.

Examples prior to 2014 include:

  • May 2012. An exchange called Bitcoinica allegedly had $225,000 stolen, followed by another $90,000 later the same year.
  • September 2012. $250,000 was stolen from boutique exchange Bitfloor after an encryption lapse during a server upgrade.
  • November 2013. Small exchanges in Australia, China and Denmark “vanished along with the money” after claiming they’d heen hacked.

Mt. Gox implodes

But in 2014, the Big Daddy of Bitcoin exchanges, Japan-based Mt. Gox, made a “So sorry, they seem to have vanished” announcement about a whopping 650,000 Bitcoins, worth approximately $800 each at the time.

The mystery of the missing BTCs was at first blamed on a cryptographic flaw in the Bitcoin protocol that Mt. Gox’s coders hadn’t defended against properly – something they really ought to have done, considering that they were sitting on half-a-billion dollars worth of other people’s assets.

But that story didn’t wash with everyone, not least those who thought that any abuse of the flaw concerned (it’s euphemistically known as transaction malleability if you would like to look it up) ought to have been visible, albeit too late, in the transaction record.

→ Greatly simplified, transaction malleability means that two transactions can be rigged to have the same supposedly-unique identifier. Crooked transactors can use a deliberately created duplicate-yet-different transaction pair to trick naive exchanges into thinking that something has gone wrong, and demand a refund. (Smart exchanges use additional checks to help repudiate bogus transaction repudiations.)

Some people suspected Mt. Gox insiders of simply taking the missing Bitcoins – or some of them, anyway – for themselves.

Ironically, the very sort of incautious attitude to coding that would make a transaction malleability exploit possible would probably also make it possible for rogue insiders to get away unnoticed with large-scale Bitcoin larceny.

That’s where the story sat throughout the second half of 2014: something bad happened, but no-one quite knew whom to blame.

The New Year’s bombshell

On New Year’s Day, however, Japanese newspaper Yomiuri Shimbun dropped a bit of a bombshell.

It openly stated that there was “strong suspicion” that most of the missing Bitcoins were ripped off from inside.

Yomiuri Shimbun is claiming that the loss of about 7000BTC can be explained by cyberattack – in other words, crooks outside the company’s network were the perpetrators – but that there is no evidence of cyberattack around the loss of the remaining 643,000BTC.

In short, 99% of the crime was an inside job.

Is that really what happened, do you think?

If so, is there a chance, however slim, that some of the missing funds might yet be recovered?

Tell us your opinions in the comments…