In the wake of its high profile collapse last month, Bitcoin exchange MtGox filed for bankruptcy protection in Japanese courts, claiming it had been hacked with around 850,000 Bitcoins stolen, worth about $450 million at the time. Then, just last week, it revealed that it had suddenly ‘found’ an unused wallet containing 200,000 Bitcoins.
“We believed there were no bitcoins left in old wallets, but found 199,999.99 bitcoins on March 7,” Mt. Gox CEO Mark Karpeles noted in a document released last week.
Those claims were met with a certain degree of cynicism, to put it mildly, with many of those with funds ‘lost’ inside MtGox believing the story was invented to cover for the exchanges ineptitude or crimes.
And now, with the release of a new study on the academic pre-press website ArXiv.org, it looks as if we finally have some evidence to disprove MtGox’s claims. The study casts serious doubt on the story, arguing that MtGox could have lost, at worst, fewer than 400 Bitcoins from so-called malleability attacks.
The paper was written by Christian Decker and Roger Wattenhofer of the Distributed Computing Group at the Swiss Federal Institute of Technology Zurich (ETH), and claims that zero malleability attacks took place on MtGox prior to its shutdown. The Tokyo-based exchange previously cited the “transaction malleability” bug in Bitcoin’s software as the reason it first suspended withdrawals from the site, but the study’s authors dispute this.
“In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts,” write Decker and Wattenhofer in the study, which hasn’t yet been peer reviewed.
“In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox.”
The authors believe that only around 1,200 Bitcoins were ever targeted in malleability attacks before MtGox shut down, and says that 80 percent of these failed. If true, this would mean that the true number of stolen Bitcoin amounts to less than 400.
“Even if all of these attacks were targeted against MtGox,” write the authors. “MtGox needs to explain the whereabouts of 849,600 bitcoins.”
It’ll be a while before the study can be peer-reviewed and verified as fact, but if that happens then it would be a timely boost for Bitcoin and prove that there’s nothing fundamentally wrong with the cryptocurrency itself – rather, it’s just that some exchanges can’t be trusted.
To be fair, people were questioning MtGox’s claims almost as soon as they were first made. It could have fallen victim to malleability attacks in theory, but the fact that so much money was involved, and that the attacks allegedly took place over a long period of time, has stretched its credibility to the limit.