MtGox stumbles on, keeps blaming hackers for missing Bitcoins

mtgox-nukedDisaster-stricken Bitcoin exchange MtGox has posted an update onto its rather sparse website, with a new statement reiterating its earlier claims that it fell victim to hackers and was not run into the ground through its own incompetence. The statement appeared just hours after someone posted a chunk of code to Pastebin that seems to lend credence to MtGox’s story, although even if it turns out to be true, the company’s directors are bracing themselves for multiple legal battles as its creditors begin action to recover their lost funds.

We’ll start with the updated statement posted on MtGox under the heading “Application for commencement of a procedure of Civil Rehabilitation”:

“At the start of February 2014, illegal access through the abuse of a bug in the bitcoin system Resulted in an Increase in incomplete bitcoin transfer transactions and we discovered that there was a possibility that Bitcoins had illicitly been moved through the abuse of this bug.”

“As a result of our internal investigation, we found that a large amount of bitcoins had disappeared. Although the complete extent is not yet known, we found that approximately 750,000 bitcoins deposited by users and approximately 100,000 bitcoins belonging to us had disappeared. We believe that there is a high probability that these bitcoins were stolen as a result of an abuse of this bug and we have asked an expert to look at the possibility of a criminal complaint and undertake proper procedures.”

“On the same day (24th), we found out large discrepancies between the amount of cash held in financial institutions and the amount deposited from our users. The amounts are still under investigation and may vary but they approximate JPY 2.8 billion. We are investigating the causes of these problems. Since there are probably a variety of causes including hacking by third parties, we need to investigate a huge amount of transaction reports in order to establish the truth. As of this date, we cannot confirm the exact amount of missing deposit funds and the total amount of bitcoins which disappeared.”

MtGox goes on to explain that it wants to be able to repay its creditors, and that to do so it needs to revive its business again:

“In order to increase repayments to our creditors, it is necessary to explore the possibility of having MtGox Co., Ltd. continue its business. This is why the civil rehabilitation procedure has been chosen, Rebuilding MtGox Co., Ltd under the supervision of the court in a legally organized procedure while giving proper explanations will not be for the sole benefit of the company but for that of the whole bitcoin community.”

“All efforts will now be made to restore the business and recover damages to repay debts to creditors. We hope for the understanding and cooperation of all.”

There is some good news – if MtGox is to be believed – as the statement notes it currently has “3,841,866,163” in assets. Assuming that MtGox is talking about Japanese yen, that’s a roughly $30 million or so that it can use to try and fire up its business once again. Unfortunately, the exchange will have a very tough time doing so – it’s not just that there’ll be a total lack of trust within the Bitcoin community after this debacle, but also the fact that MtGox admits it has found “6,501,119,371” total liabilities.

Hacked or not, somebody’s gonna pay


MtGox’s statement comes just hours after Ars Technica revealed a block of PHP code that appears to be part of MtGox’s website has been posted onto Pastebin. The 1,719 lines of code include references to IP addresses registered to Tibanne, the parent company of MtGox. The code details how to access individual user’s Bitcoin wallets and process transactions, which would allow anyone with access to MtGox’s servers to steal funds from the website. While this does seem to lend weight to MtGox’s claims of being hacked, we should note that the code was posted anonymously onto Pastebin which means its far from concrete evidence that any kind of hack took place.

In any case, it looks as if MtGox’s operators could soon be forced to prove that the site was hacked, if they’re to fend of the growing number of claims being made against them by the exchange’s creditors.

CoinDesk reports that London-based law firm Selachii LLP is organizing a class action against MtGox, and represents more than 200 creditors from the US, Canada, Europe and China. The law firm has stated that it intends to target MtGox CEO Mark Karpeles “wherever in the world he is”, and also has Tibanne, the parent company, set firmly in its cross-hairs.

Selachii’s action comes just a day after MtGox customer Gregory Greene launched his own case against the company in Denver, Colorado, and is very likely to be followed by further cases from disgruntled customers elsewhere. CoinDesk adds that Selachii’s case will center on claims that MtGox failed to provide security to its customers, and alleges that this failure amounts to criminal negligence.