Silk Goxed: How DPR used Mtgox for hedging & lost big

Summary:

Using recent filings in the trial of Ross Ulbricht, the 2014 leak by hackers of the Mtgox database, and a Mtgox insider, we identify Ulbricht's Mtgox account, the accessing IP, and trades made by it. The account information indicates that SR1 implemented its currency hedging system (intended to prevent vendor losses due to BTC fluctuations) by, starting in July 2011, connecting to Mtgox over the clearnet and trading through a Mtgox account. Surprisingly, it seems that this IP information was not used by the US government investigation to de-anonymize SR1. The bulk of the account seems to have been stolen by a Mtgox or SR1 insider.

(This was primarily researched by /u/impost_r, and written by /u/gwern .)

Silk Road 1 launched in January 2011. During 2011, the exchange rate for Bitcoin experienced extreme volatility, moving by orders of magnitude, which made it difficult to transact using Bitcoin because payment for an order could easily become less than the order cost. In response to this, Dread Pirate Roberts 1 introduced in 9 July 2011 a "hedging" system: vendors could 'lock in' the USD value of any purchase and receive, when the transaction settled, the USD value in Bitcoins back. The obvious way to implement a hedging system is to maintain an account on a large exchange (the largest then being Mtgox) and transfer bitcoins in and buy/sell to match each purchase; but this would incur fees for trading, counterparty risk (not just the exchange collapsing/being hacked but also the account being seized), complexity, and risking de-anonymization (Mtgox and other exchanges do not look kindly on Tor connections due to abuse). It was not clear how DPR had implemented hedging; he could have self-insured, betting on Bitcoin's long-term upwards trend to profit on average.

The hedging system was a success, and was used from July 2011 to October 2013 when SR1 was raided, with perhaps occasional hiccups.

In January 2015, as part of the ongoing trial of DPR (Ross Ulbricht), the prosecutors released a letter with several exhibits objecting to the defense strategy of painting the owner of Mtgox, Mark Karpeles, as the real DPR. It writes:

Several days after the defendant's arrest on October 1, 2013, which was publicly disclosed the following day, the U.S. Attorney's Office for the Southern District of New York ("USAO-SDNY") was contacted by Mr. Karpeles' attorney. The attorney offered to forward records associated with a certain suspicious MtGox account that he stated he had previously sent to AUSA-2 in USAO-Baltimore. The attorney stated that MtGox had also found a different account, in the defendant's own name, which the attorney said he could supply records for as well.

Mr. Karpeles' attorney subsequently forwarded via email the information he had previously sent to AUSA-2 concerning the account MtGox deemed suspicious. (See Ex. E). As reflected in the email, the attorney explained that the forwarded information was "not information about the account in Ulbricht's name, which MtGox only identified as of interest after the Ulbricht indictment [i.e., arrest]." (Id. (emphasis in original)). The forwarded information related instead to a MtGox account as to which "MtGox ha[d] suspicions may be associated with the largest bitcoin wallet that is perceived by some in the bitcoin community to be associated with Silk Road." (Id.) (Bitcoin users had long speculated about Bitcoin "wallets" or "addresses" connected to the Silk Road website, based on analyses of the Blockchain. 5 Thus, it appeared the MtGox account in question had transactions involving these addresses.)

The email from Mr. Karpeles' attorney further explained that there was other suspicious activity connected to the account. The account was initially opened by someone using the email address "davidmaisano@inbox.com," but later, when the customer was required to validate his identity, he did so using documents that reflected a different name from the one on the email account. Moreover, the user deposited a large number of bitcoins into the account, which he converted to nearly $2 million in U.S. dollars, but the user never withdrew the funds off of MtGox's system to an external bank account. Eventually, the money was converted back to Bitcoins and transferred out of MtGox. However, after the transfer, the user contacted MtGox saying that he could not access the account, claiming it had been "hacked." After MtGox told the user that it appeared his credentials had previously been changed pursuant to a valid user request, the customer did not inquire further or, as far as MtGox was aware, report the hack to law enforcement, despite the large amount of funds removed from the account.

After receiving the records for the account, investigators working with USAO-SDNY's investigation of Silk Road were able to tie the "davidmasiano@inbox.com" MtGox account to the defendant through various means. For example, MtGox records showed the account being consistently accessed through IP addresses that traced back to the defendant. Moreover, transactional records from the account were included as attachments to certain emails recovered from the defendant's Gmail account, which was searched pursuant to a search warrant.

This may sound relatively innocuous: 'AUSA-2 in USAO-Baltimore' ignored the original email, and by the time USAO-SDNY took it seriously, Ulbricht had already been arrested, and then with all the information in hand and his IP, an account which did nothing was found. So what?

Well, as an exhibit (pg18), it quotes an email from Mt. Gox lawyer Scott was sent to USDOJ on 24 July 2013 and forwarded to Serrin Turner (U.S. attorney / cybercrime coordinator) on 15 October 2013 (emphasis added):

"The user deposited a large number of bitcoins into the account. The user used the bitcoins to purchase U.S. dollars, but the account was never linked to a bank account to make a withdrawal. The transactional records for the account are too voluminous to provide via e-mail. I'm happy to discuss a method and format to provide the records to you.

In May 2013, the user contacted MtGox to report that the account was "hacked." MtGox informed the user that the e-mail address associated with the account had been changed pursuant to a proper request to change the address. A copy of the exchange with the user regarding the hack is also attached to this e-mail. Following the exchange attached to this e-mail, the user did not communicate further with MtGox, and MtGox is not aware that the user made any report to law enforcement.

Prior to the user contacting MtGox regarding the "hack", the approximately U.S. $1.9 million had been converted to bitcoins. The bitcoins (7393.49 BTC) were transferred to address 1AsUc3Lw1oDmwimWoGeCfBngzziS98FP5V (7393.49 BTC). MtGox is aware that some of these bitcoin were used, and the balance (6393.49 BTC) currently remain at address 1Mh58EcGSMMscgh5qE5u4BVSL9KRd8GzQK. MtGox believes 1000 BTC were sold on exchange btc-e.com."

Unlike in the main body, this says something interesting - "The transactional records for the account are too voluminous to provide via e-mail." So if DPR was not using this account to cash out commissions from SR1, but it was heavily trading only to eventually withdraw a noticeably smaller sum of bitcoins, what on earth was this account doing? The obvious possibility is: the 'davidmaisano' Mtgox account implemented the SR1 hedging system.

We identified the 7393.49 BTC withdrawal using a blockchain search, using wallet identification based on multiple input transactions, and tracking back change addresses we could see that the same entity received 8630 BTC in another transaction origination from Mt. Gox. Ulbricht seems to have stopped using the Mtgox account around May 2013. All activity on the account stopped after the last withdrawal, leaving a negligible amount of funds in the account. Why? There are two possible reasons:

  1. The account hack. The hack appears to have been genuine and not some sort of attempt to scam Mtgox: a 05/29/13 journal entry presented in court shows that Ulbricht thought the DEA stole 2mln usd from his Mt. Gox account, a loss confirmed in the spreadsheet Ulbricht kept of SR1-related transactions (exhibit GX-250).
  2. In the 2013 journal, Ulbricht comments on 03/24/2013 that he had been "been slowly raising the cost of hedging", suggesting he was trying to discourage use of it. On 04/10/2013, he writes "some vendors using the hedge in a falling market to profit off of me by buying from themselves. turned of access log pruning so I can investigate later. market crashed today." This suggests he was no longer keen on the hedging system and was planning on scrapping it anyway when the vendors began abusing it, the market crashed (increasing losses), and then on top of that, the account was drained by what he believed was the DEA (see the journal & spreadsheet entries) a month later.

MtGox2014Leak.zip

In early 2014, Russian hackers gained access to Mtgox backend servers (possibly with the help of insiders) and released [a public torrent](magnet:?xt=urn:btih:b6545ecc7db8d44c8cbc4e93989edf8221af75f5&dn=2014+Mt.+Gox+Leak&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp% 3A%2F%2Fopen.demonii.com%3A1337) containing dumps of Mtgox databases up to December 2013 and held the rest back for sale. This is the leak which was used to produce The Willy Report and The MtGox 500 Fortunately, that period covers the full lifetime of SR1.

The email specifies that 'The bitcoins (7393.49 BTC) were transferred to address AsUc3Lw1oDmwimWoGeCfBngzziS98FP5V (7393.49 BTC).', which is an unusual number of BTC. We can search the torrent for that and find entry y, entry x is included as it served as direct confirmation of the account:

x:

3fcf63cc-c7d9-4cd8-b630-9a7ac9ee4ff0,0f97bfa3-b1ad-404a-afb1-8ead63c8250b,"2013-05-06 11:09:31",withdraw,-8630

y:

3fcf63cc-c7d9-4cd8-b630-9a7ac9ee4ff0,521960b9-8524-4737-93a0-2411aaa5e20f,"2013-05-06 12:38:33",withdraw,-7393.49

That first part "3fcf63cc-c7d9-4cd8-b630-9a7ac9ee4ff0" is the UUID.

We asked an ex-employee for assistance in going further. The insider provided the following excerpt from official logs not part of the lea k(after showing him the relevant leak logs):

"521960b9-8524-4737-93a0-2411aaa5e20f","3fcf63cc-c7d9-4cd8-b630-9a7ac9ee4ff0","22329","2013-05-06 12:38:33","withdraw","739349000000","806031","Bitcoin withdraw to 1AsUc3Lw1oDmwimWoGeCfBngzziS98FP5V","(ip)","Money_Bitcoin_Block_Tx","ea309d42641b03ff0c41f1671a803db612d5c8c6f6ef183f197391ba969d2a78"

This shows the same UUID, and some additional information such as blockchain data relating to the withdrawal.

Back to the 2 withdrawals mentioned above; we can see the 8360 BTC withdrawal 1.5 hours before the 7393.49 BTC one. So not only did this confirm that the same entity that received the 7393.49 BTC received the 8630 BTC as well, it shows that it's a withdrawal from the same account.

These are not the only two entries for the account 3fcf63cc. Isolating the entries, we have almost all deposits and withdrawals to that account, ~100 in total. This is an odd amount of activity for an account portrayed as nearly inactive. Further, we can see a withdrawal of 40,000 BTC: https://blockchain.info/fr/tx/ed62ab5009d218af8d6d16cba9e58842dcffa16d75401ccc4910263df9d5e7bb then 2 months later, a deposit of 44,814.031337back into the same account: https://blockchain.info/fr/tx/7269a8ebe71559e6337cab93fe75340dca91deeeed2af11be86affc9a23b50ab

The agent Der-Yeghiayan testifies on 20 January 2015 that they were focusing on what seems to have been a different account (pg102-107), perhaps explaining the general lack of LE interest in the other activities.

The Mtgox insider, which is familiar with the legal side of things, commented on these transactions that the (bogus) identity information for 3fcf63cc had not drawn any notice and that 3fcf63cc was very active with a number of transfers in/out, a peak balance of 150k btc, and ~20,000 different trades of "(deposit, withdrawal, buy, sell, etc)" (consistent with the email's description of the trading activity as 'voluminous'). The 40,000 BTC withdrawal had caught our interest as this was the maximum amount of bitcoin that could be withdrawn within a day at the time, it also meant the user was verified as the limit for unverified users as the time was a mere 4000 BTC per day, the insider confirmed that the account had AML2 status (notarized verification).

An example order from the leaked files:

1312614863842963,"2011-08-06 07:14:23",6534,NJP,sell,USD,29.70994053,292.03445,78.59413634758,22952.195381491,0.8761,78.59413634758,68.856322854115,0,0

Isolating all trade entries associated with the account, 17,049 unique entries were found. (Note that interpreting Mtgox trade records can be challenging; for example, the data is occasionally corrupt, and not all of these are separate orders since the exchange splits them into multiple orders in order to match them with various counter parties.) Looking at the entries, the easiest way to identify multiple trades as belonging to a single buy or sell order is to group them based on timestamps. Individual trades are visualised in this graph, aggregated by day, aggregated by day, and log USD value; the periods of inactivity can be clearly be seen.

The account was registered around April 2011 (logs from Jeb McCaleb's Mtgox apparently were known to be incomplete), and began trading 5 May 2011 (2 months before the hedging went live).

This has two main implications:

  1. This activity is consistent with either hedging, or DPR1 being a trader who doesn't care about cashing out and being so bad he could lose much of his money in a bull market

    This is an astonishingly large amount of bitcoins even at the time, would have represented a large fraction of Mtgox's deposits, and substantial trading volume. It seems difficult to believe that Mtgox did not at least suspect the account of being linked with SR1. (The insider claims they had not realized what the account was for until we began asking about it.)

  2. The exact rationale behind the switching between buying and selling doesn't seem clear.

    Given that Ulbricht's journal/memoirs describes him as barely being able to program when he began Silk Road in January 2011 and learning desperately on the fly, it may be that he implemented the simplest possible form of hedging: building up a cushion of USD early on by selling all hedging bitcoins, and then later buying back due to exchange rate decreases. It'd be worthwhile to analyze this further by looking at the Mtgox exchange rate movements.

IP addresses

It gets even more interesting: The insider noted that the Mtgox IP logs indicate that before the hedging went live, the account connected over the clearnet from probably Ulbricht's house, these IP addresses were identifiable as 'unprotected' because they weren't registered to a server host (the IP addresses that were servers were most likely Tor exit nodes and/or VPNs). More recently (presumably in 2013), 3fcf63cc did not just connect over IPs 'connected to Ulbricht' (which could easily be himself logging in personally to do normal trading), but an IP, 207.106.6.28, connected to the Mtgox API for trading.

The prefix 207.106.6. should be familiar to those who have followed the SR1 case in detail, since it is the prefix of one of the server IPs listed in the civil asset forfeiture request filed in NY to seize SR1's bitcoins after the October 2013 raid. Specifically, the seizure lists the IP 207.106.6.32. In other words, the SR1 backend server appears to have been connecting over the clearnet to Mtgox for its regular hedging transactions. (This is not unprecedented: Ulbricht did SR1 backups to his JTAN account over clearnet because he complained Tor was too slow, and also used a VPN.)

This is a serious anonymity leak: blockchain analysis has lead investigators to Mt. Gox deposit addresses as early as April 2012, a subpoena or request for trading records would show a distinct pattern of large trades which screamed 'hedging' to anyone familiar with the operation of SR1. Was this how the Iceland server was identified?

Probably not. The server image in all filings has been described as having been obtained 23 July 2013, which is 1 day before the original Mtgox email was sent, and would have to have been located and then requested earlier, Further, this would have been a perfectly legitimate investigative strategy, indeed, it's almost surprising that they didn't 'follow the money' and de-anonymize SR1 in April 2012, or even 2011, when the FBI investigation began, and doubly surprising that they could be interested in Karpeles and Mtgox but not get the trading records. There was considerable pressure to take down SR1 as soon as possible (see Der-Yeghiayan's testimony), and there was no reason to wait until July 2013 to image the SR1 server and use such a strange and cockamamie excuse like Agent Tarbell's (undocumented) story of hacking SR1's CAPTCHA. Interestingly, the Mt. Gox insider noted that it was unlikely investigators had any transactional logs of the Mt. Gox account(s) before their attorney sent investigators the full logs in July 2013.

This all also suggests that one could measure SR1 revenue over time by examining the hedging trades to estimate how much hedged volume there was, however it is uncertain to what extent hedging was done on the exchange, a possibility is that hedging was done both on and off-exchange as there are some significant gaps during which the account identified has no trade logs. Something that supports this is the previously quoted journal entry:

"'03/24/2013 / been slowly raising the cost of hedging; / orgainzed local files and notes'"

We see that through 19-21 March 2013 a large amount of BTC is bought on the account, during this same time period roughly 40,000 BTC is withdrawn from the exchange in 3 separate transactions. this could indicate that funds were transferred off exchange for a more risky hedging method(risky in the sense that Ulbricht would take the loss if price collapsed).

(This all raises an interesting alternative history question: suppose SR1 had not been raided in October 2013; Mtgox collapsed not too long afterwards; what would have happened to SR1 when Mtgox vaporized? Did SR1 still have a significant amount of funds on Mt. Gox? Would SR1 have collapsed or DPR1 covered the loss of the hedging funds out of his own pocket? Would the trustees have figured out the DPR1 account and turned it and all the IPs over to law enforcement? Or would people have been motivated to examine the leak for possible DPR1 activity?)

An important note regarding the leaked files: the insider believes parts of them to have been altered by hackers, possibly the same ones that released the files. Further, we learned that the original files were altered too. Further, hackers had full read/write access to all Mt. Gox servers for 3 days, deleting server logs after they were finished. However, we can't find any rumors or evidence that the Ulbricht account was known to anyone, much less the 2014 Mtgox hackers, so it is a priori likely that the Ulbricht transactions are not tampered with specifically.

Who Stole Ulbricht's Coins?

We know from the original email that this was Ulbricht's account, and we now know it was the hedging account rather than a way of cashing out or day-trading, due to its timing, activities, and lack of fiat withdrawals. But that doesn't answer the question: where did the coins go and who took them?

Ulbricht claims, complaining to Mtgox support, that he was hacked. He might be lying, but the same claim appears in his personal records where he has no reason to continue the pretense. Specifically, he thinks his coins were seized by the DEA.

  1. The government did not take them. This is definitely wrong because the internal Mtgox records show purchases of Bitcoin and then a normal Bitcoin withdrawal rather than seizure of USD balance, there was no government announcement then, and still has been none.
  2. A hacker did not take them based on the notorious Mtgox 2011 leak of usernames/password-MD5-hashes: we've checked but the "davidmaisano" account is simply not included in that dump (although interestingly, an account named "altoid" is), so as attractive and simple as this explanation would be, it's impossible - the account could not have been exploited by cracking the password hash since no such hash was available.
  3. A vendor probably did not take them. Our insider suggests a SR1 vendor may have figured the hedging system and somehow broken into the account and taken them. (Specifically, that they have some elements that could show vendors from Silk Road stealing and/or hacking Mt. Gox; further details were not given to us to protect his identity.) But it's not clear how a vendor would even know SR1 genuinely used hedging, used it on Mtgox, which account it was on Mtgox, get the password or authentication token, and get in to drain it.
  4. A Mtgox insider may have taken it. If they realized what the account was, it would be easy to log in, and withdraw the coins to sell on BTC-E. They would also know that Ulbricht would be unable to complain to LE, and easily verify the account to get higher withdraw limits. (Tampering with the records might also explain some anomalies and missing entries, but might not.)
  5. A SR1 insider may have taken it. Ulbricht hired multiple people ("smedley", "Variety Jones"/"cimon", "utah", etc) to work on coding and maintaining the site, and the hedging functionality was written in early 2011, when his coding was most amateurish and insecure. He showed a propensity for hardwiring values (the JTAN backup IP, the VPN login IP). If he hardwired the username/password or something of that ilk, any one who saw that part of the codebase could have easily engineered the theft; various employees had access to the codebase and sometimes the server itself (eg. "...04/21 - 04/30/2013: market and forums under sever DoS attack. Gave 10k btc ransom but attack continued. Gave smed server access..."). In which case, the question is not why the hedging account was burgled in 2013, but why it wasn't burgled earlier.

Anomalies & Missing entries

EDIT: removed section about 3 missing rows. Appears to have been a glitch in downloading over HTTP or grepping the 2014 Mtgox leak, please disregard.

An additional anomaly is the account-verification status. Mtgox required identification for very large withdrawals like the 40k BTC withdrawal on 6-9-2012 or the final withdrawal of 4933 BTC made by the putative hacker, and this identity verification is attested to in the government email. But nevertheless, the transaction records mark each transaction with the Mtgox code of "!!" for an unverified or untrustworthy account, from the beginning to the end:

1351795530115354,2012-11-01 18:45:30,6534,NJP,sell,USD,8.23742072,91.91536,79.874,7341.627,0.25736,79.874,20.556,0,0,!!,
...
1367843632129978,"2013-05-06 12:33:52",6534,22fa9cb7-edfa-475e-a598-7b6b0d147ea5,45fe9a2df91b0b67779de6646a32fe42,NJP,buy,USD,134.13461537,16753.41346,98.063,1642892.307,0,98.063,0,0.40240385,4511.694,!!,

It's not 100% clear whether the '!!' notation refers to identify-verification or whether it might also here be referring to the account being accessed from multiple countries' IPs (which is certainly the case for SR1, which according to the master server list document from Ulbricht's laptop, exhibit GX-264, bounced from country to country).

TODO

Open questions:

  1. How much did Mtgox really know and when did it know it?
  2. Who were the Silk Road insiders and what information did they give, and to who?
  3. Does this account, the account(s) the FBI investigation focused on, or any other Silk Road link to Mt. Gox have any connection to Mt. Gox's massive losses?
  4. Does the 'hacking' and big withdrawal account for most of DPR1's missing bitcoins? The coins seized from the SR1 servers and Ulbricht's laptop do not add up to the recorded SR1 commissions
  5. How was Ulbricht's Mtgox account hacked, exactly?

    The 'davidmaisano' account was not part of the 2011 Mtgox username/password leak, so the password hash could not have been cracked; 'altoid' was, but should have no connection. Or was it indeed SR1 vendors? And if so, how exactly did they go from suspecting that SR1 was hedging on Mtgox to being able to control the exact account and do withdrawals? Could they have hacked the SR1 backend and instead of settling for the hot wallet, stole the authentication for the Mtgo API and drained the account that way? Or, could it have been another Mtgox insider who, observing the trading, realized what the account was for and quietly drained it with some bitcoin withdrawals, knowing that Ulbricht would be unable to do anything but complain to Mtgox?

  6. Did the trades stop in May 2013 because the account was hacked? Did activity switch to a different Mtgox account, a different exchange (such as BTC-E), or did DPR1 switch to self-insuring?

  7. How much did Mtgox make off the hedging trades directly, or was its tolerance more strategic and about not interfering with SR1? There are BTC/USD fees for each transaction but it's a bit difficult to convert that into a total.

  8. Is hedging on exchange intrinsically unsafe for any large black-market due to the distinctive signature, increased counterparty risk, and high volume of trades?

Code

The CSV file follows a schema like thus:

Trade_Id,Date,User_Id,Japan,Type,Currency,Bitcoins,Money,Money_Rate,Money_JPY,Money_Fee,Money_Fee_Rate,Money_Fee_JPY,Bitcoin_Fee,Bitcoin_Fee_JPY

Or by column-number:

  1. Trade_Id,
  2. Date,
  3. User_Id,
  4. Japan,
  5. Type,
  6. Currency,
  7. Bitcoins,
  8. Money,
  9. Money_Rate,
  10. Money_JPY,
  11. Money_Fee,
  12. Money_Fee_Rate,
  13. Money_Fee_JPY,
  14. Bitcoin_Fee,
  15. Bitcoin_Fee_JPY

Halfway through, the format changes to include a hash. It can be deleted like this:

sed -i -e 's/22fa9cb7-edfa-475e-a598-7b6b0d147ea5,45fe9a2df91b0b67779de6646a32fe42\,//' mtgox.csv

The resulting file can be read into R and graphed:

hedging <- read.csv("mtgox_uuid_6534.csv", header=FALSE)
hedging$Date <- as.Date(hedging$V2)
hedgingDaily <- aggregate(V8 ~ V5 + Date, hedging, `sum`)
with(hedgingDaily, qplot(Date, V8, color=V5))

etc


Comments


[41 Points] 512austin:

Is this shit your job?


[25 Points] 0xb44d:

SR1 backend server appears to have been connecting over the clearnet to Mtgox for its regular hedging transactions.

It also sounds like an extremely naive version of hedging: with one hedge transaction per order on SR. There are plenty of more advanced ways to hedge, and most involve not actually trading but rather purchasing options (I believe bitfinex was around at the time). In real life hedges you don't have businesses converting currencies at their bank using real cash for every product being sold.

Hedging as a service for markets is still possible, and it can be done anonymously - it would just require a step up in terms of the capabilities of those involved and implementing it.

Ulbricht's problem with having blind spots in his security setup is extremely common. Most people here laugh at his OPSEC mistakes or mock him, but i'd bet that come arrest 90% of users here would have similar issues.

Ulbricht's thinking would be: the only thing that links the Tor HS to these servers is the onion address, and Tor keeps that safe. For everything else I can shove it out the back door over encrypted connections. If they locate the server then the worst they find is my VPN address, if they locate that, the worst they find is the cafe I use in busy San Francisco, etc. etc.

The corporate term to describe solutions to the narrow view is "360 degree security" - rule of thumb is that you can't secure yourself in this way, you have to have someone else apply and test it for you (to remove those biases). If you think you're immune to this because you're smart and Ulbricht was dumb, I have some news for you.

We also have the benefit now of knowing that the US government run a comprehensive near-full grab SIGINT network around the world and that both the FBI and NSA are completely ok with offensive hacking with the courts holding up evidence gained via it. The impression I got from Ulbricht's diary is that he was for some reason strangely at ease with running the site after the Gawker + Senators blow up, and despite all the mentions of security holes and bugs never linked that to a law enforcement investigation or capability.

surprising that they could be interested in Karpeles and Mtgox but not get the trading records

They likely did request the trading records, but either MtGox didn't cooperate or the probable cause didn't fly in Japan.

Who Stole Ulbricht’s Coins?

Easy theory: during one of the many hacks on the SR servers a hacker located the script used for hedging, extracted the API keys from the source code and transferred the funds out themselves.

Another lesson from this: grey market businesses like MtGox and their owners like Karpeles will almost always sell their users out to protect themselves. MtGox cooperated without any legal requirement. Something to keep in mind the next time you're using a service that is legally questionable


[17 Points] deltadopamine:

Sometimes I like to take myself out of my head and try to read these posts as a lawyer from the 1800s. What in the everloving fuck did the world turn into? Jules Verne said nothing about this.


[15 Points] jaspmf:

Beautiful writeup, thanks for obviously taking so much time to thoroughly document thought processes


[10 Points] drpnit:

Gwern, You are absolutely amazing. I see what you're up to when you disappear for long periods of time. The amount of work you guys must have poured in to this . . . incredible.


[10 Points] ShulginsCat:

Read through this twice and still have no idea what's going on. Take an upvote


[6 Points] Dirty_Cop:

a


[5 Points] brassmail:

I'm going with insider at MTGOX just swiped his BTC, I think that's the simplest and most probably, but maybe a third-party hacker too. All those $6 gas expenses are funny, he was broke as hell--or were those charges for a generator at the mushroom cabin? Some generators hold 2-3 gallons so it could be each time he had to fill it up he put it on his spreadsheet? Even I can afford to put a $10-20 spot into my tank...


[4 Points] asimovwasright:

Quick questions about the expense sheet :

Quick questio about the above report :

An important note regarding the leaked files: the insider believes parts of them to have been altered by hackers, possibly the same ones that released the files. Further, we learned that the original files were altered too. Further, hackers had full read/write access to all Mt. Gox servers for 3 days, deleting server logs after they were finished.

How can you make any assessment based on corrupted data.

Maybe it was the point. (corrupt data and wait for people to connect dots ((the dots you write)))

Anyway, nice read! Well done


[4 Points] None:

Fascinating. Well done Gwern. Somebody x-post this to /r/bitcoin


[4 Points] None:

Does anyone know what fpga's are?

/u/gwern ?


[3 Points] None:

[deleted]


[3 Points] AussieCryptoCurrency:

OP: fantastic post. Great read.

Just quickly... What's JTAN?


[3 Points] None:

Out of curiosity... How much time did you spend on this? Lol


[2 Points] punkrampant:

/u/changetip $1


[2 Points] SM411:

If I were too dig down a wallet with backup-coins in case I got caught, I would also have tried to document everywhere possible that they were stolen. Maby Ross will be a millionair when he is released from jail.


[2 Points] creamynebula:

I think the theory that a Mtgox insider figured out who the account belonged to and decided to clean it is the most plausible one.

While reading I also thought of a conspiracy theory, maybe someone from LE did "follow the money", then actually found the silk road servers because it was connecting to mtgox from clearnet. And then with access to its servers, found the login details for the hedging account hardcoded as you suggested, stole Ross money, and then proceeded with coming up with a parallel construction such as the captcha thing to bust it much later with another story, so noone would find out that they stole the money from silk road.


[2 Points] DeeBoFour20:

It's really just speculating on who stole Ross's coins but I'm gonna guess an SR1 insider. You said he was using APIs from the SR server directly to Mt. Gox so if he's going to be that careless he probably didn't think to hide the password/API keys that were stored there. Someone else with access to the SR server probably stole them and he was never the wiser.

Is hedging on exchange intrinsically unsafe for any large black-market due to the distinctive signature, increased counterparty risk, and high volume of trades?

Yea dumb as fuck especially on an exchange. Most exchanges have AML requirements even if you never withdrawl fiat so you'd need to fake identification. If that exchange later figures out your ID is fake and suspects illegal activity they can freeze the account and seize all your funds (or turn them over to the police.) It also ties the illegal market to a specific clearnet market so LE can possibly make a connection "following the money." On top of all that, you run the risk of the exchange getting hacked, getting shut down, or your specific user account getting hacked (like what happened to Ross.) BTC in an exchange is inherently less safe than BTC where you exclusively control the private key.

And all that risk for what? Making your vendors less angry on a market crash? If the vendors are that worried about price fluctuations they can temporarilly require FE until prices stabilize or just pull their listings.


[2 Points] gwern:

Additional question: did Force & Bridges also steal the Mtgox account? The complaint in https://www.reddit.com/r/DarkNetMarkets/comments/30thlh/psaarticle_2_federal_agents_in_silk_road_case/ identifies the original theft as having been done using Curtis Green's SR1 admin account (to reset vendor accounts and then empty them) but Ulbricht's journal dates the Mtgox theft to much later in 2013. So did Force & Bridges do it later, or did Ulbricht just take that long to notice, or was it Mtgox illicitly seizing Ulbricht's account to help compensate for its own seized account after all?


[1 Points] None:

[removed]


[1 Points] bitcoindark:

Regarding Question #6, wasn't it around this time where DPR considered to create his own bitcoin exchange?


[1 Points] None:

[removed]


[1 Points] slowmoon:

And how is USD-value locked in these days?


[1 Points] None:

They say insider information makes a market more accurate

which must be a good thing...?


[1 Points] None:

" It was not clear how DPR had implemented hedging"

I'd love to know too. It wouldn't be too hard to work out the mathematics but safe guarding against some of the dangers must have been tricky.


[1 Points] None:

[removed]


[1 Points] Wailuku808:

The "Russian" hackers are a wild card. Are they that good? If so, why not? Maybe SR1's lost coin was micro-momentarily rubles...


[-1 Points] None:

tldr?


[0 Points] benjamindees:

The government did not take them.

LOL, no.

Scouring manipulated log files will get you nowhere. Pay attention to the big picture.