|
 That's because the crypto-currency is a lot more complex than it
looks, even to those who believed in it enough to invest their
savings, bitcoin experts say, illustrating the scale of the
challenge facing investigators trying to unravel the multimillion-dollar mess at what was once the world's dominant bitcoin exchange.
Forum websites like Reddit and internet relay chatrooms have
attracted hordes of users as the Mt. Gox debacle unfolded in recent
weeks. But their crowdsourcing investigations have uncovered little
in the way of real evidence about what happened.
"The crowdsourcing so far has been a miserable failure," said Emin
Gun Sirer of Cornell University, who posted his own analysis
challenging several theories about what may have happened at Mt. Gox.
The problem, Gun Sirer and others say, is two-fold: users of such
forums are not always methodical or disciplined in their research on
one hand, and on the other, bitcoin's combination of transparency
and complexity invites the unwary to draw false conclusions.
Mark Karpeles, the 28-year-old French CEO of Tokyo-based bitcoin
exchange Mt. Gox, filed for bankruptcy on Friday admitting that some
850,000 bitcoins — worth more than $560 million at today's prices,
and about 7 percent of all bitcoins minted — were missing. Karpeles
blamed hackers for the theft, based on a so-called "malleability"
bug in bitcoin software.
BLINKING
The collapse of Mt. Gox has left thousands of bitcoin users bereft.
Driven in part by a desire to find the missing bitcoins, and in the
absence of any solid explanation by Mt. Gox or Karpeles, Reddit
users and others have shared links, studied bitcoin transactions and
traded rumors online.
One forum, mtgox-chat, has become the starting point of much of the
digging, so much so that a user claiming to be Serbian chose it to
first share links to files apparently stolen from Mt. Gox's own
servers, including computer code and what appeared to be a tape
recording of a conversation between Karpeles and Japanese bankers in
late January.
Some of the research, however, has been less useful.
One user on Reddit, for example, suggested that Karpeles had been
blinking a hidden message in morse code during a press conference in
Tokyo last Friday, prompting some to replay the video frame by frame
to try to divine the message.
Other efforts have been more serious, and borne fruit.
A European in his late 20s who works in the legal profession and
goes by the name of Aquentin ONLINE traced the movement of some of
the bitcoin Karpeles had moved from one wallet to another back in
2011 as proof that Mt. Gox was insolvent.
His research, he said in an email interview, showed that these coins
were among up to 200,000 moved again recently, in late December and
in early February — indicating that not only were there bitcoins
still somewhere in the system, but that they seemed to belong to Mt.
Gox.
Aquentin's research was followed up by others, among them a PhD
student in the UK who calls himself Oakpacific. Both declined to
give their names or other identifying information.
Their conclusion: the movement of coins they investigated did not
square with the explanation given by Mt. Gox that the exchange lost
its coins to a malleability attack. Says Aquentin of their findings:
"They show that at the very least we have not been told the whole
truth."
Their conclusions have been, at least in part, backed up by more
established figures. Ken Shirriff, a software engineer at Google who
runs a blog at righto.com, analyzed transactions in early February
on Mt. Gox and raised questions about the company's claims that it
had come under attack prior to February 7.
Shirriff was cautious in his conclusions, but he said in a blog post
that the malleability attack he looked into could not have been
responsible for Mt. Gox's problems at that time. Shirriff declined
to be interviewed for this article.
IODINE
Indeed there are, potentially, rich pickings to be had from such
research.
Because the transaction history of bitcoins is public, says Italian
computer security researcher Stefano Zanero, it's possible for
anyone to investigate. Moreover, if a bitcoin owner is not careful
in detaching the keys — his PIN number — from anything that may
identify him, he would effectively remove anonymity from a
transaction.
[to top of second column] |
But researching this is not easy, he warns. Zanero has with
colleagues from Italy's Politecnico di Milano developed software
called BitIodine which studies bitcoin transactions to cluster
addresses likely to belong to the same user, or group of users.
BitIodine will be demonstrated at a financial cryptography
conference in Barbados this week.
But he warns that even BitIodine only supports, but doesn't replace,
any traditional investigative techniques — as well as requiring a
lot of computing power and memory, not to mention analysts skilled
enough to make sense of it.
"It's no silver bullet," he said in an email interview.
TOO MUCH INFORMATION
Indeed the problem with tracing bitcoins is almost too much
information.
Bitcoin's ledger, called the blockchain, that records all
transactions, makes public a chunk of information that would
normally require many subpoenas to extract, Gun Sirer says. "So
that's fantastic, but it's the perfect set-up for armchair experts
to end up getting in over their heads," he said.
The danger arises when drawing links and patterns between wallets
and transactions that are spurious, he says. From there to
implicating unrelated people is a short and dangerous step.
Gun Sirer points to a paper by Israeli academics Dorit Ron and Adi
Shamir published in November which inferred a relationship between
Satoshi Nakamoto, the pseudonymous 'founder' of bitcoin, and the
creator of Silk Road, a website for trading drugs. Silk Road was
shut down by the FBI last October. Its alleged founder, Ross
Ulbricht, has pleaded not guilty to charges including money
laundering.
The paper was withdrawn after a cryptographer called Dustin Trammell
said he owned the bitcoin address the researchers had uncovered.
"The crowds are capable of making far worse mistakes with bigger
consequences," said Gun Sirer.
Indeed, Reddit is still smarting from last year, when its users
misidentified two young men as suspects in the Boston Marathon
bombings. Reddit later apologized for fuelling "online witchhunts
and dangerous speculation."
LESSONS
Some users say the lessons from that episode have only been partly
learned.
An Oklahoma-based soft drinks distributor called Michael Bennett dug
up what he said were 29 wallets containing about 690,000 bitcoins
traded heavily in the weeks leading up to February 24. But when he
posted his findings on Reddit he found little interest in following
up or joining him in doing more research.
"It's really showed just how poor the community is," he said in an
online interview. "People just look for the juiciest leads, they
want drama, they want excitement."
Emma, a 20-something female based in the United States, who
frequents the mtgox-chat channel, says that in some ways it's
understandable. She has 120 bitcoins stuck in Mt. Gox, which she had
been buying since 2011. At current prices, that sum would pay off
all her debts and allow her to go to college, she said.
Many of those in the chatroom, she said in an online interview, are
simply struggling to find even the basic pieces of the puzzle, while
at the same time smarting from having lost their savings.
"People are feeling helpless and desperate. I know I am."
(Editing by Ian Geoghegan)
[© 2014 Thomson Reuters. All rights
reserved.] Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
