WizSec Sees Little Hope For MtGox Creditors

Recent reports suggest that U.S. agents were involved in the theft of large quantities of Bitcoins, in addition they allegedly had connections to Silk Road and Mt Gox. However the team at WizSec have their doubts as to the effects of the agent’s alleged actions in relation to the collapse of the notorious Bitcoin exchange, “First of all: no, we don’t think these agents are main characters in the story of the missing MtGox bitcoins, and the story doesn’t begin in 2013 either,” Kim Nilsson, Lead Investigator at WizSec.

WizSec, also known as Wiz Security Consulting, is a security specialist based in Tokyo, Japan. They work for Bitcoin companies around the world in an effort to strengthen security. Since the epic collapse of MtGox in early 2014 unanswered questions remain, and little evidence has surfaced.

“Some, like us, have made their own unofficial attempts at independent investigations of MtGox; ours is probably both the longest-running and the one that has made the furthest progress.”
— – WizSec

WizSec openly admits the report is merely a peek into their ongoing investigation, “and as such there will be plenty of questions that for the moment go unanswered.” However, the team states that information will be released to the public as it comes to light.

The WizSec report specifically addresses whether the MtGox bitcoins were real, and did MtGox at any point hold the coins in question, or were they fake deposits. Delving into leaked MtGox data from 2014 the WizSec team approached these questions with the assumption that the logged deposits and withdrawals in MtGox were genuine. After WizSec compiled the available data, and analyzed the results, logical results begin to unfurl.

In order to accumulate the data WizSec firstly had to work out exactly how many bitcoins MtGox actually held. To tackle this ambitious task WizSec employed  what they call a ‘multi-pronged’ approach, outlined in the report;

• See if the trustee will agree to release the list. Nope.
• Try to match up the logged deposits and withdrawals from the leaked data with transactions on the blockchain, and from there start flagging addresses belonging to MtGox.
• Further deduce ownership via clustering analysis, identifying additional addresses owned by the same entity by observing which addresses are ever spent together.
• Improve and fill in gaps in the data through insider sources.

WizSec compiled a list of over  2 million MtGox related Bitcoin addresses. “We have confirmed with our sources that this list is more or less complete” states the report.

“There are still some notable gaps, mostly related to older internal transactions where bitcoins were moved around.”
— – WizSec

Since the release of the report these gaps have been somewhat filled. The total amount of MtGox-related transactions were found to be in the millions, “even heavily filtered down there are still thousands of potentially interesting transactions to go through,” said the report.

Typically an exchange will perform transactions internally, moving coins into cold storage and adjusting bitcoin outputs to maintain the smooth operation of the wallet. These transactions were not logged in a manner that WizSec could access, but patterns still emerged which WizSec interprets as being intentional theft. “One recurring pattern eventually stood out: MtGox bitcoins would suddenly get sent to a new non-MtGox address, without any withdrawal log entry, often in fairly recognizable amounts of a few hundred BTC at a time,” said the report.

“These addresses in turn would get gathered up into bigger addresses holding a few thousand BTC. From there, the coins would get deposited in chunks of some hundred BTC at a time onto various bitcoin exchanges.”
— – WizSec

The report explains that using various exchanges could be an attempt to muddy the trail of Bitcoin transactions, but WizSec believe they were sold for cold hard cash. The exchanges used were identified by the report as MtGox itself, BTC-e, Bitcoinica and others as yet to be determined.

“So far, some estimated 300,000 BTC have been identified as taken out of MtGox in this fashion between late 2011 and the end of 2012, but this number may well rise as the investigation continues”
— – WizSec

WizSec believes that creditors may have a difficult time retrieving their investment. “[…]if the thieves deposited stolen coins onto MtGox, sold them for cash and then withdrew that money, we’re still left with creditors who bought those coins for real money in good faith.”

“The fact that the coins were real, stolen and at significant risk of already having been spent would seem to further dim any hopes for creditors of recovering any more bitcoins. Realistically, we are left to hope the payout percentage might improve as invalid and illegitimate claims could potentially be filtered out.”
— – WizSec