A file of material purporting to include detailed information on trades at the Bitcoin exchange Mt Gox, has surfaced online, after attackers targeted the personal blog and Reddit account of CEO Mark Karpeles.
The BBC reports that the unknown attackers this access to steal files including an Excel spreadsheet which seems to display records of more than one million trades at the exchange, which admitted to a loss of nearly $500 million in Bitcoin last week. It’s unclear whether these files are accurate, however.
The hackers posted the file among others in a 716MB data dump, including entries from business ledgers. The message accompanying the files said, “It’s time that MtGox got the Bitcoin community’s wrath, instead of the Bitcoin community getting Goxed.”
The files posted online appear to show that Mr Karpeles still has a Bitcoin balance of more than 900,000 BTC. The attackers interpreted this as evidence that the ‘stolen’ funds remain under his control, according to Boy Genius Report.
It’s not clear whether the files offer an accurate picture of trading at the exchange, or of Mr Karpeles’ involvement, according to Forbes’s Andy Greenberg. Greenberg says that the apparent ‘poor accounting’ could merely reflect the exchange’s lack of knowledge about Bitcoins being stolen. The files may also be inaccurate, as at time of writing, no one has verified the figures quoted.
Forbes‘s Greenberg writes that many within the bitcoin community felt frustrated at a lack of communication from the company, and that the unknown attackers claim to be acting in response to this. “Mt. Gox’s staff isn’t talking. So another group of hackers say they’ve broken into the company’s servers to provide answers of their own,” Greenberg wrote.
Greenberg posted details of a Bitcoin forum user attempting to sell a database which he claimed contained personal details on Mt Gox users, including password scans. Mr Karpeles has so far declined all requests for comment.
Earlier this month, Mt Gox admitted that nearly $500 million in Bitcoin had “disappeared” in a statement posted online – as computer code posted on Pastebin appeared to be part of the backend for the exchange, which would tally with Karpeles’s claims that the site was hacked, as reported by We Live Security here.
The site’s statement says, “At the start of February 2014, illegal access through the abuse of a bug in the Bitcoin system resulted in an increase in incomplete Bitcoin transfer transactions and we discovered that there was a possibility that bitcoins had been illicitly moved through the abuse of this bug. We believe that there is a high probability that these Bitcoins were stolen as a result of an abuse of this bug and we have asked an expert to look at the possibility of a criminal complaint and undertake proper procedures.”
Wired claimed in an in-depth feature that many of the company’s troubles could be traced to its CEO, Mark Karpeles, quoting unnamed “insiders” who described Karpeles as more of a computer coder than a CEO. One company insider, speaking to Wired on condition of anonymity, said, “Mark liked the idea of being CEO, but the day-to-day reality bored him.”
The company’s website was taken offline last week, shortly after a statement was published online by digital wallet company Coinbase, denouncing Mt Gox, and endorsed by other leading Bitcoin exchanges, saying, “ As with any new industry, there are certain bad actors that need to be weeded out, and that is what we are seeing today. Mtgox has confirmed its issues in private discussions with other members of the Bitcoin community.”
The cryptocurrency faced further difficulties in the wake of Mt Gox’s closure, as several banks and exchanges admitted losses due to reported attacks by cybercriminals.
Bitcoin bank Flexcoin shut down after it was unable to cover losses from a hacker attack in which 896 Bitcoins were lost – valued at $570,000 according to The Guardian’s report.
The attackers were able to steal all the bitcoins stored in the bank’s “hot wallet” – the portion of its funds on computers accessible via the internet – due to a transaction flaw in its code. Much of the bank’s assets was in “cold storage” – ie on devices not accessible via the web, but the bank was unable to cover the losses from the theft.
Author Rob Waugh, We Live Security