A Tokyo-based bitcoin security consultancy revealed today it has been actively investigating the disappearance of 850,000 BTCÂ from Mt Gox âfor the past few monthsâ.
Given full access to official records, it says, it could potentially reveal much more of what actually happened at the ill-fated exchange.
The company, Wiz Technologies, has been âunofficially and independentlyâ analyzing data using a partially complete database of all Mt Goxâs historical trading data that it reconstructed from various public and other available sources.
Wizâs founder and âchief hacking officerâ J. Maurice told CoinDesk that his team wished to present its preliminary findings to Mt Gox bankruptcy trustee Nobuaki Kobayashi, in the hope of being assigned an official role in the investigation.
He said:
âWeâre the only exclusively-bitcoin security consultancy working in Tokyo, so weâre the only ones really qualified to investigate this sort of case. Weâre in the right place, with the right people and the right skills.â
Although Wiz has spent months analyzing the âticker tape of Mt Gox tradesâ in its unofficial database, it still needs access to the complete, official database that is currently only accessible to Kobayashiâs team and the Tokyo Metropolitan police.
That database would include personally identifiable customer information and bitcoin addresses, allowing Wiz to reconcile their existing knowledge with the actual bitcoin block chain, and likely reveal more information about the missing 850,000 BTC that led to Mt Goxâs abrupt shutdown in February.
Wizâs unofficial trading database was built from sources including trading data leaked after the shutdown, real name and account ID information leaked from an earlier Gox hack in 2011, lesser-known third-party sites that logged trading data, plus other, assorted pieces of data the team gleaned from sources via Internet Relay Chat (IRC).
Maurice added:
âThereâs a lot of huge stuff thatâs going to come out, and this is just the beginning.â
Maurice rose to prominence last May, when he played an essential role in defending Roger Ver against the infamous âransomâ hack attack. The Wiz Technologies team also includes lead engineer Kim Nilsson, who heads the technical investigation in this case, and attorney Daniel Kelman, who takes care of legal matters and has been at the forefront of the Gox case on behalf of its creditors.
Although Tokyo detectives posses the official database and have been conducting their own investigation into the case, their more limited knowledge of and experience with bitcoinâs inner workings could slow their progress, Maurice said.
Wiz has formed several theories about what happened at Mt Gox and how bitcoinâs largest ever heist was executed, but all its findings remain unconfirmed until it can access all records.
Maurice stressed that Wiz would not charge a fee to Mt Gox creditors and would find external sponsors to finance any official investigation.
The most thorough records of Mt Goxâs trading history were obtained when Japanese hacker ânanashiâ (Japanese for âanonymousâ) posted trading data up to November 2013 on the homepage of CEO Mark Karpeles.
From this data, another anonymous researcher wrote the now-famous Willy Report. This report identifies the bizarre trading activity of two specific Mt Gox accounts, dubbed âMarkusâ and âWillyâ.
Beginning Valentines Day 2013, Markus traded erratically at seemingly bizarre prices until September, when the account shut down. Seven hours later, the âWillyâ account was created.
Willy exhibited less attention-grabbing behavior, but was systematic and appeared to be a bot, or trading algorithm, always trading at market prices in random amounts within set limits. It would trade at regular intervals of a few minutes before going dormant.
Maurice said the information about the Mt Gox theft that this report reveals has been out in public for some time, but its complex and technical nature mean few have actually read the Willy Report completely or understood its true implications.
Both unusual accounts, he said, were likely created by someone associated with the disappearance of the 850,000 BTC. The hacker had access to Goxâs inner workings and was able to compromise its database by creating new accounts and setting fake balances âwith money that didnât existâ.
Between them, the Markus and Willy accounts are shown to have âboughtâ hundreds of thousands in bitcoin before November 2013, when the leaked data ends.
Wiz would have to see the full records to determine what happened to those bitcoins once Markus and Willy were finished. Whether it was later withdrawn, and where it might have gone, is yet to be ascertained. The first step of any official investigation would be to uncover those basic facts.
âWe can see every trade that happened within the Mt Gox system, but once it left we canât see where it went,â Maurice concluded.
Image via cosma / Shutterstock
Â
