Kim Nilsson at WizSec just posted about their theory of how the 650,000 bitcoins MtGox theft happened. That’s over $1.6 billion at present prices and probably the biggest theft ever.
According to that report, it was just a matter of getting a copy of a “wallet.dat” file in 2011. Since those files were not encrypted at the time, the thief could spend bitcoins from MtGox. Which is exactly what they did.
Now comes the weird part. The theft has been going on for years. And MtGox apparently didn’t notice. They even interpreted those bitcoin spends as deposits, crediting some costumers with extra bitcoins to the tune of 40,000 bitcoins.
I can understand that hackers would be able to get past the lax security efforts of the first couple of years of Bitcoin history.
But having your wallets drained over a period of multiple years and never even noticing? Interpreting spending bitcoins as deposits? That doesn’t make any sense. But since all transactions in question are recorded forever in the blockchain, there is no way to make up such a scenario.
I was always wondering why MtGox would not disclose exactly from which addresses exactly when funds were removed. Maybe the reason was the same this WizSec report didn’t come out earlier. Which is a desire to not compromise an ongoing investigation.
Did Mark Karpeles know? If so, when? If not, how is it possible to have 650,000 bitcoins stolen from under your nose without noticing?
There may also be some interest in recovering the stolen bitcoins from the guy arrested in Greece, one Alexander Vinnik. Even a partial recovery would make a big difference for the creditors of MtGox, as well as for Mark Karpeles.