The coins move around and small amounts are sent away, but the majority ends up back in Mt. Gox's main (hot) wallet. This repeats a few times until the majority is paid back to the main Mt.Gox address.
Here is the transaction where it starts to get interesting:
What's left of the 500,000 (429.9k) is split into roughly half and sent to 2 new address. And then each of those address splits the coins in half and sends to two new address.
The end result is that the 429k was split again and again until the funds are split into many addresses, each of which now contain less than 1,000 BTC each. I stopped following the transactions there.
Why take 429k and split it into many addresses each containing less than 1,000 BTC each?
I'd like to see someone trace all of these coins and see if they end up coming together somewhere or show a pattern.
It would be interesting to put these transactions, or the whole blockchain, in a graph database like Neo4J. Dealing with it as a graph would make it easier to find the sinks for all the transactions that started from that wallet. It would also be interesting to look at deviations from the historical statistical distribution in the aggregate of these transactions as a function of time, that would show when a single actor moved a lot of bitcoins even if it is allocated among many addresses. I would bet that the thieves didn't bother to match their transactions with the background statistical distribution.
It's under Pricing in the FAQ page (the gist: contact them via the contact link to discuss a price, because it's apparently too complicated to estimate), but yeah, the FAQ seems like rather an odd place to relegate such an important aspect to.
A quick translation: "pricing not on the front page, because contact us" -> "we have an enterprise sales model, which means that if you won't pay six figure prices, forget you ever saw this product".
Not always literally true, but a good rule of thumb; you can't really sell $100-$1000 products that way, the cost/time of salespeople doesn't work out in that case.
Edit: Guys, the original address. The one which contains the MtGox coins. If you track any large transaction. > $30k, even the recent ones. They follow the same pattern. Split into two. And they all end up in pretty big wallets.
As much as I want to call it a witch hunt, there seem to be some patterns (I may be biased as I do want this thing to end up in positive). There's still so much information missing.
I'm a bit new to bitcoins, but is it technically possible for the bitcoins community as a whole to make a blacklist of bitcoins addresses and "ban" the stolen bitcoins ?
Such blacklist would daunt robbers and enforce public trust in bitcoins.
This is not technically speaking impossible, but the Bitcoin community has a visceral hatred for the idea, because it allows off-blockchain-entities to effectively deprive them of the use of their coins. It also undermines trust in the currency generally, since why accept Bitcoins if there is the possibility that you'd be paid with black Bitcoins instead of white Bitcoins, when you're practically speaking guaranteed that all dollars are green.
Also "Take all the coins that went through Silk Road. Now, floodfill forward." (probably) colors most of the network black.
Well, the supply of BTC is finite, so simply excluding stolen BTC's has some additional problems. May be better than not addressing it, but while BTC provides a mechanism for following them through the transaction chain, it's not that simple to ID what addresses contain "stolen" BTC. What if the thieves are able to launder them through unwitting proxies? For example, steal a bunch of BTC, sell them on another exchange immediately, and now, how do you blacklist those "stolen" bitcoins without screwing over an innocent bystander?
Because transactions are recorded in a public blockchain, couldn't that be a big downside for anyone accepting bitcoin whether or not the coins appear on a blacklist/warning list. If a sending wallet address is associated with some contested activity (e.g. someone getting sued, or indited), I could imagine that those BTC could easily get swept up in the legal actions to unwind or resolve the activity.
This vs accepting cash which is fungible, and would need some other evidence associating the buyers money with the contested activity. At least the resolution activity there would likely be stopped at one level from receiving the cash, but with BTC, you happen to be able to track that one specific coin right through multiple layers of transactions. I can see lawyers tracking all the way out to the current holder of a given BTC.
edit: Upon a bit more side reading, I think the tracability of a given BTC is a bit overstated here.
I'm pretty sure your logic is flawed. Someone is already screwed, its sort of why police can confiscate stolen goods even if you paid for them.
I'd like to know if it would be feasible to regulate in someway to claim ownership of said coins and have them returned should they turn up in some sort of regulated clearing house / exchange. Caveat: I know this is in no way possible right now, yet as soon as this block chain gets large enough we are going to have some form of centralization going on, and with that I am certain it will be regulated in some way eventually. That is, if it lasts that long.
What exactly is the plan to deal with a multi terabyte block chain anyways?
Sometimes, yes. Not always - it depends on how the transactions inside the wallet are organised, which is not usually displayed unless you go looking for it.
Not that it matters - if 100BTC go into a wallet, and an hour later 100BTC comes out of that wallet, it's fairly irrelevant whether or not they're the same coins.
Well, it does matter - if 100 stolen BTC go into a wallet that has 900 BTC already, and then 1000 deals of 1BTC go out to different wallets... then you blacklist and seize all 1000 outgoing BTC or some arbitrary 100 BTC or some specific (how) 100 BTC?
It would be possible if enough miners started supporting a blacklist, but the real problem is not enforcing it, but who decides which coins are "stolen"?
Bitcoin is decentralized, and that's the benefit of it. Creating a global block list would go against that.
Others have proposed such measure. And it sounds like a good thing on its face.
The problem is that who then decides which coins are "bad"? Does the US Government get to decide? How about coins that fund organizations that the US Government doesn't care for?
My personal opinion is that no bitcoin should ever be tagged as better or worse than any other one. By messing with the fungibility of the currency, we would do way more harm in the long run than good.
In principle everybody can decide for themselves which bitcoin they are willing to accept (there's no need for a central authority to do this).
If enough participants agree that bitcoin from a certain source are 'tainted', they become less valuable (similar to what we have seen at the Mt Gox exchange).
Bitcoin are very clearly distinguishable and thus there's no reason for them to be long-term fungible.
But what if I steal a Bitcoin and exchange it directly to USD. If the coin is banned later my counterparty, who acted in good faith, is left with an empty bag.
The result is that even if you can prove that someone else holds a dollar bill that was stolen from you at some point, you do not necessarily have the right to get it back.
"legal tender" is a strange concept. For example, £5, £10, £20 and £50 notes are not legal tender in Scotland. But I don't think most Scottish people consider those notes to be "more like a commodity than money."
I'm not sure what happens if stolen Euros or gold are accepted as payment. These aren't legal tender in the US, so if they are exempt from the aforementioned rule, then bitcoins might be as well.
This is no different from real life scenarios. Suppose someone stole a $5000 ring, sold it for $2500. The ring is still stolen, the police can and will confiscate the ring, so the buyer is out of the $5000 ring and their $2500 paid for the stolen property. The ring is stolen from the owner, the money is stolen from the buyer.
Yea--keep the loot; won't bother to retrieve stolen bikes at
flea markets; cruise the streets looking for marginal DUI's;
always handing out tickets for marginal infractions.
I look at them as Tax Collectors. For protection, I would
have more luck printing out a Physibe gun.
I think that would depend on jurisdiction but I don't think reclaiming would be workable in this scenario.
Imagine this: I exploit malleability and deposit directly in my BTC-e account, exchange to LTC etc, etc on dozens of exchange and finally to USD. I cash out to cash and disappear. I of course gave my final stop false information. So now my last victim gets a claim, if this last victim happens to be an exchange and it is forced to pay up and the amount is somewhat significant that exchange is now insolvent. Whose problem is that? The exchange declares bankruptcy and their customers get a haircut.
You're describing money laundering, which scrubs the stolen property of its association with a crime. Its a technique which can obviously be successful, but is a crime in its own right.
The main issue here is that once a Bitcoin enters a wallet, it's indistinguishable from the other BTC in that wallet. So you'd have to blacklist whole wallets, and since you can't deny payments, people possessing stolen BTC would simply tip anyone trying to enforce this scheme.
while in theory possible, this approach has not been done because it is said to be a slippery slope down the lines of being against "bitcoin neutrality".
once the feature exists to treat one set of coins different from another, it leaves the protocol open to control by centralized parties - they could ban the use of "unidentified coins", etc.
> Why take 429k and split it into many addresses each containing less than 1,000 BTC each?
Ever heard the adage "Don't put all your eggs in one basket"?
It's possible that MtGox used to operate everything from a single, large wallet but decided to split it up into lots of smaller wallets, to avoid the risk of suffering a single, catastrophic compromise.
>>Ever heard the adage "Don't put all your eggs in one basket"?
I'm pretty sure the opposite is also true though, as in "don't split all your eggs among thousands of little baskets." I mean, at some point the overhead of managing all of those wallets must outweigh the risk of having everything in one wallet, right?
They should have written a check that runs periodically to check that the sum of all wallets equals their total BTC according to their ledgers. You have to write that process anyway, it shouldn't matter too much if it has to examine 100 wallets or 10,000 wallets.
When following the splits-in-2 of this transaction, many accounts still have about 1000 BTC in their final balance according to blockchain. E.g: 1BoGw97oS9L2mU8HTQqpm7yxC72H4LCm6i (Final Balance: 1,000.35 BTC). The question is: who may be the owner of those large amounts of of about 1000 btc? If MtGox did all those splits in 2 smaller accounts, then MtGox could still be the owner?
You showed that account 1M1ZkWpHfuQthji2AVsGDvpfY2PrcXQar6 had about 430000 BTC and split coins in 2 other accounts and so on. I followed one of the splits and its subsequents:
14qKyR7b86JVHn5mfm6Dm3G756BgxhMqMP received 203002 BTC.
Then it sent 202658 BTC to 13JAudzPvKYyBtY9XpkhNW3YdDqBsi3c7Q.
Then it sent 108570 BTC to 144rbLnQmwH8MbB5iirSqvaPgXB9NMdcdb.
Then it sent 44505 BTC to 18pGH9G1FtpAkBt1zHTDuYXxPFMXqPG8PU.
Then it sent 23525 BTC to 13kfZQxVC6qi5pDSw56Fi3boTU7qMar8Nf.
Then it sent 23525 BTC to 14EKdT8ENWUY33Vyd7PN4TgLg6mnrwUt4T.
Then it sent 9576 BTC to 7jj6RTpzayiHDeFfCR5ihnDFccK997UNT.
Then it sent 5456 BTC to NRZTrVBQEcQ7EWgEdfUrs9xHjuwazdcuf.
Then it sent 2878 BTC to 2kSAA9HY11xwDi2QvmtZN1TYWuRdZb7Gx.
Then it sent 1241 BTC to 1GKUwZEzMoM92BVjVTNAwoSnUxeANhiawc.
Then it sent 509 BTC to 16hpTHQDWRTDkhgHw2T3RDneJM74XJXDoD.
Then it sent 473 BTC to 1KuNerYrrHiNR6bGgQesUiCyQt5u5qVBVQ.
Then it sent 473 BTC to 1Mu3EwLg85J3sV8No3RKLvwZPu2XZqEE63.
Then it sent 473 BTC to 1PgLdynDGFtsfpj6u442gokuLF1kZPCiRa.
Then it sent 376 BTC to 12yUfwW8DmgkZmAcAYsMzGWGw7LCmiQzXa.
Then it sent 375 BTC to 1CZHLDbrswW6ku8eHEDLLHC8Wr3RxowW3x.
Then it sent 354 BTC to 15robQvbP2Q1rZ9kMADnuv9f6tFhwkzz5z.
Then it sent 305 BTC to 1Jsdgh21hrbRuLuKeyvEGdkBauHiYXm7FN.
Then it sent 286 BTC to 1Q64Rx1tVCNeucdUGLkGdo1asiPHhPjoNW.
Then it sent 260 BTC to 1JWjfsk2tUAE83MtBjNEXP85ArxJuWoqg6.
Then it sent 260 BTC to 1JS9EAFzrjeFrLiPaK57mXeAZLwqHdEbPa.
Then it sent 256 BTC to 1421kfM6sbCXYsSZnvL6Dw1StXW2tbq4gZ.
Then it sent 247 BTC to 12eq3PnDcHLT2xpHevZMmFuVHymULjdoaj.
Then it sent 125 BTC to 12ZWoyaSwj53spGWGt9AtGCA28uLq58SCk.
Then it sent 125 BTC to 1Kf6KQd2oQA3yGPQDw8teCZVK7wj6C7ms7.
Then it sent 78 BTC to 1A3AsuYVsgdKNRDm7SGKkkHD9LQeuuipfe.
Then it sent 49 BTC to 1bu6ZBmksM5sRVEZspDKaXb5zTxZRuhrW.
Then it sent 49 BTC to 1J2HFUhF5xSnDXL3Zw3vCiEdv7eJi4EbM5.
Then it sent 156 BTC to 1JT6L2sT9z3QNitk4a2xiDEuwq3dksPYsb.
Then it sent 3730 BTC to 17C6oanWeXbehGZNL5fpUKsEQfMFya1pVD.
Then it sent 1000 BTC to 1MoUfk2Bow7n9B6ksreCbcyDzXdRTFMpC9 (this seems important address, received more than 117500 BTC).
Then it sent 998.99995 BTC to 1Ky8YXSXGensz2J8BYUprtLJvjcjNN3xbm.
Then it sent 999.99 BTC to 12wjEVECppk1rPBTQXyZ6m8zn4h91AzzSf.
Then it sent 1000 BTC to 1BoGw97oS9L2mU8HTQqpm7yxC72H4LCm6i, who still has 1000.35 BTC in its final balance.
"Coming together" is a bit difficult to determine -- how do you identify a large group of recipient addresses as a single entity? How do you differentiate between a group of addresses belonging to a single owner, and a group of addresses belonging to multiple owners?
We can construct a graph tree all destinations beginning from that one address, but what good would that be? Where do you make inferences to determine the identity of the recipients? How do you group them together?
At some point your trail becomes so long and so disparate that any effort to continue following that trail would be a pointless endeavor.
Sure the technology is there to follow the trail indefinitely, and (where available) you can easily check all recipient addresses from this "poisoned" tree against regular fiat exchange logs, but within the BTC ecosystem? It's an interesting intellectual challenge, but not useful.
Say you traced these coins to 50 different addresses. And then, for example, say that those addresses lay dormant for 3 months. And then 45 of those addresses send bitcoins somewhere on the same day. That would imply that the coins are under the control of a single owner.
I agree it is difficult and beyond the scope of just writing a simple script.
This seems like the best way to go about it. Use statistical analysis to find similarities between wallets involved in transactions stemming from the root. When you can give a qualitative "Here's where these coins are going", you can start to identify the culprit. Since there doesn't seem to be a legal framework to prosecute such theft anyway, I'd really just want to find them to congratulate them. Sorry to anybody who lost their coins :(
Or maybe you find that all of these coins end up in addresses that have not been touched in 2 years. That would lend support to the theories that the cold wallet keys were lost.
If you were going to steal bitcoins in this manner you'd run them through a number of tumblers. Tumblers are essentially the laundering facility for bitcoins. Lots of coins from various locations come in, put into a pool, and then get sent back out. There's no way to track coins you receive back to a particular transaction. Since 6% of all bitcoins are stolen, more than likely anyone holding bitcoins has a good chance of holding some stolen ones.
Yeah, people have been trying all kinds of analysis on these addresses on r/bitcoin this week- So far the jury is out as to whether meaningful info can be gathered in this way.
Yeah, and I'm sure this line of thinking, will eventually route out the person who stole all those bitcoins -- and I won't be surprised it it's The top execs of Mt. Gox - - who better to take the money and run? They KNEW that they couldn't possibly sell bitcoins at higher than market prices, and make a profit UNLESS they were running a Ponzi scheme.
If any scenario that 'blacklists' some bitcoins is implemented (IMHO it won't, but if we're discussing it..), then any bitcoins 'tumbled together' with blacklisted bitcoins would be blacklisted as well.
Which would mean that either people would stop using tumbling services (since the process would turn 'good' bitcoins into 'tainted' bitcoins as soon as a single participant wanted to anonymize stolen BTC), or tumbling services would disallow tumbling any blacklisted bitcoins, or both.
well, that's the whole purpose of a tumbling service. i mean you don't even know how long they will be stuck there. i didn't investigate this, but splitting those into small amounts and then tumbling these around seems like exactly this pattern. if you are interested on how this was done in the maybe now second biggest known btc heist check http://www.newstatesman.com/future-proof/2013/12/theres-£60m...
Tumbling only works if you're a small fraction of the total. If you put $300 million into a tumbler that only has $1 million of other volume, then it's pretty easy to track you.
Sure, but you don't tumble it all at once. Other commenters showed that these BTC were split up into ~1000 BTC chunks. Each of those could send randomly to different tumblers and anonymize all of their activities to send to a new set of addresses which people aren't tracking, and then from there gradually pull it out of various exchanges to various banks and accounts.
I followed the 500,000 BTC for a bit beginning at https://blockchain.info/tx/b269bf1b82dae8a61f7f91dbf7a9d807e....
The coins move around and small amounts are sent away, but the majority ends up back in Mt. Gox's main (hot) wallet. This repeats a few times until the majority is paid back to the main Mt.Gox address.
Here is the transaction where it starts to get interesting:
https://blockchain.info/tx/478ea915aa3a2e54503c43e1c5659722b...
What's left of the 500,000 (429.9k) is split into roughly half and sent to 2 new address. And then each of those address splits the coins in half and sends to two new address.
The end result is that the 429k was split again and again until the funds are split into many addresses, each of which now contain less than 1,000 BTC each. I stopped following the transactions there.
Why take 429k and split it into many addresses each containing less than 1,000 BTC each?
I'd like to see someone trace all of these coins and see if they end up coming together somewhere or show a pattern.