Mt. Gox started leaking BTC in 2011 and was “practically depleted of Bitcoins by 2013”, says a new report released by WizSec, a Japanese group that has been investigating the exchange’s downfall.
According to the Tokyo-based group, the company’s collapse – a string of problems that led to the disappearance of around 650,000 BTC – started years before the case became public knowledge in February 2014.
WizSec’s lead researcher Kim Nilsson believes the pilfering started almost four years ago. “By the end of 2011 we are past most data gaps, but we are seeing a clear discrepancy of several hundred thousand BTC between expected holdings and actual holdings. Furthermore, if we look closely, this discrepancy seems to be growing over time,” says the report.
“Bitcoins continuously went missing over time, but at a decreasing pace. (…) There may not have been any more Bitcoins left to lose.”
Graphics – WizSeC
The Japanese group in charge of the investigation claims to have found “a surprisingly dependable list of over two million Mt. Gox addresses.”
The findings helped WizSec to conclude that “Mt. Gox operated at fractional reserve for years (…) and was practically depleted of Bitcoins by 2013.” However, the group’s report does not accuse the exchange’s managing team (and specifically the CEO Mark Karpeles) of foul play.
Besides the existence of these accounts and the missing Bitcoins, WizSec believes the pattern of some transactions is suspicious.
“One recurring pattern eventually stood out: Mt. Gox Bitcoins would suddenly get sent out to a new non-Mt. Gox address, without any withdrawal log entry, often in fairly recognizable amounts of a few hundred BTC at a time.
Shortly afterwards, these addresses in turn would get gathered up into bigger addresses holding a few thousand BTC. From there, the coins would get deposited in chunks of some hundred BTC at a time onto various Bitcoin exchanges.”
Although Nilsson wasn’t able to trace back all the addresses that received the aggregated BTC, he identified accounts at Mt. Gox, BTC-e, Bitcoinica and other as-of-yet unidentified wallets. This means the stolen cryptocurrency was being sold off on different exchanges, including the Japanese platform, and possibly at a lower price than the official market value.
The researcher told Coindesk that WizSec was “happy to finally have this breakthrough out in the public.” However, Nilsson also recognized that there is still a lot of work to be done, but he hopes the Japanese authorities can use this information to speed up the official investigation.
The WizSec document will be formally presented in an upcoming meeting that will gather the fallen exchange’s creditors.