MtGox case gets reopened by WizSec: Here's what we know.

in #bitcoin7 years ago

Lets cut to the chase. Vinnik is the chief suspect for involvement in the MtGox theft.


In September 2011, the MtGox hot wallet private keys were stolen, in a case of a simple copied wallet. Over time, the hacker regularly emptied out whatever coins they could spend using the compromised keys, and sent them to wallet(s) controlled by Vinnik. By mid 2013 when the funds spendable from the compromised keys had slowed to a near halt, the thief had taken out about 630,000 BTC from MtGox.

The dat file lead to address reuse, which confused MtGox's systems into mistakenly interpreting some of the thief's spending as deposits, crediting multiple user accounts with large sums of BTC and causing MtGox's numbers to go further out of balance by about 40,000 BTC. None of these users seem to have reported their "Sudden luck". After the coins entered Vinnik's wallets, most were moved to BTC-e and presumably sold off or laundered.

In total some 300,000 BTC ended up on BTC-e, while other coins were deposited to other exchanges, including MtGox itself.


Some of the funds moved to BTC-e seem to have moved straight to internal storage rather than customer deposit addresses, hinting at a relationship between Vinnik and BTC-e. The stolen MtGox coins were not the only stolen coins handled by Vinnik; coins stolen from Bitcoinica, Bitfloor and several other thefts from back in 2011 and 2012 were all laundered through the same wallets.

Moving coins back onto MtGox was what let us identify Vinnik, as the MtGox accounts he used could be linked to his online identity "WME". As WME, Vinnik had previously made a public outcry that coins had been confiscated from him. There were other thefts and incidents explaining other missing funds from MtGox.

Having identified the actual transactions for the bulk of the stolen MtGox bitcoins, we traced them and clustered all addresses involved, quickly finding that other stolen coins were making their way into the same wallets. As some coins were deposited back to MtGox, we could identify which accounts were used to receive them; two in particular were of interest, and were possible to link to the online identity "WME".

WME has been active since a long time back, often advertising "Cheap coins" on the BitcoinTalk forums and wanting to trade exchange money codes. WME was involved with an incident involving stolen Bitcoinica funds, which provided yet another strong indicator that we had identified the right man, seemingly the main money launderer behind the MtGox heist.

This is an ongoing investigation so more details are to follow soon. If you want to hear about the latest scoop on this story follow up as I'll be watching this one like a hawk!

For more tech, science and futurology news follow me on Steemit at @Cryptophunk

Check out some more posts:

Don't forget to Vote, Resteem, and Follow!

Sort:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://blog.wizsec.jp/2017/07/breaking-open-mtgox-1.html

Congratulations @cryptophunk! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You published 4 posts in one day

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!