The PHP that shagged MtGox: Bitcoin mystery deepens

frickin' idiots

Something-something “LASER” something-something-something.

The MtGox Bitcoin exchange is bankrupt. Not a huge surprise, but insiders are also alleging chronic incompetence within the company, flowing from the CEO, Mark Karpeles. Supposed hackers have also leaked some PHP code that appears to substantiate those allegations. But could it all be an elaborate ruse to steal customers' imaginary money?

MtGox Co., Ltd. is now aiming for "civil rehabilitation" in a Tokyo District Court (similar to Chapter 11 bankruptcy protection in the U.S.).

In IT Blogwatch, bloggers release the frickin’ ill-tempered, mutated sea bass.

Your humble blogwatcher curated these bloggy bits for your entertainment. Yeah, baby...


Robert "Bob" McMillan throws us a frickin' bone here—we need the info.:

According to some who were there, Mt. Gox was a messy combination of poor management, neglect, and raw inexperience. ... The disappearance of $460 million [of Bitcoins] and another $27.4 million missing from its bank accounts came as little surprise to people who had knowledge of [its] inner workings.


“Mark [Karpeles] liked the idea of being CEO, but the day-to-day reality bored him,” says one Mt. Gox insider. ... “He likes to be praised, and he likes to be called the king of bitcoin,” says another insider. ... “He always talks about how he’s a member of Mensa and has an above-average IQ.”


Beneath it all, some say, Mt. Gox was a disaster in waiting. ... A Tokyo-based software developer [says it] didn’t use any type of version control software [and] he says there was only one person who could approve changes to the site’s source code: Mark Karpeles. ... “The source code was a complete mess,” says one insider. ... According to a leaked [document] hackers had been skimming money from the company for years. The company now says that it’s out a total of 850,000 bitcoins.  MORE


Boo-frickity-hoo. Sean Gallagher brings yet more bad news for Karpeles and co.:

As MtGox CEO Mark Karpeles and his lawyers officially filed for court-supervised restructuring...someone posted a chunk of [PHP] code to Pastebin that would appear to lend credence to Karpeles’ contention that his company was hacked.


The 1,719 lines of commented PHP code...include code to access individual customers’ Bitcoin wallets and to process transactions. ... Anyone who had access to the server running this code could have easily redirected transactions or pillaged the Bitcoin wallets.  MORE


Reading McMillan's sources' allegations, Courtney Nash can't gets angry (and when Courtney gets angry, Mr. Bigglesworth gets upset):

No source control. No testing. Single point of code review/approval.


So painful.  MORE


Meanwhile, Combat Wombat continues to allege evil deeds:

You have thousands of obsessive nerds going through every blockchain to find those coins. And no one has found anything even approaching that which Mt Gox is reporting to have happened.

As Richard Nixon's head would say... "You've been scammed, baby!"  MORE


But Ken Shirriff lays down the law, reminding us how Mt Gox "lost over 2609 bitcoins" in 2011 (it's a homophone... forget it):

In Mt Gox's bad transactions, they made a small but costly place of the destination address hash, this transaction has the byte 0 [so] it's impossible for this script to complete successfully, and the bitcoins can never be spent.


You might wonder why Bitcoin permits transactions that can never be spent. Unfortunately, it would be very difficult to determine. ... [And an] algorithm to reject transactions would be very dangerous - if clients and miners disagree on the validity of a transaction, a blockchain fork will result, causing chaos.


Losing bitcoins due to programming errors is very easy. Mt Gox has lost thousands of bitcoins in the past this way, as have others. I don't know what happened to Mt Gox recently...but based on history it is worth keeping programming errors in mind. ... [BTW] I know it wasn't OP_PUSHDATA2 malleability.  MORE

Computerworld Blogs Newsletter

Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.  

Copyright © 2014 IDG Communications, Inc.

Shop Tech Products at Amazon