I was talking about the Bitfinex vs Wells Fargo case (iFinex Inc. et al v. Wells Fargo & Company et al) filed in the California Northern District on April 5th, however plaintiff filed a voluntary dismissal (docket 28) on April 11th.

The reason why Bitfinex decided to dismiss the case isn’t clear yet.

Yesterday, I posted a small message on Twitter that got quite a bit of attention. Despite what happened more than one year ago to MtGox, most Bitcoin exchanges are still running in a way where they hold customer funds and coins. I’m not saying it is simple or cheap to make things different, but I’m surprised nothing happened at all.

Well, not exactly nothing. Decentralized exchanges are starting to appear but still have a long way to go…

Decentralized exchanges

Creating a decentralized exchange is a good idea, except for the fact that you are not able anymore to perform checks to avoid stolen property (funds or coins) to be used (this problem also exists on services like LocalBitcoins or Gyft).

You can of course have a trusted third party handle the AML checks (for example Coinffeine currently works with Okpay according to their FAQ) but this is not exactly decentralized anymore and might not be enough if the third party is not aware of the nature of the transaction. You could be using multiple third parties, but doing so will increase risks - and even as things are right now, I wouldn’t be surprised seeing people using Coinffeine to get Bitcoins out of stolen Okpay accounts in transactions that will subsequently be investigated by law enforcement, and maybe reversed at a loss for the seller.

Bitcoin has an inherent financial nature that makes operating an exchange that much more complex. Usually AML procedures can help dealing with most issues, but won’t work in a decentralized context as things are today.

Based on my own experience the best option for a decentralized exchange would be to allow exchange only between existing crypto-currencies (”alt coins”), which would create a lot of new possibilities in terms of value for said coins while potentially helping offload the Bitcoin blockchain.

Current exchanges

Currently, most if not all crypto-currency exchanges hold all funds on behalf of their customers, and will perform balance settlement for each trade themselves.

While it is easier (and cheaper) to do so, there are other ways of operating as an exchange that would limit the need for the exchange to hold coins and funds, thru limiting risks and liabilities. It would even be possible for an exchange to operate without holding anything, should the appropriate structures exist.

The structures in question would be kind of settlement third parties, for both Bitcoin and fiat currencies.

One entity would be specialized in handling of coins. It would focus mostly on security, and could also offer processing for other things than exchanges (I’m thinking about Lightning, for example). Existing wallet services are probably in a good position to start working on this kind of solutions.

The other would be specialized in handling of fiat currencies. This would mean complying with the appropriate financial service regulations and we could easily have multiple such entities covering different parts of the world as regulations differ.

After each executed trade, the financial entity would move funds to escrow, then the coin entity would process the transaction, which once cleared would trigger the release of funds to the seller.

This might even open new possibilities:

• The crypto-currency entity could, instead of holding bitcoins, track liabilities and have their members provide proof of holding by signing messages from their addresses - or by running a wallet software where the customer-side holds the private keys. Once a trade is executed, the customer would be requested as part of settlement to sign the outgoing transaction. Of course the user might decide to refuse, but then it would just mean the settlement failed for a specific trade and funds escrow returned to buyer. The exchange could refuse to work with this seller in the future.
  
• This would also open the door for more competition in the exchanges market by lowering the hurdle of standing there. AML would be typically handled by the financial entity, so an exchange could focus solely on providing the best technology possible without having to setup a 24/7 security response team and spend millions in financial institution registration. There is still a need for lawyers and to make sure the exchange would be legally able to work without any kind of registration (or what needs to be done). Please remember that this blog does not provide any kind of legal advice.
  
• We might see new kinds of business appear we didn’t think of yet.

Conclusion

As Bitcoin gets bigger, the need for more solid solutions increases.

I know how difficult it can be for an existing exchange to switch to a new process in terms of settlement of trades, however the current situation is nothing but another disaster waiting to happen (and that’s the last thing anyone wants).

There are various available solutions, so I am a bit surprised no exchange has moved in that direction yet. Securing customers funds has a huge cost, and so much can be gained by providing this kind of services to the whole community.

With the appearance and gain in value of Bitcoin Cash, a new risk appears for Bitcoin.

Indeed, for miners, it can be much more profitable to do migratory rounds between crypto-currencies. Let me explain how and why.

Bitcoin, Bitcoin Cash and other crypto-currencies will adapt mining difficulty after a number of blocks (2016 blocks, or every 2 weeks). This means that if a lot of mining power comes in right after the difficulty change, it’ll take 2016 blocks for difficulty to reflect the increase of mining power.

Now let’s suppose we have multiple mining groups agree to a migratory plan. Mine at full power on one crypto-currency until reaching the difficulty change, for example mining two weeks worth of blocks in one week only, then switch to another currency while it takes 4~5 weeks for the previous currency to see difficulty return to normal.

With an optimal migratory plan and enough high-valued crypto-currencies to migrate to, this group could be continuously mining blocks at higher speed than planned (until difficulty is re-calculated), then move to another target while confirmations for that crypto-currency become slow.

Requirements for this to work include:

• Each crypto-currency using the same proof of work hash algorithm
  
• Having enough crypto-currencies to migrate to while waiting for others to see their difficulty resume to normal
• Each crypto-currency should have a high enough value so it’d be profitable to switch mining from one to another

At this time I do not believe any mining pool operates such migratory operations, but with the appearance of Bitcoin Cash, this became more likely. Of course during cool down confirmations times are longer (up to twice as long) so it may affect the value of the crypto-currency on the long term, but mining operators may prioritize short term profits.

There are of course ways to limit the impact of such activity by making it less profitable, but these may not be so easy to implement anytime soon.

The best way would be to see merged mining implemented between such currencies, as it would improve the security of all involved coins by sharing mining power while giving miners the required incentive (increased profits) to join in.

There are many things going around and I’ve read a lot of coverage based on false rumors and inexact information.

There is a lot of information out there about everything that happened in 2014 and before, so I’ll focus on things that seem most obvious and came up with journalists/others.

I’ll start focusing on the book “Digital Gold” recently released by NY Times writer Nathaniel Popper. While I haven’t had the chance to read it yet, Vice published an excerpt, so I’m going to highlight and correct some of the most obvious issues.

So…

“Its assets have been acquired by Kraken, a San Francisco-based competitor, which is now refunding Mt. Gox customers.”

Actually, Kraken is only helping with the bankruptcy, and while they acquired the hardware owned by MtGox (see document released by trustee on Nov 26th 2014, page 10 of pdf or 2 of English text, I.3), they are not “refunding” MtGox customers.

“Mark Karpeles, the CEO of the Bitcoin exchange Mt. Gox, was spending many of his days in early 2014 turning the ground floor of his Tokyo office into the Bitcoin Café, a real-world showcase for Bitcoin.”

I don’t know why people are trying to portray me as some kind of person who didn’t care about ongoing issues at that time and escaped reality through miscellaneous tasks. Oh wait, actually some people are trying to portray me as the bad guy, because that fits better their understanding of things. Of course, let’s just take the guy we know and make him the bad guy so we don’t have to search for the culprit.

Well, anyway, the point is most of my weeks managing MtGox consisted in meetings, as you can see for example from that small copy of my schedule:

This is a typical week for the MtGox CEO.

That’s still 29 meetings in one week. Anyway, “spending many of his days” would probably mean I’d have some time to spare for that Bitcoin Café project. There indeed were meetings about the Café (you can see a whole 2 hours in that week), but most of all, meetings were about important and sometimes urgent issues requiring my direct attention (bank, lawyers, accounting, data-center, etc).

Not only this schedule can be confirmed by then-employees (thanks to Google Apps, any employee has read access to the schedule of any other employee) but it can also be confirmed by the people I actually met.

The people who have been saying things such as I’ve been “spending many of [my] days in early 2014 turning the ground floor of [the] Tokyo office into the Bitcoin Café” are most likely people who don’t know what has been actually happening. This is even more obvious in the following:

“When Mark wasn’t working on the café, he was in his office, behind a locked door on the eighth floor, far from the second- and fourth-floor offices where most of his staff was located.”

One more proof whoever has been talking about MtGox has no idea how the company was. There is no fourth floor, and there has never been a fourth floor in the company. I’m pretty sure any actual employee of the company would know that much.

Also, it was not uncommon for employees to come visit me (sometimes by setting up a meeting, sometimes unannounced) to discuss various things. The main reason I setup a separate office for myself was to avoid bothering everyone with meetings. You’ll note that my office/meeting room was right next to the employees’ break room, which allowed basically anyone to visit that floor.

“What Mark didn’t mention was that all the other major Bitcoin companies had known about the issue for years and had designed around it.”

Oh really? That one is rather big, since the information can be verified publicly on Internet. Like there, or there. 

It looks like there’s a lot of misinformation out there. A lot is very obvious, but there can be parts which are more challenging to correct (for example because doing so could affect the bankruptcy procedure or ongoing investigations). I can only hope people understand not everything can be taken at face value, and while it’s probably easier to just buy in the popular opinion and not think by yourself, this can lead to various misconceptions - and a lot of misunderstandings.

I will continue to post about the various lies and errors found in the publicly available information until we reach the truth.

I don’t expect many people to read this (I know some will, but being aware that this goes against what a lot of people want to believe, this might be quite unpopular and an opportunity for various trolls) but I’ll post as much as I can about this because it is my belief that someone, somewhere, wants to hear the truth and be able to discern lies in the ample news coverage this unfortunate event had.

I am also writing this for MtGox’s creditors, who I believe have the right to know how things happened and see more than the distorted view the media has been reflecting.

I couldn’t apologize enough for what happened despite being in charge, and while it might be but a small contribution, I will continue fighting.

I am still investigating the elements made available with the arrest of Shaun Bridges (USSS) and Carl Mark Force IV (DEA), but at this point I already noticed some interesting facts.

We know that both agents have been investigating Silk Road since at least 2012. Based on news reports investigations of Silk Road presumably started around June 2011 since it appeared in the news, however there is no telling if it was Baltimore, and if either agent was involved until at least 2012.

based on the available documentation, it is also difficult to know precisely since when both have been conspiring. The following relevant information can be gathered from the original criminal complaint filed on March 25 2015 and published by the US DOJ a few days later.

• P4L2: Force sold to DPR “information about the government’s investigation into Silk Road” for approximately $100,000
  
• P5L21: Bridges was still using MtGox services two days before serving as the affiant the MtGox seizure warrant
• P12L4: Communications between Force and DPR spanned throughout 2012 and 2013.
• P20L24: We learn more about the information sold to DPR (see P4L2), and P21L2 lets us know that my name was given to DPR between August 26th and September 14th 2013 (as also shown in this document, paragraph 18).
• P35L5: Force wants to bully a company by seizing funds “à la BRIDGES and [M.M.]”
• P38L7: In April 2014, it seems that Bridges covered Force’s acts with Bitstamp.
• P43L18: On January 23, 2013, Force emails Bridges regarding their suspicious activity. This means that Force and Bridges have known each other and have been conspiring since at least this date.
• P45L28: Shows that a seizure warrant is not an overnight thing and takes “several days, if not longer”, putting suspicion on the MtGox seizure warrant.

Keep reading

As some people may have guessed from my Twitter account, we had some troubles with Wired in the past.
I will go in more details in the future, but for now I’ll focus on an article published one year ago, on March 3rd 2014. It appeared quite clearly that its author, Robert McMillan, was too focused on painting the worst image possible to even cross check what “an insider” has been telling him (he seems to have something against MtGox as seen in earlier articles).

It sure feels as if Wired had something against MtGox, but it’s no reason for publishing lies.

Just like last time, I’ll quote the article, then explain with factual elements how wrong it is, and where the truth actually lies. I’ll focus on the most obvious and easiest to disprove elements, while avoiding anything that could have an impact on ongoing procedures (both bankruptcy and law enforcement).

“In June 2011, attackers lifted the equivalent of $8.75 million.”

This is actually the first time I see this figure. I’m not sure where it comes from, but without sources it’s pretty much useless.
I would be curious to hear where this came from.

“A June 2011 hack took the site offline for several days”

Actually more like a couple of weeks, because I had to rewrite the exchange backend from the ground up. I had to spend every day - including weekends - writing code, which is sometimes better done in a quiet environment. I also setup at that time the claim process (allowing users to gain access to their accounts), and handled with our handful of staff the first wave of customers.

“When Karpeles was interviewed by Reuters in the spring of 2013 — seated, inexplicably, on top of a blue pilates ball”

… Not “inexplicable” if you ask any employee who was there at the time (hint: you can see them in the video). I remember Reuter’s camera staff found these to look “2.0″ (some employees use balance balls as these can be good for your back).

““He likes to be praised, and he likes to be called the king of bitcoin,” says another insider who spoke on condition of anonymity.”

Once again an anonymous insider. I do not believe anyone ever called me the “King of Bitcoin” - the best I had was from the article Barons of Bitcoin. Oh well…

“Mt. Gox, he says, didn’t use any type of version control software — a standard tool in any professional software development environment.“

This is probably the worst lie I ever saw. The platform system used by MtGox had been on version control since its very inception. The framework it was based on, which was our own code base, had been on version control (initially subversion, but then switched to git) since 2009. As a matter of fact, the very first commit is:

commit 692a0202f069bd3415e973e8e06d4cb6aaaf25fc
Author: Mark Karpeles <mark@tibanne.com>
Date:   Tue Sep 22 03:32:35 2009 +0000

To prove my point with an illustration, a commit graph from gitlab (only showing latest 6000 commits, however, so the history doesn’t go as far as 2009):

I don’t even understand the point of this lie, considering how any engineer who worked in the company knew otherwise; if the author of this article bothered a little to ask around, he could have found out about this quite easily (or maybe I am mistaken on what journalists are supposed to be).

Anyway let’s not stop there…

“According to this developer, the world’s largest bitcoin exchange had only recently introduced a test environment”

Uh, so, like, what? To be very honest, the test system we had was not perfect, and because we had several engineers working on it, we switched at some point from our former  test environment to individual VMs for every employee, each of them working on their own branch (setup via vagrant), but come on. The pre-production system had been alive since somewhere in 2011, and has been used from top to bottom since then.
Here you’d have to ask an engineer who was there before Vagrant was introduced, so I’ll let you have that one.

“One insider says that Mt. Gox spent the equivalent of $1 million on the cafe venture, renovating Mt. Gox’s office building to Karepeles’ specifications. At a time when Gox’s business was falling apart, this insider says, the project was a major distraction.”

“One insider” doesn’t sound like someone who actually knows anything about what happened in the inside (oh, and you spelled my name wrong). According to documents available to the public, the total amount of money dedicated to the Café was half of the amount written in this article (and not all was spent, since this was also the initial cash flow for the Café - including for salaries).

Moreover, we had dedicated staff in charge of the Café, and yes, I was involved in some meetings while things were fine (final decisions and so on), which is just normal considering the importance of the Café in terms of marketing in Japan (too bad this was delayed and in the end never launched, by the way).

““[Karpeles] was super-proud of being able to use his hacked cash register with the code he wrote,” this insider says.”

Once again, wow, such insider, very truth… Or not. The cash register code was written by a Tibanne employee back in 2012, and had been sitting, waiting for an appropriate use since then.

The major issue we encountered while trying to push the cash register was that our potential partners were not feeling good about being the first to use this technology. This was one of the major points that led us to open the Bitcoin Café.

The point here, like last time, is to show the volume of misinformation from this article. While some parts are more difficult for me to prove (maybe I should have “an insider” pledging for me) but I just can’t remain silent anymore.

I understand that sometimes press coverage relies on previously published materials by supposedly trustworthy publications, but it still might be a good idea to check facts anyway from times to times.

By the way remember that you can ask me anything, There is no guarantee it’ll be something I can reply to, but if it is I’ll be happy to.

Today’s news were about Ross Ulbricht’s sentence, the man allegedly behind the original Silk Road website.

I was surprised to see a lot of people still arguing that it is unfair when you operate a website to be arrested for the content of said website.

While as a website operator you cannot be reasonably expected to be responsible for the activity of all your visitors (websites like Reddit, Imgur or Tumblr wouldn’t exist) there are various reasons why applying this to Silk Road sounds wrong.

Specifically, none of the sites I mentioned provide services that can typically be used for selling drugs. Their services could be used for other kind of illegal activities such as distributing child pornography, however these service providers police as much as they can their services to avoid such a thing.

The same cannot be said of Silk Road, which not only advertised the fact it sold illegal products, but made no effort to limit products sold on the site to those allowed by the law (instead I understand it did police products based on the beliefs of the owner - which shows it had capacity to control its users activity).

While not everyone may agree with the law that applies to them, it is still our duty to follow them. There are ways to change laws, and we can see the change happening with for example legalization of marijuana in some US states.

Also one might want to remember this is the first time an operator of a drugs selling website is sentenced. There will be more cases in the future, however it is my belief that nobody in the legal circles would want to set a precedent of leniency for a “new kind” of crime.

The recent controversy around the block size limit saw a lot of oppositions, especially from China.

It makes sense for mining to be brought to locations in China where electricity is cheap, but which might not have access to the best Internet access.

You could ask why don’t mining farms in China use mining pools? It might be a question of trust (I guess it would make sense if you’re able to find several blocks a day) but whatever the reason might be, we might want to have a solution for them.

So here comes the idea of mining intermediate servers. This might look similar to a mining pool, except it is not. When joining a mining pool, you need to trust the pool for sending you your share. This idea here requires no trust at all.

By using the stratum protocol, this makes things easy too. The stratum protocol works exactly how we want and is already widely supported in many mining applications.

In the initialization phase, we let the server know where we want mined bitcoins to be sent (for example as part of the authentication). Then when we receive the coinbase transaction, we can easily check if it is indeed the case, or reject the transaction and the server - and try to use a different server.

This also means that if the client agrees to it, the server can take a fee that would allow paying for bandwidth/etc.

The software would be easy to implement too, since it just requires a stratum mining pool server software with some changes:

• Do not generate mining pool coinbase. Instead coinbase is generated per client, with a single (normal) or two (with server fee) outputs.
  
• Difficulty is the actual network difficulty, not mining pool difficulty
• Remember to send client new difficulty each time it changes (every 2 weeks)

It would also be possible to have a specific piece of software that would stand between a given server and miners on a LAN, and would check the coinbase transaction by itself and let miners on your LAN simply get work from that machine (it could even support other protocols other than stratum and should work with stratum-enabled mining pools too).

This could actually make a mining farm such as the ones we see in China be able to work with a 56kbps connection (in theory it should take less than 100ms to go through, however even if it takes 200ms, I would guess we are still safe).

Bitcoin’s blockchain is an interesting concept of decentralized database. There are various new blockchains created out there, and different levels of blockchain, some not using proof of work mining but instead some other protocol (such as raft).

Some people claim these are not actual “blockchain”, and should be named differently. Actually the concept used in Bitcoin can be found in a much older piece of software, git, in which people also build blockchain (if you consider a commit to be a block) which contains a tree linking to objects (bitcoin has a merkle tree of transactions), all of which referenced by hashes. Git allows developers to sign commits or tags, resulting in something similar than the Bitcoin blockchain (a signed commit also includes the hash of the previous commit, etc, and hash of the tree with has hash of all included files, meaning the signature results in the whole history being secured - as much as sha1 hash algorithm used by git allows).

Anyway the question I’ve come to is to define what is a blockchain and what isn’t. Is it wrong to have a blockchain without mining? Without addresses and value? What’s stopping you from calling a git repository a blockchain?

The definition for “blockchain” given by Google is: “a digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly.” That is of course the current definition, but gives some basic guideline. It should be a public cryptocurrency ledger with chronological storage.

This definition is however a bit too narrow, I think. A public database recording only hashes in blocks, for example, could very well be called a blockchain. Why not?

So instead I looked at the word itself. Blockchain. A chain of blocks. So a blockchain is a database of blocks where each block contains the hash of the previous block, and where the creator of the software decided to call that a blockchain. So no you cannot call a git repository a blockchain (unless git’s creator decided to, in which case it’d be perfectly valid), and yes, all the people using the blockchain term for all sort of non-bitcoin stuff (private databases, etc) are perfectly allowed to.

The big news today is the arrest of Alexander Vinnik (38) in Greece on suspicion of money laundering of some $4bn USD worth of Bitcoins.

This is an event I have been waiting, as well as various persons, because it means we can finally disclose a lot of elements we have been working on which we had to keep undisclosed until recently because it could have prevented this arrest from happening.

Vinnik was just arrested in Greece, which means this case is finally in a state where disclosing information is not going to compromise his arrest. I am guessing US law enforcement convinced him to come to Greece one way or another as it is quite often the case (for example, in the book Crack99, a US prosecutor explains how they trapped the webmaster of a site selling cracks by promising him money and having him travel overseas - I am guessing a similar method was used here, unless Vinnik was already planning to travel to Greece with a different goal in mind).

Anyway the point is until now, disclosing what we know could have tipped him into not leaving Russia. Most countries in the world will not extradite their own citizens, which makes sense but for this specific case prevents anything to be done.

Now the question is to know how long it will take for him to be moved to the US. Depending on local laws and on Vinnik himself, it could take from hours to months.

One thing a lot of people have been asking is why was Vinnik arrested only for money laundering, and not theft. I am guessing there are many reasons for this, but the main reason is likely because it was easiest to build a case based on money laundering. When a country asks another country for extradition of an individual there are various steps to be taken, and usually both countries will need to agree there was indeed a crime. It means the requesting country will need to prove its case and provide enough evidence.

As such I am guessing we will see other charges brought up after Vinnik is on US soil, and in the meantime more details may be made public. Either way the MtGox theft has been flowing to wallets controlled by Vinnik from the very beginning, without any wallet in between, and there is no evidence of any other party being involved.

Evidence points without much doubt to Vinnik being not only behind the money launderer of those coins, but the actual theft.

For MtGox creditors this means a lot. It means justice will finally be brought against the actual criminal behind this case, but also that there is a chance, however small, to see some coins recovered.

As for the actual theft, there is still a lot to be investigated. Evidence so far points toward one of MtGox’s bitcoind based wallet being stolen sometime in Sept 2011, and being used afterward to steal bitcoins. We do not know yet how this wallet was stolen, and at the time MtGox still ran on rental servers from a cheap hosting provider. From there the theft went in small increments over time, making it difficult to detect, focusing on newly deposited coins from users who have been re-using bitcoin addresses issued by MtGox.

Because at first nobody knew exactly how the bitcoins were stolen, the focus had been on the way bitcoins moved in/out of MtGox on the blockchain. It is a multiyear effort by various parties - from law enforcement to investigators hired by the MtGox trustee to third party independent investigators - which finally bore fruits some 3 years and half later.

Considering the efforts that went into this investigation and were required to reach this point, I dare say that there was little chance for us at MtGox to detect this at the time, especially considering the fact we were already fighting on various fronts, from compliance to daily hacking attempts to various other issues. At the time of my arrest the Japanese police was still convinced there was no theft of Bitcoins at all from MtGox. Only few people suspected there could be an actual theft at the time, and my arrest was seen for a bit at the final point of the MtGox saga.

And yet, here we are. I must say this is something I have been waiting for this since that day of February 2014 when I stood in front of the cameras to announce the bankruptcy of MtGox. As far as I am concerned the MtGox thief has been finally arrested. He stole some 630,000 BTC from MtGox (according to Wizsec), but he also stole much more from everyone involved.

Justice shall finally be served.