Bitcoin Magazine

Show Menu

MtGox: What the largest exchange is doing about the Linode theft and the implications

This article was originally written on March 28, 2012

Following the recent Linode theft, in which over 43000 total bitcoins were stolen from Bitcoinica, MtGox enacted a new policy in an attempt to help stop the thief get away with his illicit gains: they began freezing accounts with bitcoins that could be traced back to the theft and demanding that they submit identification to regain access to their accounts.

MtGox has admitted that they are cooperating with the Japanese CyberPolice in an attempt to determine the identity of the thief, and it is possible that their strategy will help achieve such a goal. Even if someone trying to sell the tainted bitcoins through MtGox is not the seller himself, a fact that even MtGox themselves have admitted is almost certainly true in every case, they would likely know something about the person who sent the coins to them, and the police, working with MtGox and other Bitcoin services, could theoretically trace their way back through each link, asking the receiver of each transaction who sent it to him, until they arrive at the original thief. It’s hard to tell how practical such a strategy actually is, although if it is possible at all it is the largest heists, those whose value swamps any mixing pool that the thief tries to use, that would be the easiest to unravel.

However, some suspect that there may be motives at play beyond simply wanting justice for Bitcoinica. Over time, MtGox has built in more and more authentication features, first requiring email addresses for accounts since last June, and later requiring identification for accounts handling large amounts of bitcoin, and this too may be part of a long-term plan to slowly get the Bitcoin community used to accounts being linked to their owners’ legal identities. Anti-money laundering law requires businesses transferring significant quantities of money to “know your customer”, and MtGox may have realized that they are bound by such laws and are currently not in compliance with them, so they are doing their best to become legal without clamping down too hard all at once. During the security crisis and the media attention on illegal uses for Bitcoin last June, MtGox stated their willingness to work with law enforcement authorities to track down criminals and resolve legal issues, so it has for a long time been known that those interested in using Bitcoin as a tool to fight against government surveillance and probihitions should not look to MtGox for aid. And this is arguably the most logical position for them to take; since they are such a central entity to the Bitcoin economy it would hurt the economy, both legal and illegal, far more if they were shut down than if they enacted some authentication requirements that can still be bypassed simply by going through less prominent exchanges instead.

Others accuse MtGox of simple theft, but this seems highly unlikely. MtGox has no way of knowing if a frozen account will ever be claimed, so if they were to cash out on their gains they would effectively be operating under a fractional reserve, a policy which, if it were ever leaked or otherwise revealed, would effectively destroy MtGox’s reputation and seriously hurt Bitcoin’s public image, both of which they have already demonstrated a willingness to sacrifice short-term profits for when they bailed out the hacked exchange in August.

MtGox’s move raises other concerns too. The most common is that it undermines the fungibility of bitcoins; the idea that one bitcoin is one bitcoin, no matter which bitcoin it is and where it came from. By flagging 43000 BTC as tainted, MtGox is substituting this model with one where some bitcoins have more value than others. Some have suggested that this is a good thing, and the Bitcoin community can expand upon the idea and adopt a self-policing mechanism by which most clients are configured to reject bitcoins that have been confirmed as stolen. However, there are many ways to criticize such a system. First of all, such a scheme would rely on a centralized authority, which Bitcoin was designed to avoid. A polycentric system may be possible, but if one authority becomes accepted by the majority of users the system will fall into a stable equilibrium of centralization which is so hard to get out of that it would be easier to create a new currency. Once the mechanism is in place, governments can easily take it over and gain the power to penalize whomever they want and make any bitcoin-handling service unusable. Second, the thief will most likely exchange his stolen coins immediately, before the community even finds out what’s going on, and it would be average users, not the thief, who are inconvenienced when they discover that a fraction of their money is suddenly worthless. The system would essentially serve as a chaotic transaction tax, not affecting those who simply hoard their bitcoins but adding an element of fear to every transaction as the coins that the receiver received may suddenly become worthless. The end result would be an undermining of the trust and integrity of the Bitcoin system as a whole.

Fortunately, MtGox is not confiscating tainted coins or declaring them worthless; for now they are simply requiring identification for a few accounts. The move should be interpreted not so much as MtGox asserting themselves as a government of the Bitcoin world, but as a step toward the legitimatization of the currency. MtGox is not mandatory; those who prefer not to be tracked in their bitcoin usage can always go to one of the many secondary exchanges or even arrange a physical transaction and throw potential investigators even further off their tracks by depositing and withdrawing their coins through Silk Road. If we want to restrain MtGox’s power to decide how the Bitcoin economy functions, perhaps it is most appropriate look not at each specific move that they are making, but at their near-monopoly 86% market share, and question why they have so much power in the first place.


Get Top Stories Weekly

We respect your email privacy

  • hazek

    MtGox customers should definitely take a closer look at their ToS and realize that by using this exchange they agree that MtGox can basically do what ever they want with their accounts or/and money. Luckily there’s plenty of competition to chose from.

  • Vitalik Buterin

    Sorry about posting this so late. I think it is a relevant issue though; especially given that Bitcoinica was hacked again (see and

  • Joe

    There are surely some questions that are not answered by mtgox. I personally would speculate that they have confiscated their customers money on a number of occasions and significant amounts too after accusing their customers in criminal activity. Quick example that comes to mind is that 40 000$ which mtgox reportedly has confiscated from some Russian dude right about time McCaleb sold to current owners. That is like 50 000 BTC. This easily could be the largest Bitcoin heist ever, if true.

  • Anonymous

    And how would Mt Gox like to have their bitcoins treated as “tainted”? That is if miners start to filter out their transactions?

  • austinhamman

    agreeing to follow anti-money laundering laws is good, it helps legitimize bitcoin and make it less likely the govt will crack down on them, this makes them a more secure investment for people wishing to use them for online transactions.
    as for why mtGox has a monopoly on bitcoin transfers…because they have a monopoly on bitcoin transfers. its how a free market tends to operate, people group to someone who gives the best service, then the bandwagon effect kicks in, then people are grouping to the most well known. the bigger the get the bigger they get by virtue of being big.not unlike the accretion of a nebula into a star.

    that being said this does point to an issue with the public record, everyone knows which bitcoins were stolen…imagine if you knew everything the bills in your wallet were used for…their choice to devalue bitcoins which were stolen should be met with a choice to devalue mtGox. there is no part of being compliant with anti-money laundering laws which require you to concern yourself with the history of the currency you are trading in.and introducing more competition to counteract the tenancy of a free market to favour certain large players by virtue of being large would certainly be good for everyone.

  • Ryan

    I’ve also been a victim of theft. I’m quite tech savy and aware of the many ways to snag a password or give up one’s account information inadvertently.  Given that and the fact that I’ve let my Mt.Gox account lay dormant for nearly 8 months leads me to believe that the problem is indeed a flaw in the security of Mt.Gox themselves.  In any case, I’d be wary of where you put your trust regarding them. 

  • Bill

    So what you’re saying is that anarchy doesn’t work.