You are on page 1of 3

Daniel Kelman <danielkelman@gmail.


Possible Virtual Heist In Progress at Mt. Gox

5 messages Daniel Kelman <> To: [REDACTED] Gentlemen, This email contains a breakdown of how we can show that Mark or someone at Mt. Gox is transferring out a large number of Bitcoins and breaking them down into smaller wallets, likely to launder them. This means the conservator attorneys have not locked down the Mt. Gox servers. This could be a heist in progress. The following explains how this conclusion is reached. Check and Confirm Recent Transactions Initiated by Mt. Gox 1. Check the Identity of the Party Making a Transaction. Click the following links to look at the direct transaction occurring on the network. The paragraph that follows will make sense out of them. Exhibit A: This is the hash from Exhibit A: 01d5c3a850fc685fc7840d0dd96b8bff8b48268518c4c35b44262064137a472d Exhibit B: Exhibit C: (see also (this link will show updated figures as more Bitcoins are transferred)) Exhibit D: The "hash" represents a unique transaction of Bitcoins on the Blockchain (the Blockchain being the ledger of all Bitcoin transactions ever made). See Exhibit A. (The "hash" is a way of looking up a transaction, which can be checked at After the "transaction malleability" issue that Mt. Gox claimed compromised their system, Mt. Gox created a new ID system called "ntxid". See Exhibit B. Because we are seeing "ntxid" in this transaction, we know Mt. Gox is sending this transaction. Additionally, is a server owned by Mt. Gox. See Exhibit C. The use of "ntxid" and the server unequivocally shows Mt. Gox is transferring Bitcoins, which has it has not done since this whole mess began in late January. 2. Confirm the Transactions Took Place. Confirm the transaction exists by Sun, Mar 9, 2014 at 2:27 PM

visiting In Exhibit A above, highlight and copy the "hash", specifically the string of alpha-numerics directly below Exhibit A. Then, go to On the right side of the screen near the center there will be "SEARCH" written in large letters. Paste the hash you just copied here and click SEARCH. You should see the details of the transaction. Do not close this page, we may return to it. 3. Check the Size of the Cumulative Transactions that a Party Initiated. Click the following link to look at a chart showing the volume of Bitcoins being transferred out of Mt. Gox. Mt. Gox has announced they have less than 2,000 Bitcoins left out of the total 744,408, which included Mark Karpeles own Bitcoins (120,000) that he claimed were on the server and were also lost. is a site dedicated to providing graphs that help to put the statistics from into perspective. We can see that 180,000 Bitcoins have been transferred out of Mt. Gox in the past 36 hours. Confirm Mt. Gox is Making the Transactions and Is Preparing to Launder the Coins 4. Analyze the Value of Each Transaction. Let's return to the Exhibit D above and take a look at "value". Value represents the number of coins being transferred in a particular transaction. We can see in this transaction the "value" is 5.71610074 Bitcoins. This means that 5.71610074 Bitcoins just left Mt. Gox to another wallet. If we add up all the Mt. Gox transactions in the past 36 hours, they will equal the 180,000 Bitcoin figure we saw at in Section 3. 5. Analyze Mt. Gox Proprietary Code to Confirm Patterns in Transaction Values. Using the Mt. Gox php code that was leaked onto the Internet last week, we can see that every transaction fits the pattern dictated by the code. See (copy of Mt. Gox php proprietary code). For instance, you do not need to be a programmer to understand the implications of line 148: $tx = \Util\Bitcoin::makeNormalTx($input, round(mt_rand($amount*0.4, $amount*0.6)), $out put1, $output2); Note where the code says "mt_rand($amount*0.4, $amount*0.6)". This section of code commands each transaction to be broken between 40% and 60% of the "input". This means that if 10 Bitcoins are input, the total number of Bitcoins the code permits to be sent is between 4 and 6 (there is a more precise definition, but this suffices for now). Conclusion: Mt. Gox is Preparing to Move Coins, Mt. Gox Servers are not Locked Down 5. Severs Not Locked Down. Because these transactions are taking place we know that the conservator law firm in place of conserving the Mt. Gox estate's assets have not locked down all servers. This needs to happen immediately before more irreparable damage occurs. I highly doubt the conservators have allowed Mt. Gox to move these coins. 6. Preparation for Money Laundering. The reason Mt. Gox is breaking the transactions down into small amounts is to make it harder to track where the Bitcoins are sent. Before long, these figures will be broken down even further, traded into and out of other exchanges, cashed out in fiat, sold on, etc. and it will be all but impossible

to trace them back. In all likelihood Mark Karpeles is not acting alone, there are other people who will be receiving and handling these funds. Mark will take the fall and when he is released from jail will have a nice nest egg. Solution: Get This To the Conservator and the Police Immediately, Lock Everything Down 7. I barely slept this week worrying that this was a possibility. When I learned on Thursday that a conservator had been appointed (REDACTED) to preserve the Mt. Gox estate until a trustee was appointed, I breathed a sigh of relief and slept well for a couple nights. But the above shows that the conservator has not done their job. It is possible that the conservator is the one moving these Bitcoins, but that would not fully explain why the Bitcoins are being broken down into such small amounts. I am heading to the office now to help out with this. Regards, Daniel Kelman