Some estimate that nearly $450 million was stolen in the MtGox hack. In the attack, funds were taken from hot wallets, the private keys of which were stolen by an unidentified hacker or hackers. According to bitcoin security analysts at WizSec, its years-long independent investigation to identify the culprit(s) of this heist, information from which was quietly forwarded to law enforcement, may have culminated in the arrest of Alexander Vinnik; a Russian who WizSec believes may be responsible for participating in the laundering of usurped bitcoins. WizSec made a point to clarify that the group was not involved with law enforcement in any official capacity.
Reports indicate that Vinnik was arrested in Greece following a tip-off, and it is expected that US officials will seek to extradite him.
WizSec was very clear in the announcement, and said it wasn't going to beat around the bush: "Vinnik is our chief suspect for involvement in the MtGox theft (or the laundering of the proceeds thereof)."
The timeline WizSec provides gives background and insight into the occurrences surrounding MtGox:
During September of 2011, hot wallets were compromised from a copied wallet.dat file which contained numerous private keys. The hacker was able to access both the bitcoin already in these wallets and the bitcoin that was later deposited, before emptying them. While there were ebbs and flows between 2012 and 2013, WizSec reports roughly 630,000 bitcoin was stolen by the end.
WizSec also revealed further complications with the copied wallet.dat file. "The shared keypool of the wallet.dat file lead to address reuse, which confused MtGox's systems into mistakenly interpreting some of the thief's spending as deposits, crediting multiple user accounts with large sums of BTC and causing MtGox's numbers to go further out of balance by about 40,000 BTC."
WizSec also said none of the credited users have come forward to report their "sudden luck."
According to WizSec, 300,000 bitcoin that was in wallets suspected to be controlled or owned by Vinnik was funneled into the Russian cryptocurrency exchange BTC-e, while others were put into the MtGox exchange. These coins were supposedly sold off or laundered. Other exchanges also suffered losses, including Bitcoinica and Bitfloor, which had coins siphoned out of the exchange through the same wallets believed to be Vinnik's.
Questions continue to enshroud the issues of who might have been complicit in the purported theft since, "Some of the funds moved to BTC-e seem to have moved straight to internal storage rather than customer deposit addresses, hinting at a relationship between Vinnik and BTC-e."
Vinnik's flaw, which led to his identification, might have been putting coins back onto MtGox through the online pseudonym "WME." WizSec said that, as WME, Vinnik complained publicly that coins (reportedly from the Bitcoinica exchange) had been confiscated by MtGox. In so doing, Vinnik may have inadvertently revealed his cards.
In a graph, WizSec showed the trail of coins it traced and clustered together, in relation to all addresses involved in the years-long scandal. Click here for a full sized image.
WizSec revealed that coins deposited to MtGox allowed the investigating team to identify the accounts used as recipients. Red clusters in the graph are accounts suspected to belong to the WME entity. According to WizSec, "'WME' has been active since a long time back, often advertising ‘cheap coins’ on the BitcoinTalk forums and wanting to trade exchange money codes." WizSec also said BTC-e publicly vouched for WME.
Currently, Vinnik is not suspected of perpetrating any hacks or engaging in theft. However, WizSec does state that the arrest would seem to indicate Vinnik is suspected of engaging in up to $4 billion worth of laundering activities, though no formal charges have yet been released to the public. Authorities have seized various devices and electronic equipment, and Vinnik himself could be held for up to two months before being extradited, under Greek law.
In other recent news, MtGox is the focal point of a trial wherein a Tokyo District court alleges that the former CEO of the now bankrupt exchange, Mark Karpeles, engaged in embezzlement. Karpeles has pleaded not guilty.
As the investigation is ongoing, there are many questions which remain unanswered. ETHNews will continue to provide coverage on the ensuing developments.