Silk Goxed: How DPR used Mtgox for Hedging & Lost Big

Posted by: DeepDotWeb

January 25, 2015

As always, another amazing work researched by /u/impost_r (@1mp0ster) and written by /u/gwern (Gwern.net) all Credit and tips goes to them. Was originally posted on Reddit and reposted here for more publicity:

Summary:

Using recent filings in the trial of Ross Ulbricht, the 2014 leak by hackers of the Mtgox database, and a Mtgox insider, we identify Ulbricht’s Mtgox account, the accessing IP, and trades made by it. The account information indicates that SR1 implemented its currency hedging system (intended to prevent vendor losses due to BTC fluctuations) by, starting in July 2011, connecting to Mtgox over the clearnet and trading through a Mtgox account. Surprisingly, it seems that this IP information was not used by the US government investigation to de-anonymize SR1. The bulk of the account seems to have been stolen by a Mtgox or SR1 insider.

(This was primarily researched by /u/impost_r, and written by /u/gwern .)

Silk Road 1 launched in January 2011. During 2011, the exchange rate for Bitcoin experienced extreme volatility, moving by orders of magnitude, which made it difficult to transact using Bitcoin because payment for an order could easily become less than the order cost. In response to this, Dread Pirate Roberts 1 introduced in 9 July 2011 a “hedging” system:

vendors could ‘lock in’ the USD value of any purchase and receive, when the transaction settled, the USD value in Bitcoins back. The obvious way to implement a hedging system is to maintain an account on a large exchange (the largest then being Mtgox) and transfer bitcoins in and buy/sell to match each purchase; but this would incur fees for trading, counterparty risk (not just the exchange collapsing/being hacked but also the account being seized), complexity, and risking de-anonymization (Mtgox and other exchanges do not look kindly on Tor connections due to abuse). It was not clear how DPR had implemented hedging; he could have self-insured, betting on Bitcoin’s long-term upwards trend to profit on average.

The hedging system was a success, and was used from July 2011 to October 2013 when SR1 was raided, with perhaps occasional hiccups.

In January 2015, as part of the ongoing trial of DPR (Ross Ulbricht), the prosecutors released a letter with several exhibits objecting to the defense strategy of painting the owner of Mtgox, Mark Karpeles, as the real DPR. It writes:

Several days after the defendant’s arrest on October 1, 2013, which was publicly disclosed the following day, the U.S. Attorney’s Office for the Southern District of New York (“USAO-SDNY”) was contacted by Mr. Karpeles’ attorney. The attorney offered to forward records associated with a certain suspicious MtGox account that he stated he had previously sent to AUSA-2 in USAO-Baltimore. The attorney stated that MtGox had also found a different account, in the defendant’s own name, which the attorney said he could supply records for as well.

Mr. Karpeles’ attorney subsequently forwarded via email the information he had previously sent to AUSA-2 concerning the account MtGox deemed suspicious. (See Ex. E). As reflected in the email, the attorney explained that the forwarded information was “not information about the account in Ulbricht’s name, which MtGox only identified as of interest after the Ulbricht indictment [i.e., arrest].” (Id. (emphasis in original)). The forwarded information related instead to a MtGox account as to which “MtGox ha[d] suspicions may be associated with the largest bitcoin wallet that is perceived by some in the bitcoin community to be associated with Silk Road.” (Id.) (Bitcoin users had long speculated about Bitcoin “wallets” or “addresses” connected to the Silk Road website, based on analyses of the Blockchain. 5 Thus, it appeared the MtGox account in question had transactions involving these addresses.)

The email from Mr. Karpeles’ attorney further explained that there was other suspicious activity connected to the account. The account was initially opened by someone using the email address “

After receiving the records for the account, investigators working with USAO-SDNY’s investigation of Silk Road were able to tie the “

This may sound relatively innocuous: ‘AUSA-2 in USAO-Baltimore’ ignored the original email, and by the time USAO-SDNY took it seriously, Ulbricht had already been arrested, and then with all the information in hand and his IP, an account which did nothing was found. So what?

Well, as an exhibit (pg18), it quotes an email from Mt. Gox lawyer Scott was sent to USDOJ on 24 July 2013 and forwarded to Serrin Turner (U.S. attorney / cybercrime coordinator) on 15 October 2013 (emphasis added):

“The user deposited a large number of bitcoins into the account. The user used the bitcoins to purchase U.S. dollars, but the account was never linked to a bank account to make a withdrawal. The transactional records for the account are too voluminous to provide via e-mail. I’m happy to discuss a method and format to provide the records to you.

In May 2013, the user contacted MtGox to report that the account was “hacked.” MtGox informed the user that the e-mail address associated with the account had been changed pursuant to a proper request to change the address. A copy of the exchange with the user regarding the hack is also attached to this e-mail. Following the exchange attached to this e-mail, the user did not communicate further with MtGox, and MtGox is not aware that the user made any report to law enforcement.

Prior to the user contacting MtGox regarding the “hack”, the approximately U.S. $1.9 million had been converted to bitcoins. The bitcoins (7393.49 BTC) were transferred to address 1AsUc3Lw1oDmwimWoGeCfBngzziS98FP5V (7393.49 BTC). MtGox is aware that some of these bitcoin were used, and the balance (6393.49 BTC) currently remain at address 1Mh58EcGSMMscgh5qE5u4BVSL9KRd8GzQK. MtGox believes 1000 BTC were sold on exchange btc-e.com.”

Unlike in the main body, this says something interesting – “The transactional records for the account are too voluminous to provide via e-mail.” So if DPR was not using this account to cash out commissions from SR1, but it was heavily trading only to eventually withdraw a noticeably smaller sum of bitcoins, what on earth was this account doing? The obvious possibility is: the ‘davidmaisano’ Mtgox account implemented the SR1 hedging system.

We identified the 7393.49 BTC withdrawal using a blockchain search, using wallet identification based on multiple input transactions, and tracking back change addresses we could see that the same entity received 8630 BTC in another transaction origination from Mt. Gox. Ulbricht seems to have stopped using the Mtgox account around May 2013. All activity on the account stopped after the last withdrawal, leaving a negligible amount of funds in the account. Why? There are two possible reasons:

1. The account hack. The hack appears to have been genuine and not some sort of attempt to scam Mtgox: a 05/29/13 journal entry presented in court shows that Ulbricht thought the DEA stole 2mln usd from his Mt. Gox account, a loss confirmed in the spreadsheet Ulbricht kept of SR1-related transactions (exhibit GX-250).
2. In the 2013 journal, Ulbricht comments on 03/24/2013 that he had been “been slowly raising the cost of hedging”, suggesting he was trying to discourage use of it. On 04/10/2013, he writes “some vendors using the hedge in a falling market to profit off of me by buying from themselves. turned of access log pruning so I can investigate later. market crashed today.” This suggests he was no longer keen on the hedging system and was planning on scrapping it anyway when the vendors began abusing it, the market crashed (increasing losses), and then on top of that, the account was drained by what he believed was the DEA (see the journal & spreadsheet entries) a month later.

MtGox2014Leak.zip

In early 2014, Russian hackers gained access to Mtgox backend servers (possibly with the help of insiders) and released [a public torrent] containing dumps of Mtgox databases up to December 2013 and held the rest back for sale. This is the leak which was used to produce The Willy Report and The MtGox 500 Fortunately, that period covers the full lifetime of SR1.

The email specifies that ‘The bitcoins (7393.49 BTC) were transferred to address AsUc3Lw1oDmwimWoGeCfBngzziS98FP5V (7393.49 BTC).’, which is an unusual number of BTC. We can search the torrent for that and find entry y, entry x is included as it served as direct confirmation of the account:

x:

3fcf63cc-c7d9-4cd8-b630-9a7ac9ee4ff0,0f97bfa3-b1ad-404a-afb1-8ead63c8250b,"2013-05-06 11:09:31",withdraw,-8630 </textarea></div>

y:

3fcf63cc-c7d9-4cd8-b630-9a7ac9ee4ff0,521960b9-8524-4737-93a0-2411aaa5e20f,"2013-05-06 12:38:33",withdraw,-7393.49 </textarea></div>

That first part “3fcf63cc-c7d9-4cd8-b630-9a7ac9ee4ff0” is the UUID.

We asked an ex-employee for assistance in going further. The insider provided the following excerpt from official logs not part of the lea k(after showing him the relevant leak logs):

"521960b9-8524-4737-93a0-2411aaa5e20f","3fcf63cc-c7d9-4cd8-b630-9a7ac9ee4ff0","22329","2013-05-06 12:38:33","withdraw","739349000000","806031","Bitcoin withdraw to 1AsUc3Lw1oDmwimWoGeCfBngzziS98FP5V","(ip)","Money_Bitcoin_Block_Tx","ea309d42641b03ff0c41f1671a803db612d5c8c6f6ef183f197391ba969d2a78" </textarea></div>

This shows the same UUID, and some additional information such as blockchain data relating to the withdrawal.

Back to the 2 withdrawals mentioned above; we can see the 8360 BTC withdrawal 1.5 hours before the 7393.49 BTC one. So not only did this confirm that the same entity that received the 7393.49 BTC received the 8630 BTC as well, it shows that it’s a withdrawal from the same account.

These are not the only two entries for the account 3fcf63cc. Isolating the entries, we have almost all deposits and withdrawals to that account, ~100 in total. This is an odd amount of activity for an account portrayed as nearly inactive. Further, we can see a withdrawal of 40,000 BTC then 2 months later, a deposit of 44,814.031337back into the same account.

The agent Der-Yeghiayan testifies on 20 January 2015 that they were focusing on what seems to have been a different account (pg102-107), perhaps explaining the general lack of LE interest in the other activities.

The Mtgox insider, which is familiar with the legal side of things, commented on these transactions that the (bogus) identity information for 3fcf63cc had not drawn any notice and that 3fcf63cc was very active with a number of transfers in/out, a peak balance of 150k btc, and ~20,000 different trades of “(deposit, withdrawal, buy, sell, etc)” (consistent with the email’s description of the trading activity as ‘voluminous’). The 40,000 BTC withdrawal had caught our interest as this was the maximum amount of bitcoin that could be withdrawn within a day at the time, it also meant the user was verified as the limit for unverified users as the time was a mere 4000 BTC per day, the insider confirmed that the account had AML2 status (notarized verification).

An example order from the leaked files:

1312614863842963,"2011-08-06 07:14:23",6534,NJP,sell,USD,29.70994053,292.03445,78.59413634758,22952.195381491,0.8761,78.59413634758,68.856322854115,0,0 </textarea></div>

Isolating all trade entries associated with the account, 17,049 unique entries were found. (Note that interpreting Mtgox trade records can be challenging; for example, the data is occasionally corrupt, and not all of these are separate orders since the exchange splits them into multiple orders in order to match them with various counter parties.) Looking at the entries, the easiest way to identify multiple trades as belonging to a single buy or sell order is to group them based on timestamps. Individual trades are visualized in this graph:

aggregated by day, aggregated by day, and log USD value; the periods of inactivity can be clearly be seen.

The account was registered around April 2011 (logs from Jeb McCaleb’s Mtgox apparently were known to be incomplete), and began trading 5 May 2011 (2 months before the hedging went live).

This has two main implications:

1. This activity is consistent with either hedging, or DPR1 being a trader who doesn’t care about cashing out and being so bad he could lose much of his money in a bull marketThis is an astonishingly large amount of bitcoins even at the time, would have represented a large fraction of Mtgox’s deposits, and substantial trading volume. It seems difficult to believe that Mtgox did not at least suspect the account of being linked with SR1. (The insider claims they had not realized what the account was for until we began asking about it.)
2. The exact rationale behind the switching between buying and selling doesn’t seem clear.Given that Ulbricht’s journal/memoirs describes him as barely being able to program when he began Silk Road in January 2011 and learning desperately on the fly, it may be that he implemented the simplest possible form of hedging: building up a cushion of USD early on by selling all hedging bitcoins, and then later buying back due to exchange rate decreases. It’d be worthwhile to analyze this further by looking at the Mtgox exchange rate movements.

IP addresses

It gets even more interesting: The insider noted that the Mtgox IP logs indicate that before the hedging went live, the account connected over the clearnet from probably Ulbricht’s house, these IP addresses were identifiable as ‘unprotected’ because they weren’t registered to a server host (the IP addresses that were servers were most likely Tor exit nodes and/or VPNs). More recently (presumably in 2013), 3fcf63cc did not just connect over IPs ‘connected to Ulbricht’ (which could easily be himself logging in personally to do normal trading), but an IP, 207.106.6.28, connected to the Mtgox API for trading.

The prefix 207.106.6. should be familiar to those who have followed the SR1 case in detail, since it is the prefix of one of the server IPs listed in the civil asset forfeiture request filed in NY to seize SR1’s bitcoins after the October 2013 raid. Specifically, the seizure lists the IP 207.106.6.32. In other words, the SR1 backend server appears to have been connecting over the clearnet to Mtgox for its regular hedging transactions. (This is not unprecedented: Ulbricht did SR1 backups to his JTAN account over clearnet because he complained Tor was too slow, and also used a VPN.)

This is a serious anonymity leak: blockchain analysis has lead investigators to Mt. Gox deposit addresses as early as April 2012, a subpoena or request for trading records would show a distinct pattern of large trades which screamed ‘hedging’ to anyone familiar with the operation of SR1. Was this how the Iceland server was identified?

Probably not. The server image in all filings has been described as having been obtained 23 July 2013, which is 1 day before the original Mtgox email was sent, and would have to have been located and then requested earlier, Further, this would have been a perfectly legitimate investigative strategy, indeed, it’s almost surprising that they didn’t ‘follow the money’ and de-anonymize SR1 in April 2012, or even 2011, when the FBI investigation began, and doubly surprising that they could be interested in Karpeles and Mtgox but not get the trading records. There was considerable pressure to take down SR1 as soon as possible (see Der-Yeghiayan’s testimony), and there was no reason to wait until July 2013 to image the SR1 server and use such a strange and cockamamie excuse like Agent Tarbell’s (undocumented) story of hacking SR1’s CAPTCHA. Interestingly, the Mt. Gox insider noted that it was unlikely investigators had any transactional logs of the Mt. Gox account(s) before their attorney sent investigators the full logs in July 2013.

This all also suggests that one could measure SR1 revenue over time by examining the hedging trades to estimate how much hedged volume there was, however it is uncertain to what extent hedging was done on the exchange, a possibility is that hedging was done both on and off-exchange as there are some significant gaps during which the account identified has no trade logs. Something that supports this is the previously quoted journal entry:

“’03/24/2013 / been slowly raising the cost of hedging; / orgainzed local files and notes’”

We see that through 19-21 March 2013 a large amount of BTC is bought on the account, during this same time period roughly 40,000 BTC is withdrawn from the exchange in 3 separate transactions. this could indicate that funds were transferred off exchange for a more risky hedging method(risky in the sense that Ulbricht would take the loss if price collapsed).

(This all raises an interesting alternative history question: suppose SR1 had not been raided in October 2013; Mtgox collapsed not too long afterwards; what would have happened to SR1 when Mtgox vaporized? Did SR1 still have a significant amount of funds on Mt. Gox? Would SR1 have collapsed or DPR1 covered the loss of the hedging funds out of his own pocket? Would the trustees have figured out the DPR1 account and turned it and all the IPs over to law enforcement? Or would people have been motivated to examine the leak for possible DPR1 activity?)

An important note regarding the leaked files: the insider believes parts of them to have been altered by hackers, possibly the same ones that released the files. Further, we learned that the original files were altered too. Further, hackers had full read/write access to all Mt. Gox servers for 3 days, deleting server logs after they were finished. However, we can’t find any rumors or evidence that the Ulbricht account was known to anyone, much less the 2014 Mtgox hackers, so it is a priori likely that the Ulbricht transactions are not tampered with specifically.

Who Stole Ulbricht’s Coins?

We know from the original email that this was Ulbricht’s account, and we now know it was the hedging account rather than a way of cashing out or day-trading, due to its timing, activities, and lack of fiat withdrawals. But that doesn’t answer the question: where did the coins go and who took them?

Ulbricht claims, complaining to Mtgox support, that he was hacked. He might be lying, but the same claim appears in his personal records where he has no reason to continue the pretense. Specifically, he thinks his coins were seized by the DEA.

1. The government did not take them. This is definitely wrong because the internal Mtgox records show purchases of Bitcoin and then a normal Bitcoin withdrawal rather than seizure of USD balance, there was no government announcement then, and still has been none.
2. A hacker did not take them based on the notorious Mtgox 2011 leak of usernames/password-MD5-hashes: we’ve checked but the “davidmaisano” account is simply not included in that dump (although interestingly, an account named “altoid” is), so as attractive and simple as this explanation would be, it’s impossible – the account could not have been exploited by cracking the password hash since no such hash was available.
3. A vendor probably did not take them. Our insider suggests a SR1 vendor may have figured the hedging system and somehow broken into the account and taken them. (Specifically, that they have some elements that could show vendors from Silk Road stealing and/or hacking Mt. Gox; further details were not given to us to protect his identity.) But it’s not clear how a vendor would even know SR1 genuinely used hedging, used it on Mtgox, which account it was on Mtgox, get the password or authentication token, and get in to drain it.
4. A Mtgox insider may have taken it. If they realized what the account was, it would be easy to log in, and withdraw the coins to sell on BTC-E. They would also know that Ulbricht would be unable to complain to LE, and easily verify the account to get higher withdraw limits. (Tampering with the records might also explain some anomalies and missing entries, but might not.)
5. A SR1 insider may have taken it. Ulbricht hired multiple people (“smedley”, “Variety Jones”/”cimon”, “utah”, etc) to work on coding and maintaining the site, and the hedging functionality was written in early 2011, when his coding was most amateurish and insecure. He showed a propensity for hardwiring values (the JTAN backup IP, the VPN login IP). If he hardwired the username/password or something of that ilk, any one who saw that part of the codebase could have easily engineered the theft; various employees had access to the codebase and sometimes the server itself (eg. “…04/21 – 04/30/2013: market and forums under sever DoS attack. Gave 10k btc ransom but attack continued. Gave smed server access…”). In which case, the question is not why the hedging account was burgled in 2013, but why it wasn’t burgled earlier.

Anomalies & Missing entries

EDIT: removed section about 3 missing rows. Appears to have been a glitch in downloading over HTTP or grepping the 2014 Mtgox leak, please disregard.

An additional anomaly is the account-verification status. Mtgox required identification for very large withdrawals like the 40k BTC withdrawal on 6-9-2012 or the final withdrawal of 4933 BTC made by the putative hacker, and this identity verification is attested to in the government email. But nevertheless, the transaction records mark each transaction with the Mtgox code of “!!” for an unverified or untrustworthy account, from the beginning to the end:

1351795530115354,2012-11-01 18:45:30,6534,NJP,sell,USD,8.23742072,91.91536,79.874,7341.627,0.25736,79.874,20.556,0,0,!!, ... 1367843632129978,"2013-05-06 12:33:52",6534,22fa9cb7-edfa-475e-a598-7b6b0d147ea5,45fe9a2df91b0b67779de6646a32fe42,NJP,buy,USD,134.13461537,16753.41346,98.063, 1642892.307,0,98.063,0,0.40240385,4511.694,!!, </textarea></div>

It’s not 100% clear whether the ‘!!’ notation refers to identify-verification or whether it might also here be referring to the account being accessed from multiple countries’ IPs (which is certainly the case for SR1, which according to the master server list document from Ulbricht’s laptop, exhibit GX-264, bounced from country to country).

TODO

Open questions:

1. How much did Mtgox really know and when did it know it?
2. Who were the Silk Road insiders and what information did they give, and to who?
3. Does this account, the account(s) the FBI investigation focused on, or any other Silk Road link to Mt. Gox have any connection to Mt. Gox’s massive losses?
4. Does the ‘hacking’ and big withdrawal account for most of DPR1’s missing bitcoins? The coins seized from the SR1 servers and Ulbricht’s laptop do not add up to the recorded SR1 commissions
5. How was Ulbricht’s Mtgox account hacked, exactly?The ‘davidmaisano’ account was not part of the 2011 Mtgox username/password leak, so the password hash could not have been cracked; ‘altoid’ was, but should have no connection. Or was it indeed SR1 vendors? And if so, how exactly did they go from suspecting that SR1 was hedging on Mtgox to being able to control the exact account and do withdrawals? Could they have hacked the SR1 backend and instead of settling for the hot wallet, stole the authentication for the Mtgo API and drained the account that way? Or, could it have been another Mtgox insider who, observing the trading, realized what the account was for and quietly drained it with some bitcoin withdrawals, knowing that Ulbricht would be unable to do anything but complain to Mtgox?
6. Did the trades stop in May 2013 because the account was hacked? Did activity switch to a different Mtgox account, a different exchange (such as BTC-E), or did DPR1 switch to self-insuring?
7. How much did Mtgox make off the hedging trades directly, or was its tolerance more strategic and about not interfering with SR1? There are BTC/USD fees for each transaction but it’s a bit difficult to convert that into a total.
8. Is hedging on exchange intrinsically unsafe for any large black-market due to the distinctive signature, increased counterparty risk, and high volume of trades?

Code

The CSV file follows a schema like thus:

Trade_Id,Date,User_Id,Japan,Type,Currency,Bitcoins,Money,Money_Rate,Money_JPY,Money_Fee,Money_Fee_Rate,Money_Fee_JPY,Bitcoin_Fee,Bitcoin_Fee_JPY </textarea></div>

Or by column-number:

1. Trade_Id,
2. Date,
3. User_Id,
4. Japan,
5. Type,
6. Currency,
7. Bitcoins,
8. Money,
9. Money_Rate,
10. Money_JPY,
11. Money_Fee,
12. Money_Fee_Rate,
13. Money_Fee_JPY,
14. Bitcoin_Fee,
15. Bitcoin_Fee_JPY

Halfway through, the format changes to include a hash. It can be deleted like this:

sed -i -e 's/22fa9cb7-edfa-475e-a598-7b6b0d147ea5,45fe9a2df91b0b67779de6646a32fe42\,//' mtgox.csv </textarea></div>

The resulting file can be read into R and graphed:

hedging &lt;- read.csv("mtgox_uuid_6534.csv", header=FALSE) hedging$Date &lt;- as.Date(hedging$V2) hedgingDaily &lt;- aggregate(V8 ~ V5 + Date, hedging, `sum`) with(hedgingDaily, qplot(Date, V8, color=V5)) </textarea></div> Updated: 2015-01-25