Bitcoin continues to create all time highs on daily basis and the underlying technology, Blockchain, is seen by many as the silver bullet for many of the world’s problems, from financial services to insurance to personal identification to the health industry to digital elections and so on. With all the hype that surrounds it, the rise of the Blockchain has not been without hiccups though. While this is to be expected and considering that transformation seldom goes without setbacks. What follows are some of the biggest scandals that rocked the world of Blockchain, but while none of them has put a lasting dent in its reputation, it should serve as a reminder that not all that glitters is gold.
Mt Gox is synonymous with the biggest theft from a bitcoin exchange platform, the mother of all attacks. Launched in July 2010, Mt Gox rose as far as handling over 70% of all bitcoin transactions. On 20th June 2013 the exchange suspended withdrawals in US dollars, which was only the beginning of its troubles. After a series of re-launches and additional trading halts, only to suspend all trading on 24th February 2014: hours later its website went offline, returning a blank page. A couple of days later Mt. Gox filed for bankruptcy protection in Tokyo, reporting that it had liabilities of about 6.5 billion yen ($64 million at the time), and 3.84 billion yen in assets. According to the company, it had lost close to 750,000 of its customers’ bitcoins, and around 100,000 of its own bitcoins, the equivalend of 7% of all bitcoins, which at that time were worth about $473 million. It was initially not clear what the reasons for the loss were and it is still subject to speculation as to what happened exactly, but apparently the exchange had been subject to several hacks between 2010 and 2014. Its founder Jed McCaleb sold the exchange to Mark Karpelès in March 2011 and it is said that at that time it had already lost 80,000 bitcoins, which were then worth more than $62,000. Eventually, Karpelès was arrested in August 2015 in Japan, released on a $100,000 bail and waits to stand trial according to unconfirmed sources.
The Bitcoin Savings and Trust
A Ponzi scheme, for those that are not familiar with the concept, is an operation to defraud investors. The fraudsters basically pay existing investors returns from the capital they collect from new investors by offering higher profits than other investments. In that spirit the Bitcoin Savings and Trust (“BTCST”) promised investors up to 7 percent weekly interest, and, by doing so, managed to raise at least 700,000 bitcoins from February 2011 to August 2012. The SEC investigated and found that the CEO of the company, Trendon T. Shavers, solicited all investments, and paid all purported returns, in bitcoins, in online chat rooms and on the Bitcoin Forum. In reality, he used new bitcoins received from BTCST investors to pay purported returns on outstanding BTCST investments, and diverted BTCST investors’ bitcoins for his personal use. He was charged and the Court further found that, even as he publicly denied the Ponzi scheme on the Bitcoin Forum, Shavers knowingly and intentionally operated BTCST as a sham and a Ponzi scheme, and repeatedly made materially false and misleading representations to BTCST investors and potential investors concerning the use of their bitcoins, how he would generate the promised returns, and the safety of their investments. The court ordered Shavers and BTCST to pay more than $40 million in disgorgement and prejudgment interest.
Moolah or Fraud in the Age of Digital Identities
In October 2014, Moopay, the company behind Moolah and the MintPal exchange, has announced that it would be filing for bankruptcy. What sounds like the story of just another failed cryptocurrency exchange has a very interesting twist in the person of Moolah’s CEO, or rather in the form of his various identities. MintPal already had been in serious trouble when Moolah acquired it and then failed to relaunch it. It’s CEO Alex Green claimed that the company simply ran out of cash and had therefore to cease operations. Alex Green, however, was actually Ryan Kennedy, a long-time internet scammer that also went by the names Ryan Francis, Ryan Gentle and others. When he got found a couple of days after the announcement, he admitted to the name scam, citing that he had to create a new identity and that he knows that he has “fucked up on a catastrophic level”. It doesn’t seem that he wasn’t entirely honest about his remorse either as he disappeared with almost $2 million in bitcoin from Mintpal. Apparently, the SEC has been investigating the case, there were rumours of Green/Kennedy being arrested in the UK in 2015, but only in February 2016 was he arrested for certain. This time though he was accused of multiple counts of rape and assault by sexual penetration. The court convicted and sentenced him to 11 years in jail.
Ross Ulbricht and the Silk Road
The Silk Road was the dark web marketplace, famous for mostly trading drugs of all sorts but also fake documents, forgeries and other illicit goods. All transactions were paid for with bitcoin. Created in early 2011 and named after the ancient network of trading routes through Asia, it was owned by Dread Pirate Roberts, the pseudonym of Ross Ulbricht allegedly. Allegedly since Ulbricht claimed that Mark Karpelès of Mt Gox was the real Dread Pirate Roberts (named after a character in the beloved novel and movie “The Princess Bride”) who had him setup as a scapegoat when the FBI arrested him in October 2013, shut down Silk Road and indicted him on charges of money laundering, computer hacking, conspiracy to traffic narcotics, and attempting to have six people killed. The FBI is said to have confiscated around 144,000 BTC from Ulbricht. In May 2015 he was sentenced to five sentences to be served concurrently, including two for life imprisonment without the possibility of parole. Ulbricht was also ordered to forfeit $183 million. Several people have been convicted for crimes directly related to the Silk Road (mostly related to drug dealing), but Ulbricht was the big fish the authorities were after.
The airport arrest of Charlie Shrem
Shrem was the co-founder of the bitcoin exchange BitInstant, the investment company Intellisys Capital and is a founding member of the Bitcoin Foundation. However, he hit the headlines when he was arrested at JFK airport returning from Amsterdam and together with Robert Faiella charged for “engaging in a scheme to sell over $1 million in Bitcoins to users of “Silk Road,” the underground website that enabled its users to buy and sell illegal drugs anonymously and beyond the reach of law enforcement. Each defendant is charged with conspiring to commit money laundering, and operating an unlicensed money transmitting business. Shrem was also charged with willfully failing to file any suspicious activity report regarding Faiella illegal transactions”.
Shreme eventually pleaded guilty to a reduced charge of aiding and abetting unlicensed money transmission and in December 2014 was convicted of aiding and abetting the operation of an unlicensed money transmitting business, ordered to forfeit $950,000, and sentenced to two years in prison. Having entered prison in March 2015 and been released from jail last year, he just joined the blockchain wallet Jaxx as director of business and community development.
The MyCoin Pyramid Scheme
A pyramid scheme is a form of Ponzi fraud (see also “The Bitcoin Savings and Trust” in this article for a similar case), where investors are promised returns in exchange for recruiting other investors into the scheme. With every level of recruiting, it multiplies, until it impossible to recruit new investors leading to the collapse of the scheme and defrauding many of the participants of their investments. It’s an old concept with numerous slightly varying models, so obviously someone had to come up with a way to use cryptocurrencies for its illicit purpose. One such example is the defunct bitcoin exchange MyCoin, which was based in Hong Kong and shut down by local authorities in February 2015. The Hong Kong Commercial Crime Bureau (CCB) had launched a preliminary investigation, which revealed that a relatively investors may have lost up to $400 million. The scheme was simple as investors were asked to invest at least 400,000 Hong Kong Dollars for 90 bitcoins to be put in a MyCoin account for the period of a few months, while MyCoin promised them a return of 150%. Several arrests were made but it is unclear how much of the defrauded funds have or will be returned to the victims.
The Bitfinex Exchange Hack
The Hong Kong based crypto-currency trading platform Bitfinex is said to be the largest Bitcoin exchange platform, with over 10 % of the exchanges. On 2nd August 2016 the company announced that almost 120,000 BTC had been stolen from its platform, the equivalent of $72 million at the time. It led to a bit of blame game between the company, its security provider BitGo and the US Commodity Futures Trading Commission (CFTC) who was accused of having forced Bitfinex to use BitGo and keep the majority of the funds in hot storage instead of its existing cold storage setup (something that helped Bitstamp limit the damage – see there). Shortly before, the CFTC had fined the exchange $75,000 fine for offering illegal off-exchanged financed commodity transactions and the discussion then focused on whether Bitfinex could impose the losses on its customers. Long story short, Bitfinex users received another asset called BFX tokens in exchange for the loss that customers suffered from the hack and the company in April reported that it had bought back all of the remaining cryptographic tokens it used to reimburse investors.
Bitstamp looses less than 19,000 Bitcoin
Bitstamp is a European bitcoin exchange based in Luxembourg, which ranked amongst the largest by volume last year. According to the company, on 4th January 2015, some of Bitstamp’s operational wallets were compromised, resulting in a loss of less than 19,000 BTC, then little more than $5million. Even though the company stated that the breach represented only a small fraction of Bitstamp’s total bitcoin reserves as the overwhelming majority of which are held in secure offline cold storage systems, it chose to suspend completely for several days to deal with the breach. No official statement was made in regard to the details of the breach, but it was rumoured that 6 employees of Bitstamp were targeted in a weeks-long phishing attempt leading up to the theft according to an unconfirmed incident report, which supposedly was leaked by the exchange.
The exchange also reported that shortly before the breach some of our customers reported receiving suspicious emails, which were found to contain malware and that it had been targeted in a large DDoS attack, too, though no bitcoin was stolen from any of our customers in either of those incidents. In any case, it underlines the threat institutions like Bitstamp are under and in response to the incident the exchange introduced several new security measure such as multi-sig technology.
The DAO was a Decentralized Autonomous Organization (“DAO”). DAOs run through rules encoded as smart contracts, which in turn are computer programs that facilitate, verify, or enforce the negotiation or performance of a contract, or that make a contractual clause unnecessary. The DAO’s smart contracts are based on Ethereum, a public blockchan platform with programmable transaction functionality that is also the basis for the cryptocurrency ether (ETH).
The DAO was fuelled using ether, which in turn created DAO tokens. DAO token holders would have the right to vote on investment proposals (proportional to the number of tokens held) as well as the opportunity to receive rewards generated by the output of the work from the contractors’ proposals. As such, it was intended as a form of venture capital vehicle that would invest in projects in the sharing economy and the DAO is said to have raised the largest amount ever in a crowdfunding campaign, which resulted in the collection of funds with a value of around $150 million in ETH in June 2016. While its creators hoped to build a more democratic financial institution that would be safe against the fallibility of humans by trusting the trustless concept of the blockchain and smart contracts, human error was at the bottom of the heist that brought it down as quickly as it has risen. Hackers exploited a programing mistake in the code of the DAO and managed to transfer a third of its funds into a subsidiary account. For reasons of programming these funds couldn’t be transferred out though for 4 weeks, giving the Ethereum community time to discuss and decide what to do. Eventually, it was resolved to hard-fork the Ethereum blockchain to restore virtually all funds to the value and ownership right before the attack. Though technically no damage was done to investors, this very controversial decision led to a split in Ethereum, where the original unforked blockchain was maintained as Ethereum Classic, thus breaking Ethereum into two separate active cryptocurrencies.
The AsicBoost Controversy
Just a few weeks ago, on 5th April 2017 to be precise, Gregory Maxwell, a bitcoin developer, posted a message entitled “BIP proposal: Inhibiting a covert attack on the Bitcoin POW function”. It explained how the so-called ASICBOOST technology could be used to exploit a flaw in the bitcoin mining protocol to gain a competitive advantage over competitors. Giving the user an efficiency advantage of up to 30%, Maxwell estimated that exploitation of this vulnerability could result in payoff of as much as $100 million USD per year at the time. The company behind the technology, Bitmain, swiftly issued a denial of the practice and there has been a vivid discussion going on in the community where you can find all sorts of arguments and explanations. What it means in practical terms for bitcoin mining though is that if Maxwells allegation were true is that it would pose – again in Maxwell’s words – “a clear and present danger to the bitcoin system” as the democratic approach that basically everyone can mine bitcoin would be reduced to a few. It would also mean that it, if what Maxwell says is true, the bitcoin blockchain has has been “hacked” for some time and the damage, while difficult to numeralise, is likely to be in the hundreds of millions of dollars. The outcome? Only time will tell. Maybe…