Digital Gold (9 page)

Read Digital Gold Online

Authors: Nathaniel Popper

BOOK: Digital Gold
13.88Mb size Format: txt, pdf, ePub

But it took days for Mark to install the necessary protections against what was a fairly standard attack.

In Texas, Ross had shut down his used book business so that he could work on Silk Road full-time. He was staying up late, furiously trying to rewrite his site from scratch so it would be able to withstand both the traffic and the hackers who were already targeting him.
Silk Road now had over a thousand people registered, ten times more than it had just two months earlier. In mid-May, to get the new version online, Ross had to shut the site down for a few days, which turned into one of the more stressful periods he had endured.

“Updating a live site to a whole new version is no easy task,” he wrote in his diary. “You don't realize how many little pieces lay on top of one another so it works just right (at least when you code poorly like my amateur ass was doing). So for about 48 hours it was stop and start on the switch, but I finally got there and it was working.”

While Silk Road was down, the price of Bitcoin entered a short period of decline, suggesting just how important the site was for the fate of the virtual currency at this point. Silk Road users showed up on the Bitcoin chat channel asking if there was anywhere else they could score some drugs. When Silk Road came back online, the price of Bitcoin picked up again.

But the real onslaught began on June 1 when the gossip/news website
Gawker published an in-depth story about Silk Road, based on interviews with people who had purchased and received LSD and purple haze pot from the site. There were now 340 different items available, including tar heroin and Afghani hash.

In the days immediately after this story came online,
over a thousand new people were registering for Silk Road every day and
the price of a Bitcoin on Mt. Gox shot up, crossing $10 for the first time the day after the Gawker story and $15 two days later.

The growth of the black market was something many of the old Cypherpunks had wanted to enable by creating an anonymous currency—in the 1990s some of the Cypherpunks had even talked about a “Digital Silk Road.” But now that it was actually here, it was causing much more mixed feelings in the Bitcoin community. While Martti had welcomed the site and Roger Ver looked on approvingly, many of the Bitcoiners who were more interested in technology than politics thought this was the worst thing that could happen to the Bitcoin network. Gavin tried to personally distance himself and Jeff Garzik, a programmer living in North Carolina who had become one of the steadiest contributors to the Bitcoin software, wrote to Gawker to explain that Bitcoin was actually less anonymous than most people believed, owing to the record of all transactions on the blockchain. Sure, the blockchain didn't have names, but Garzik explained that the police would probably be able to determine the identity of users through sophisticated network analysis.

“Attempting major illicit transactions with Bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb. :),” Garzik wrote.

In conversations with other developers, Garzik was less worried about Silk Road users getting caught and more concerned about all the negative attention that Silk Road would bring if it continued to grow. The worst fears of people like Garzik were borne out on June 5 when Senator Chuck Schumer of New York held a heavily covered news conference, at which he decried the brazen business of Silk Road and called for prosecutors to shut it down. He described Bitcoin as an
“online form of money laundering used to disguise the source of money, and to disguise who's both selling and buying the drug.”

Rather than scaring people away, Schumer's commentary—and the deluge of media attention it received—brought on yet another surge of interest, sending the price of Bitcoin on an Icarus-like rise that had it at $30 within two days. That was a 600 percent rise from a month earlier, and a 9,000 percent increase from six months earlier. Silk Road now had ten thousand members.

Ross had, by now, fully recouped his initial investment—
earning $17,000 from the sale of his mushrooms, and $14,000 from commissions collected on the sales made by others. But the news out of Washington strained Ross's already frayed nerves.

“I was mentally taxed, and now I felt extremely vulnerable and scared,” he wrote in his journal. “The US govt, my main enemy was aware of me and some of its members were calling for my destruction. This is the biggest force wielding organization on the planet.”

When Ross shut the site down in mid-June, to take a breather, he wrote on the Bitcoin forums that his little experiment had claimed way too much attention: “We'll do our best to get out of the spotlight and hopefully the merits of Bitcoin will become the focus.”

But for regular Bitcoin companies, the situation wasn't going much more smoothly. Around the same time Silk Road went down, Mark Karpeles found himself unable to process withdrawals from Mt. Gox for four days. The problems helped pull the price of Bitcoin down almost as quickly as it had gone up. But even as the price settled down, below $20, something in the air was different. Some of Bitcoin's youthful innocence seemed to be gone.

Just a few months earlier—and even a few weeks earlier—the forums and chat channels had felt like a cozy global community. All the main characters could be found online talking to each other at almost any hour.

Now, everyone was too busy to chat, or was put off by all the negative energy. Mt. Gox users were on the forums complaining
about Mark's silence as his exchange struggled and trades got delayed. In the chat rooms, a few upstart exchanges that were attempting to challenge Mt. Gox slammed Mark and his maintenance of Mt. Gox. There were a growing number of signs that Mark was indeed falling behind. In May he had hurriedly decided to move Mt. Gox into an expensive office tower, but so far he had been able to find only one employee who was willing to take the risks involved in working on Bitcoin. Jed McCaleb sent Mark suggestions for how to improve the site but Mark never responded.

Much of the tension in the broader Bitcoin community seemed to be a result of the deluge of curiosity seekers and pranksters, who overwhelmed the chat channel with inane commentary. In June, over
15,000 new people joined the forums, more than doubling the membership and leading to 152,000 new postings.

Bitcoin was supposed to be a new kind of community with no central authority, powered by the people who joined it. That had worked until now because the people involved wanted to see it succeed. But what if the people joining in had no such interest? Should some authority figure intervene and, if so, who could it be?

Some of the leading developers working with Gavin suggested that moderators should more aggressively police the forums and potentially even move the forums from Bitcoin.org, so that the conversations on the forums didn't look as though they had some official status within Bitcoin.

Martti, who had been given final say over the websites by Satoshi, was uneasy about these changes.
He said he had long avoided determining what should and should not be discussed on the forum, as long as illegal transactions weren't happening on the forum itself.

Gavin largely stayed out of the public debate—he knew it wasn't worth fighting—but he quietly found a way to move forward by
creating a mailing list dedicated to Bitcoin development that would be easier to control, a move that did not go over well with everyone.

Around the same time, Gavin made his visit to the CIA to present Bitcoin to a conference on emerging technology. He reported back immediately to the forums and was transparent about what he had said during his visit and what the response had been (everyone at the CIA meeting seemed to be interested). Many people on the forums were supportive of his decision to make the visit, but not everyone was. Those debates, though, were quickly overshadowed by bigger questions about whether the people building this community had the skills to keep it growing.

CHAPTER 8

June 19, 2011

T
he Tokyo sky outside Mark Karpeles's window was still dark when the iPhone on his bedside table jolted him awake just after 3 a.m. Mark was still trying to get his bearings when he picked up the phone. On the other end was the panicked voice of his friend William, a Frenchman living in Peru who had first introduced Mark to Bitcoin back in 2010.

For the last few weeks, William had been helping Mark keep up with the seemingly irrepressible expansion of Mt. Gox, which had grown from three thousand users in March to over sixty thousand users in June. Just how little Mark was prepared for the recent growth was clear from what William was trying to tell him on the phone. Something about the exchange's servers slowing down to a glacial pace—and the price of Bitcoin plummeting from $17 to 1 penny in less than an hour.

Suddenly alert, Mark leaped out of the bed he shared with his new wife and ran to the home office in their compact Tokyo apartment, one floor up from the narrow street. Mark was not generally known for moving fast—most who met him immediately noticed
his slothlike way. But once he had his Mt. Gox administrative account up on the screen, Mark wasted no time in bringing the crisis to a screeching halt. He shut down the link between the Mt. Gox website and his server and moved Mt. Gox's 432,000 Bitcoins—some $7 million at yesterday's prices—to a new address that had a more secure password.

These moves were enough to stem the run on Mt. Gox, but immense damage had already been done. Hackers had enjoyed nearly an hour to do their work, while confused and terrified Bitcoin users looked on. Starting at around 2:15 in the morning in Japan, the hackers had begun selling large quantities of Bitcoins, pushing the price down dramatically.

“Everyone! Panic sell!” someone wrote on the chat channel, seeing the price dive.

“Holy fucking sht,” another wrote.

One user had the presence of mind to record the charts showing the decline and narrate a video of it in real time. Others, who had dollars in their Mt. Gox account, saw an opportunity and began buying up the cheap Bitcoins.
The selling continued until 260,000 Bitcoins were purchased for $2,600 shortly before 3 a.m. Japan time—a 99.94 percent discount from their value just an hour earlier.

After Mark had shut everything down, he sat in his dark apartment and began to piece together what had happened. The user logs showed that someone had signed in with the administrator account of Jed McCaleb, the Mt. Gox founder who was still helping Mark out. The computer appeared to be in Hong Kong, but it was likely the hacker was porting in to a computer there from elsewhere. The Mt. Gox software enabled the hacker to change the balances in accounts and he created over 100,000 new Bitcoins out of thin air and put them in a new Mt. Gox account. These were not real coins on the official blockchain; they existed only in Mark's
accounting system. But that was enough for the hacker to begin using them on the Mt. Gox exchange.

The hacker had clearly planned in advance and knew that Mt. Gox allowed users to withdraw only $1,000 worth of Bitcoins at a time. In order to maximize the amount of Bitcoins that could be withdrawn, the hacker began selling some of the newly created coins to push down the price. As the price dropped, it was possible to withdraw more and more Bitcoins under the $1,000 limit, until the relatively primitive design of Mt. Gox came to its rescue. As the servers slowed to a crawl, owing to the traffic created by the hacker, withdrawals suddenly became impossible. By the time Mark got up, most of the hacker's Bitcoins were still stranded inside Mt. Gox, though hundreds of thousands of coins had already been sold at distorted prices.

It was not until an hour after he first got online—and two hours after the melee began—that Mark posted any kind of explanation to the Bitcoin forums. At that point, he gave the basics of what he knew and said that the site would be down indefinitely. He also announced his intention to cancel all the trades made with the Bitcoins created by the hacker, a move that drew an immediate backlash from buyers, who believed that they had gotten thousands of those Bitcoins on the cheap. Although many expressed anger that Mark was violating one of the fundamental tenets of Bitcoin—the irreversibility of Bitcoin transactions—Mark could do so because trades on Mt. Gox happened only within the company's system, not on the actual blockchain (Mt. Gox interacted with the blockchain only when coins moved into and out of the company).

The scope of the questions soon expanded, especially after it emerged that the hacker had stolen a copy of Mt. Gox's customer database, with everyone's e-mail addresses, and posted it on the Internet. There was bewilderment that Mt. Gox administrators
had needed only a single password to log in, not the multiple passwords that most financial websites required. And Mark's system had not checked on the IP address and location of users to look for abnormal activity.

“Frankly, we are fortunate that our hackers have been stupid and lazy so far,” Jeff Garzik, the North Carolina programmer, said to some other developers.

On top of these programming mistakes, the released customer database demonstrated how few measures Mark had taken to stay compliant with international rules designed to stop money laundering. Mark had just e-mail addresses for most of his users, much less than financial regulators generally expected. Of course, it wasn't clear what regulations Bitcoin would fall under, if any. But there was now real money flowing into and out of Mt. Gox, making the exchange an easy target for government prosecutors if they decided to look.

T
HE FIRST SIGN
of any relief for Mark came in an e-mail that popped into his inbox later that morning.

Hey Mark—

If you guys need any physical help, I'm available. I can be at your office within 10 minutes.

I'm not sure what I can do to help, but I can help with phones or emails or anything you need for a day or two until you get things calmed down.

The e-mail came from Roger Ver. From Roger's glass-walled sixteenth-floor apartment, in one of Tokyo's most exclusive residential towers, he could see the Cerulean Tower, where Mark had recently set up Mt. Gox's offices. Since discovering Bitcoin in April
on
Free Talk Live
, Roger had dedicated many of his waking hours to thinking up new ways to promote the technology. In a conversation right before the crash he had said something that would become a standard line for him: “Bitcoins are the most important invention since the internet itself. They will change the way the entire world does business.”

At this point, though, Roger knew that Bitcoin relied as much on Mt. Gox's survival as on the Bitcoin protocol itself, and he wanted to make sure that Mt. Gox would survive so that Bitcoin could as well.

By the time Roger sent his e-mail, Mark had driven in his souped-up 2009 Honda Civic from his apartment to his new office. Mark quickly connected with Roger on Internet chat—Mark's preferred method of communication—and asked him to come right over. He needed people who could speak English and sort through the thousands of incoming e-mails from confused customers.

When Roger showed up at the bare-walled office, he was an even more forceful and impressive presence than he seemed online. He had the lean, muscular physique of a wrestler, which is what he had once been, and the buzz cut and big smile of a politician, which is what he had once wanted to be. What's more, he came with his Japanese fiancée, Ayaka, and one of his employees from Memory Dealers, whom he put at Mark's service.

Roger, on the other hand, had to adjust his judgments of Mark in the other direction. Mark had the chubby look of a big child and the nervous crooked smile of someone who was not entirely comfortable with direct human contact. His wardrobe was heavily reliant on T-shirts with puns about programming languages. His heavily accented English made him difficult to understand. Mark's only staff member was a young Canadian with no programming expertise who had been hired a few weeks earlier. Roger put all this aside for the time being and dived into the flood of customer-support requests.

Roger brought an energy unlike anything that Mark had seen before. As he plowed through complaints and requests, Roger also managed to convince an old friend to get on a flight from California to help the Mt. Gox rescue effort.

Roger and the friend who came to Tokyo the next day, Jesse Powell, were a somewhat unlikely pair. In contrast to Roger's clean-cut, buttoned-down appearance, Jesse had long blond hair and had used money from his startup to found an art gallery in his hometown, Sacramento. But Jesse and Roger had met when they were teenagers and both playing the card game
Magic
competitively. The strategy game appealed to both young men—and many of the other youngsters who later found Bitcoin—because they liked the idea of finding unexpected solutions to complex problems. Later on, the same instinct had led both of them to the martial art jujitsu. A mixture of Japanese and Brazilian influences, jujitsu gained renown as a way for smaller, less muscular people to disarm and defeat larger opponents. Libertarianism and Bitcoin were alluring to Roger and Jesse for much the same reason, owing to the deceptively simple answers they promised for much bigger problems.

Roger had chosen his apartment in Tokyo largely because it was near his jujitsu studio, or dojo, and during Jesse's visit to help at Mt. Gox, the men went to the dojo to grapple with each other and let off steam. But they spent almost all of their time working through the constantly growing pile of e-mails that had been sent to [email protected].

Mark, for his part, spent these days silently parked in front of his computer, investigating the cause of the hack. He determined that the attacker had gained access to Jed's Mt. Gox administrative account by either guessing the password with the brute force of a computer program or by gaming the system that allowed users to create new passwords. In the end, Mark calculated that the site
had lost only a few thousand Bitcoins, which he promised to reimburse with the company's money.

Mark then moved on to rewriting the Mt. Gox code so that he could reopen the site. Two days after the crash, he
appeared briefly, via Skype, on
The Bitcoin Show
, a relatively new online production created by an enthusiast in New York. Mark took the opportunity to blame the code he inherited from Jed McCaleb, which he said had “a lot of problems.”

“The new system was written from scratch with absolutely no code from the old system,” he said. “It was made from state of the art techniques.”

Two days after that, Mark made a transfer of 424,424 Bitcoins that was visible on the public blockchain, in order to prove that he had his customers' coins.

“Ready guys?” he asked, right before making the move. “Don't come after me claiming we have no coins after that.”

“Hopefully I'll be able to work without getting too much disturbed after that,” he said.

Roger and Jesse were initially impressed by Mark's calm during the crisis. Every day he sat quietly at his desk, eyes fixed on the screen. But as the week progressed, Mark's silence put him at an uneasy distance from the surrounding world. Jesse and Roger grew concerned that all Mt. Gox's technological and financial affairs were in the hands of one person, with no one else in a position to question his decisions or stand ready if things went wrong. They also worried about Mark's ability to prioritize tasks properly. They frequently noticed that when Mark was supposed to be working on fixing the site, he was instead on the Mt. Gox chat channel, trying to address customer complaints. At the end of the week, Roger and Jesse asked what time they should come in the next day.

“Oh no,” Mark said. “We can just start again on Monday.”

“But this site isn't even back up,” Roger said. “I think we should keep working until we get it up.”

Mark said something about the office tower being closed during the weekends and shut off further conversation. While walking back to Roger's apartment, Roger and Jesse wondered at Mark's lack of urgency.

Mark himself worked through the weekend, from his apartment, and opened the site for trading on Monday morning. As soon as this happened, the price of Bitcoins began falling. In the week that Mt. Gox had been closed, the public perception of Bitcoin had taken a decided turn for the worse, with a series of news articles suggesting that the hack marked the likely end of Bitcoin. The day after Mt. Gox reopened,
Forbes
, which had been among the first to write positively about Bitcoin, said that
“it's likely to go the way of other online currencies,” the first of many public obituaries for Bitcoin.

Other books

HER MIRACLE TWINS by MARGARET BARKER,
Charmed (Second Sight) by Hunter, Hazel
Tom Clancy Under Fire by Grant Blackwood
Omelette and a Glass of Wine by David, Elizabeth
The Demon King by Heather Killough-Walden
A Minor Indiscretion by Carole Matthews
Destroying Angel by Sam Hastings
Love Through LimeLight by Farrah Abraham