Art by: Jing Jin
It is becoming an increasingly familiar situation for bitcoin users who are involved in the high-speed trading that practically requires the user to trust another party to hold their keys. That third party fails, vanishes into the night, and the users are left wondering if the formerly trusted third party got robbed themselves or simply ducked off with all of their bitcoins. Either answer provides little consolation.
That is what Bitcoin Trader users are asking themselves, just a week after Moolah and its recently purchased Mintpal suffered their own financing issues that resulted in the loss of customer funds and the declaration of bankruptcy.
According to Coindesk, Bitcoin Trader users started experiencing withdraw problems on Oct. 6th. That caused an uproar, along with the company's announcement that it wouldn't release a third party audit that had recently been performed.
Those red flags should have been enough for users to know to stop putting money into the system, but for the ones already in the system, they couldn't do anything but patiently wait and hold.
Late last week, Bitcoin Trader announced through email that they did not have the funds to cover customer funds and would be declaring bankruptcy in Panama.
One Bitcoin Trader user posted the email he received from Bitocin Trader on Reddit, and it is a good place to start when trying to figure out exactly what went on.
Regrettably I have to announce the failure and closure of Bitcoin Trader.
While preparing for the final audit results, a task we were working on for weeks now, our bitcoin wallet has been hacked and emptied, just after exchanging our fiat holdings within the exchanges to bitcoin and transferring our entire holdings to our wallet, in order to proof [sic] our solvency.
It is a known fact that I personally opposed any proof of solvency, but agreed to conduct it for the sake of a few dozen small and medium investors.
The hacker contacted me shortly after he took advantage of our holdings and demanded a ransom in order to transfer the coins back. I have agreed to a 25% ransom of the entire sum, but haven’t heard back from him for several days now.
My aim was to create something based on trust, just as bitcoin itself is based on distributed trust. Unfortunately I must admit today, I have failed. All left to do now is to declare bankruptcy with the Panamanian authorities and to hand over all relevant files and information for further investigation.
Sincerely, John Carley[.]”
One of the first questions raised by Redditors was what bankruptcy in Panama is like. The information online, at least in English, is spotty at best. I am not a lawyer, but I have been able to determine that, according to the sources I found online, Panama bankruptcy law does not allow companies to restructure, but rather requires them to permanently cease operations. This stands in contrast to American bankruptcy procedures that allows, depending on the type of bankruptcy filed and if a Judge determines creditors will have a better chance to recoup their losses, a company to restructure and continue in limited a capacity. There are a few industries that have an exception to this rule, including banking. It seems unlikely that Panamanian authorities will see Bitcoin Trader as a bank, but considering its (alleged) substantial fiat holdings, there is a chance a lawyer may be able to argue that it should be in they eyes of the court. Even if that does come to pass, Bitcoin Trader, 75 % of its creditors and a judge will have to agree on a deal.
As soon as Bitcoin Trader files for bankruptcy, they will be unable to legally move their funds through the Panamanian financial system. As this is a Bitcoin company, Panamanian authorities will have no ability to stop Carley or other Bitcoin Trader employees from moving their (read: customer) funds using the Bitcoin blockchain. However, it appears that if it can be proven in court that Bitcoin Trader attempted to move or hide their financial assets, they will face serious consequences in court (although, being able to prove that a blockchain transaction happened intentionally or due to a hack may be difficult).
The 25 % “ransom” was also questioned by some users, who asked why someone would return 75 % of the funds when 100 % of them were already in possession of the hacker? That isn't as unbelievable as it first sounds. Many hackers, including those that steal money illegally, see themselves as “white hat” hackers (even if the truth is a different story). The ransom they asked for, they say, is payment and punishment for having a inefficient security and putting users at risk.
For whatever reason, the hacker, if he existed, did not return the remaining funds and Bitcoin Trader officially lost user funds.
But there is also the question of if the move was a hack at all. There are a few pieces of circumstantial evidence that may be the case, but nothing is concrete at this point.
First, the website is completely down. If Bitcoin Trader was moving forward with the bankruptcy plans in an honest and open way, you would expect some kind of message on the main page, even Mt. Gox managed that much. However, the site is currently (and has for a few days now) completely offline.
Second, users have been questioning the official story. According to the email allegedly from Carley, the hacker stole the exchange's BTC when they moved customer funds from fiat to BTC in order to prove their solvency.
There are a few questionable actions in this story. It should be noted that Bitcoin Trader essentially did what every Bitcoin user first thinks when he notices the price disparity between two exchanges. Their business model was to find these disparities and then capitalize on them. They promised very low risk Bitcoin income. However, while some movement into fiat would be necessary for Bitcoin Trader's business plan, it has no reason to move all of its funds into fiat or vise-versa for the purpose of an audit or its business plan.
Yet, that is what Carley seems to be claiming here. For whatever reason, Bitcoin Trader, according to the official story, moved all of its fiat holdings and BTC into one hot wallet, where it was stolen. But, if the move was to prove solvency, there is no reason to move all the funds into one wallet. Any auditing company can check three, four or any number of wallets almost as easily as they can check one.
Second, there is no reason to move the fiat holding or cold storage holdings into a hot wallet for an audit at all. Auditing companies have existed for decades, long before bitcoin, and are perfectly capable of checking traditional financial statements. It also isn't difficult to check the balance of an offline wallet, so there was no obvious reason to move the funds to a hot wallet where it is vulnerable.
Notably, Bitcoin Trader was a previous advertiser on Cointelegraph. Carlo Carlouzzo wrote the advertising page for Bitcoin Trader and took this quote from the page back in September:
“For your peace of mind, all our Bitcoins not used for the day to day operation of Bitcoin Trader, are stored securely offline. Furthermore, at no time are any Bitcoins stored on our server.”
That text does not appear on Archive.org's only cache of Bitcoin Trader's About page, taken on October 9th. Regardless, this seems to fly in the face of the story released by Carley.
The official Twitter account of Carley also brings up some questions: it is full of October promises to continue withdrawals soon, with “maintenance” being listed as the reason for the delay. We now know, thanks to Carley's own admission, that maintenance had nothing to do with the delay.
That doesn't prove that his current claims about a hack are untrue. But, people with nothing to hide rarely lie. The Twitter account went dark after an October 11th promise to answer questions soon. Those questions were unfortunately answered only with a 404 error page and the above email.
Emails to the address Cointelegraph had from the sales catalog came back as undeliverable. We have sent questions to their support email and are waiting for a response.