Notable tidbits (most of which were already public record if you followed the story very closely) include:
+ Mt. Gox commingled depositor and corporate funds. (Corroborated in the Japanese version of their docs released by the bankruptcy trustee.) Many in the community believed that they had promised not to do this (true) and they this was impressively unprincipled (I lean against this understanding).
+ Mt. Gox had standards of engineering professionalism which were not what one would hope would prevail at a financial institution with $500 million in assets. True and previously reported. Specific examples include lack of a staging environment, source control, testing procedure, engineering leadership, auditing... it goes on. Also might suggest in future not putting all code into MySQL.
+ At one point all BTC deposited at Gox were accessible by VNCing into a particular box, which suggests that claims that Gox had cold storage secured by keys kept in diverse physical locations were not consistent with conventional interpretations of engineering reality. (The new information here is "VNC." It was previously known that at one instant in time Gox proved its reserves by moving all it's BTC in a single transaction. This could be done in a way consistent with what the community thinks "cold storage" should mean; the VNC bit militates against that understanding.)
+ Employees of Mt. Gox believed, on the basic of public evidence, that the firm was losing money even at the peak. (I'd be interested in seeing their math for this; that was not the conclusion I reached in a napkin calculation in mid-2013.)
+ Wages at Tibbanne (which provided 100% of employees for Gox) were consistent with prevailing wages in Tokyo startups i.e. scandalously low. 50% of employees earned less than $2k per month; director-level salaries in order of $4k, except for...
+ ... explicitly alleged looting of customer funds to support director lifestyles.
+ Management was unable or unwilling to answer basic queries regarding finances internally.
+ Gox's bus number was one, and that bus would have resulted in $500 million being unrecoverablu lost. Management, when asked about this, lied brazenly. (Last part is new info, first part obvious.)
> + Wages at Tibbanne (which provided 100% of employees for Gox) were consistent with prevailing wages in Tokyo startups i.e. scandalously low. 50% of employees earned less than $2k per month; director-level salaries in order of $4k, except for...
I've been told that employees at a certain like-deviantart-but-good startup are paid about as much as a convenience store worker. On the other hand, the conbini won't sponsor your visa.
that does not tell anything - are they employees in a different country ?
Convenience store workers in the US earn about 20K USD per year - that is double the salary what a comp sci fresher from a tier 2 college (non-IIT) would earn in India. And that's a reasonable salary - at 10K USD per year, you can eat out everyday at pizza hut ("regular" food is cheaper), drink a couple of times a week and share a 3 bedroom apartment.
The "deviant-art-like-but-good" bit is probably referring to pixiv, a popular Japanese art site.
You're not going to live anywhere near a comfortable life in Tokyo on 2 million JPY a year, much less 1 million JPY a year. Convenience store workers here make around 950 yen/hr depending on what shift you're working on.
Assuming you find somewhere super cheap and livable (we're talking slightly larger than a single bed, maybe not even including a bathroom) for 50000 yen/mo, that's already 600,000 yen/yr on housing alone. You can see that there's not much left over for utilities, food, transportation, clothes, medical, etc... and we're not even talking taxes and luxuries.
> Convenience store workers in the US earn about 20K USD per year - that is double the salary what a comp sci fresher from a tier 2 college (non-IIT) would earn in India
Pretty sure Japan is more like USA in cost of living than India.
Hi, I'm Ashley Barr. (I'll prove it if necessary, but the tracks to this username have already been proved out by the bitcoin community)
This is pretty vivid summary. I didn't actually know that most of what I provided was already in the public record.
The reason I'm commenting is that I'm hoping to get more eyeballs on my original AMA, regarding Edit 3.
Cheers for your insights, I learned a little too.
Not particularly. A deposit is a liability of the corporation; the cash on deposit is an asset. Where do people imagine these things typically exist? In the absence of legal requirements to the contrary, money is money -- it doesn't typically carry along requirements to physically segregate it by owner, intended purpose, etc.
My company owes money to vendors, customers, and contractors, too, in the ordinary course of business. At any given time we have probably a few dozen creditors. How many deposit accounts do you think we have?
I don't think the comparison with an ordinary company is useful. They weren't mingling money paid to the company with money owed (which is normal), they were mingling client money, which they have no good reason to touch except under explicit instruction from the client, and their own funds used for operating expenses.
Companies which explicitly hold other people's money are usually held to higher standards in holding it (Solicitors, Banks, Estate Agents, etc). For example deposits are usually held in a client account, separate from other corporate funds, and not usable except for the intended purpose. The reasons for this are obvious, as it makes fraud far harder to perpetrate, and Mt.Gox not doing so is a red flag given the business they were in. Even worse than this, this wasn't a corporate account, it was Mark's personal account!
Even worse than this, this wasn't a corporate account, it was Mark's personal account!
I understand how you could read that from the employee's statement, but this allegation is contrary to fact. Gox did most of its business through a series of business accounts at Mizuho, one per currency. A list was provided by the bankruptcy trustee to creditors multiple times -- c.f. here: http://www.mtgox.com/img/pdf/20141126_document.pdf
Separating client and corporate funds, if done properly, will also protect the money from company debts. E.g. If the company becomes bankrupt, the client funds cannot be used to pay creditors.
> Companies which explicitly hold other people's money are usually held to higher standards in holding it (Solicitors, Banks, Estate Agents, etc). For example deposits are usually held in a client account, separate from other corporate funds, and not usable except for the intended purpose.
Banks use client deposits to fund their lending, though.
I don't see any fundamental problem with mixing client and corporate funds, provided there is good accounting, solid auditing and sufficient oversight in place to ensure client funds don't go missing. Obviously none of those existed in Mt. Gox.
Banks are pretty much the only institution that's allowed to commingle client funds with their own funds, and they're subject to a whole bunch of extra regulations and scrutiny as a result. Indeed, I've seen people argue that being able to do this is basically what defines a bank.
I get what you are saying but when you deal with managing other people's money I think it's a different story. It's a safeguard to prevent you from dipping into funds that are spoken for. Now you an still dip in (and may need to) but by having the accounts separate it's a conscious decision to dip in instead of a just a CC swipe away...
In the absence of legal requirements
to the contrary, money is money --
it doesn't typically carry along
requirements to physically segregate
it by owner
Right - for companies that aren't routinely transferring client money. Here in the UK, the way Mt Gox was run would be extremely irregular - clients' money would usually be stored in a client money account.
To use an analogy, consider if I courier you a parcel. When I hand it over to the couriers they have custody of it - but they don't own it. If the courier company goes bankrupt while my parcel is in transit, they don't get to open all the parcels and auction them off.
Likewise, companies like conveyancers and insurance intermediaries act as 'money couriers' - and they're expected to keep the money in separate accounts so, if the company goes bust, it's clear who is the owner of the money and who just has custody of it.
Obviously, not every financial service is a 'money courier' - but generally getting licenses that let you lose client money is more work than getting the licenses where you can't lose client money.
Of course, I'm not an expert on Japanese financial law, so it's possible financial conduct standards in Japan are different.
Well yes, there are legal requirements when money is handled.
BitCoin operates in a fuzzy realm, for sure, but it is still poor practice to not follow banking safety practices.
Any business that handles customer money (for example, a lawyer that holds client funds in escrow to pay for services later) is required to maintain separate accounts.
The only exception would be if the customer is lending money to the business (as when you invest in a bank account), not having the business to hold the customer's money.
Any business that handles customer money (for example, a lawyer that holds client funds in escrow to pay for services later) is required to maintain separate accounts.
Respectfully: this is not accurate generally or in Japan. Lawyers are special-cased in the laws of several US states for this purpose.
Software consultants in Japan, to use one example I am intimately familiar with, are not. If you take a deposit of $50k from a client which isn't your money yet, you book an asset (the money, typically deposited in your bank account, where there is no duty for segregation) and a corresponding 前受金 ("advance payment received") liability. As soon as you provide the service which you've received the money for, you're obligated to decrement that liability and increment sales. (This is important for tax purposes if the two events happen in different calendar or fiscal years, one reason why I have to keep books and report to the friendly local tax office once a year how much of OPM I'm presently holding.)
n.b. My understanding of GAAP here would be that Gox would probably hold the money on the books as a deposit (預かり金) rather than an advance payment (前受金) but I'm not positive about that -- my business never had to worry about it.
I think, in the case of a bank or banking-like-entity, it's really easy to argue that commingling deposits with corporate funds makes it much more likely for things like.. what happened at mt gox to happen.
If you violate professional standards while providing your services, even in the absence of requirements to the contrary, you're putting your clients at risk, probably to an unethical degree depending on what assurances you gave them.
Ok, that makes sense. I think I misread your original comment as referring to commingling personal funds with the corporate funds - which on rereading your OP is not what you said at all.
Thanks for this excellent easy to follow summary.
The only piece I have difficulty to understand is this:
The new information here is "VNC." It was previously
known that at one instant in time Gox proved its
reserves by moving all it's BTC in a single
transaction. This could be done in a way consistent
with what the community thinks "cold storage" should
mean; the VNC bit militates against that understanding.
What would be an example of "cold storage" that allows moving all BTC in a single transaction?
And how does the fact that it is accessible via VNC change anything?
What would be an example of "cold storage" that allows moving all BTC in a single transaction?
Have all the private keys stored on a machine which is airgapped. Sign a transaction on that machine; copy the transaction to a networked machine (could be done via e.g. copying a QR code from the monitor with a smartphone or, in extremis, just typing very carefully); release onto the Bitcoin network.
And how does the fact that it is accessible via VNC change anything?
Management has previously said that Gox's cold storage was based on offline copies of the keys being fixed onto paper and held in 3+ locations, sprinkled with some RAID-esque pixie dust. (I promise -- this is the maximally charitable summary.) If they're all available for management via VNC at any given time, that casts some doubt about whether they are actually striped over a bunch of paper wallets. Although the Bitcoin community is primarily worried about a server compromise followed instantly by a wallet draining, putting them on a machine accessible from the internal network is approximately just as dangerous, since one assumes that an attacker who gets the web server owns the entire internal network with probability approaching 1.
Cold storage is storage of BTC private keys that are not connected to any live computer. Therefore anyone who would hack your live computer systems could not steal the cold storage BTC just by a remote hack. They would have to physically break into whatever location contained the keys, and then circumvent any encryption-in-rest that you had wrapping those private keys.
You can also split up control of the keys with multisig, so multiple keys have to come together to move the BTC.
Since most financial institutions only have small fraction of their balance needed to cover their money inflows and outflows, having most of your BTC in cold storage is a best practice.
>>> Specific examples include lack of a staging environment, source control, testing procedure, engineering leadership, auditing... it goes on. Also might suggest in future not putting all code into MySQL.
This. . . is. . .particularly shocking. The FIRST thing I did when me and my two partners decided to start a business was to get all of these in place before we even started thinking of what we were going to build. All three of us thought it was that important.
Dude, I mean, lack of source control? Who does that? Even when I only had two years of development experience it was drilled in my head this was not just optional, it was absolutely necessary - there is no option to the contrary. It was just basic stuff you should know and this guy was handling millions of dollars in transactions every day? It really makes my jaw drop to think about.
This is not correct, except to the extent that management appears to have routinely used Mt. Gox's corporate funds for purposes other than those reasonably required to run the corporation. Mizuho Bank, Shibuya Branch, No.1457705 was indeed registered in the name of Mt. Gox, as were several other accounts.
+ Mt. Gox commingled depositor and corporate funds. (Corroborated in the Japanese version of their docs released by the bankruptcy trustee.) Many in the community believed that they had promised not to do this (true) and they this was impressively unprincipled (I lean against this understanding).
+ Mt. Gox had standards of engineering professionalism which were not what one would hope would prevail at a financial institution with $500 million in assets. True and previously reported. Specific examples include lack of a staging environment, source control, testing procedure, engineering leadership, auditing... it goes on. Also might suggest in future not putting all code into MySQL.
+ At one point all BTC deposited at Gox were accessible by VNCing into a particular box, which suggests that claims that Gox had cold storage secured by keys kept in diverse physical locations were not consistent with conventional interpretations of engineering reality. (The new information here is "VNC." It was previously known that at one instant in time Gox proved its reserves by moving all it's BTC in a single transaction. This could be done in a way consistent with what the community thinks "cold storage" should mean; the VNC bit militates against that understanding.)
+ Employees of Mt. Gox believed, on the basic of public evidence, that the firm was losing money even at the peak. (I'd be interested in seeing their math for this; that was not the conclusion I reached in a napkin calculation in mid-2013.)
+ Wages at Tibbanne (which provided 100% of employees for Gox) were consistent with prevailing wages in Tokyo startups i.e. scandalously low. 50% of employees earned less than $2k per month; director-level salaries in order of $4k, except for...
+ ... explicitly alleged looting of customer funds to support director lifestyles.
+ Management was unable or unwilling to answer basic queries regarding finances internally.
+ Gox's bus number was one, and that bus would have resulted in $500 million being unrecoverablu lost. Management, when asked about this, lied brazenly. (Last part is new info, first part obvious.)
There's more at the link.