Pay the Devil in Bitcoin
Page 8
In a tweet, Janssens wrote: “I have black on white proof of Mark Karpeles making multiple death threats against an ex-employee. So [do] Japanese police. #RossUlbricht.”6 The hashtag was a reference to the fact that Ulbricht was also being accused of plotting to kill a former employee. The accusation sparked a torrent of comments on social media.
It was likely that Janssens planned to give the “evidence” to Ulbricht’s lawyer. Luckily for Karpelès, the judge in Ulbricht’s case, Katherine B. Forrest, ruled the claim of Karpelès’s involvement with Silk Road as speculative. Nor would she allow future testimony regarding the possibility of his being Dread Pirate Roberts. In addition, she struck previous testimony about Karpelès being a suspect from the record. Though this was obviously good news for him, the mere mention of Karpelès in this light can’t have done his reputation any good.
The evidence Janssens planned to bring against him included e-mails allegedly sent by Karpelès to a former Mt. Gox employee. One, dated Saturday, March 1, 2014, read:
Keep in mind the warning letter you received. If you [make any] statements that contain confidential information, we will find a way to deal with it, maybe outside of the law, by making you return home as a dead man, for example. I’d appreciate it if you keep quiet.
Thanks.
This was supposedly signed by Karpelès and sent from his e-mail address. A second threatening e-mail was apparently sent a couple of days later, on Monday, March 3, 2014, which read: “We are watching you closely. Always remember that.”
It wasn’t signed.
Intimidation (kyohaku) and extortion (kyokatsu), depending on the nature of the threat, are criminal offenses in Japan.
However, in an odd turn of events, Janssens then retracted his accusation and announced that his allegations were being followed up by people on his own team. A cybersecurity expert close to Janssens admitted that the e-mails could have been forged by the recipient or even a third party. Janssens’s lawyer, Takaaki Nagashima, said he could not comment on the accusation because the complaints were made by a former Mt. Gox employee, who, like all the other staff there, was a suspect in what might have been “an inside job.”
Karpelès denied ever making death threats against his employees. He claimed to be confident that forensic analysis of the e-mails would show they were forged. The e-mail system at Mt. Gox used Google, and all outgoing e-mails were signed through DomainKeys Identified Mail, a validation system designed to recognize fake e-mail messages. Ideally, researchers could study this facet of e-mail technology to see whether Karpelès did actually write these messages.
In a written statement of January 20, 2015, Karpelès’s lawyer in Tokyo asserted that the accusation had no basis in fact: “There are individuals circulating amateurish forged documents as if they were real evidence and we cannot overlook this.”
Japanese police sources said they were aware of the charge against Karpelès, but declined further comment at the time, saying the investigation was ongoing.
The question remains: Why would an ex-employee falsely make this claim?
Threats of another kind had been made against Karpelès himself.
On February 26, 2014, one day before Mt. Gox went completely blank, an attempt to extort money from him was made by “CARPENOCTEM,” warning him that “angry Silk Road [1.0] vendors were acting against Mt. Gox.” The e-mail message reads in part:
Date: Wed, 26 Feb 2014 12:04:45 +0000
You are writing/dealing with a criminal. And btw: I know you are not a criminal. You bailed out other sites in the past, and I am sorry you get bashed that much . . . Feel free to drop me a bitmessage:
CARPENOCTEM was right about one thing: Silk Road’s vendors, and even its operators were furious with Karpelès. And the situation for him was only going to get much worse.
CHAPTER SIX
THE OTHER UNUSUAL SUSPECTS
At the end of 2014, the Cybercrime Unit of the Tokyo Metropolitan Police Department leaked to the press that the collapse of Mt. Gox was due to an insider. The Yomiuri Shimbun ran it on the front page on January 1, 2015. But who was the insider? Was there an accomplice?
Data leaked and available after Mt. Gox’s shutdown was analyzed by a group of independent investigators from WizSec, led by Kim Nilsson, a Swedish software engineer, and Jason Maurice, both based in Tokyo. Their interim report released on February 14, 2015, gave the clearest account yet of what could have happened to Mt. Gox. The report asserted that the Mt. Gox hack was mainly an inside job.1
It also detailed the activities of a robot—that is, a program embedded in the Mt. Gox system—that had been buying hundreds of thousands of coins with fake money within the company. Robots or “bots” probably account for a significant amount of the missing bitcoins.
Days later, maybe in response to this report, a hacker or group of hackers anonymously leaked more data, including private information about Mt. Gox creditors, that should only have been in the possession of official investigators and the trustee who was liquidating Mt. Gox. At the same time, the alleged hacker(s) attempted to extort money from users, saying there was more information that could be released if they were paid. The message was immediately taken down, possibly by the moderators of the site where it appeared—Reddit, a popular Internet bulletin board.
Among the new information the report provided was an analysis of the time frame involving “Willy bot,” a program in the Mt. Gox system that seems to have started sometime in 2013 and was active for bouts of twenty-one hours a day—except between 2:00 and 5:00 a.m. Japan time (12:00 to 3:00 p.m., EST).
The purpose of Willy bot is still not completely known. Did it exist to cover up losses or steal bitcoins? And who put it there?
Maurice asserts that the activity was clearly intentional and illegal. The bitcoin trading data showed that automated software, with database access, was used to create new accounts at Mt. Gox with fake money, the balance being set at millions of dollars. The bot then spent that fake money on the exchange to buy up a few bitcoins every few minutes, usually over the course of a day or so. Spending $2 million to buy bitcoins off the market is something that had to have been done slowly, Maurice postulates.
There is no evidence that points to the hacker’s nationality. Maurice asserts that there is strong evidence that the trading bot was being run from either inside Japan or within the Mt. Gox network itself.
The times of the robot’s operations also point to an inside job. This suggests that there could have been more than one person behind the bot, working in shifts.
Kristian is a software engineer who was a PhD student at Tokyo University of Technology at the time he was trading bitcoins on Mt. Gox. He was the first to investigate Willy bot. He said the bot was known to traders quite early on and was dubbed “Willy” on the regular discussion forum BitcoinTalk after the killer whale in the movie Free Willy.
Kristian first noticed it in November 2013. The robot was steadily buying about ten to twenty bitcoins every five to ten minutes. When we interviewed him, he told us, “At the time, I didn’t think it [had been] placed there from [inside] Mt. Gox. There was nothing that indicated that there might be something shady going on, although it was suspicious that someone would buy that much. Because it was at least clear that it was the same entity constantly buying.”
Kristian’s curiosity was aroused. “I was trading [myself and] was really into it, and at some point it became really noticeable. I wasn’t the first person to notice it. There was something out there that was buying all the time at a predictable pace. I assumed that was why the price was going up.”
He started investigating the matter more closely two months after the Mt. Gox trading data was leaked on the Internet, in March 2014, and he published a blog post about Willy in May of that year. It became apparent to him that Willy was perhaps located somewhere in a Mt. Gox server, because even when the company’s API (application programming interface) was down and nobody could trade, the bot kept going.
&
nbsp; Based on Nilsson’s research, it seemed possible that the administrators of Mt. Gox, after losing large amounts of bitcoin, were running the bot themselves to make up the shortfall. “My guess at the time was that the bot was used to manipulate the market to bring up the price” and raise the value of “whatever Mt. Gox was holding.” But later research made him fairly certain that Mt. Gox had not accumulated a bitcoin stockpile.
Kristian analyzed what parts of the Mt. Gox trading system were involved with bots. This led him to link the Markus account—an account that, along with Willy, controlled the fail-safe, money-replenishing system set up by McCaleb to counter breaches of the exchange—with Karpelès’s private account. And he noticed that the Markus account stopped trading immediately before the Willy account started trading. Consequently, it seemed very likely that Willy was operated by the same person who was operating Markus. Since Markus was believed to be Karpelès’s administrator account, conceivably someone had appropriated it and put it to different use. Neither Kristian nor Nilsson could say with any certainty that it was actually Karpelès controlling it.
Karpelès himself says he was unaware of this activity.
The WizSec report shows that there may have been multiple hacks. One of the attacks could have lasted several years and manipulated the bitcoin market. Another was used simply to steal the coins.
“Until we get the full database, we can’t really be sure,” Maurice said. “There could have been multiple hackers in multiple countries. It could have all been [done] inside Japan and we don’t know. But there is a lot of evidence pointing to inside Japan.”
Meanwhile, the Japanese police were going their own way about it.
There have always been rivalries in the Tokyo Metropolitan Police Department, and at some point in 2014, the White Collar Crimes Department (捜査二課, Sosanika) took the lead on the Mt. Gox case away from the Cybercrime Unit. Perhaps the top brass felt the case was moving too slowly or that whatever had been learned so far wouldn’t satisfy public opinion. Sources say the White Collar Crimes Department decided to go after Karpelès on counts that could be easily proved, and his sloppy bookkeeping opened him to charges of embezzlement and improper use of electronic transfers.
In Japanese police lingo, they were going to apply bekken taiho (arrest on a separate charge). The methodology is sound: arrest a suspect on some minor charge and, while you have them in custody, interrogate them at leisure about the major crime you suspect them of committing.
This is why in Japanese homicide cases the suspect is often first arrested for improper disposal of a body, then, after weeks of interrogation, arrested again on the charge of murder.
In early June 2015, Japanese journalists, hearing rumors of an imminent arrest, started to gather openly in front of Karpelès’s residence, stalking the people going in and out of it. By the end of the month, a Japanese reporter from the Nikkei newspaper informed Karpelès’s lawyer that the police were planning to arrest him. However, for two months, nothing happened. At some point, Karpelès himself decided to call up the cops in the Cybercrime Unit, with whom he was in touch anyway. “I hear rumors that I’m going to be arrested soon,” he told them. “If this is the case, please let me know when, and I’ll drive over to the police station. I’d like to avoid a scandal in this quiet neighborhood.”
The detective he spoke to replied that no such thing was being considered, and that Karpelès should relax. “No one is going to arrest you, and if that was the case, I would be the first to be informed.” This was about twelve hours before the actual arrest. The police evidently wanted to be sure it was done in as public a fashion as possible.
Karpelès was pretty confident that the rumors were false—after all, they had been wrong before, and he’d had a meeting with the Japanese police, Interpol, and the FBI only a few weeks before. It was a Friday, and he was preparing some homemade lasagna for some friends. Around midnight, he went to bed, according to people he’d been chatting with online. Less than six hours later, on August 1, 2015, the cops knocked at his door, and the house was surrounded by about a hundred journalists and police officers.
Around six in the morning, Karpelès was paraded before the throng of reporters. He seemed calm. He was wearing a light-blue T-shirt that had “Effortless French” written across it and a hat, black on one side and white on the other.
The T-shirt had been a gift from a friend who sensed that things weren’t going to work out well. The friend had told Mark to ganbare—the all-purpose Japanese word that means everything from “good luck” to “work hard” to “tough it out.”
When he left the house, he kept his mouth shut. His curly dark hair was tied in a ponytail, a new look he had adopted that year. His hands, cuffed, were hidden under a white towel with the words “Don’t Panic” on it. This was from his favorite book, The Hitchhiker’s Guide to the Galaxy. His cats were left alone inside the house for about twenty-four hours before someone was allowed in to feed them.
The arrest charges were amazingly indirect. In a statement, the police said they believed that Karpelès had illegally manipulated transaction records on a system that Mt. Gox used to swap bitcoins for dollars and falsely transferred $1 million into “a certain account.”
The police did not clarify where the $1 million had come from or what Karpelès had intended to do with it.
The New York Times pointed out the bizarreness of the initial charges in their coverage, noting, “But the arrest, and the small amount of information divulged by Japanese law enforcement officials, shed little light on the larger mystery of the missing Bitcoins . . . In any case, the amount cited by the police represents only a tiny fraction of the value of the Bitcoins that went missing from Mt. Gox.”2
Everyone was surprised by the arrest.
And the charges.
Even Karpelès’s lawyer.
No one was prepared.
Because I (Jake Adelstein) knew Karpelès’s lawyer, Nobuyasu Ogata, from a previous story I had done relating to a different client of his, I ended up, for a short time, with the job of feeding Karpelès’s cats. This wasn’t easy for someone with a severe cat allergy. Nor did I enjoy wading through the army of Japanese reporters parked in front of Karpelès’s house who were surprised and horrified to see a fellow journalist entering and leaving the suspect’s home. In some effort at transparency, I tweeted pictures of myself with the cats.
The public may not have been fond of Karpelès, but his cats seem to have acquired a solid fan base. The two felines, Tibane and Julia, were eventually adopted by a friend and colleague of his, Julien Laglasse.
His lawyer requested bail, pointing out that Karpelès had cooperated with the police and provided them with evidence. The prosecutors asked for bail to be denied, claiming that Karpelès would destroy evidence or cut and run, or do both. As is often the case, the judge ruled in favor of the prosecution.
He remained in the holding cell. He was not allowed visitors. He was only allowed to read books that passed inspection. His time with his lawyer was limited.
On September 11, 2015, the prosecutors finally filed the first criminal charges against Mark Karpelès. The alleged crimes were embezzling over $2.7 million of his clients’ money and illegal manipulation of electronic data.3 The police had detained him, at that point, for more than forty days.
One Tokyo-based accountant said that if the prosecutors were charging him with embezzling this amount of money, the majority of other businesses in Japan could be charged for the same crime.
Ironically, the cell in which he was held was in a police station located in Akihabara, the electronics mecca where he had spent so many happy hours. While kept in detention, he lost thirty-five kilos (seventy-seven pounds).
In Japan, the police can keep arresting you on separate charges for periods of up to three weeks each. The longer you hold off from telling them what they want, the more charges they throw at you, and the longer you can be interrogated. During the interrogations, a lawyer is not a
llowed to be present.
Karpelès’s interrogation had some bizarre moments. According to those close to the investigation, the interrogators kept asking him over several days if he was actually Satoshi Nakamoto. Karpelès did not confess to this.
In the many charges against him, the prosecutors did not even address the missing 650,000 BTC (worth an estimated $460 million at the time they were lost). He may have been a sloppy manager, but that in itself is not a crime. In other words, nothing in the charges filed pertains to the missing bitcoins or sheds any light on how the company collapsed because of the loss.
At the end of October, the police arrested him again on embezzlement charges. The judge verbally reprimanded the prosecutors, telling them to stop dragging out the case.
Eventually, he was also accused of moving ¥20 million ($166,000) in client money to his own bank.
Karpelès’s legal team at the Ogata Law Office in Tokyo said that the accusation of embezzlement was unfounded, claiming that the money came from company income and his salary, to which he was entitled a total of ¥341 million ($2.8 million). The act he was accused of, they said, did not even meet the technical specifications for embezzlement.
While his defense team was preparing for the court case, the police were busy making their case solid in the court of public opinion. Based on police leaks, the Yomiuri Shimbun reported on October 28, 2015, that the defunct firm’s chief had spent an unspecified sum on prostitutes, as did other newspapers, citing the police, who said this involved “several women whom he met at venues that offer sexual services.”4
Karpelès, a Japanophile, may have been expected to behave like a good Japanese suspect and confess to the charges against him—even if he hadn’t committed any crime—so they could close the case. That’s what innocent people had done in another big cybercrime case. That case, ironically, had also involved a portly computer geek with a fondness for cats.