Ashley Barr who was commonly known under his alias as “Adam Turner”, spoke out against his former employer, MtGox CEO Mark Karpeles, for the first time since the MtGox Bitcoin exchange collapsed, in an AMA on Reddit. This comes on the same day as Mark Karpeles was arrested by the Tokyo Metropolitan Police under allegations of manipulating transaction records of an account on MtGox. The police can now hold him for up to 23 days without formal charge. Mark won’t be drinking many more frappés if charges are brought forward, as Japan has a 90% conviction rate.
Ashley was employed at MtGox between January 2011 and May 2012. In January 2012, Mark asked Ashley, ” …to become Mt.Gox’s CEO, a process which led to my dismissal”. A summary of his experience of working at MtGox was described as, “A lot of ridiculousness, and a lot of nothing…and not a whole lot was accomplished during my time there”.
Ashley has given the Bitcoin community real insight into how bad MtGox was being run. Here are some of the main points of interest:
- Only 1 bank account.
- Only Mark had access to private keys.
- Not so ‘Cold’ wallet had VNC access.
- No financial records.
- Expenses were greater than profit.
- Deposits going missing.
- Only Mark could make changes to the backend.
- Developers had no access to backend.
- Mark ignored warnings of an SQL injection vulnerability.
Looking at these in more detail, Mark only used 1 bank account. All customer funds/deposits were in this bank account, which was also the personal bank account of Mark Karpeles, and this was also the account the company used for expenses. Such as a high rise apartment, NAO Bot, Maker Bot, Honda Civic as reported by Reuters. You don’t need to be an accountant to see where things might go wrong.
Only Mark had access to the private keys of the Bitcoin wallets, what if something had happened to Mark? How would anyone have been able to access the Bitcoins? Mark claimed he had left some clues with one of his best friends. When Ashley asked that friend, the friend was bemused.
During the 2011 ‘Proof of Reserves’ audit, which was carried out subsequently to the 2011 hack, Ashley was watching Mark, as he used VNC to go into a remote linux desktop to make the transfer from the wallet A to wallet B. That really doesn’t sound like ‘cold’ storage to us.
When Ashley was asked to become CEO of MtGox, he was denied access to any financial records. Either there weren’t any, or Mark had something to hide.
Given that no financial records were available, Ashley and a few other colleagues took it upon themselves to try to work out what the average profit would be and estimate what the expenses were. They found that expenses greatly outweighed profit.
Ashley states, “Everything was walled-gardened by Mark. I recall the dev’s (and Mark) playing Oblivion, super meat boy and other games while shit was hitting the fan. I don’t blame the dev’s, they had no access, not even a pre-production server to help Mark with the exchange. In the truest sense of the work, Mark was a maverick, making live updates to the exchange (some went well, others didn’t).” It seems Mark had no pre-production server to test changes to the exchange before putting them live, and the devs couldn’t help with development as they had no access to the server.
Mark was warned of a possible SQL injection vulnerability, three days later MtGox suffered one of its first reported hacks. Mark chose to ignore these warnings, as he deemed them unworthy.
Between Ashley’s departure from MtGox in May 2012, and the subsequent collapse in January 2014, who knows what other shenanigans went on at MtGox. This could just be the icing on the cake.