WEB ACCOUNTS belonging to Mt Gox CEO Mark Karpeles were defaced over the weekend with links to a spreadsheet that apparently revealed data about customers of the Bitcoin exchange.
A blog post with a telling URL that includes the words "hack", "database", "revealed" and "from mark karpeless," has since been removed, but this weekend it offered a link to the database leak and an accusation that the Mt Gox CEO was misleading customers.
A Reddit post with the same headline has also been removed, but users have preserved it and saved it online at websites including Pastebin.
The 716MB document was accompanied by a message. "It's time that [Mt Gox] got the Bitcoin [community's] wrath instead of Bitcoin Community getting Goxed. This release would have been sooner, but in spirit of responsible disclosure and making sure all of ducks were in a row, it took a few days longer than [we] would have liked to verify the data," it said.
"Included in this download you will find relevant database dumps, csv exports, specialized tools, and some highlighted summaries compiled from data. Keeping in line with fucking Gox alone, no user database dumps have been included. Repost and share this info before it's gone. Lots of people, including us, lost money and coins."
The document shows a total Bitcoin inventory count of 951,116, which is more than the number reported by Mt Gox and could suggest that not all Bitcoins have been lost.
Mt Gox has not commented on this, but it has already said it will do its talking in the courts, and released a warning about reports of spam messages being sent to users (PDF).
"Spam Warning letter. It has come to our attention that Spam/Phishing emails looking as if MtGox was the sender are being sent to our users. These emails have not been sent by us and should be phishing emails," it said.
"Please be aware that MtGox Co., Ltd does not request personal information by email. We highly recommend not to respond to these emails. Further updates concerning the procedure of filing of claims will be posted on the MtGox website."
"Please refrain from posting database leaks from MtGox. As they were obtained by illegitimate means, they violate the rediquette and will be removed," it said.
"Discussing the leaks is not against the rules, as long as the post itself doesn't break other rules. By all means, have a discussion, but please be respectful of the law, subreddit rules and the rediquette."
Commenters are torn between anger and outrage and the belief that the document is overstated. The top comment said that the data proves nothing. "This has to be the stupidest 'leak' I've seen in my life," read one response.
"OF COURSE their internal systems will show they have the coins, but these are not real coins, these are just numbers in their [database]." µ