Real time self-government in the cryptocurrency frontier: The Bter job
By Daniel M. Ryan
web posted August 18, 2014
Author's note - September 3, 2014: As later events have revealed, the recounting below is not accurate. According to an interview in the Coin Telegraph from one of the Nxt insiders, the recovered Nxt was elicited from the robber by a secret back-stage negotiation process with the thief himself. It did not show up in any public record at the time. According to that interview, what swayed the robber was a substantial ransom that was much larger than the available records indicated. Also, I showed real prudence in embedding a PSA about the presumption of innocence: the named party that the Nxter posse suspected is in fact innocent. Word to any aspiring citizen-journalist: despite the unprecedented transparency of today's Internet, the real story is still sometimes found in the proverbial back-rooms. It's also very wise, in the cases of crimes, to make sure that any tentative naming of any names is explicitly labeled as such and to remind your readers about the presumption of innocence. If you don't, you can inadvertently impugn the reputation of an innocent man or woman. Feel free to learn from my mistakes by fortifying any report with interviews from the parties involved, and by using both public records and interviews plus your judgment and good sense to get an accurate picture of an event like "The Bter Job" - Daniel M. Ryan
Back in the frontier days of the Old West, when outback banks were small and didn't have that much in the safe, the most spectacular heists were train robberies. Not only because they were the most logistically complex and tricky, which still makes them standard fare in Westerns, but also because they yielded the most spectacular hauls if the right train were selected. Since the banking system was primitive back then, the only way to send payrolls was by train, in cash or gold, protected by storage in a secure safe surrounded by armed guards in the train car where the safe was placed. No wonder that a "train job" was the most logistically challenging as well as the most lucrative.
The cryptocurrency answer to a train job is an exchange robbery. You've probably heard of the long-running Mt. Gox robbery which finally felled the exchange into the Japanese bankruptcy court . If you read the first part of this series, you may recall that this long-drawn-out robbery wasn't the first to afflict Gox. The second part showed that there have been other exchange jobs in the altcoin world. But none of them had ever rocked the entire community of a major cryptocurrency; the closest precedent was the hacking of the now-defunct Dogehouse online wallet on December 25th, 2013. As explained in part three, this robbery kickstarted the now-legendary charity drives in the Dogecoin world. Without knowing it, the shibes' mutual-help charity drive showed the kinder side of cryptocurrency-frontier self-government.
As noted above, none of those exchange jobs had been bad enough to throw an entire community of a top-tier alternative cryptocurrency into turmoil – until the wee hours of Friday morning. Nxt first-adopter Come-From-Beyond revealed to the community in the Nxt forum that a hacker had stolen 51 million Nxt from top-tier altcoin exchange Bter. Somewhere between Thursday night and Friday morning in the time zones of this continent, a nefarious hacker had pulled off the Bter Job.
As a quickly-appearing news report details, there wasn't much that was spectacular in the logistics. Bter was in the process of updating its server hosting accounts to add two-factor authentication, but had not yet converted the server that held the brainwallet password and transfer app for its Nxt holdings. This vulnerability vector, the thief used to make off with approximately $1.7 million worth of Nxt and tuck it via the blockchain ledger into his own account NXT-8WJ7-8A2H-MBYN-3W9K4. You can see what the thief's done or not done with his haul thanks to Nxt's Block Explorer.
Hostage Negotiations…
As mentioned above, the Nxt world found out in a Nxt forum thread with an anodyne title. Normally, thieves vanish into the outer space of Internet anonymity never to be found. But this time, as the rapidly-growing thread was to reveal, would be different. You'll find out how different below.
Along with the initial expressions of support, and the inevitable hand-wringing about bad publicity dogging Nxt itself, the early posts in the thread indicated that this here exchange job was going to undergo a touch of the surreal. Nxter abuelau revealed to the rest of the community that the robber, instead of vanishing into the cyber-universe, had registered a Nxt alias. As part of its suite of second-generation cryptocurrency features, Nxt allows a Nxter to register a URL or nickname for a 1 Nxt fee; the new alias is permanently recorded as his or hers on the blockchain ledger. Another feature is the ability to send an "arbitrary message" through the same blockchain.
The alias the thief now owned was "thesir." Nine minutes after abelu's announcement, a Bter representative posted Bter's explanation of how it happened and obligingly said that the robbery was all Bter's fault. He implied the reassuring message that Nxt itself was not to blame. Bter's recounting, although true, was not the whole truth. In a moment that came early in the point where this adventure got surreal, the hacker himself disclosed the rest of the story:
Lin [presumably Bter's owner] used same password for 90% of his services including his linode account.
I'll be willing to give everything back if there is reward in btc from the profits Lin is making..
Complete lack of security.. same password for everything.
But before that zone was hit, several Nxters loyally took the hint in Bter's statement and posted that the theft was in no way Nxt's fault. In the midst of the discussion, abelu – continuing his chore as blockchain detective – revealed that the thief had sent an arbitrary message: "We can trade these NXT for some bitcoins to make life easier for you, and me." The destination account for the message was the same account that the thief had emptied.
…On The Nxt Blockchain
That message the thief sent to the emptied-safe account kicked off a hostage negotiation through an unprecedented channel: the arbitrary-message channel in the Nxt blockchain itself. Since these messages were unencrypted, a permanent record of the process is available for anyone to see.
Bter responded with this counter-offer: "return all the NXT back to NXT-R3V3-2S79-F3ZM-BVXKZ, otherwise we are going to take all our power and a huge bounty to hunt you down . be smart" But they didn't tough-talk the robber before sending him an email for private negotiations. A couple of other Nxters, availing themselves of the arbitrary-message explorer, sent a combination of threats and entreatments.
All of which unimpressed the thief. His reply was a curt, "Okay, so I'll send everything back right now, if I get compensated." Followed by another message containing his BTC address, and a third calling it his "btc purse."
Bter tied its offer of 10 BTC to a threat, but the thief was unimpressed: "lol. than i leak your all md5 passwords. 10btc you kidding me ?" "good luck ;)"
Again, Bter tried to talk tough, saying that those passwords had already been changed, but the thief wasn't getting sucked in. "100 btc, than we're talking….."
The threats continued, from Bter and several other Nxters, but Bter did bend. Their next offer, still laced with a threat, was 50 BTC. The robber, gauging that he held the high hand, was unmoved. "No. 100 BTC. Send me 10 BTC, I send you some NXT until we finish our deal. I don't mind waiting for rollback. I'm just sorry that whole NXT community will have to suffer because your lack of competence." The last part of the message referred to the main threat and the subject of discussion on the Nxt thread devoted to the hack. You'll find out what it means a little more than halfway through this piece.
How the thief kept his cool is evident on that discussion thread, which he was evidently watching. While he was standing pat, the thread showed a remarkable lack of consensus after the first few pages. Some relied on the old hard-bitten rule of the crypto Wild West: if you get hacked, it's your fault because your security was lax. Other comments made it clear that they saw Nxt would suffering from a "rollback," or that they were of the opinion that Bter should stop horsing around and agree to the thief's demand. Only the first couple of pages showed open support for the rollback option.
So it's really no surprise that Bter caved. "considering all our users and the NXT community, we will cover all the users' loss and we will take your 100 BTC offer. 1+9 BTC has already sent to you. Now send NXT back to NXT-R3V3-2S79-F3ZM-BVXKZ ( 11513376607016028001)" Bter capitulating got two Nxters applauding Bter's owner in the forum thread. The second cheerer, cobaltskky, played a later role that was reminiscent of another part of the Old West - although in jest. At the time, she was far from the last congratulator of Bter for folding its hand.
Bter started it off by sending the thief 10 BTC, and the latter obligingly returned 5 million of the Nxt he stole. But not before he unilaterally upped the terms and said he'd keep 5 million of his haul as an, er, finder's fee. Over and above the 100 BTC, of course.
In the Nxt fourm thread, someone euphemistically referred to this, uh, fee as a "bounty." No-one there was of a mind to call it what it was: a ransom payment. For that term, you'd have to go to the Bitcointalk thread devoted to the issue.
By this time, the robber was really feeling his oats. Through the blockchain, he sent this message: "This is taking too long. I dont have all night." His peremptoriness, Bitcointalk user ChetnotAtkins found hilarious: "... only in bitcoin land…Geez, this guy has other exchanges to rob. Don't waste his precious time."
But that was only the first of three. The hurry-up message was quickly followed by two more: "So, what taking so long? Send me the next batch already. I'm going to leave soon. It's already 2 hours of negotiation, it took me 1 hour to clean your whole exchanger. BTC 500+ I'm not going to sit here, and wait 2 more hours for you to decide to send the lousy 10 BTC."
And: "Deal is off. Good night."
Surprise Guest On The Nxt Forum
But before he went to beddy-bye, he did find time to sign up to the Nxt forum and confirm in his own way that he had indeed been lurking on the thread.
If you think this drama has been edging into the Wild Wild West à là Mel Brooks, the second and third replies to the thief's first post will certainly confirm your impression:
"OMG ITS YOU!!...THANKS FOR AGREEING TO THE NEGOTIATION!"
"The Dark Knight is here!"
Only in bitcoin land…
And the thief himself, borrowing from his registered alias for his username thesircom, was comfortable enough to let all the Nxters on the thread know of his impatience before letting Bter know via the blockchain:
Okay, Guys - Let me apologise - but the deal is off.
I'm not going to stay here for hours waiting for him to send the bitcoins. I been almost hour since the first batch of NXT was sent to him, I'm not going to stay hours waiting for his send batch of his bitcoins.
I got things to do, than sit around and wait.
Lets see if the one exchanges lack of impenitence [sic] will ruin whole NXT community.
Good luck, all!
At that stage, the plan was for Bter to send the Bitcoin ransom in 10 BTC increments, and for the robber to cross-send his heist haul in increments of 5 million Nxt. At the time he decided he was too tired to wait, only one of the ten crypto exchanges had been completed.
After he posted the above, entreaties poured forth but three Nxters had finally had it. And Bter panicked, sending 20 more Bitcoins to the hacker's account. This was quickly followed by another 70 BTC payment. But our thief had indeed decided it was time for beddy-bye.
By this time, the community of Nxt network securers and blockchain validators – known in the Nxt word as "forgers" - had decided against the above-mentioned rollback. Later, Nxt's chief developer Jean-Luc Picard offered the option of a "hard fork," which would have required a majority of the entire Nxt community to get behind it, but the community did not rally around this second offering. What these terms mean, imply and why they were collectively turned down will be explained below. Both of them are the nuclear option in cryptocurrency land
Tough Talk, Hidden Agendas And Other Surrealities
But the drama wasn't over. While the thief was off in never-never land, several arbitrary messages were sent to his account via the Nxt blockchain:
The next few were pleas from Bter to the thief to hold up his end of the deal. But the next ones show that the hardness of the frontier comes with a wee bit of, ah, "pragmatism." In a surreal flicker of a bidding war, two Nxters actually offered to buy some of the stolen Nxt at a higher implied price than Bter's ransom payment.
But the next message to the hacker was an unambiguous threat:
Let me present myself. I am a professional investor. I own several million NXT, one of them being on this account. I also own thousands of bitcoins, plus large sums in dollars, stocks, and physical gold. I am announcing here that if for some reason you guys (BTER, the small fish trying to buy the NXT from you, and yourself) screw the deal, then I will have to step up personnally. This can hurt NXT a lot, a make me lose over $1M of NXT investments, but I can assure you that if this happens, I will personnally make sure you end up in jail. And will spend whatever money you end up costing me to track you down for this specific purpose. So, to all: Stop panicking. Let's do thing clear and cut. Do your part of the deal, negociate with BTER. End of story. Thanks for reading. And think.
Followed by another less-than-friendly Nxter who has decided that the thief wasn't really after the 1.7 million dollar haul after all. Interestingly, he was the first in the Nxt world to use the proper term for the ‘bounty'. But he also concluded that the robber had a hidden agenda:
Your plan is not to hold NXT or BTER to Ransom. Your total plan is to force the rollback as you do not lose as you got BTC now. And you know by doing the Rollback NXT will drop so to you it makes no difference. Your not just a simple hacker are you? You target NXT only when you could get any of the other coins at the same time in bter there is most probably more BTC than NXT? I think this is nie master plan to take NXT out of the picture for good in big swoop. I would like the Hacker and BTER to add me on Skype: Something really does not match up in all this. But i see a very easy solution to screw the hacker into the ground and making him 46 million NXT useless. I have suggestion for BTER if they so wish to hear it on solving this matter SKYPE le-grande1
Oh yes, there's one in every cryptocurrency frontier village – more than one, in fact.
A later message, though, conformed more to the overall community sentiment. "I am looking to negotiate the return of the stolen 45 million Nxt [actually, there were 46 million still in the hacker's account] for a bounty of BTC. We need to discuss the terms of this negotiation. You can read about my initiative to do this on the nxt forum here: https://nxtforum.org/news-and-announcements/im-providing-a-bounty-to-bter-thief-to-return-45m-nxt-this-is-the-discussion/ here: Please reply back to me."
Followed by another one from the same treater that attempted to fill the communication vacuum created by the thief's silence: "Cany ou please state what your objective is? To bribe for a ransom? Totake bter down? To damage the Nxt network? What is your motive and what do you want? I am serious about this bounty. These are people lives that are being ruined by losing their investments. Please consider the offer and open communication so we can make the Nxt users whole and you can walk away with liquid bitcoins that you can actually spend."
Pressing The Advantage
Naturally, when he finally deigned to break his silence on the Nxt board, the thief took that last entreaty in a way that's all-too-normal for a criminal. That new thread upped the ransom by an additional 200 bitcoins, as the first of three options. The second was for a bounty – this time a real bounty – of 310 Bitcoins "(including the 110 BTC [actually 112 BTC] we sent to the hacker already) from Bter for hunting him" The third option was to resort to a hard fork, about which more in the next section. The thief left this brusque reply in the thread:
1. too low.
2. not possible.
3. kills nxt.
When someone asked him for a counter-offer, he elaborated:
At least double it.
Whole 55mil NXT might not be worth 1.8mil right now, or next 6 months... but even me holding it - I don't see why it couldn't be back to 1.8mil in a year. I believe in NXT! :)
I don't need to get ride [sic] of them out any time soon, they can sit there..
If forks happens, then it happens. I eat my losses.
Either case - 200 BTC does't satisfy me.
He also deigned, in the same post, to say that he was currently residing in Hamilton, Canada. Over at the Bitcointalk discussion thread devoted to the issue, more than one person was wondering aloud why the Nxt community and Bter's part of the "negotiation" process had been so lousy.
The Female Touch That Turned The Tide
But then along came that offer from the above-mentioned cobaltskky through yet another arbitrary message in the drama-laced blockchain: "Dear Mr. TheSir, Greetings! I have many womanly charms. If you send me the 45mil NXT [actually 46], I will let you put your small penis in my butt. Thank you for your consideration. Sincerely, CobaltSkky"
And right after sending it, she copied it in a good-time thread on the Nxt forum under the title: "NEW THEMATIC: CobaltSkky Offers the Hacker an Indecent Proposal!" This called forth several memes, most of which featured pictures of Christina Hendricks in her Mad Men role. CobaltSkky also made it explicitly clear on Twitter that her offer was satirical.
But our robber didn't get the message; nor did Nxter johnna: "Not a smart move, not at all." johnna was quickly informed that it was a satire, but then the thief came along and asked for "pix plz." Both in the forum and on the blockchain.
And then – Lordy O'Mercy – he started sending the Nxt he stole back to Bter! thesircom soon sent all of it back…except for 8 million that he awarded himself as a ‘hacker's fee'...or held in reserve for another reason. He finally broke his silence on the blockchain with a reply to that same colbaltskky: "NXT being return. How about that deal?"
Yes, it seems that his swagger had melted by the offer of a woman that reached a certain organ of his that was not his brain. Once the news hit the main discussion thread, zuqka had this to say: "Nicely played Madam. We salute you"
A Real Hidden Agenda, Of The Right Sort
But colbaltskky was far from being a frontier-town madam patriotically volunteering to offer free run of the cathouse to the train robbers in exchange for them handing back the payroll they stole. As quickly became evident in a new thread she started, she was a lot more like an undercover female vice cop. For a time.
Over on the blockchain, she mockingly parodied the thief himself with three quick messages:
"Dumbass. You didn't send it to my account. Send me 5 mill NXT, and I'll let you lick my brown starfish."
"This is taking too long. I spent an hour catching up on the forums, and ten minutes waiting for your reply."
"Deal is off. Good night."
And over in the Nxt forum she revealed that she had spontaneously formed a detective partnership with Nxter bastion, who had done a lot of dox digging in the background. She revealed an identity that she was "99% confident" in. Two hours after her previous arbitrary message to the robber, she sent another one. Now, she sounded almost exactly like an undercover cop: "Check your PM's on the forum, asshole. You have two hours."
Yes, her doxing gun was locked and loaded – but it was Bter that fired the first warning shot three and a half minutes later:
"Hello Mr. Bartosz Burglin, If you value a minimum your integrity, I recomend you to send to this account the rest of the NXTs you stole. We have all your personal data (including your residence) and have little patience. Make the right decision soon and take care. Yours sincerely, your nightmare.
Yes, it seems in the Fireflyesque world of the cryptocurrency frontier, the bad guys can no longer rocket off into outer space with alacrity while the victims are confined to horse and buggy. At least in the Nxt world, the good guys have gotten their hands on some spaceships of their own.
The name of Mr. Bartosz Burglin had matched up to a registered domain named, you guessed it, thesir.com. He did use Whois privacy guard, but that was circumvented easily with the aid of a $49 report fee to Whois. The full report of our intrepid Nxter-posse citizen-detective bastion was as follows:
Personally I think that he is an amateur who got lucky...
check this: hxxp://whois.domaintools.com/thesir.com
the domain has privacy which is very uncommon for an address like that.
but the person could be revealed by purchasing the full report for $49.
(it shows 7 years of historical Whois records)
and this: hxxp://whois.domaintools.com/thesir.org
this one belongs to a polish guy... coincidence?
the name is: "Bartosz Burglin" (sir bartosz)
twitter @Bartoshx --> Bartosz hxxps://twitter.com/Bartoshx/following
is following 16 groups. one of the is "Hacker News"...
he has only one friend in Google+
hxxps://plus.google.com/107560406174908036549/posts
named "Maciej Burda" which he is by his own words:
"specializes in criminal cases. He has experience in the process of stimulating interest in the media and the public"
hxxp://www.bielanski.com.pl/maciej_burda,4,1.html
what do you say about that?
Second Thoughts…Leading To A Presumption Of Innocence
This announcement brought a cheer, some skepticism, and the posse a'growin'. QBTC pitched in by screenshooting the Whois history from DomainTools and uploading it to her Dropbox "for you sleuths."
But shortly after, the skeptical heads prevailed. DomP, one of the forum administrators, quickly posted: "Do you really believe a professional hacker is creating a domain just so you can trace it back to him ? I mean... REALLY?"
After reading that, and a formal request from nexern to wipe the doxing info from the forum because of the risk that the hacker was a pro who had used Bartosz Burglin as an Internaut-shield fall guy, cobaltskky herself got off her posse cruiser and concurred. VanBreuk, the Administrator of the forum, made it official:
All info should be removed now, if anyone still spots a nested quote with this supposed personal information please report it and we'll edit it out.
Please note that all further information about any supposed personal ID of the hacker posted here in the forums will be removed, specially when there is no solid basis. False accusation could bring serious collateral damage.
And scrubbed it was, forthwith – even a posse thread that had been started by cobaltskky was deleted. Evidently, the Good Guys needed to rack up some more flying hours in their spaceships. Now, Mr Bartosz Burglin was presumed to be an innocent human shield for a truly professional hacker, the kind that typically vanishes into the outer space of Internet anonymity with his loot securely in the cargo hold. There were lots of doubts and flip-to-back third-guessing. But prudently, the investigation continued through private messages. In public, Bartosz Burglin still enjoys the presumption of innocence.
And that, really, is a good thing – a durned good thing for the surmise-clogged altcoin hothouse. Bartosz Burglin enjoys that presumption because, in law and in common decency, Bartosz Burglin is entitled to the presumption of innocence.
The Nuclear Options: Rolling Back The Blockchain and Hard Forking
The news of the ~$1.7 million robbery was announced to Nxters in a thread that, as noted above, had an anodyne title: "Forgers have been faced with a choice..." But the choice the forgers faced, to those in the know, was more explosive than the robbery itself.
The choice presented was whether or not to roll back the blockchain ledger to just before its recording of the theft. Doing so would have sent the money back to Bter and reversed the theft.
If you thought that this procedure was as straightforward as backdating a correction to a mistaken entry in a financial database, it isn't. The blockchain ledger contains the entire history of the cryptocurrency's transactions. A rollback would have voided the theft, true, but it also would have voided every transaction in the one-minute block containing the heist and all subsequent ones. In fact, a better analogy would be this: Congress, after a robbery of new $100 Federal Reserve notes on the scale of a thriller movie, passed a hasty law declaring the entire series of $100 notes to be no longer legal tender – and instructs the President to order the Federal Reserve to tell the banks to undertake a one-for-one exchange of the now-worthless notes for Benjamins that were still legal tender. Provided that the citizen-exchanger supplies photo ID and a utility bill as per AML requirements to purchase cryptocurrency with greenbacks.
The first clutch of posters, undoubtedly under the sway of helping Bter out, said that a rollback was a good idea that they would support. But it wasn't long before more skeptical heads prevailed. The main reasons, which swayed the community of forgers to a consensus-level decision not to do the rollback, were as follows:
- Rolling back the blockchain is a centralized solution. This argument is not literally true. The development team of Nxt couldn't make a rollback happen even if they threatened to quit. It requires enough forgers controlling 51% of the Nxt devoted to forging to coalesce around a new blockchain that contains the rollback. But as allegory, it was a powerful swayer.
- Rolling back the blockchain may lead to a future tyranny of a majority of Nxt. Although a logician would object that this reason contains the slippery-slope fallacy, as does the related next one, it does show a shrewd if cynical appraisal of the weaker side of human nature.
- Rolling back the blockchain will encourage more irresponsibility security-wise because the irresponsible will expect to be let off the hook themselves. This argument was usually put forth via satire, like "I broke a nail! Can you do a roll back?" Although it too seems to resort to the slippery-slope fallacy, the next also-related reason is on much more explicitly solid ground.
- Rolling back the blockchain will set a bad precedent. The laws of logic do deem the slippery-slope argument fallacious, but the laws of the law include the weighty rule of stare decisis – the rule of precedent. By rolling back the blockchain to save Bter, a cultural precedent would be set that would haunt Nxt forever – and would almost certainly be encased in any future cryptocurrency regulations.
- Rolling back the blockchain would be terrible publicity for Nxt. This argument countered the not-quite voiced opinion that it would be good publicity for Nxt, by showing Nxters bringing a little law and order to the altcoin jungle. The nub of this argument was that the publicity would say or suggest that Nxters can reverse any transaction, even a valid one, if they feel strongly enough to do so.
- Rolling back the blockchain would transgress the entire spirit of the cryptocurrency revolution. This one was controversial, especially as expressed in its strongest form, but it carried its weight in conjunction with the more practical arguments against.
- Rolling back the blockchain would gut the value of Nxt. Speaking of precedent, the Nxters who took this tack had a rather ominous one. In response to a hack theft at the altcoin exchange Mintpal, the developers of Vericoin did alter the blockchain – and caused Vericoin's value to be decimated.
Because of these seven arguments, and others, the noes carried the issue. Even though the chief dev responded with a new client wallet that would only void the theft, the consensus of forgers decided against it. Since the Nxt blockchain uses "checkpoints" that render the blockchain unchangeable except for the most recent 720 blocks, theoretically compising a minute's worth of transactions each but often comprising ninety seconds' worth, the noes won their case permanently.
Sometime later, the hard-working chief dev offered another alternative: a "hard fork." This term refers to an upgrade of the client wallet that would break backward compatibility with the earlier versions; it renders the earlier editions inoperable on the coin's network. Normally a hard fork is used to fix major bugs, but it can be used to alter the blockchain ledger. Because a hard fork gets around the checkpoint barrier, it can void or reverse any transaction no matter how old. The new hard-coded code in this special kind of upgrade can accomplish that aim.
For this option to prevail, though, more than a 51%-control majority of forgers would have to get behind it. Accepting the hard fork would require a majority of users, a much larger community, to download and use the new wallet. Even though the chief dev's final offer was a hard-fork wallet that would merely lockdown the Nxt in the hacker's wallet, the above seven-plus reasons were powerful enough for the noes to prevail overwhelmingly. The ledger would remain intact, and there would be no hard fork. The Nxt community had the final say; its members' final decision was close to overwhelming.
From the three-stage compromise approach outlined above, you may have gotten the idea that the chief dev wanted to chivvy the community in the opposite direction. You would be right. The Bter representative at the Nxt forum all-but begged him, and the community as a whole, to void the theft.
As penciled out just below, the Bter rep had very good reason to all-but plead for a voiding.
But early Saturday evening, as noted above, the story had taken a surprising twist that led to a much happier ending than Bter could have otherwise hoped for.
The Fetching Jest That Saved A Top-Tier Altcoin Exchange
Had the hacker vanished into the Internet answer to outer space, his 56 million Nxt haul – even accounting for the inevitable panic dump that drove the price of Nxt down more than 30% - would have been well north of $1 million street value. Once the inevitable panic selling inevitably reversed, his haul would have been north of $1.5 million. Had he double-crossed for good after receiving that 112 BTC from Bter, his haul would have been even more. Granted that his realizable haul would have been considerably less; he probably would have had to fence the 46 million normally illiquid Nxt at a deep discount to its exchange value. But his gain is not what I'd like to call attention to.
The flipside of the above, had those two scenarios been realized, is Bter would have had to have taken a loss of a lot more than $1.5 million. The 112 BTC plus the obligation to buy 56 million Nxt on the open market at more-or-less the price prevailing at the time of this writing – 0.065 milliBitcoins each – adds up to about 3,750 Bitcoins in losses. At the price prevailing at the time of this writing, assuming it bumps back up a bit, each of those Bitcoins would cost about $500 – for an estimated hole in Bters's books of approximately $1.87 million US. By standard accounting rules, that loss would have to be taken as an extraordinary loss in this quarter. And, it would have taken a great big whack out of Bter's capital.
Most probably, an overwhelming whack. A whack big enough to render the exchange unmistakeably insolvent.
According to this post,which itself links to a discussion thread in Mandarin, Bter's authorized capital is 2 million renminbi yuan or about US$325,000 at the controlled rate. Almost certainly, the worst-case loss would have overwhelmed Bter's entire shareholder's equity. They would have either had to declare bankruptcy and shut their doors, or run on what the cryptocurrency community refers to as a "fractional-reserve basis."
In fact, had Bter tried to earn its way out, it would have been in the same hole that most United States savings-and-loans were in as of the opening of the 1980s. The bulk of their assets at the time were long-term loans with either long terms or with rates fixed for the whole of the loans. Most of their liabilities were floating-rate short term deposits. Thanks to the 1970s inflation which crested at double-digit levels, and the consequent rise in interest rates that was amplified by Paul Volcker's inflation-fighting squeeze on the money supply, the S&Ls were being squeezed as if by a python. The then-extant Regulation Q forbade paying interest on demand deposits and imposed rate caps on certain time deposits. Designed as a statutory restraint to keep the banking industry solvent, it had turned into a straitjacket which increasingly acted like a python as rates shot up.
Despite what the Grand Liberal Narrative would like you to believe, the first steps to deregulating the banking industry were effected to close an increasingly large laceration in the liability side of the S&Ls' books. By the close of 1980, the Fed allowed a quick-fix runaround that permitted banks and S&Ls to get around the demand-deposit limitation that had proved to be an arterial wound as rates headed up to the 1981 peak.
But staunching that wound did nothing to heal an industry whose condition in 1981 was critical. At the time, all financial institutions were allowed to pretend in their books that their assets – their loans – were unmarketable. Had they been obliged to use mark-to-market accounting in that year, a majority of the savings-and-loan industry would have been insolvent in calendar year 1981.
The tales you've read about the 1980s partial deregulation of financial institution are, flatly, not true. David Stockman, who was in the thick of it at the time as President Reagan's Director of the Office of Management and Budget, had revealed the backstory in the Reagan Administration with admirable candour in The Great Deformation. ‘Laissez-faire ideology' had zero to do with the Garn–St. Germain Depository Institutions Act of 1982 except as an appealing cover story. It had everything to do with the fact that its only alternative would have been a 1982 or 1983 bailout of the S&L industry.
Yep: it was as ‘ideological' as TARP. The rationale at the time was that it was better to give the S&Ls a chance to earn their way out of the hole that had been dug for them than to go back on the theme of Reagan's 1980 campaign by arranging a $20 billion bailout. Adding to the tilt towards the Garvis-St. Germain option was the fact that the Reaganauts had been vocally opposed to the Chrysler bailout of 1979 - a loan guarantee of "only" $1.5 billion. Going the bailout route in 1982 to the tune of $20 billion would have assured that the Reagan Administration – and President Reagan himself – would have been widely flayed as Republican hypocrites.
So, to borrow the title of Mr. Stockman's 1985 book, the 1982 partial deregulation was really a triumph of politics. The highly political politicians had decided to gamble by letting the S&L industry earn their way out of their de facto insolvency. Later 1980s deregulation of the industry had precisely the same aim, with "freeing up markets" again being used as a cover story. Anything to avoid impairing confidence in America's deposit-and-loan institutions…
Of course, it turned out to be a bad gamble in restrospect: the eventual bailout of the S&L industry after the ~1990 crisis was costed out at approximately $130 billion. But in 1982, the optimistic – and backed into a corner – Reaganauts had decided it was a gamble worth taking.
Had the worst prevailed, Bter would have been in the same position – without any kind of government backing or help, and facing a customer base that were no fans of running on a "fractional reserve basis." Bter would have had to either go into liquidation or flounder towards bankruptcy like Mt. Gox.
Had the playful cobaltskky not sent a jestful come-on that the robber took seriously, seriously enough to reduce the impairment to Bter's capital to a more manageable ~$320,000, Bter would have certainly imploded. By fake-flirting, and later showing quick wits worthy of a police detective, cobaltskky saved the Nxt world from being dogged by its own Mt. Gox.
And thusly, she achieved a real milestone in the annals of real-time self-government in the cryptocurency frontier.
P.S: According to this post from blackyblack1, Bter actually paid 300 Bitcoins, not 112, for a total hit of ~$500,000 to Bter's capital base. So Bter's capital base may be fatally imperilled after all, depending on its retained earnings and the truth of blackyblack1's claim. He supplied no block explorer link to prove what he said.
colbaltskky herself preferred to accept a different reason, and seemingly preferred that 300-BTC-sent claim of blackyblack1 as the real reason for why the hacker disgorged. If this take is true, then my more Hollywood-Endingish close may not be the truth – but the fact does remain that he mentioned the deal in the same blockchain message that said he was returning most of the Nxt. So my more romantic interpretation is still plausible.
P.P.S.: As of Sunday evening, colbaltskky was up to her old tricks. She sent a message of apology to the hacker via the blockchain. But in the Nxt forum itself – well, let's just say that she was becoming a little accustomed to her role as citizen detective. As self-government in the cryptocurrency frontier continues to evolve, the rest of us will become accustomed to seeing her as a pathbreaker. 
Daniel M. Ryan is a long-time contributor to Enter Stage Right and has returned to the fold. © 2014 Daniel M. Ryan.