The code which has been leaked on Pastebin and can be read here. The hackers have released the data on another mirror site which can be read here. The code has been thought to have been co-authored by the Mt.Gox CEO, Mark Karpeles. Programmers and coders online have been quick to analyse the code and make their own submissions about the mistakes in the code. One of the coders, Nilzor from Haker News came up with a interesting reply
Wow. This code is pretty bad. I mean, it’s bad for a college project. It’s horrible for a company dealing with large sums of money.
Some random red flags:
– There’s a class with the name of the application. (Issues: Scope, SRP)
– There’s a class with 1708 lines of code. (Scope)
– There’s a switch-case statement that runs over 150 LOC (readability, maintainability)
– There’s a string parsing function in the same class as transaction processing (Separation of concerns)
– There are segments of code commented out (are they not using source control?)
– There’s inlined SQL (maintainability, security)
– There’s JSON being generated manually & inline (SoC, DRY)
– There’s XML being generated manually & inline (SoC, DRY)
– To sum up function _Route_getStats($path): XML production, JSON production, file writing, business logic, SQL commands, HTTP header fiddling, hard coded paging limits, multiple exit points…The amount of refactoring needed here to bring this code up to acceptable quality is simply staggering.
You can read the entire conversation here.
From the IRC chat of Nanashi and other hackers, it seems that the hacker also have access to a 20GB data dump of customer data along with passport scans. They have also written about having all the contact information of all the Mt.Gox employees which can be read here. You can read the full IRC exchange with the leaker is here.
Looks like Marks troubles are now trebling with every passing day. The entire Pastebin code is embedded below