[...] AurumXchange asked us if we knew anything about email address
stevejobs807@gmail.com which was used by the hacker according to AurumXchange. We found an account under this email which [...] initial funds are deposited from an account known to belong to Zhou Tong.[/list]
I see three possibilities here:
- Zhou Thong created the second MtGox account himself, and were in breach of MtGox ToS by owning two accounts without prior permission.
- The attacker also had access to Zhou Tong's MtGox account and got the funds from there himself. Zhou Thong didn't notice.
- The attacker bought a Redeemable code or BTC directly from Zhou Thong, and transferred it directly to this account.
To me the first option is most likely.
From MtGox ToS:
Members may only have one Account at any one time and may not create or use any Account other than their own. For a Member to be exempt from any of these rules, he/she must request express and prior permission from the Platform. The creation or use of Accounts without obtaining such prior express permission from the Platform will lead to the immediate suspension of all said Accounts, as well as all pending purchase/sale offers.
If Zhou Tong indeed did own this account without express permission, MtGox shall have to suspend all Zhou Thong's accounts. If it wasn't his account, he need to explain how the funds got transferred there from his account.