Thanks for the detailed explanations. Yes, I meant using mtgox internal accounting records, which obviously mtgox should have and so (being this forensic reconciliation possible) could/should do this audit themselves and offer it as proof in the process as defense of the accusation of internal theft (which is also already in the air).

Each attempted transaction should have been logged, not only because of its forensic value, but because one couldnt know it would become a "failed" one, you need to log it to be able to track the outcome. In no way they could justify that failed transactions were simple wiped from the logs afterwards.

It's the same as they should have a detailed log of the order book at any point in time.

But now that I am thinking about the malleability issue, and after reading the explanations, some thing has come to my mind:

Withdrawal transactions are put in queue and then a transaction with many inputs and many outputs (all the withdrawal destinations) is created... so... for each sucessful malleability attack, not only the "attacker" withdrawal would be reissued, but all the ones in the same "failed" transaction would. So many people besides the attacker would have received duplicate bitcoin transactions for each sucessful attack. (Unless I am wrong in my understanding of how that process works)

At least if we come to believe the explanation that it was an AUTOMATED reissue process and not a manual one after opening a ticket asking for the reissue.

The more I think about it, the more it all seems totally BS to me.