Bitcoin Forum
June 21, 2024, 06:48:34 PM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [Tech not FUD]So is crypto dead ? (at least for now)  (Read 850 times)
thenoblebot (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 252


View Profile
February 10, 2014, 02:20:14 PM
 #1

No seriously.

With the transaction malleability problem that has come up with BTC withdrawals, will it force people to stop transacting at least for the time being ?

Specially given that now its well known, I am sure there would be a lot of people who would change the hashes of their transactions and send them to well known pools, resulting in what I think more aptly describes the problem as - "double(or more) withdrawals".

Will things (the withdrawals from exchanges) be put on hold till this is patched by the core devs ? Of course financially it is going to cause mayhem as it already is.
subvolatil
Hero Member
*****
Offline Offline

Activity: 546
Merit: 501


Cypherpunk and full-time CryptoAnarchist


View Profile
February 10, 2014, 02:37:56 PM
 #2

No seriously.

With the transaction malleability problem that has come up with BTC withdrawals, will it force people to stop transacting at least for the time being ?

Specially given that now its well known, I am sure there would be a lot of people who would change the hashes of their transactions and send them to well known pools, resulting in what I think more aptly describes the problem as - "double(or more) withdrawals".

Will things (the withdrawals from exchanges) be put on hold till this is patched by the core devs ? Of course financially it is going to cause mayhem as it already is.


 Ok firstly this is a  very old  known problem, Secondly it  effects those sites doing transactions  that are not  managing their transactions  properly. Mutating transaction  may be a bit  harder than you may think. It is a problem on the bitcoin protocol. But it is one  that can be  resolved, this is not a fundamental  problem, Mt. gox is using this as an excuse and crying  like a  baby. 

In short The fault is at  Mt Gox side  for  faulty implementation of the  wallet.

All Mt gox had to  do  was  to  implement  a code on their  side to  track a mutant transaction.
thenoblebot (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 252


View Profile
February 10, 2014, 02:55:53 PM
 #3


 Ok firstly this is a  very old  known problem, Secondly it  effects those sites doing transactions  that are not  managing their transactions  properly. Mutating transaction  may be a bit  harder than you may think. It is a problem on the bitcoin protocol. But it is one  that can be  resolved, this is not a fundamental  problem, Mt. gox is using this as an excuse and crying  like a  baby.  

In short The fault is at  Mt Gox side  for  faulty implementation of the  wallet.

All Mt gox had to  do  was  to  implement  a code on their  side to  track a mutant transaction.

I'm not just talking about Gox. This is a well known problem for sure. But as an attack vector today someone (more aptly a group) could just decide to use the same strategy to bring the system to a halt. I'm kinda sure (not statistically speaking because there is no data to back such things) that most exchanges use txid to track transaction. It has been the way for quite sometime.

So if I wana get an exchange to stop (and assuming most exchanges use the above approach - its not a naive assumption to make ) :

I start withdrawing, change transaction sigs (yea it maybe harder but with such stakes involved will only make it easier) , mutating the transaction, resulting in a different hash and there you have it .. transaction malleability. The particular exchange is in serious trouble.

Now I don't discount the fact that other exchanges who do this right will get away even after such attempts.

BUT

What amazes me is why have there not been attacks using such an attack vector ? Or maybe I missed it somewhere .. does anybody know of such attempts in the past ?
thenoblebot (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 252


View Profile
February 10, 2014, 04:12:49 PM
 #4

As for Gox - I mean those guys are MAJOR ^%*&%* &%(^ %%*&%*&  ^%%& (ad infinitum).

Bad for the community and full of crap. They are making this an excuse even though that guy fucking maintains the wiki and the problem has been there since 2011. So they are just blaming the protocol for their shit.

subvolatil
Hero Member
*****
Offline Offline

Activity: 546
Merit: 501


Cypherpunk and full-time CryptoAnarchist


View Profile
February 10, 2014, 04:24:47 PM
 #5


 Ok firstly this is a  very old  known problem, Secondly it  effects those sites doing transactions  that are not  managing their transactions  properly. Mutating transaction  may be a bit  harder than you may think. It is a problem on the bitcoin protocol. But it is one  that can be  resolved, this is not a fundamental  problem, Mt. gox is using this as an excuse and crying  like a  baby.  

In short The fault is at  Mt Gox side  for  faulty implementation of the  wallet.

All Mt gox had to  do  was  to  implement  a code on their  side to  track a mutant transaction.

I'm not just talking about Gox. This is a well known problem for sure. But as an attack vector today someone (more aptly a group) could just decide to use the same strategy to bring the system to a halt. I'm kinda sure (not statistically speaking because there is no data to back such things) that most exchanges use txid to track transaction. It has been the way for quite sometime.

So if I wana get an exchange to stop (and assuming most exchanges use the above approach - its not a naive assumption to make ) :

I start withdrawing, change transaction sigs (yea it maybe harder but with such stakes involved will only make it easier) , mutating the transaction, resulting in a different hash and there you have it .. transaction malleability. The particular exchange is in serious trouble.

Now I don't discount the fact that other exchanges who do this right will get away even after such attempts.

BUT

What amazes me is why have there not been attacks using such an attack vector ? Or maybe I missed it somewhere .. does anybody know of such attempts in the past ?

Well i have never  heard of this being used to attack a exchange or a processing site. but the problem here is that this can be only used once. and then it wont work. the attacker also needs to have  a  same amount of  btc in the vault to  do this  attack, so i guess if i was an attacker, i would not risk my btc on a attack that may or may not  work.
thenoblebot (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 252


View Profile
February 10, 2014, 04:49:03 PM
Last edit: February 10, 2014, 05:09:42 PM by thenoblebot
 #6


Well i have never  heard of this being used to attack a exchange or a processing site. but the problem here is that this can be only used once. and then it wont work. the attacker also needs to have  a  same amount of  btc in the vault to  do this  attack, so i guess if i was an attacker, i would not risk my btc on a attack that may or may not  work.

Well if I was the attacker then this is how I would go :

1) Buy some btc with cash
2) Try to withdraw it using malleable transactions
3) Claim I have not received it and try to get them to send it again
4) Repeat steps 1-3 using different ips and accounts using small amounts so as to make the trace hard to detect.

Attack successful. If not get more than the amount of BTC I should get, it will at least bring the exchange/processor to a halt.

Win win win !!
techguy
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile
February 10, 2014, 05:03:49 PM
 #7

Here are the responses from Gavin Anderson & Greg Maxwell about this issue.

https://bitcoinfoundation.org/blog/?p=418
http://www.cryptocoinsnews.com/2014/02/10/mt-gox-blames-bitcoin-core-developer-greg-maxwell-responds/
thenoblebot (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 252


View Profile
February 10, 2014, 05:17:53 PM
 #8


Yea I read Greg Maxwell's response. Makes sense, thats why the (added) outburst against Gox above. I still think the above attack could be successfully executed.
thenoblebot (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 252


View Profile
February 12, 2014, 06:01:04 AM
 #9

Can anybody here tell me how the attack based here https://bitcointalk.org/index.php?topic=458608.0 (more specifically the update section highlighted ) is not being carried out as presented here http://www.coindesk.com/massive-concerted-attack-launched-bitcoin-exchanges/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CoinDesk+%28CoinDesk+-+The+Voice+of+Digital+Currency%29

I tried explaining a day before but to no avail. Can anybody tell me if I am missing some piece of logic here ? Or is one of the devs just acting crazy with me ?
thenoblebot (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 252


View Profile
February 12, 2014, 07:53:32 AM
 #10

Anybody ?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!