|
c0dex
|
|
February 10, 2014, 10:05:11 AM |
|
Dear MtGox Customers and Bitcoiners,
As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By "bitcoin withdrawal" we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.
The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.
Addressing Transaction Malleability MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.
Non-technical Explanation: A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.
Technical Explanation: Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.
The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain. Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.
This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.
We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block's Merkle Tree, the new hash's purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).
This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.
We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.
In the meantime, exchanges and wallet services - and any service sending coins directly to third parties - should be extremely careful with anyone claiming their transaction did not go through.
Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.
Conclusion To put things in perspective, it's important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.
MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.
More information on the status of this issue will be released as soon as possible.
We thank you for taking the time to read this, and especially for your patience.
Best Regards, MtGox Team
|
|
|
|
russokai (OP)
|
|
February 10, 2014, 10:13:12 AM |
|
Yes this is really really bad. They are claiming Bitcoin itself is flawed.
Whether they are BSing or not, it is really bad for bitcoin in the short term, for sure.
|
|
|
|
Lethn
Legendary
Offline
Activity: 1540
Merit: 1000
|
|
February 10, 2014, 10:19:33 AM |
|
How suspicious, we'll have to see what the Bitcoin devs have to say about this, good thing Bitcoin is open source if they don't fix it but to me this looks like MTGOX is trying to cover up it's poor business practices more than anything else but I'll wait for a response on Bitcointalk before I jump to any conclusions.
I thought it might be worth pointing out for the Bitcointalk users who hate altcoins, this kind of thing is precisely why altcoins should be encouraged if it's true.
|
|
|
|
|
|
hilariousandco
Global Moderator
Legendary
Online
Activity: 3962
Merit: 2699
Join the world-leading crypto sportsbook NOW!
|
|
February 10, 2014, 10:30:05 AM |
|
This isn't good at all. Naysayers will have a field day with this. Panic sellers probably gonna panic.
|
|
|
|
gollum
Sr. Member
Offline
Activity: 434
Merit: 250
In Hashrate We Trust!
|
|
February 10, 2014, 10:31:26 AM |
|
This is a blame game - they want to buy some time. If the procol got bugs, how come it's only MtGox that has detected this bug?
|
|
|
|
Lethn
Legendary
Offline
Activity: 1540
Merit: 1000
|
|
February 10, 2014, 10:32:10 AM |
|
Exactly, it doesn't make any sense, there are some very intelligent people behind the Bitcoin code and they always release it to the world of everybody to see so someone would have picked up on this ages ago.
|
|
|
|
valerian253
Member
Offline
Activity: 130
Merit: 10
|
|
February 10, 2014, 10:33:18 AM |
|
Cluu-sterrr-fuuuck
|
|
|
|
El Dude
|
|
February 10, 2014, 10:35:25 AM |
|
The whole world is gett GOXXED right now , if there really was a bug why would they annouce it to the whole world ? The normal thing to do would be to contact the Bitcoin Devs and let them know.
|
Bitcoin and Litecoin hodler
|
|
|
yelloyello
|
|
February 10, 2014, 10:36:14 AM |
|
So do not panic. MtGox is not the boss of the Bitcoin. They are an exhange in trouble. With a lot of money but still an exchange. They better pay the btc to the wallets of the customers and start again...
|
|
|
|
R9Generation
Newbie
Offline
Activity: 45
Merit: 0
|
|
February 10, 2014, 10:36:21 AM |
|
This is the first HUGE crash ever! Go fiat fast! That bug also affects other Cryptos like LTC!
|
|
|
|
DubFX
|
|
February 10, 2014, 10:36:55 AM |
|
They actually do use custom client, but they are blaming the original one am i right?
|
|
|
|
tinstar
Member
Offline
Activity: 84
Merit: 10
|
|
February 10, 2014, 10:37:11 AM |
|
"Bug in the bitcoin software"?
If true, people should be praising Mt.Gox for their diligence.
If false... thanks for the buying opportunity, BTC down, down, down... setting an alarm for $500!
|
|
|
|
Rannasha
|
|
February 10, 2014, 10:37:42 AM |
|
The flaw isn't so much in Bitcoin as it is in exchange-systems. Many exchanges use the tx-id to uniquely identify transactions, but as it turns out, an attacker can change the tx-id without changing the actual transaction, rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn't. The exchange will then check their db, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins.
A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the set of (amount, address, timestamp) instead. If a user complains about not receiving their withdrawal, support can look it up using these 3 variables. It takes a little bit more work from support, but it prevents this attack from succeeding.
While it'd be nice if the tx-id isn't malleable, blaming this problem on a flaw in the protocol is quite a stretch.
|
|
|
|
yelloyello
|
|
February 10, 2014, 10:39:28 AM |
|
So when you trade in company shares you panick-sell everything on a bad week? I don't think so. In that situation your accountmanager tells you to buy some extra.
So companies can go bankrupt, bitcoin cannot.
|
|
|
|
Tomatocage
Legendary
Offline
Activity: 1554
Merit: 1222
brb keeping up with the Kardashians
|
|
February 10, 2014, 10:39:51 AM |
|
This is GREAT news. It means Gox has identified the problem and is taking steps to correct it.
|
|
|
|
FeedbackLoop
|
|
February 10, 2014, 10:40:19 AM |
|
The flaw isn't so much in Bitcoin as it is in exchange-systems. Many exchanges use the tx-id to uniquely identify transactions, but as it turns out, an attacker can change the tx-id without changing the actual transaction, rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn't. The exchange will then check their db, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins.
A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the set of (amount, address, timestamp) instead. If a user complains about not receiving their withdrawal, support can look it up using these 3 variables. It takes a little bit more work from support, but it prevents this attack from succeeding.
While it'd be nice if the tx-id isn't malleable, blaming this problem on a flaw in the protocol is quite a stretch.
+1e6 Thanks for posting this here in such a clear way!
|
|
|
|
sickpig
Legendary
Offline
Activity: 1260
Merit: 1008
|
|
February 10, 2014, 10:40:59 AM |
|
Pieter Wuille post on btc dev mailing list a RFC about a BIP proposal to "can get rid of transaction malleability over time". The email was sent no more the 12 hours ago. If you're interested in reading the BIP proposal you can find it here: https://gist.github.com/sipa/8907691
|
Bitcoin is a participatory system which ought to respect the right of self determinism of all of its users - Gregory Maxwell.
|
|
|
|