New Mt Gox Press Release - Feb 10 - they are claiming flaw in bitcoin protocol !

[seriouscoin]

Trying to dumb this down for me so I can understand it better and explain it to my friends:

I request $1,000 to be wired to me from Company A. Since there are so many wires with Company A, they have developed their own automated process. I notice a flaw in their code, so that after they send the wire, I can screw with the receipt that they get from the bank, making it seem to them that the wire didn't go through. Their flawed system doesn't check the bank balance, it just goes off of their flawed receipt. Therefore, I can request they send again.

Is this about accurate?

Yup.... now do you blame the bank or yourself for not checking the balance?

[Mikellev]

I haven't read this entire thread yet, but i......................

I stopped reading your post there.

[seriouscoin]

I haven't read this entire thread yet, but is this true? The TX ID can be modified and re-broadcast to effectively double-spend? If this is the case, not only is MtGox justified in their issues, but they've also demonstrated to the entire world how stupid this community is to believe BTC is without flaw and can't be taken to $0 if the right individuals were to go through this protocol with a fine-toothed comb. What a terrible concept to implement. What is the purpose of a TX ID if not to identify a TX? What could possibly be achieved by allowing such an ID to be modified?

No you're stupid.


Go read again.

[Sheldor333]

This is bad. Only reason I see them doing this is so they can lower value of Bitcoin so their loss is lower. That is if Bitcoin is worth less maybe they can pull trough.

[superresistant]

I post here to say that I'm not gonna read a single word of all that crap.

Thank you.

[yatsey87]

from gmaxwell
21 January 2013‎
And you'll note that page is citing a forum thread from 2011.  Bitcoin v0.8 rolled out the first round of fixes to eventually remove malleability way back then too... and we've seen bouts of amounts of malleability use on the network, back in 2012 if not sooner— I haven't grepped my logs.

I overlooked the 2013  

But if it did occur, then a spend with the same input,output and quantity should have shown up to the receiver address right? Just not with the original txout. It wouldn't explain a transaction delay where nothing is transacted or would it?

Let me explain further, ppl dont receive their coins isnt because of this. Its because Gox system (bookkeeping) got messed up and send out non available coins since all tx are chain-linked.

What the hell were they sending out then? Do they have a coin deficit or something?

[jzcjca00]

I haven't read this entire thread yet...

Why do people insist on talking about things they do not understand?  That puts you on a par with the journalists who tell the world that Bitcoin is a Ponzi scheme.

God gave you two ears and one mouth so you would spend more time listening than talking.  Unfortunately, he goofed and gave you 2 eyes and 10 fingers.  Big mistake!

[roslinpl]

1 thing is good that MtGox mess does :

they make cheap coins
hurray!

[njcarlos]

It seems more like a protocol exploit than a bug or failure.
But it's one that has now been seen in the wild at least twice:
the ghash.io double-spend attacks against SD and now with withdraws from Gox.

Even if it is an exploit that affects certain types of business practices rather than a real protocol-level failure, it still seems serious.
At the time of the ghash double spend I remember gmaxwell saying essentially 'that's what you get if you base your business model on unconfirmed transactions," which I thought was a bit flip, but now it sounds like mutated transactions can make it into the block chain which seems to cement the obfuscation into a kind of "he said, she said" scenario.  

Even if it has been known about for several years, it has now come to life in a big way. Not good.

You can PM me your apology if you're too shy to make it in public.

[Draino]

MtGox, continuing to prove the dunning-kruger effect

Their incompetence and arrogance really boggles the mind-- have they really not hired a consultant, ever?  They really feel like they're this brilliant powerhouse that discovered this (non)-issue?

I'm willing to bet an exploit using this very tactic was reported dozens of times, only to fall into customer support limbo.  And if that's the case, they deserve whatever lawsuit and/or criminal punishment is coming to them.

"The brillianty smart-people at MtGox have created a new way to store coins long term, in an encrypted zip file!  MtGox a hub of innovation and security!  A pillar of the community!  We discover critical security flaws only after they've made us insolvent!  HOORAY!"


Seriously this shit makes me rage so hard.  Fade into irrelevance MtGox, you served your purpose, and now you're like a herpes sore that just refuses to dry up.

[dorobotsdream]

...

But if it did occur, then a spend with the same input,output and quantity should have shown up to the receiver address right? Just not with the original txout. It wouldn't explain a transaction delay where nothing is transacted or would it?

Let me explain further, ppl dont receive their coins isnt because of this. Its because Gox system (bookkeeping) got messed up and send out non available coins since all tx are chain-linked.

Ok, so they sent out some coins. Then because they didn't see the txout in the blockchain (whether by helpful or malicious use of malleability), they considered the coins not spent and kept trying to send out the same coins that were not theirs anymore, blowing up their whole accounting system?

Given my own experience this must have been going on already on the 28th of january.

[Meuh6879]

MtGox is a clown.
They don't use a connected bitcoin API (blabla hacked, blabla hole secure, blabla bandwidth, blabla balance) ... and now, they talk that the bitcoin is in fault ?


Ah Ah Ah  

[warpio]

So, has anyone tried contacting Gox, and informing them that this "fundamental flaw" can be fixed simply by keeping a proper full record of the transaction rather than only keeping the tx-id?

[njcarlos]

I'm sure at this point they realize that but are going to "punish" the community (and by extension the core developers) by suspending withdrawals until it's fixed. As "trendy" as it is to blame Gox, there's enough blame to go around to both the developers and Gox. Mistakes on both sides that have cost many people a lot of money.

[justusranvier]

MtGox, continuing to prove the dunning-kruger effect

Their incompetence and arrogance really boggles the mind-- have they really not hired a consultant, ever?  They really feel like they're this brilliant powerhouse that discovered this (non)-issue?

I'm willing to bet an exploit using this very tactic was reported dozens of times, only to fall into customer support limbo.  And if that's the case, they deserve whatever lawsuit and/or criminal punishment is coming to them.

"The brillianty smart-people at MtGox have created a new way to store coins long term, in an encrypted zip file!  MtGox a hub of innovation and security!  A pillar of the community!  We discover critical security flaws only after they've made us insolvent!  HOORAY!"


Seriously this shit makes me rage so hard.  Fade into irrelevance MtGox, you served your purpose, and now you're like a herpes sore that just refuses to dry up.

Had Mt Gox been competent at all when designing their custom wallet software, they would have noted that tx-ids are mutable, so not reliable as an identifier until after being confirmed in the blockchain. They also should have been tracking UTXOs directly, not just blindly assuming that as long as no transaction matching a tx-id they generated those outputs remained unspent.

[Mikellev]

hmmmmmmmm.........?!

[zeetubes]

In an instance like this, the statement from Gox had to have been approved by the CEO. Also, he must have known the exact consequences the statement's release would have on the market.  I guess, let the conspiracy theories begin but I would love to have a Gox insider give some insight as to what the decision process was. And also who outside of Gox was in on the action? Hey, maybe the Fed offered to bail them out if they agreed to try and crash the market.

This is equivalent to the head of the NY Stock exchange saying on a monday morning before the market opening that every stock exchange has a significant flaw and hence they alone will not open. Further that they will freeze every trader's funds. Of course the BTC market is mostly self-policing.... That MF pissed off a lot of people today (and by no means the first or last time). Perhaps one day he will piss off the wrong people.

[RomertL]

Good news: I sold all my coins a couple of weeks ago coz I needed fiat for some investments. Bad news: Don't have any cash on any exchange so will take a few days until I will be able to buy more BTC, hopefully it's still cheap:(

 Will remember for next time to always have some cheap buy orders on some exchange...

[Jay84]

I'm sure at this point they realize that but are going to "punish" the community (and by extension the core developers) by suspending withdrawals until it's fixed. As "trendy" as it is to blame Gox, there's enough blame to go around to both the developers and Gox. Mistakes on both sides that have cost many people a lot of money.

Oh, c'mon. Get over yourself. Bitcoin is risky. Lost money? Your problem. Bye

[leapingleon]

hmmmmmmmm.........?!

http://content.screencast.com/users/Mike-Socialised.de/folders/Jing/media/151f2b06-435d-4a22-9750-e98eef34d9ab/2014-02-10_1558.png

Sent them a ticket about 30 minutes ago as my BTC deposit was not showing after 2 hours.