Bitcoin Forum
December 11, 2024, 12:24:41 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: MTGox: Addressing Transaction Malleability  (Read 10135 times)
DutchBrat (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
February 10, 2014, 10:16:55 AM
 #1

Dear MtGox Customers and Bitcoiners,

As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By "bitcoin withdrawal" we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.

The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.


Addressing Transaction Malleability
MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.


Non-technical Explanation:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.


Technical Explanation:
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.

The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain.
Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.

This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.

We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block's Merkle Tree, the new hash's purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).

This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.

We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.

In the meantime, exchanges and wallet services - and any service sending coins directly to third parties - should be extremely careful with anyone claiming their transaction did not go through.

Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.


Conclusion
To put things in perspective, it's important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.

MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.

More information on the status of this issue will be released as soon as possible.

We thank you for taking the time to read this, and especially for your patience.

Best Regards,
MtGox Team

https://www.mtgox.com/press_release_20140210.html
BitAddict
Legendary
*
Offline Offline

Activity: 1190
Merit: 1001



View Profile
February 10, 2014, 10:20:24 AM
 #2

Can any one explain a little more about transaction malleability? Why this is only happening to MtGox and not to other exchanges/services... ?

Seems weird...
Gab1159
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
February 10, 2014, 10:31:58 AM
 #3

Wondering the same thing!
BitAddict
Legendary
*
Offline Offline

Activity: 1190
Merit: 1001



View Profile
February 10, 2014, 10:43:06 AM
 #4

Most important thing, if this is true why Bitstamp and Btc-e are not closing their bitcoins withdrawals?

Seems completely FUD from MtGox, because they have no money...
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1030



View Profile
February 10, 2014, 10:44:51 AM
 #5

Can any one explain a little more about transaction malleability?

https://en.bitcoin.it/wiki/Transaction_Malleability


Why this is only happening to MtGox and not to other exchanges/services... ?

Now that's a good question. Gox is known to use a custom wallet but still…
micalith
Hero Member
*****
Offline Offline

Activity: 894
Merit: 501



View Profile
February 10, 2014, 10:48:12 AM
 #6

Gox lost everyone's coins on a bad investment somewhere, so now they're crashing the price to buy them back
notthematrix
Legendary
*
Offline Offline

Activity: 980
Merit: 1000

CryptoTalk.Org - Get Paid for every Post!


View Profile
February 10, 2014, 10:50:20 AM
 #7

Dear MtGox Customers and Bitcoiners,

As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By "bitcoin withdrawal" we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.

The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.


Addressing Transaction Malleability
MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.


Non-technical Explanation:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.


Technical Explanation:
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.

The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain.
Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.

This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.

We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block's Merkle Tree, the new hash's purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).

This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.

We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.

In the meantime, exchanges and wallet services - and any service sending coins directly to third parties - should be extremely careful with anyone claiming their transaction did not go through.

Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.


Conclusion
To put things in perspective, it's important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.

MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.

More information on the status of this issue will be released as soon as possible.

We thank you for taking the time to read this, and especially for your patience.

Best Regards,
MtGox Team

https://www.mtgox.com/press_release_20140210.html

Looks like bitcoin network is handeling the transaction properly , but because of Fincen  like regulations the need extra tracebility this can be abused and avoided.
looks like green adresses are failing , theese things are non confirmation adresses , witch should be protected by MTGOX....
because the bitcoin network did not confrm yet , BITSTAMP does not seem to have this problem , NOR does BTC china!
so it is NOT a general bitcoin problem.
but a gox green adress problem.
so THIS IS A GOX ONLY PROBLEM! , not bitcoin! if it was a general btc error Bitstamp would have had the same problem and so would have BTC china!



██████
███
███
███
███
███
███
███
███
███
███
███
███
.♦♦♦.XSL Labs.♦♦♦.
███
███
███
███
███
███
███
███
███
███
███
███
██████
|  WHITEPAPER 
  AUDIO WP
|Confidentiality
Authenticity
Integrity
guybrushthreepwood
Legendary
*
Offline Offline

Activity: 1232
Merit: 1195



View Profile
February 10, 2014, 10:51:00 AM
 #8

Most important thing, if this is true why Bitstamp and Btc-e are not closing their bitcoins withdrawals?

Seems completely FUD from MtGox, because they have no money...

Maybe it's a problem on their end.
hilariousandco
Global Moderator
Legendary
*
Offline Offline

Activity: 4018
Merit: 2728


Join the world-leading crypto sportsbook NOW!


View Profile
February 10, 2014, 10:53:52 AM
 #9

Most important thing, if this is true why Bitstamp and Btc-e are not closing their bitcoins withdrawals?

Seems completely FUD from MtGox, because they have no money...

Maybe it's a problem on their end.

It seems irresponsible of them to announce this. If there is a problem with Bitcoin, why not wait for it to be solved. This just seems like they're trying to pass the blame for their shoddy service and practises.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
DooMAD
Legendary
*
Offline Offline

Activity: 3948
Merit: 3191


Leave no FUD unchallenged


View Profile
February 10, 2014, 12:51:13 PM
 #10


▄▄▄███████▄▄▄
▄█████████████████▄▄
▄██
█████████▀██▀████████
████████▀
░░░░▀░░██████████
███████████▌░░▄▄▄░░░▀████████
███████
█████░░░███▌░░░█████████
███
████████░░░░░░░░░░▄█████████
█████████▀░░░▄████░░░░█████████
███
████▄▄░░░░▀▀▀░░░░▄████████
█████
███▌▄█░░▄▄▄▄█████████
▀████
██████▄██
██████████▀
▀▀█████████████████▀▀
▀▀▀███████▀▀
.
.BitcoinCleanUp.com.


















































.
.     Debunking Bitcoin's Energy Use     .
███████████████████████████████
███████████████████████████████
███████████████████████████████
███████▀█████████▀▀▀▀█▀████████
███████▌░▀▀████▀░░░░░░░▄███████
███████▀░░░░░░░░░░░░░░▐████████
████████▄░░░░░░░░░░░░░█████████
████████▄░░░░░░░░░░░▄██████████
███████▀▀▀░░░░░░░▄▄████████████
█████████▄▄▄▄▄▄████████████████
███████████████████████████████
███████████████████████████████
███████████████████████████████
...#EndTheFUD...
MoneyMorpheus
Sr. Member
****
Offline Offline

Activity: 251
Merit: 250


View Profile WWW
February 10, 2014, 02:54:26 PM
 #11

This is bs! I've send and received btc 10 times in and out of exchanges in the past weekend without any issues. If no one can confirm that what they say its true then the only correct theory is that they are trying to crash the price in order to make money for themselves.

Best altcoin exchange: https://vircurex.com/welcome/index?referral_id=241-35101
https://bter.com/signup/121418 | You may run into issues some time, but support will take care of you threw qq in chinese hours
1EGoA5LMV391Psf8ZHShTkTd3tQ6URKQEp
stompix
Legendary
*
Offline Offline

Activity: 3094
Merit: 6641


Leading Crypto Sports Betting & Casino Platform


View Profile
February 10, 2014, 05:13:47 PM
 #12

This is bs! I've send and received btc 10 times in and out of exchanges in the past weekend without any issues. If no one can confirm that what they say its true then the only correct theory is that they are trying to crash the price in order to make money for themselves.

They blame it on a bug that was known for two years. They kept operating knowing of it and they didn't say a word until now.
They are trying to get clean out of this after they lost lots of money and coins.

Once we'll have the police looking into this I'm pretty sure more nasty stuff will come out of the magical mountain.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
bitbouillion
Sr. Member
****
Offline Offline

Activity: 868
Merit: 250



View Profile
February 10, 2014, 05:52:49 PM
 #13

"Explain the gox transaction malleability issue like you are five":
https://bitcointalk.org/index.php?topic=458386.0

Very good explanation.

guybrushthreepwood
Legendary
*
Offline Offline

Activity: 1232
Merit: 1195



View Profile
February 10, 2014, 06:08:26 PM
 #14

"Explain the gox transaction malleability issue like you are five":
https://bitcointalk.org/index.php?topic=458386.0

Very good explanation.

That's one smart 5 year old lol.
dynodog
Member
**
Offline Offline

Activity: 97
Merit: 10


View Profile
February 11, 2014, 03:01:21 PM
 #15

here's the best explanation that I have read:

http://blog.oleganza.com/post/76213549017/mtgox-and-malleable-transactions

cryptoanarchist
Legendary
*
Offline Offline

Activity: 1120
Merit: 1003



View Profile
February 11, 2014, 07:15:24 PM
 #16


This seems weird. You would think Gox would be able to fix this. My guess is that is has something to do with how tied up with government they are - that always attracts incompetence.

I'm grumpy!!
ujka
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


View Profile
February 11, 2014, 07:22:58 PM
 #17

Same kind of attack now on Bitstamp:
http://www.coinspectator.com/bitstamp-freeze-withdrawals/
kjlimo
Legendary
*
Offline Offline

Activity: 2128
Merit: 1031


View Profile WWW
February 11, 2014, 08:58:18 PM
 #18

My understanding is that instead of looking for a confirmed transaction to a bitcoin address for the amount requested, they were looking for the hash of a transaction, which apparently can be changed.

So if you rely upon the piece of information that can be changed, bad things happen, so it requires a different confirmation mechanism before letting things be automatic.

Coinbase for selling BTCs
Fold for spending BTCs
PM me with any questions on these sites/apps! 



RIP: http://www.montybitcoin.com


or Vircurex for trading alt cryptocurrencies like DOGEs
CoinNinja for exploring the blockchain.
cryptoanarchist
Legendary
*
Offline Offline

Activity: 1120
Merit: 1003



View Profile
February 11, 2014, 09:40:52 PM
 #19


Glad I got my coins out of there a long time ago.

I'm grumpy!!
PatMan
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1000


Watch out for the "Neg-Rep-Dogie-Police".....


View Profile WWW
February 12, 2014, 01:10:36 AM
 #20

Before anyone else starts ranting about MtGox, here's confirmation that this issue is not a MtGox only problem:

https://bitcoinfoundation.org/blog/?p=422

Shame though, cos they are crap  Cheesy Wink

PatMan to the rescue........ Grin

"When one person is deluded it is called insanity - when many people are deluded it is called religion" - Robert M. Pirsig.  I don't want your coins, I want change.
Amazon UK BTC payment service - https://bitcointalk.org/index.php?topic=301229.0 - with FREE delivery!
http://www.ae911truth.org/ - http://rethink911.org/ - http://rememberbuilding7.org/
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!