Bitcoin Forum
August 16, 2018, 01:59:36 PM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: MTGox: Addressing Transaction Malleability  (Read 9998 times)
DutchBrat
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
February 10, 2014, 10:16:55 AM
 #1

Dear MtGox Customers and Bitcoiners,

As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By "bitcoin withdrawal" we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.

The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.


Addressing Transaction Malleability
MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.


Non-technical Explanation:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.


Technical Explanation:
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.

The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain.
Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.

This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.

We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block's Merkle Tree, the new hash's purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).

This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.

We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.

In the meantime, exchanges and wallet services - and any service sending coins directly to third parties - should be extremely careful with anyone claiming their transaction did not go through.

Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.


Conclusion
To put things in perspective, it's important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.

MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.

More information on the status of this issue will be released as soon as possible.

We thank you for taking the time to read this, and especially for your patience.

Best Regards,
MtGox Team

https://www.mtgox.com/press_release_20140210.html
1534427976
Hero Member
*
Offline Offline

Posts: 1534427976

View Profile Personal Message (Offline)

Ignore
1534427976
Reply with quote  #2

1534427976
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
BitAddict
Legendary
*
Offline Offline

Activity: 1190
Merit: 1000


DoctorBitcoin


View Profile
February 10, 2014, 10:20:24 AM
 #2

Can any one explain a little more about transaction malleability? Why this is only happening to MtGox and not to other exchanges/services... ?

Seems weird...
Gab1159
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
February 10, 2014, 10:31:58 AM
 #3

Wondering the same thing!
BitAddict
Legendary
*
Offline Offline

Activity: 1190
Merit: 1000


DoctorBitcoin


View Profile
February 10, 2014, 10:43:06 AM
 #4

Most important thing, if this is true why Bitstamp and Btc-e are not closing their bitcoins withdrawals?

Seems completely FUD from MtGox, because they have no money...
dserrano5
Legendary
*
Offline Offline

Activity: 1848
Merit: 1000



View Profile
February 10, 2014, 10:44:51 AM
 #5

Can any one explain a little more about transaction malleability?

https://en.bitcoin.it/wiki/Transaction_Malleability


Why this is only happening to MtGox and not to other exchanges/services... ?

Now that's a good question. Gox is known to use a custom wallet but still…

micalith
Hero Member
*****
Offline Offline

Activity: 689
Merit: 501



View Profile
February 10, 2014, 10:48:12 AM
 #6

Gox lost everyone's coins on a bad investment somewhere, so now they're crashing the price to buy them back

   ██                                                     
██████                                                     
██████████                ████              ████           
█████████████          ██████████        ██████████       
█████  █████████    ███████████████   ████████████████     
█████     ████████████████   ████  ██████████  ██████████ 
█████        ██████████          █████████        █████████
█████         ██████             ██████              ████ 
█████         █████              ████                     
█████         █████              ████                     
█████         █████              ████                     
█████         █████              ████                     
█████         █████              ████                     
█████         █████              ████                     
█████         ███████            ██████              ████ 
█████        ███████████         █████████        █████████
█████     █████████████████  ████   █████████  ██████████ 
█████  █████████    ███████████████   ████████████████     
█████████████          █████████         ██████████       
██████████                ████              ████           
  ████                                                     
/Distributed
Credit Chain
//
/////Empower Credit, Enable Finance/////
GithubFacebookMedium ‹‹‹dcc.finance››› RedditTwitterTelegram
notthematrix
Legendary
*
Offline Offline

Activity: 963
Merit: 1000


The All-in-One Cryptocurrency Exchange


View Profile
February 10, 2014, 10:50:20 AM
 #7

Dear MtGox Customers and Bitcoiners,

As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By "bitcoin withdrawal" we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.

The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.


Addressing Transaction Malleability
MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.


Non-technical Explanation:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.


Technical Explanation:
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.

The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain.
Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.

This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.

We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block's Merkle Tree, the new hash's purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).

This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.

We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.

In the meantime, exchanges and wallet services - and any service sending coins directly to third parties - should be extremely careful with anyone claiming their transaction did not go through.

Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.


Conclusion
To put things in perspective, it's important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.

MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.

More information on the status of this issue will be released as soon as possible.

We thank you for taking the time to read this, and especially for your patience.

Best Regards,
MtGox Team

https://www.mtgox.com/press_release_20140210.html

Looks like bitcoin network is handeling the transaction properly , but because of Fincen  like regulations the need extra tracebility this can be abused and avoided.
looks like green adresses are failing , theese things are non confirmation adresses , witch should be protected by MTGOX....
because the bitcoin network did not confrm yet , BITSTAMP does not seem to have this problem , NOR does BTC china!
so it is NOT a general bitcoin problem.
but a gox green adress problem.
so THIS IS A GOX ONLY PROBLEM! , not bitcoin! if it was a general btc error Bitstamp would have had the same problem and so would have BTC china!



██████
███
███
███
███
███
███
███
███
███
███
███
███
                ▄███
              ▄███▌ █
             ▀▀▀██▄  █
           ▄███▄▄ ▀▀▀█
          █ █████▀▀▀▄▄
         ▄██ ███▄    █
        ▐███▀   ▀█   █
        ████     █   █
       ▄██▀▄█▄▄▄█▀   █
       ▀▄▄███▌      █
   ▄▄▄▀▀▀████       █
 ▄▀    ██ ██       █
▐▌     ██▌▐▌      ▀▄
█      ██ █         ▀▄
█      █▀▄▌          █
█   ▄▀█▄██           █
█ ▄▀      ▀▀▄▄▀▄     █
▀▀             █    █
               █  ▄▀
               ▀▄█
     ▀█████████████▄▄
  ▀ ▀▀▀███████████████▌
   ▀ ▀▀▀▀██▀▀▀▀▀▀██████         ▄███████▄      ▄▄███████▄    ▄███▄    ▄███▄ ▄███▄      ▄███▄
▀ ▀▀▀▀█████▄▄▄▄▄▄█████▌       ▄████▀▀▀████▄   ▐████▀▀█████   ▀████▄  ▄████▀ █████▄    ▄█████
    ▀▀███████████████▀       █████     ████▌          ████▌    ▀████████▀    █████▄  ▄█████▌
   ▀ ▀████████████████▀ ▀    ██████████████▌   ▄▄██████████     ▄██████▄      █████▄▄█████▌
     ██████      ██▀▀▀▀▀▀▀ ▀ █████▀▀▀▀▀▀▀▀    █████▀▀▀█████    ▄████████▄      ██████████▌
     ██████▄▄▄▄▄▄██████▄ ▄    ████▄▄   ▄▄█▄   ████▄  ▄█████  ▄█████▀▀█████▄     ████████▌
     █████████████████▀        ▀███████████   ▀████████████  ████▀    ▀████      ██████▌
     ██████████████▀▀             ▀▀▀▀▀▀▀       ▀▀▀▀▀▀ ▀▀▀    ▀▀        ▀▀        █████
                                                                                ▄█████
                                                                            ▄███████▀
                                                                            ▀████▀▀
███
███
███
███
███
███
███
███
███
███
███
███
██████
|█████████████████
███████████████████
█████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
  WHITEPAPER 
  LIGHTPAPER...
|Instant Deposit
✓ 24/7 Support
Referral Program
guybrushthreepwood
Legendary
*
Online Online

Activity: 952
Merit: 1072



View Profile
February 10, 2014, 10:51:00 AM
 #8

Most important thing, if this is true why Bitstamp and Btc-e are not closing their bitcoins withdrawals?

Seems completely FUD from MtGox, because they have no money...

Maybe it's a problem on their end.
hilariousandco
Lamborghini Member
Global Moderator
Legendary
*
Online Online

Activity: 1750
Merit: 1277


Donate4Lambo: 1G9KcU1snXzh9UW4M 7E1xVqfDyPfC2ELDU


View Profile
February 10, 2014, 10:53:52 AM
 #9

Most important thing, if this is true why Bitstamp and Btc-e are not closing their bitcoins withdrawals?

Seems completely FUD from MtGox, because they have no money...

Maybe it's a problem on their end.

It seems irresponsible of them to announce this. If there is a problem with Bitcoin, why not wait for it to be solved. This just seems like they're trying to pass the blame for their shoddy service and practises.

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
DooMAD
Legendary
*
Offline Offline

Activity: 1708
Merit: 1127


Leave no FUD unchallenged


View Profile WWW
February 10, 2014, 12:51:13 PM
 #10


MoneyMorpheus
Sr. Member
****
Offline Offline

Activity: 251
Merit: 250


View Profile WWW
February 10, 2014, 02:54:26 PM
 #11

This is bs! I've send and received btc 10 times in and out of exchanges in the past weekend without any issues. If no one can confirm that what they say its true then the only correct theory is that they are trying to crash the price in order to make money for themselves.

Best altcoin exchange: https://vircurex.com/welcome/index?referral_id=241-35101
https://bter.com/signup/121418 | You may run into issues some time, but support will take care of you threw qq in chinese hours
1EGoA5LMV391Psf8ZHShTkTd3tQ6URKQEp
stompix
Hero Member
*****
Offline Offline

Activity: 798
Merit: 658



View Profile
February 10, 2014, 05:13:47 PM
 #12

This is bs! I've send and received btc 10 times in and out of exchanges in the past weekend without any issues. If no one can confirm that what they say its true then the only correct theory is that they are trying to crash the price in order to make money for themselves.

They blame it on a bug that was known for two years. They kept operating knowing of it and they didn't say a word until now.
They are trying to get clean out of this after they lost lots of money and coins.

Once we'll have the police looking into this I'm pretty sure more nasty stuff will come out of the magical mountain.

bitbouillion
Sr. Member
****
Offline Offline

Activity: 579
Merit: 250


DCC│Distributed Credit Chain


View Profile
February 10, 2014, 05:52:49 PM
 #13

"Explain the gox transaction malleability issue like you are five":
https://bitcointalk.org/index.php?topic=458386.0

Very good explanation.

   ██                                                     
██████                                                     
██████████                ████              ████           
█████████████          ██████████        ██████████       
█████  █████████    ███████████████   ████████████████     
█████     ████████████████   ████  ██████████  ██████████ 
█████        ██████████          █████████        █████████
█████         ██████             ██████              ████ 
█████         █████              ████                     
█████         █████              ████                     
█████         █████              ████                     
█████         █████              ████                     
█████         █████              ████                     
█████         █████              ████                     
█████         ███████            ██████              ████ 
█████        ███████████         █████████        █████████
█████     █████████████████  ████   █████████  ██████████ 
█████  █████████    ███████████████   ████████████████     
█████████████          █████████         ██████████       
██████████                ████              ████           
  ████                                                     
/Distributed
Credit Chain
//
Empower Credit, Enable Finance
GithubFacebookMedium ‹‹‹dcc.finance››› RedditTwitterTelegram
guybrushthreepwood
Legendary
*
Online Online

Activity: 952
Merit: 1072



View Profile
February 10, 2014, 06:08:26 PM
 #14

"Explain the gox transaction malleability issue like you are five":
https://bitcointalk.org/index.php?topic=458386.0

Very good explanation.

That's one smart 5 year old lol.
dynodog
Member
**
Offline Offline

Activity: 97
Merit: 10


View Profile
February 11, 2014, 03:01:21 PM
 #15

here's the best explanation that I have read:

http://blog.oleganza.com/post/76213549017/mtgox-and-malleable-transactions

cryptoanarchist
Legendary
*
Offline Offline

Activity: 1106
Merit: 1000



View Profile
February 11, 2014, 07:15:24 PM
 #16


This seems weird. You would think Gox would be able to fix this. My guess is that is has something to do with how tied up with government they are - that always attracts incompetence.

I'm grumpy!!
ujka
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


View Profile
February 11, 2014, 07:22:58 PM
 #17

Same kind of attack now on Bitstamp:
http://www.coinspectator.com/bitstamp-freeze-withdrawals/
kjlimo
Legendary
*
Offline Offline

Activity: 1792
Merit: 1002


View Profile WWW
February 11, 2014, 08:58:18 PM
 #18

My understanding is that instead of looking for a confirmed transaction to a bitcoin address for the amount requested, they were looking for the hash of a transaction, which apparently can be changed.

So if you rely upon the piece of information that can be changed, bad things happen, so it requires a different confirmation mechanism before letting things be automatic.

Coinbase for selling BTCs or Vircurex for trading alt cryptocurrencies like DOGEs
CoinNinja for exploring the blockchain.
PM me with any questions on these sites!  Happy to help!
cryptoanarchist
Legendary
*
Offline Offline

Activity: 1106
Merit: 1000



View Profile
February 11, 2014, 09:40:52 PM
 #19


Glad I got my coins out of there a long time ago.

I'm grumpy!!
PatMan
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1000


Watch out for the "Neg-Rep-Dogie-Police".....


View Profile WWW
February 12, 2014, 01:10:36 AM
 #20

Before anyone else starts ranting about MtGox, here's confirmation that this issue is not a MtGox only problem:

https://bitcoinfoundation.org/blog/?p=422

Shame though, cos they are crap  Cheesy Wink

PatMan to the rescue........ Grin

"When one person is deluded it is called insanity - when many people are deluded it is called religion" - Robert M. Pirsig.  I don't want your coins, I want change.
Amazon UK BTC payment service - https://bitcointalk.org/index.php?topic=301229.0 - with FREE delivery!
http://www.ae911truth.org/ - http://rethink911.org/ - http://rememberbuilding7.org/
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!