MTGOX hits $570 "A bug in the bitcoin software makes it possible for someone to"

[yomofo]

http://imgur.com/S77P5h1

edit: we just hit $525

Huobi at 3880 cny

bitstamp at 590

http://www.reddit.com/r/BitcoinMarkets/comments/1xico3/mtgoxs_press_release/cfblnbv

Dear MtGox Customers and Bitcoiners,

As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By "bitcoin withdrawal" we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.

The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.

Addressing Transaction Malleability
MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.

Non-technical Explanation:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.

Technical Explanation:
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.

The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain. Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.

This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.

We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block's Merkle Tree, the new hash's purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).

This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.

We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.

In the meantime, exchanges and wallet services - and any service sending coins directly to third parties - should be extremely careful with anyone claiming their transaction did not go through.

Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.

Conclusion
To put things in perspective, it's important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.

MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.

More information on the status of this issue will be released as soon as possible.

We thank you for taking the time to read this, and especially for your patience.

Best Regards, MtGox Team

they have found a bug in the software.  it's possible that the double spent transactions could lead to Mtgox insolvency in bitcoins.  People are selling btc for fiat in mtgox as they have a better chance to sue in court for fiat.

[DubFX]

MTgox should be completely ignored...

[Dalmar]

555 moments ago

[hyphymikey]

MTgox should be completely ignored...

It's not their fault bitcoin is broke... 

[MsCollec]

Is there any chance we could see $100 

[DubFX]

MTgox should be completely ignored...

It's not their fault bitcoin is broke... 

I'd say their custom client is broke...have you seen this kind of msg. on some other exchange?

[oda.krell]

As I said earlier in the wall thread (in similar words):

The ambiguous phrasing of the gox press release wasn't coincidence, of course.

I'm not even talking about a "conspiracy" style explanation that they're trying to manipulate their way out of a shortage of coins by bringing down the price and rebuying coins cheaper (so they can serve their customers). Makes sense, but even I don't think Karpeles would go that low.

No, the real explanation for the phrasing is:

Blame transfer.

Gox is willing to damage the reputation of the *entire* Bitcoin ecosystem, so *they* don't have to take the blame for not implementing their wallet software properly.


Seriously: To anyone still using mtgox -- stop. Withdraw your money (or try it), withdraw your coins (or try it), and let them die off.

We need mtgox removed from the system for Bitcoin to grow further.

[Ekaros]

So how hard is it to verify the transactions from your wallet against the block chain?

Or not notice that you have lot less balance than you should have?

[smoothie]

As I said earlier in the wall thread (in similar words):

The ambiguous phrasing of the gox press release wasn't coincidence, of course.

I'm not even talking about a "conspiracy" style explanation that they're trying to manipulate their way out of a shortage of coins by bringing down the price and rebuying coins cheaper (so they can serve their customers). Makes sense, but even I don't think Karpeles would go that low.

No, the real explanation for the phrasing is:

Blame transfer.

Gox is willing to damage the reputation of the *entire* Bitcoin ecosystem, so *they* don't have to take the blame for not implementing their wallet software properly.


Seriously: To anyone still using mtgox -- stop. Withdraw your money (or try it), withdraw your coins (or try it), and let them die off.

We need mtgox removed from the system for Bitcoin to grow further.

Bolded part +21,000,000

[oda.krell]

So how hard is it to verify the transactions from your wallet against the block chain?

Or not notice that you have lot less balance than you should have?

I always thought one would quickly lose interest in improving things (or basically: setting any challenging goals to themselves) once they're sitting on a 10k? 100k? BTC fortune like Karpeles does.

/2cents

[petersiddle98]

MTGOX is spoiling Bitcoin's name.

[Mythul]

This is going to end badly. I'm out !

[elewton]

Two words.  Spread them wherever you go: BOYCOTT GOX!

[N12]

After seeing all the butthurt it causes, I have to say that I fully support MtGox.

[btcmad1337]

Gox is willing to damage the reputation of the *entire* Bitcoin ecosystem, so *they* don't have to take the blame for not implementing their wallet software properly.

Have any of you actually looked at this flaw?

It's been a known flaw for a while, here is a proposed fix:
https://gist.github.com/sipa/8907691

Find me one Bitcoin wallet software that has this fixed as of right now and I will pay you 1BTC. HINT: there are none.

[Ekaros]

After seeing all the butthurt it causes, I have to say that I fully support MtGox.

Never support incompetence... So how much funds you have in Mt Gox or how much are you moving in?

[N12]

After seeing all the butthurt it causes, I have to say that I fully support MtGox.

Never support incompetence... So how much funds you have in Mt Gox or how much are you moving in?

MtGox creates additional Bitcoin volatility, I fully support that.

[mmortal03]

they have found a bug in the software.  it's possible that the double spent transactions could lead to Mtgox insolvency in bitcoins.  People are selling btc for fiat in mtgox as they have a better chance to sue in court for fiat.

This issue doesn't have to do with double spent transactions in the sense that this term is commonly used. My understanding is that this has to do with tricking a 3rd party into THINKING that a transaction did not occur.

[smoothie]

Gox is willing to damage the reputation of the *entire* Bitcoin ecosystem, so *they* don't have to take the blame for not implementing their wallet software properly.

Have any of you actually looked at this flaw?

It's been a known flaw for a while, here is a proposed fix:
https://gist.github.com/sipa/8907691

Find me one Bitcoin wallet software that has this fixed as of right now and I will pay you 1BTC. HINT: there are none.

Show me why other exchanges do not have this problem with withdrawals but ONLY MTGOX?

Remember MTGOX is using a custom version of the bitcoin software. This is likely the reason they have issues with their exchange platform.

[elewton]

Find me one Bitcoin wallet software that has this fixed as of right now and I will pay you 1BTC. HINT: there are none.

At the very least, I'm pretty sure blockchain.

[btcmad1337]

Show me why other exchanges do not have this problem with withdrawals but ONLY MTGOX?

Remember MTGOX is using a custom version of the bitcoin software. This is likely the reason they have issues with their exchange platform.

Because the attack involves mining your own block, hence requires lots of hash power so is difficult to execute unless you've got stacks of hashpower. It may also be noticed by a smaller exchange when they noticed their balance is much lower than it should be. A couple hundred BTC missing from Mt Gox wouldn't go noticed, it would go noticed from cryptsy.

They will most likely try to execute this attack on other exchanges unless the devs push a fix fast which they are working on right now.

[oda.krell]

Gox is willing to damage the reputation of the *entire* Bitcoin ecosystem, so *they* don't have to take the blame for not implementing their wallet software properly.

Have any of you actually looked at this flaw?

It's been a known flaw for a while, here is the fix:
https://gist.github.com/sipa/8907691

Find me one Bitcoin wallet software that has this fixed as of right now and I will pay you 1BTC. HINT: there are none.

Reading comprehension isn't your strong side, huh?

<gmaxwell> Oh there is a “problem” in the Bitcoin protocol, known since at least 2011 (see the link I gave). But for normal applications, not involving unconfirmed transactions, it shouldn’t cause any severe problems because wallets can handle it locally.

Don't blame on the protocol what can be contained locally.


@Blitz

I don't share your cynicism on this one. I'm not "butthurt" the slightest, in fact, I profited nicely of this swing. But mtgox *is* in a very real sense a major factor in limiting usefulness and reliability of BTC as a whole. It would benefit everyone if they were taken out of the equation.

[Teodor]

MTgox should be completely ignored...

I don't think so, as others are following and also dropping... people get scared and sell so the price drops... we'll see what's next in the market.

[Ekaros]

Show me why other exchanges do not have this problem with withdrawals but ONLY MTGOX?

Remember MTGOX is using a custom version of the bitcoin software. This is likely the reason they have issues with their exchange platform.

Because the attack involves mining your own block, hence requires lots of hash power so is difficult to execute unless you've got stacks of hashpower. It may also be noticed by a smaller exchange when they noticed their balance is much lower than it should be. A couple hundred BTC missing from Mt Gox wouldn't go noticed, it would go noticed from cryptsy.

They will most likely try to execute this attack on other exchanges unless the devs push a fix fast which they are working on right now.

Who wants to keep their wealth on service that doesn't exactly track their funds or audit them regularly?

[btcmad1337]

Don't blame on the protocol what can be contained locally.

So your saying we should ignore all the bitcoind API documentation which tracks by txid and everyone should be responsible for making their own systems for tracking payments?

Reading comprehension isn't your strong side, huh?

Please find me a wallet that prevents the transaction ID from being modified in-transit. Thats all I said. There are none so if your tracking payment by transaction ID's which is something almost everyone does then your vulnerable.

[mmortal03]

"MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers."

Put another way: We will hold all our customers' bitcoins hostage, to save ourselves from an alleged potential few who might scam us, until the community does what we please -- and we will do this even though there is probably another way for us work around the problem in the near term. Also, we don't care about spreading fear and crashing the price in the meantime by coming out with a press release that fixes nothing; come on, now, why would we want to work behind the scenes with the devs until a solution is developed and THEN put out a release?

[seriouscoin]

Don't blame on the protocol what can be contained locally.

So your saying we should ignore all the bitcoind API documentation which tracks by txid and everyone should be responsible for making their own systems for tracking payments?

Reading comprehension isn't your strong side, huh?

Please find me a wallet that prevents the transaction ID from being modified in-transit. Thats all I said. There are none so if your tracking payment by transaction ID's which is something almost everyone does then your vulnerable.

Any bitcoin-QT since 2012 idiot.

[btcmad1337]

Any bitcoin-QT since 2012 idiot.

Nope wrong. There are none. If you can find one thats available right now I'll pay you 1BTC. I'm putting my money where my mouth is.

[btcmad1337]

Who wants to keep their wealth on service that doesn't exactly track their funds or audit them regularly?

The whole point of Bitcoin is so you can take control of your own money and can transact without having to trust third parties.

Why did you give your money to to Gox? should have kept it in your wallet

[oda.krell]

Reading comprehension isn't your strong side, huh?

Please find me a wallet that prevents the transaction ID from being modified in-transit. Thats all I said. There are none so if your tracking payment by transaction ID's which is something almost everyone does then your vulnerable.

You're technically correct on that point. But it's only one exchange, mtgox, that allowed this limitation to grow unchecked into a major problem, you agree? The problem is removed if only sufficiently* confirmed transactions are accepted. (* I'll admit I don't know how deep into the chain they need to be before the risk is neutralized)


EDIT: I'll admit, I reacted unfairly to your first post on this. You did, in fact, only point out it a real flaw. But maybe you can see that this thread is about discussing mtgox' responsibilities. And they *are* fully responsible for not locally adressing and containing a know flaw. That's the basic point I would make here.

[btcmad1337]

You're technically correct on that point. But it's only one exchange, mtgox, that allowed this limitation to grow unchecked into a major problem, you agree? The problem is removed if only sufficiently* confirmed transactions are accepted. (* I'll admit I don't know how deep into the chain they need to be before the risk is neutralized)

Your misunderstanding here is how it works

I deposit money into gox and withdraw it

mtgox sends it to my address and it get transaction ID A

I mine a block and include the transaction in my block, but as the miner I can CHANGE THE TRANSACTION ID TO B.

I then tell MtGox staff that transaction A didn't confirm. They check it and they see transaction A was rejected and will never confirm but what they don't realize is it was just changed to transaction B by me, so they resend the transaction.



Profit.

[Ekaros]

You're technically correct on that point. But it's only one exchange, mtgox, that allowed this limitation to grow unchecked into a major problem, you agree? The problem is removed if only sufficiently* confirmed transactions are accepted. (* I'll admit I don't know how deep into the chain they need to be before the risk is neutralized)

Your misunderstanding here is how it works

I deposit money into gox and withdraw it

mtgox sends it to my address and it get transaction ID A

I mine a block and include the transaction in my block, but as the miner I can CHANGE THE TRANSACTION ID TO B.

I then tell MtGox staff that transaction A didn't confirm. They check it and they see transaction A was rejected on the blockchain but what they don't realize is it was just changed to transaction B by me, so they resend the transaction.



Profit.

And no one knows how long it took for them to notice that numbers don't quite line up in their balance sheet...

[btcmad1337]

And no one knows how long it took for them to notice that numbers don't quite line up in their balance sheet...

no one knows how much was stolen. It's quite difficult to noticed 10BTC missing out of hundreds of thousands. You could easily write that off as a mistake. That could be extra transaction fees that accumulated.

But the thing I will say is once this attack was executed it would be very obvious what has happened because when Gox tries to spend the change those transactions won't work etc etc.

[oda.krell]

You're technically correct on that point. But it's only one exchange, mtgox, that allowed this limitation to grow unchecked into a major problem, you agree? The problem is removed if only sufficiently* confirmed transactions are accepted. (* I'll admit I don't know how deep into the chain they need to be before the risk is neutralized)

Your misunderstanding here is how it works

I deposit money into gox and withdraw it

mtgox sends it to my address and it get transaction ID A

I mine a block and include the transaction in my block, but as the miner I can CHANGE THE TRANSACTION ID TO B.

I then tell MtGox staff that transaction A didn't confirm. They check it and they see transaction A was rejected and will never confirm but what they don't realize is it was just changed to transaction B by me, so they resend the transaction.



Profit.

I'm not a dev, so I can be corrected on this one, but to my understanding the solution is for mtgox to check their outputs and keep track of them, before deciding to trust the claim and resend the tx.

[VanillaHeaven]

MTgox should be completely ignored...

It's not their fault bitcoin is broke... 

But it's their fault they spread FUD about something that's not true. It's not BTC that is the problem, it's Mtgox internal system.
http://www.cryptocoinsnews.com/2014/02/10/mt-gox-blames-bitcoin-core-developer-greg-maxwell-responds/

I trust Maxwell more than I trust Mtgox.

[Asrael999]

You're technically correct on that point. But it's only one exchange, mtgox, that allowed this limitation to grow unchecked into a major problem, you agree? The problem is removed if only sufficiently* confirmed transactions are accepted. (* I'll admit I don't know how deep into the chain they need to be before the risk is neutralized)

Your misunderstanding here is how it works

I deposit money into gox and withdraw it

mtgox sends it to my address and it get transaction ID A

I mine a block and include the transaction in my block, but as the miner I can CHANGE THE TRANSACTION ID TO B.

I then tell MtGox staff that transaction A didn't confirm. They check it and they see transaction A was rejected and will never confirm but what they don't realize is it was just changed to transaction B by me, so they resend the transaction.



Profit.

and they don't notice that they have paid another "unauthorised" transaction? Transaction ID B will still show as a payment by them - and they will not know why they made that payment (by unauthorised I mean a transaction without a corresponding withdrawl request on their system). If they are not running a double check on every outgoing transaction to ensure against employees quietly defrauding them if nothing else, then they deserve to fail.

[mmortal03]

...

I then tell MtGox staff that transaction A didn't confirm. They check it and they see transaction A was rejected and will never confirm but what they don't realize is it was just changed to transaction B by me, so they resend the transaction.



Profit.

Can they not just go back to such conversations with people that claimed this, and then figure out who was scamming them? Is there some sort of plausible deniability here for the scammer in this method that I'm missing, or not?

[ehoffman]

I would have said that Gox is dead, especially in light of spreading this FUD...  But then again, I'm sure we'll still find morons going back to it and maintaining it...  As there's still morons who went back to 50BTC after doing this same exact sh!t...

[Ekaros]

...

I then tell MtGox staff that transaction A didn't confirm. They check it and they see transaction A was rejected and will never confirm but what they don't realize is it was just changed to transaction B by me, so they resend the transaction.



Profit.

Can they not just go back to such conversations with people that claimed this, and then figure out who was scamming them? Is there some sort of plausible deniability here for the scammer in this method that I'm missing, or not?

They should know who got extra coins out, but if they cleared their account there isn't much to do. There is even possibility they didn't provide real ID...

[Boxman90]

They worded this pretty nicely, I must say. Let me bold up the proper translation:

MtGox language: "A bug in the Bitcoin software"

Proper English: "A bug in OUR Bitcoin software."

That is all there is to this. Thanks for panicing on the other exchanges.

[phlogistonq]

no one knows how much was stolen. It's quite difficult to noticed 10BTC missing out of hundreds of thousands. You could easily write that off as a mistake. That could be extra transaction fees that accumulated.

How is that difficult? This can be done automatically on a continuous basis. <b>NO</b> discrepancy should be tolerated. Not a single satoshi. There cannot be any "mistakes" if the code is flawless. Anything different, even 1 satoshi is a huge red flag and reason to persist to work on it until you find and fix the bug before it grows above your head.

[ZephramC]

Any bitcoin-QT since 2012 idiot.

Nope wrong. There are none. If you can find one thats available right now I'll pay you 1BTC. I'm putting my money where my mouth is.

Oficiall bitcoin-QT will correctly identify spent coins even if tx id is modified by third party.
You can download from here: https://bitcoin.org/en/download
You can send 1 BTC to 1ZePhramiDqjYJzqiyUFaY5qhz5k4unRC
 

[ZephramC]

Any bitcoin-QT since 2012 idiot.

Nope wrong. There are none. If you can find one thats available right now I'll pay you 1BTC. I'm putting my money where my mouth is.

Oficiall bitcoin-QT will correctly identify spent coins even if tx id is modified by third party.
You can download from here: https://bitcoin.org/en/download
You can send 1 BTC to 1ZePhramiDqjYJzqiyUFaY5qhz5k4unRC
 

If you want some background of my claim: http://www.cryptocoinsnews.com/2014/02/10/mt-gox-blames-bitcoin-core-developer-greg-maxwell-responds/

Not that Bitcoin-QT handles Malleability fantastically – but because it tracks inputs it will still detect the mutant transactions. An interesting point which I haven’t pointed out elsewhere is that for the question of basic funds safety in re-issuing a transaction malleablity is basically irrelevant.

Say you pay someone and it doesn’t go through (or it does and you don’t see it because its been mutated and your software can’t detect that), and they ask you to reissue…. if you reissue without double-spending any of the original inputs you are at risk of getting robbed. This is true with or without malleability. Without the double-spend of at least one input the original transaction could just go through in addition to your reissue.

Say that you do make sure to double spend at least one input – then the result is funds safe safe, regardless of if a mutation happened.

Say you want to support _canceling_ a payment (send me the goat instead!) rather than reissue you still must double-spend the attempted payment to cancel it, since it still might go through if you don’t. And the double spend works to protect this case regardless of if the transaction was mutated.

For support and accounting purposes you absolutely do need tools to identify mutated transactions, so long as mutation exists… so we ought to provide some better tools there. But I can’t think a case where mutation handling is necessary or sufficient for cancellation security, but – rather – input tracking appears to be both necessary and sufficient in all cancellation cases.

This helps explain why Bitcoin-QT – whose mutation handling kinda stinks – doesn’t ever end up in a really bad situation with mutants: it tracks inputs pretty well.

[btcmad1337]

Any bitcoin-QT since 2012 idiot.

Nope wrong. There are none. If you can find one thats available right now I'll pay you 1BTC. I'm putting my money where my mouth is.

Oficiall bitcoin-QT will correctly identify spent coins even if tx id is modified by third party.
You can download from here: https://bitcoin.org/en/download
You can send 1 BTC to 1ZePhramiDqjYJzqiyUFaY5qhz5k4unRC
 

LOL! It's vulnerable. I can change the transaction ID in the block still and if you are using the transaction ID to track the payment it'll appear gone to you. Your client will notice the new tx as it gets broadcasted to it but it won't "know" that its actually the other tx.

Of course the client does not "lose" the BTC, no client that I know of does that when the txid is changed in transit.

[Tzupy]

IMO MtGox should clarify how many bitcoins were stolen (scammed may be a better word) from them using this vulnerability that they didn't patch against.
They probably still have about a hundred thousands of coins in reserve, so they can cover the theft, but it would be good to know the magnitude of the problem.

[thezerg]

Obviously this press release begs the question "how many BTC did Gox lose?"  And in my opinion, if Gox was solvent they would have said something reassuring in that regard.

EDIT: LOL, Tzupy and I are feeling the same vibe!

[ZephramC]

Any bitcoin-QT since 2012 idiot.

Nope wrong. There are none. If you can find one thats available right now I'll pay you 1BTC. I'm putting my money where my mouth is.

Oficiall bitcoin-QT will correctly identify spent coins even if tx id is modified by third party.
You can download from here: https://bitcoin.org/en/download
You can send 1 BTC to 1ZePhramiDqjYJzqiyUFaY5qhz5k4unRC
 

LOL! It's vulnerable. I can change the transaction ID in the block still and if you are using the transaction ID to track the payment it'll appear gone to you. Your client will notice the new tx as it gets broadcasted to it but it won't "know" that its actually the other tx.

Of course the client does not "lose" the BTC, no client that I know of does that when the txid is changed in transit.

Why would anyone serious with larger transactions use transaction ID for tracking payments???
Of course Mt.Gox will try to blame the others and mark them as scammers and maybe even hackers.