[Tech not FUD]So is crypto dead ? (at least for now)

[thenoblebot]

No seriously.

With the transaction malleability problem that has come up with BTC withdrawals, will it force people to stop transacting at least for the time being ?

Specially given that now its well known, I am sure there would be a lot of people who would change the hashes of their transactions and send them to well known pools, resulting in what I think more aptly describes the problem as - "double(or more) withdrawals".

Will things (the withdrawals from exchanges) be put on hold till this is patched by the core devs ? Of course financially it is going to cause mayhem as it already is.

[subvolatil]

No seriously.

With the transaction malleability problem that has come up with BTC withdrawals, will it force people to stop transacting at least for the time being ?

Specially given that now its well known, I am sure there would be a lot of people who would change the hashes of their transactions and send them to well known pools, resulting in what I think more aptly describes the problem as - "double(or more) withdrawals".

Will things (the withdrawals from exchanges) be put on hold till this is patched by the core devs ? Of course financially it is going to cause mayhem as it already is.

 Ok firstly this is a  very old  known problem, Secondly it  effects those sites doing transactions  that are not  managing their transactions  properly. Mutating transaction  may be a bit  harder than you may think. It is a problem on the bitcoin protocol. But it is one  that can be  resolved, this is not a fundamental  problem, Mt. gox is using this as an excuse and crying  like a  baby. 

In short The fault is at  Mt Gox side  for  faulty implementation of the  wallet.

All Mt gox had to  do  was  to  implement  a code on their  side to  track a mutant transaction.

[thenoblebot]

 Ok firstly this is a  very old  known problem, Secondly it  effects those sites doing transactions  that are not  managing their transactions  properly. Mutating transaction  may be a bit  harder than you may think. It is a problem on the bitcoin protocol. But it is one  that can be  resolved, this is not a fundamental  problem, Mt. gox is using this as an excuse and crying  like a  baby.  

In short The fault is at  Mt Gox side  for  faulty implementation of the  wallet.

All Mt gox had to  do  was  to  implement  a code on their  side to  track a mutant transaction.

I'm not just talking about Gox. This is a well known problem for sure. But as an attack vector today someone (more aptly a group) could just decide to use the same strategy to bring the system to a halt. I'm kinda sure (not statistically speaking because there is no data to back such things) that most exchanges use txid to track transaction. It has been the way for quite sometime.

So if I wana get an exchange to stop (and assuming most exchanges use the above approach - its not a naive assumption to make ) :

I start withdrawing, change transaction sigs (yea it maybe harder but with such stakes involved will only make it easier) , mutating the transaction, resulting in a different hash and there you have it .. transaction malleability. The particular exchange is in serious trouble.

Now I don't discount the fact that other exchanges who do this right will get away even after such attempts.

BUT

What amazes me is why have there not been attacks using such an attack vector ? Or maybe I missed it somewhere .. does anybody know of such attempts in the past ?

[thenoblebot]

As for Gox - I mean those guys are MAJOR ^%*&%* &%(^ %%*&%*&  ^%%& (ad infinitum).

Bad for the community and full of crap. They are making this an excuse even though that guy fucking maintains the wiki and the problem has been there since 2011. So they are just blaming the protocol for their shit.

[subvolatil]

 Ok firstly this is a  very old  known problem, Secondly it  effects those sites doing transactions  that are not  managing their transactions  properly. Mutating transaction  may be a bit  harder than you may think. It is a problem on the bitcoin protocol. But it is one  that can be  resolved, this is not a fundamental  problem, Mt. gox is using this as an excuse and crying  like a  baby.  

In short The fault is at  Mt Gox side  for  faulty implementation of the  wallet.

All Mt gox had to  do  was  to  implement  a code on their  side to  track a mutant transaction.

I'm not just talking about Gox. This is a well known problem for sure. But as an attack vector today someone (more aptly a group) could just decide to use the same strategy to bring the system to a halt. I'm kinda sure (not statistically speaking because there is no data to back such things) that most exchanges use txid to track transaction. It has been the way for quite sometime.

So if I wana get an exchange to stop (and assuming most exchanges use the above approach - its not a naive assumption to make ) :

I start withdrawing, change transaction sigs (yea it maybe harder but with such stakes involved will only make it easier) , mutating the transaction, resulting in a different hash and there you have it .. transaction malleability. The particular exchange is in serious trouble.

Now I don't discount the fact that other exchanges who do this right will get away even after such attempts.

BUT

What amazes me is why have there not been attacks using such an attack vector ? Or maybe I missed it somewhere .. does anybody know of such attempts in the past ?

Well i have never  heard of this being used to attack a exchange or a processing site. but the problem here is that this can be only used once. and then it wont work. the attacker also needs to have  a  same amount of  btc in the vault to  do this  attack, so i guess if i was an attacker, i would not risk my btc on a attack that may or may not  work.

[thenoblebot]

Well i have never  heard of this being used to attack a exchange or a processing site. but the problem here is that this can be only used once. and then it wont work. the attacker also needs to have  a  same amount of  btc in the vault to  do this  attack, so i guess if i was an attacker, i would not risk my btc on a attack that may or may not  work.

Well if I was the attacker then this is how I would go :

1) Buy some btc with cash
2) Try to withdraw it using malleable transactions
3) Claim I have not received it and try to get them to send it again
4) Repeat steps 1-3 using different ips and accounts using small amounts so as to make the trace hard to detect.

Attack successful. If not get more than the amount of BTC I should get, it will at least bring the exchange/processor to a halt.

Win win win !!

[techguy]

Here are the responses from Gavin Anderson & Greg Maxwell about this issue.

https://bitcoinfoundation.org/blog/?p=418
http://www.cryptocoinsnews.com/2014/02/10/mt-gox-blames-bitcoin-core-developer-greg-maxwell-responds/

[thenoblebot]

Here are the responses from Gavin Anderson & Greg Maxwell about this issue.

https://bitcoinfoundation.org/blog/?p=418
http://www.cryptocoinsnews.com/2014/02/10/mt-gox-blames-bitcoin-core-developer-greg-maxwell-responds/

Yea I read Greg Maxwell's response. Makes sense, thats why the (added) outburst against Gox above. I still think the above attack could be successfully executed.

[thenoblebot]

Can anybody here tell me how the attack based here https://bitcointalk.org/index.php?topic=458608.0 (more specifically the update section highlighted ) is not being carried out as presented here http://www.coindesk.com/massive-concerted-attack-launched-bitcoin-exchanges/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CoinDesk+%28CoinDesk+-+The+Voice+of+Digital+Currency%29

I tried explaining a day before but to no avail. Can anybody tell me if I am missing some piece of logic here ? Or is one of the devs just acting crazy with me ?

[thenoblebot]

Anybody ?