Article here:
http://www.coindesk.com/price-drops-mt-gox-blames-bitcoin-flaw-withdrawal-delays/Quote from coindesk article:
Mt. Gox offered two explanations for laymen and tech-savvy users. In essence, Mt. Gox says it identified a bug in the Bitcoin software that makes it possible for someone to use the network to alter transaction details, making it seem like bitcoins had not been sent to a bitcoin wallet, when in fact they had.
“Since the transaction appears as if it has not proceeded correctly, the bitcoins may be re-sent. Mt. Gox is working with the Bitcoin core development team and others to mitigate this issue,” Mt. Gox said.
The technical explanation is a lot more detailed.
It points out that bitcoin transactions are subject to a design flaw that has been largely ingored, although it was known to “at least a part” of the Bitcoin core development community. The defect is known as “transaction malleability” and it allows third parties to alter the hash of a fresh transaction without invalidating the signature. Mt. Gox explains:
“Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.”
The “sendtoaddress” API returns a transaction hash as a way to track the insertion of the transaction into the block chain. Since most wallet and exchange services keep a record of this in order to respond to users who make inquiries about their transactions, they could assume that the transaction was not sent – as it would not appear in the block chain with the original hash. For the time being, there is no way of efficiently recognizing alternative transactions.
“This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction’s hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.”
Can someone more technical than myself please weigh in?
Thanks.
