Bitcoin Forum
September 21, 2018, 10:32:36 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: New research proves: MtGox bitcoins NOT stolen using transaction malleability  (Read 25066 times)
Cdecker
Hero Member
*****
Offline Offline

Activity: 490
Merit: 503



View Profile WWW
March 27, 2014, 12:17:18 AM
 #1

We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:

Quote from: Conclusion
The transaction malleability problem is real and should be considered
when implementing Bitcoin clients.

However, while MtGox claimed to have lost 850,000 bitcoins due to malleability
attacks, we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins. Even more,
78.64% of these attacks were ineffective. As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.

The complete results are here: http://bit.ly/1rCqKED

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
Make a difference with your Ether.
Donate Ether for the greater good.
SPRING.WETRUST.IO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537569156
Hero Member
*
Offline Offline

Posts: 1537569156

View Profile Personal Message (Offline)

Ignore
1537569156
Reply with quote  #2

1537569156
Report to moderator
1537569156
Hero Member
*
Offline Offline

Posts: 1537569156

View Profile Personal Message (Offline)

Ignore
1537569156
Reply with quote  #2

1537569156
Report to moderator
iambk
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
March 27, 2014, 12:32:39 AM
 #2

Do we have any bitcoin experts on this board that can validate these findings?
yogi
Legendary
*
Offline Offline

Activity: 947
Merit: 1021


Hamster ate my bitcoin


View Profile
March 27, 2014, 12:36:03 AM
 #3

Thank you, looks like TM was just a convenient excuse for MK.

st4nl3y
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000


View Profile
March 27, 2014, 12:38:34 AM
 #4

wow very good work and shocking results.. waiting for this to be validated
coiner8
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
March 27, 2014, 01:01:45 AM
 #5

We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:

Quote
In this work we use traces of the Bitcoin network for over a year preceding the filing to show that[...]

Although I'm sure your conclusion is correct, if you only examined a year's worth of data that doesn't conclusively prove there was no TM loss.  Results for previous years would likely be the same, but we can't just assume that.
jly77
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
March 27, 2014, 02:33:49 AM
 #6

Good job. Let's find the truth.
bananas
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250


View Profile
March 27, 2014, 02:48:27 AM
 #7

send it to FBI
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1001



View Profile
March 27, 2014, 03:17:49 AM
 #8

http://arxiv.org/abs/1403.6676  <--  non-obscured link

While I suspect that their conclusion is correct, I really take exception to their methodology and assumptions.  Mostly, they assume that a mutation will be visible as a double spend.  However, the reference client's behavior regarding relaying transactions with degenerate signatures changed, so a sparse sensor network would likely only see the mutated transaction instead of a pair.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1792
Merit: 1004


A Great Time to Start Something!


View Profile
March 27, 2014, 03:19:57 AM
 #9

As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.

No surprise here.

FYI: We are planning a fun, harmless "10% Attack" on the ETH/ICO Bubble Game.
Fugofugo
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
March 27, 2014, 03:23:32 AM
 #10

it seems to be truth, guys, hope anybody can verify it.
keatonatron
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


Jack of oh so many trades.


View Profile
March 27, 2014, 03:55:59 AM
 #11

The research looks quite solid. They looked for the right things, and if their data is complete I agree with the conclusions.

There are 3 possible weaknesses to this study in relation to Mt. Gox:

1. The data started in January 2013, so it's possible Gox was hit much harder in previous years. Although that would also mean the amount of time they spent oblivious to the problem increases.

2. It's possible there was more information on the network that the researches weren't able to log. For example if an attacker had control of many nodes very close (physically) to Mt. Gox, and were somehow able to send out their modified transactions faster and "better", then it's possible the authentic transactions were killed before being recorded by the researchers.

3. As the researchers admit, we can't see how Gox actually reacted to the modified transactions. Gox resent transactions using different inputs (or addresses, even) so it's very hard to detect a resend. If they were to release their records of all withdrawal requests we could compare them to the blockchain and find any discrepancies, but they haven't done that (and it's possible they don't have complete records anyway).

Anyway, good job on the study!

1KEATSvAhbB7yj2baLB5xkyJSnkfqPGAqk
BittBurger
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
March 27, 2014, 04:20:56 AM
 #12

We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:

Quote from: Conclusion
The transaction malleability problem is real and should be considered
when implementing Bitcoin clients.

However, while MtGox claimed to have lost 850,000 bitcoins due to malleability
attacks, we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins. Even more,
78.64% of these attacks were ineffective. As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.

The complete results are here: http://bit.ly/1rCqKED



Great.

Now .... what are you going to do, to get this data into the hands of someone who can actually do something about it?

Cuz posting it here isn't going to matter much.

-B-

Bitcoin's true purpose defined in Satoshi's message on the Genesis Block:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
View it on the Blockchain | Genesis Block Newspaper Copies
redcomet
Newbie
*
Offline Offline

Activity: 51
Merit: 0



View Profile
March 27, 2014, 04:30:23 AM
 #13

Wow -
So roughly 66k bitcoins were stolen after MtGox freeze?  Who lost that much and is still afloat?
surfer43
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250



View Profile
March 27, 2014, 04:52:06 AM
 #14

Maybe this will pressure gox into finding the rest of its bitcoins? maybe?  Smiley

   
████████
██████████████
█████████████████
███████████████████
████████████████▌▐████
██████████████
███████████
█████████▒▒
███████████
████████
██████████
██████████████
█████████████████▐█████
████████████████▌▐████
████████████████████
██████████████████
███████████████
████████
|
The ProFish online marketplace & tournaments
Twitter ⋄❖⋄ Telegram ⋄❖⋄ Facebook ⋄❖⋄ Instagram

|
listed on MERCATOX
═⟹  Community  ⟸═
dooglus
Legendary
*
Offline Offline

Activity: 2548
Merit: 1125



View Profile
March 27, 2014, 05:43:36 AM
 #15

Wow -
So roughly 66k bitcoins were stolen after MtGox freeze?  Who lost that much and is still afloat?


I don't see where you're getting that number from, but even if it is correct, 66k of malleated bitcoins doesn't mean any coins were stolen. TM doesn't cause loss unless coupled with really bad software.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
BitCoinNutJob
Legendary
*
Offline Offline

Activity: 1176
Merit: 1000


View Profile
March 27, 2014, 05:44:26 AM
 #16

good job
Aditya
Full Member
***
Offline Offline

Activity: 164
Merit: 100



View Profile WWW
March 27, 2014, 06:04:23 AM
 #17

LoL...

Mark Karpeles got Goxed for his lie  Grin

  ATLAS.WORK     ║   WHITEPAPER  •  BOUNTIES  •  TELEGRAM     ║     JOIN THE FREELANCE REVOLUTION
crazyivan
Legendary
*
Offline Offline

Activity: 1652
Merit: 1007


DMD Diamond Making Money 4+ years! Join us!


View Profile
March 27, 2014, 06:05:42 AM
 #18

Well, this is just another proof to something we already know. Mark Karpeles is a thief.

For security, your account has been locked. Email acctcomp15@theymos.e4ward.com
counter
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


Time is on our side, yes it is!


View Profile
March 27, 2014, 06:10:24 AM
 #19

thanks for sharing the info but I for one never really believed what Gox had said was even remotely true mainly because if that was the case I'd suspect there would have been more transparency after the fact.
Nagle
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000


View Profile WWW
March 27, 2014, 06:24:47 AM
 #20

Now this is an expert opinion that can be used in a court filing. Dr. Roger Wattenhofer is a full professor at ETH Zurich, working on distributed systems. He's published some good papers. He was at Microsoft Research for a few years, too.

It looks like the only Mt. Gox creditor who got off their butt and went to the Tokyo District Court is the guy behind "http://www.mtgoxrecovery.com/". So get this to them.
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!