Cdecker (OP)
|
|
March 27, 2014, 12:17:18 AM |
|
We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox: The transaction malleability problem is real and should be considered when implementing Bitcoin clients.
However, while MtGox claimed to have lost 850,000 bitcoins due to malleability attacks, we merely observed a total of 302,000 bitcoins ever being involved in malleability attacks. Of these, only 1,811 bitcoins were in attacks before MtGox stopped users from withdrawing bitcoins. Even more, 78.64% of these attacks were ineffective. As such, barely 386 bitcoins could have been stolen using malleability attacks from MtGox or from other businesses. Even if all of these attacks were targeted against MtGox, MtGox needs to explain the whereabouts of 849,600 bitcoins. The complete results are here: http://bit.ly/1rCqKED
|
|
|
|
iambk
Newbie
Offline
Activity: 36
Merit: 0
|
|
March 27, 2014, 12:32:39 AM |
|
Do we have any bitcoin experts on this board that can validate these findings?
|
|
|
|
yogi
Legendary
Offline
Activity: 947
Merit: 1042
Hamster ate my bitcoin
|
|
March 27, 2014, 12:36:03 AM |
|
Thank you, looks like TM was just a convenient excuse for MK.
|
|
|
|
st4nl3y
Legendary
Offline
Activity: 1050
Merit: 1000
|
|
March 27, 2014, 12:38:34 AM |
|
wow very good work and shocking results.. waiting for this to be validated
|
|
|
|
coiner8
Member
Offline
Activity: 65
Merit: 10
|
|
March 27, 2014, 01:01:45 AM |
|
We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:
In this work we use traces of the Bitcoin network for over a year preceding the filing to show that[...]
Although I'm sure your conclusion is correct, if you only examined a year's worth of data that doesn't conclusively prove there was no TM loss. Results for previous years would likely be the same, but we can't just assume that.
|
|
|
|
jly77
|
|
March 27, 2014, 02:33:49 AM |
|
Good job. Let's find the truth.
|
|
|
|
bananas
|
|
March 27, 2014, 02:48:27 AM |
|
send it to FBI
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
March 27, 2014, 03:17:49 AM |
|
http://arxiv.org/abs/1403.6676 <-- non-obscured link While I suspect that their conclusion is correct, I really take exception to their methodology and assumptions. Mostly, they assume that a mutation will be visible as a double spend. However, the reference client's behavior regarding relaying transactions with degenerate signatures changed, so a sparse sensor network would likely only see the mutated transaction instead of a pair.
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8 I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
Bit_Happy
Legendary
Offline
Activity: 2114
Merit: 1040
A Great Time to Start Something!
|
|
March 27, 2014, 03:19:57 AM |
|
As such, barely 386 bitcoins could have been stolen using malleability attacks from MtGox or from other businesses. Even if all of these attacks were targeted against MtGox, MtGox needs to explain the whereabouts of 849,600 bitcoins.
No surprise here.
|
|
|
|
Fugofugo
Newbie
Offline
Activity: 15
Merit: 0
|
|
March 27, 2014, 03:23:32 AM |
|
it seems to be truth, guys, hope anybody can verify it.
|
|
|
|
keatonatron
Sr. Member
Offline
Activity: 308
Merit: 250
Jack of oh so many trades.
|
|
March 27, 2014, 03:55:59 AM |
|
The research looks quite solid. They looked for the right things, and if their data is complete I agree with the conclusions.
There are 3 possible weaknesses to this study in relation to Mt. Gox:
1. The data started in January 2013, so it's possible Gox was hit much harder in previous years. Although that would also mean the amount of time they spent oblivious to the problem increases.
2. It's possible there was more information on the network that the researches weren't able to log. For example if an attacker had control of many nodes very close (physically) to Mt. Gox, and were somehow able to send out their modified transactions faster and "better", then it's possible the authentic transactions were killed before being recorded by the researchers.
3. As the researchers admit, we can't see how Gox actually reacted to the modified transactions. Gox resent transactions using different inputs (or addresses, even) so it's very hard to detect a resend. If they were to release their records of all withdrawal requests we could compare them to the blockchain and find any discrepancies, but they haven't done that (and it's possible they don't have complete records anyway).
Anyway, good job on the study!
|
1KEATSvAhbB7yj2baLB5xkyJSnkfqPGAqk
|
|
|
BittBurger
|
|
March 27, 2014, 04:20:56 AM |
|
We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox: The transaction malleability problem is real and should be considered when implementing Bitcoin clients.
However, while MtGox claimed to have lost 850,000 bitcoins due to malleability attacks, we merely observed a total of 302,000 bitcoins ever being involved in malleability attacks. Of these, only 1,811 bitcoins were in attacks before MtGox stopped users from withdrawing bitcoins. Even more, 78.64% of these attacks were ineffective. As such, barely 386 bitcoins could have been stolen using malleability attacks from MtGox or from other businesses. Even if all of these attacks were targeted against MtGox, MtGox needs to explain the whereabouts of 849,600 bitcoins. The complete results are here: http://bit.ly/1rCqKEDGreat. Now .... what are you going to do, to get this data into the hands of someone who can actually do something about it? Cuz posting it here isn't going to matter much. -B-
|
|
|
|
redcomet
Newbie
Offline
Activity: 52
Merit: 0
|
|
March 27, 2014, 04:30:23 AM Last edit: March 27, 2014, 04:40:36 AM by redcomet |
|
Wow - So roughly 66k bitcoins were stolen after MtGox freeze? Who lost that much and is still afloat?
|
|
|
|
surfer43
Sr. Member
Offline
Activity: 560
Merit: 250
"Trading Platform of The Future!"
|
|
March 27, 2014, 04:52:06 AM |
|
Maybe this will pressure gox into finding the rest of its bitcoins? maybe?
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
March 27, 2014, 05:43:36 AM |
|
Wow - So roughly 66k bitcoins were stolen after MtGox freeze? Who lost that much and is still afloat?
I don't see where you're getting that number from, but even if it is correct, 66k of malleated bitcoins doesn't mean any coins were stolen. TM doesn't cause loss unless coupled with really bad software.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
BitCoinNutJob
Legendary
Offline
Activity: 1316
Merit: 1000
|
|
March 27, 2014, 05:44:26 AM |
|
good job
|
|
|
|
Aditya
|
|
March 27, 2014, 06:04:23 AM |
|
LoL... Mark Karpeles got Goxed for his lie
|
|
|
|
crazyivan
Legendary
Offline
Activity: 1652
Merit: 1007
DMD Diamond Making Money 4+ years! Join us!
|
|
March 27, 2014, 06:05:42 AM |
|
Well, this is just another proof to something we already know. Mark Karpeles is a thief.
|
|
|
|
counter
|
|
March 27, 2014, 06:10:24 AM |
|
thanks for sharing the info but I for one never really believed what Gox had said was even remotely true mainly because if that was the case I'd suspect there would have been more transparency after the fact.
|
|
|
|
Nagle
Legendary
Offline
Activity: 1204
Merit: 1002
|
|
March 27, 2014, 06:24:47 AM |
|
Now this is an expert opinion that can be used in a court filing. Dr. Roger Wattenhofer is a full professor at ETH Zurich, working on distributed systems. He's published some good papers. He was at Microsoft Research for a few years, too. It looks like the only Mt. Gox creditor who got off their butt and went to the Tokyo District Court is the guy behind " http://www.mtgoxrecovery.com/". So get this to them.
|
|
|
|
|