Bitcoin Forum
November 07, 2024, 08:06:16 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: New research proves: MtGox bitcoins NOT stolen using transaction malleability  (Read 25273 times)
Hexah
Sr. Member
****
Offline Offline

Activity: 728
Merit: 265



View Profile
March 27, 2014, 07:08:12 AM
 #21

thanks for sharing the info but I for one never really believed what Gox had said was even remotely true mainly because if that was the case I'd suspect there would have been more transparency after the fact.
+1
This story was shady from the start. Some kind of malleabilty that no one can comprehend... jesus it was a biggest bitcoin exchange how can they fail so miserably?
keatonatron
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


Jack of oh so many trades.


View Profile
March 27, 2014, 07:54:37 AM
 #22

Some kind of malleabilty that no one can comprehend...

Although I agree with you 100% on the dubious nature of Gox's story, I have to argue one point. Many people can, and do, understand the malleability just fine. It is a real thing and was documented a long time ago.

But no, it most likely didn't cause the downfall of Gox.

1KEATSvAhbB7yj2baLB5xkyJSnkfqPGAqk
Mitchell
Staff
Legendary
*
Offline Offline

Activity: 4102
Merit: 2314


Verified awesomeness ✔


View Profile WWW
March 27, 2014, 07:58:00 AM
 #23

What a surprise! Roll Eyes

.
Duelbits
            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|█▀▀▀▀▀█▄▄▄
       ▀████▄▄
         ██████▄
▄▄▄▄▄▄▄▄█▀    ▀▀█
████████▄        █
█████████▄        █
██████████▄     ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀       ████
   █          ███
   █          █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀
.
                 NEW!                  
SPORTS BETTING 
|||
[ Đ ][ Ł ]
AVAILABLE NOW

Advertisements are not endorsed by me.
porqupine
Full Member
***
Offline Offline

Activity: 214
Merit: 101


View Profile
March 27, 2014, 08:38:41 AM
 #24

Is it definite that you would have received both copies of a malleable transaction on the Nodes in question?
TheCoinFinder
Legendary
*
Offline Offline

Activity: 938
Merit: 1001



View Profile WWW
March 27, 2014, 09:23:11 AM
 #25

http://arxiv.org/abs/1403.6676  <--  non-obscured link

While I suspect that their conclusion is correct, I really take exception to their methodology and assumptions.  Mostly, they assume that a mutation will be visible as a double spend.  However, the reference client's behavior regarding relaying transactions with degenerate signatures changed, so a sparse sensor network would likely only see the mutated transaction instead of a pair.

I think that given bitcoin's 10 minute timeframe for rounds, and their decent connection of nodes, it is reasonable to assume that they customised clients logged the majority of such transactions.

.Deviant.io.                ▄▄▄▄███▄▄▄▄
             ▄█▀▀░░░░░░░░░▀▀█▄
           ██▀░░░░░░░░░░░░░░░░██
         ▄█▀░░░░░░░░░░░░░░░░░░░▐█▄
        ▐█░░░▄████████████████▄░░
        █▌░░███▀▀▀████████▀▀▀██▌▐█
        █▌░░█████▌  ▐▄▄   ██████░▐█
        ██░░▀██████████████████░▒██
        ▄██▄▄███▀▓▓▓▓▓▓▓▀███▄░▄███▄
     ▄██▓▓▓██▓▓███▀▀▒▒▒▀▀███▓▓██▓▓▓▓██
    ▐█▓▓▓▓█▓██▀▒▒▒▒▒▒▒▒▒▒▒▌▒▀████▓█▓▓▓
    ▀███████▒▒▒▒▒▒▒▒▒▒▒█▀█▒▒▒████████▀
      ▀████▒▒▒▒▒▒▒▒▒▒▄█▀▒▒█▒██▀▒████▀
      ▐█▓█▌▒▒▒▒▒▒▒▒██▒▓▓▓▒▀▒▒▒▒▓██▓█▌
      ██▓█▌▒▒▒▒▒▒██▓████▓▒▒▒▓▓▒███▓█▌
      ▐█▓██▒▒▒▒███▀▒▒▒█▌▓▓▓██▀▒██▓█▌
       ██▒█▌▒▀▒▒▒▒▒▒▒▒█▌▓██▀▒▒▒▒█▒██
        ██▒██▒▒▒▒▒▒▒▒▒█▀▒▒▒▒▒▒██▒██
         ▀█▓▓██▄▒▒▒▒▒▒▒▒▒▒▒▄██▓▓█▀
           ▀██▒▀█████▄█████▀▓██▀
         ▄▄▓▓▓█████▄▄▓▄▄█████▓▓▄▄

























      ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
     ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
     ▓▓▓▓▓▓▓▓▓▓▓▓     ▓▀▓▓▓▌
     ▓▓▓   ▓▓▓▓▓        ▐▓▓▌
     ▓▓▓               ▐▓▓▓▌
    ▐▓▓▓               ▓▓▓▓▌
    ▐▓▓▓▓             ▓▓▓▓▓▌
    ▐▓▓▓▓▓▄▄         ▓▓▓▓▓▓▌
    ▐▓▓▓▓         ▄▓▓▓▓▓▓▓▓▌
    ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
     ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▀▀▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▀      ▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌    ▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▌          ▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▌         ▐▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌

    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓░░▓▓▓▓░░▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓²         ` ║▓▓▓▓▓
    ░▓▓▓▓              ╢▓▓▓▓
    ░▓▓▓Γ    ▓╥  ╓▓┐    ▓▓▓▓
    ░▓▓▓     ╙`   ╙     ▓▓▓▓
    ░▓▓▓╥   ─,,  ,,─   ╓▓▓▓▓
    ░▓▓▓▓▓▓░░▓▓▓▓▓▓░░░▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ▓▓▓▓▀▀▀▓▓▓▓▓    ▀▀▀▀▓▓▓▓
    ▓▓▓▓   `▓▓▓▀        ▓▓▓▓
    ▓▓▓▓▌            ▄▓▓▓▓▓▓
    ▓▓       ,▄▄▓▓   ▐▓▓▓▓▓▓
    ▓▓▄,▄▄   ▐▓▓▓▓▓   ▀▀ '▀▓
    ▓▓▓▓▓▓▓   ▀▓▀▀▀       ▄▓
    ▓▓▓▓▓▓▓             ▓▓▓▓
    ▓▓▓▓▀       ▄▄▓▓▌   ▓▓▓▓
    ▓▓▓▓▓▄▄▄▄   ▓▓▓▓▓▄,▄▓▓▓▓
    ▓▓▓▓▓▓▓▓▓▄  ▐▓▓▓▓▓▓▓▓▓▓▓
Lethn
Legendary
*
Offline Offline

Activity: 1540
Merit: 1000



View Profile WWW
March 27, 2014, 09:30:47 AM
 #26

thanks for sharing the info but I for one never really believed what Gox had said was even remotely true mainly because if that was the case I'd suspect there would have been more transparency after the fact.
+1
This story was shady from the start. Some kind of malleabilty that no one can comprehend... jesus it was a biggest bitcoin exchange how can they fail so miserably?

I think this is less for us and more for the morons out there who don't know anything about Bitcoin, part of the problem that MTGOX became was the fact that the media was giving them so much free advertising so of course all the new people who had never heard of Bitcoin before went there for Bitcoin trading, since they didn't know any better and didn't do research they got conned. I'm convinced now that Mark is going to prepare to run off the moment he gets his chance as all the evidence starts coming out about what he's been up to if he hasn't got a plan already, I'd be very surprised if he ends up in jail because governments just refuse to learn anything about how Bitcoin works especially since we've had our first major case of fraud with lots of victims involved.
fryarminer
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


View Profile
March 27, 2014, 09:34:52 AM
 #27


Quote from: Conclusion
we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins.


My question is, if only 1,811 bitcoins were attacks on Mt Gox, where are the 300,189 others stolen from?
broolstoryco
Member
**
Offline Offline

Activity: 76
Merit: 10


Enemy of the State


View Profile
March 27, 2014, 09:45:39 AM
 #28


Quote from: Conclusion
we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins.


My question is, if only 1,811 bitcoins were attacks on Mt Gox, where are the 300,189 others stolen from?

no one said they were stolen from anywhere.
renfr
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
March 27, 2014, 09:54:51 AM
 #29

Another goxxing, it never stops! Cheesy

BTCBTC Defeat jihad, support Israel against terror - כל הכבוד לצה"ל BTCBTC
End the FED, end the fractional reserve banking, support Ron Paul.
Aditya
Full Member
***
Offline Offline

Activity: 164
Merit: 100



View Profile WWW
March 27, 2014, 10:14:50 AM
 #30

It seems that hacker messed Mt Gox Off-Chain Bitcoin Balance.

  ATLAS.WORK     ║   WHITEPAPER  •  BOUNTIES  •  TELEGRAM     ║     JOIN THE FREELANCE REVOLUTION
sturle
Legendary
*
Offline Offline

Activity: 1437
Merit: 1002

https://bitmynt.no


View Profile WWW
March 27, 2014, 10:20:36 AM
 #31

We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:
How did you pick up the vulnerable transactions?  Those weren't relayed through the bitcoin network, just published through their API.  With signatures which were mutable into standard format.  (Which we can assume the attacker did for his own transactions.)

Sjå https://bitmynt.no for veksling av bitcoin mot norske kroner.  Trygt, billig, raskt og enkelt sidan 2010.
I buy with EUR and other currencies at a fair market price when you want to sell.  See http://bitmynt.no/eurprice.pl
Warning: "Bitcoin" XT, Classic, Unlimited and the likes are scams. Don't use them, and don't listen to their shills.
Sherman
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
March 27, 2014, 10:31:54 AM
 #32

1. The data started in January 2013, so it's possible Gox was hit much harder in previous years. Although that would also mean the amount of time they spent oblivious to the problem increases.

Who said they were oblivious to the problem? They may have been operating as a fractional reserve since before 2013.
caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
March 27, 2014, 11:00:06 AM
 #33

My question is, if only 1,811 bitcoins were attacks on Mt Gox, where are the 300,189 others stolen from?

IIRC, once the malleability issue was revealed, some assholes started a DoS with it. They were mutating every transaction that went through them, only to fuck the network. That's probably what accounts for these +300kBTC. They were not stolen.
porqupine
Full Member
***
Offline Offline

Activity: 214
Merit: 101


View Profile
March 27, 2014, 11:07:56 AM
 #34

Still not sure about this - if for example Gox had a private arrangement with a certain mining pool, that would not re-broadcast it's transactions outside of this pool, could not someone take said transactions and broadcast a malleable form to the rest of the Network?
The data collection method in the article would not seem to account for such a possibility.
sturle
Legendary
*
Offline Offline

Activity: 1437
Merit: 1002

https://bitmynt.no


View Profile WWW
March 27, 2014, 11:12:38 AM
 #35

Still not sure about this - if for example Gox had a private arrangement with a certain mining pool, that would not re-broadcast it's transactions outside of this pool, could not someone take said transactions and broadcast a malleable form to the rest of the Network?
The data collection method in the article would not seem to account for such a possibility.
The problematic transactions weren't accepted by normal nodes, or relayed, because the signature was on a non-standard format.  The transactions were only available through MtGox's API, where an attacker could change the signature into a standard format, mutating it and making it relayable.  To me this entire paper seems seriously flawed.  The authors haven't understood the issue specific to MtGox.

Sjå https://bitmynt.no for veksling av bitcoin mot norske kroner.  Trygt, billig, raskt og enkelt sidan 2010.
I buy with EUR and other currencies at a fair market price when you want to sell.  See http://bitmynt.no/eurprice.pl
Warning: "Bitcoin" XT, Classic, Unlimited and the likes are scams. Don't use them, and don't listen to their shills.
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
March 27, 2014, 11:40:20 AM
 #36

http://arxiv.org/abs/1403.6676  <--  non-obscured link

While I suspect that their conclusion is correct, I really take exception to their methodology and assumptions.  Mostly, they assume that a mutation will be visible as a double spend.  However, the reference client's behavior regarding relaying transactions with degenerate signatures changed, so a sparse sensor network would likely only see the mutated transaction instead of a pair.

I think that given bitcoin's 10 minute timeframe for rounds, and their decent connection of nodes, it is reasonable to assume that they customised clients logged the majority of such transactions.

A bit difficult to log something that you can't see because no one will relay, don't you think?

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
March 27, 2014, 11:48:36 AM
 #37

The problematic transactions weren't accepted by normal nodes, or relayed, because the signature was on a non-standard format.

I seem to recall that this was first enforced on some recent version of bitcoin (0.8.6?), which is precisely what precipitated the gox demise.
hilariousandco
Global Moderator
Legendary
*
Offline Offline

Activity: 3990
Merit: 2713


Join the world-leading crypto sportsbook NOW!


View Profile
March 27, 2014, 11:52:22 AM
 #38

Thank you, looks like TM was just a convenient excuse for MK.

I thought pretty much everybody assumed this was most likely the case.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
pabloangello
Legendary
*
Offline Offline

Activity: 1344
Merit: 1001


View Profile
March 27, 2014, 12:00:10 PM
 #39

All of these China bans and unbans also MtGox stolen, then possibly found GoxCoins etc. looks like one big market manipulation before next bitcoin boom Tongue
I now, conspiracy theory but who knows, the truth can be shocking like history has proven many times.

b!z
Legendary
*
Offline Offline

Activity: 1582
Merit: 1010



View Profile
March 27, 2014, 12:13:27 PM
 #40

Very interesting. Thank you for sharing.
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!