New research proves: MtGox bitcoins NOT stolen using transaction malleability

[sturle]

The problematic transactions weren't accepted by normal nodes, or relayed, because the signature was on a non-standard format.

I seem to recall that this was first enforced on some recent version of bitcoin (0.8.6?), which is precisely what precipitated the gox demise.

Version 0.8.  Version 0.7 isn't even working any more without special configuration to get around a database issue.  (Since last autumn.)

[soy]

Darn, I shouldn't have posted that when he answers the subpoena in NY, he'd better check into South Oaks Hospital and hopefully avoid remand to Nassau County jail because:

http://www.cryptocoinsnews.com/2014/03/27/mtgox-ceo-karpeles-refuses-travel-to-u-s-for-questioning/

There were a few shows on bounty hunters not long ago.  Tough guys with a cameraman following them around as they took some felons into custody to turn over to the authorities.  Could you picture them taking Karpeles with all the fanfare!  Biker types with mullets and him in his nicely tailored suit.

[Lauda]

My question is, if only 1,811 bitcoins were attacks on Mt Gox, where are the 300,189 others stolen from?

Who said that they were stolen?

[Joshuar]

As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.

No surprise here.

Gox/Mark is proved to be lying scum, yet again.

[quone17]

WHy not send to authorities, in Japan and US, and lawyers involved in bankruptcy proceedings?  Seems easy enough to do, if you have any stake in the matter.

[sturle]

Gox/Mark is proved to be lying scum, yet again.

And the "researchers" demonstrated their incompetence by completely failing to understand the issue.

The argument goes like this:
- This animal is a giraffe.
- No, you are lying, because the fruit over there is a bicycle.

They are proving something else by a method which is flawed, and come to a worthless conclusion.

[Lauda]

As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.

No surprise here.

Gox/Mark is proved to be lying scum, yet again.

It hasn't really been proved yet. Although Mark was possibly trying to scam everyone.

[2tights]

Well, this is just another proof to something we already know. Mark Karpeles is a thief.

How long before a lynch mob hunts him down? How many people lost $10+?

[vitarian]

Let's see, so if I owned one of the largest bitcoin exchanges, I might be tempted to shut down as well; claiming that most of coins were stolen while I was secretly funneling them into multiple personal anonymous accounts. Then eventually when I had enough coins stored up, I would let the shit hit the fan by saying the coins are stolen, and then proceed to file for bankruptcy. Lastly, I'd sneak off and buy my own little island where nobody would find me.

[counter]

sounds like somebody took the cookie from the cookie jar eh?  Maybe time for a proper spanking for all to see hmmm 

[nwfella]

"Honestly...I completely forgot about that old BTC wallet I swear!!" -MK :p

[Jamestty]

thanks for sharing the info but I for one never really believed what Gox had said was even remotely true mainly because if that was the case I'd suspect there would have been more transparency after the fact.

+1
This story was shady from the start. Some kind of malleabilty that no one can comprehend... jesus it was a biggest bitcoin exchange how can they fail so miserably?

[porqupine]

Still not sure about this - if for example Gox had a private arrangement with a certain mining pool, that would not re-broadcast it's transactions outside of this pool, could not someone take said transactions and broadcast a malleable form to the rest of the Network?
The data collection method in the article would not seem to account for such a possibility.

The problematic transactions weren't accepted by normal nodes, or relayed, because the signature was on a non-standard format.  The transactions were only available through MtGox's API, where an attacker could change the signature into a standard format, mutating it and making it relayable.  To me this entire paper seems seriously flawed.  The authors haven't understood the issue specific to MtGox.

I didn't know about the non-standard form - who was mining the Mt.Gox transactions?

[sturle]

Looks good, I hope this result can be verified!

It has already been shown to be wrong.

They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients.  MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed.  The transactions were only published through MtGox's API, and the researchers didn't look there.  The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.

[bananahoho]

If MTGOX really like that if they can not be released before the withdrawal, then the attacker would not be eyeing MTGOX. Therefore, these attacks did not come to investigate the transaction scalability of this loophole is purveyed for personal gain and attacks before the suit. Bitcoin from the existing number, the latter is more likely motive.

Still questionable whether there are other services because MTGOX promptly inform the message prepared for the sudden surge. Is not that the news release caused commercial damage (to remind imitators to attack them) examples?

[softron]

Yep. most ppl in here know that.

[counter]

All I know for sure is Gox is incompetent noth saying this may not have been a legitimate mistake but I am saying that they have not been very professional many times in the past. 

[ifritsultan]

Looks good, I hope this result can be verified!

It has already been shown to be wrong.

They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients.  MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed.  The transactions were only published through MtGox's API, and the researchers didn't look there.  The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.

Can you explain that? How can transactions be made "invisible"?
Of course the API would have been a better source, but still they also must have appeared in the public history... that is why they had the data.

[2tights]

My question is, if only 1,811 bitcoins were attacks on Mt Gox, where are the 300,189 others stolen from?

Who said that they were stolen?

Yes, mark stole them.

[sturle]

Looks good, I hope this result can be verified!

It has already been shown to be wrong.

They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients.  MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed.  The transactions were only published through MtGox's API, and the researchers didn't look there.  The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.

Can you explain that? How can transactions be made "invisible"?

Because the transactions will not be accepted by bitcoin nodes.  Invalid transactions are discarded and not relayed to other clients, just as when someone send your client some random data.  It may even disconnect the other node and blacklist it.  (The MtGox transactions were not invalid enough to warrant a blacklist, just non-standard so normal bitcoin nodes won't accept or relay them, but will accept them if mined in a block by someone else.)

Of course the API would have been a better source, but still they also must have appeared in the public history... that is why they had the data.

They don't have the data.  They would have to connect directly to MtGox's bitcoin nodes to get the transactions directly from them, and it is safe to assume they didn't.  From their paper:

In average we connected to 992 peers, which at the time of writing is approximately 20% of the reachable nodes. According to Bamert et al. [4] the probability of detecting a double spending attack quickly converges to 1 as the number of sampled peers increase

Bamert et al. assumes the double spending transactions will be relayed through the network.  The vulnerable transactions from MtGox lacked this property, and it is unlikely to detect them when only conncted to 20% of all bitcoin nodes.  (Assuming they removed the standard test before compiling their own node; otherwise they wouldn't be able to detect the vulnerable transactions at all.)

Also: the problem with MtGox's vulnerable transactions was invalid padding of the S- or R-value in the signature.  Those were easy to fix by removing the extra padding.  The "researchers" didn't detect a single incident of this modification.  Indicating that they probably had the standard test in place in their client.

The paper is worthless.