Bitcoin Forum
May 07, 2024, 06:25:22 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: 'Malleability' Attacks Not to Blame for Mt. Gox's Missing Bitcoins, Study Says  (Read 1112 times)
Beta-coiner1 (OP)
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
March 27, 2014, 08:49:21 PM
 #1

http://www.cio.com/article/750351/_39_Malleability_39_Attacks_Not_to_Blame_for_Mt._Gox_39_s_Missing_Bitcoins_Study_Says?page=2&taxonomyId=3055
Quote
IDG News Service (Tokyo Bureau) — Fewer than 400 bitcoins could have been stolen from the Mt. Gox Bitcoin exchange using so-called transaction malleability attacks, according to A Swiss study, far less than the hundreds of thousands of bitcoins the company reported.

The findings cast doubt on the failed exchange's explanation of how it lost nearly half a billion dollars' worth of the digital currency when it applied for bankruptcy protection in Tokyo on Feb. 28.

The study was written by Christian Decker and Roger Wattenhofer of the Distributed Computing Group at the Swiss Federal Institute of Technology Zurich (ETH). It was uploaded to the academic prepress site ArXiv.org and has not been published by a peer-reviewed journal.

"In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts," the authors, who have authored several papers on Bitcoin and distributed systems, write.

"In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox."

The study looks into the plausibility of the claim that transaction malleability brought down Mt. Gox. The Tokyo-based exchange had said that a bug in the Bitcoin software could be used to fraudulently alter the records of how bitcoins change hands.

When Mt. Gox collapsed with liabilities of AY=6.5 billion (US$63.6 million), it said that it had lost about 850,000 bitcoins, which would have been worth some $474 million. It cited exploitation of a bug in the Bitcoin system, saying it believed "that there is a high probability that these bitcoins were stolen as a result of an abuse of this bug."

Before trading stopped at the exchange on Feb. 25, Mt. Gox had blamed the transaction malleability issue when it suspended withdrawals of bitcoin to outside addresses.

In their study, the ETH researchers describe how they created specialized nodes that could trace, from January 2013, all transactions on the Bitcoin network including double-spending attacks, of which malleability attacks are described as a variant.

They found that only 302,700 bitcoins were involved in malleability attacks.

"Of these, only 1,811 bitcoins were in attacks before MtGox stopped users from withdrawing bitcoins," they wrote. "Even more, 78.64 percent of these attacks were ineffective. As such, barely 386 bitcoins could have been stolen using malleability attacks from MtGox or from other businesses. Even if all of these attacks were targeted against MtGox, MtGox needs to explain the whereabouts of 849,600 bitcoins."

Mt. Gox CEO Mark Karpeles did not respond to an email seeking comment on the study.

In an email, Wattenhoffer said the study has not been submitted to a peer-reviewed journal, adding "We will do this eventually, but reviewing takes time, and in this case we felt that some people might be eager to hear the news before the usual several-months peer-review cycle is over."

While observers on the Bitcointalk.org forum welcomed the study, they also cautioned that it only went back as far as January 2013.

"It's possible Gox was hit much harder in previous years," one commentator wrote. "Although that would also mean the amount of time they spent oblivious to the problem increases."

Software developer Mike Hearn, who works on bitcoin-related projects, welcomed the study's findings. "People were raising the alarm about this claim almost as soon as it was made by Mt Gox. Although in theory their explanation could have worked (if we assume really bad decisions on their part like not investigating failed withdrawals and just repeating them), the vast sums of money being talked about stretched credulity. And nobody else had reported observing lots of mutated transactions. Now we have data to prove this was correct," he said via email.

1715106322
Hero Member
*
Offline Offline

Posts: 1715106322

View Profile Personal Message (Offline)

Ignore
1715106322
Reply with quote  #2

1715106322
Report to moderator
1715106322
Hero Member
*
Offline Offline

Posts: 1715106322

View Profile Personal Message (Offline)

Ignore
1715106322
Reply with quote  #2

1715106322
Report to moderator
1715106322
Hero Member
*
Offline Offline

Posts: 1715106322

View Profile Personal Message (Offline)

Ignore
1715106322
Reply with quote  #2

1715106322
Report to moderator
Be very wary of relying on JavaScript for security on crypto sites. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
Ibian
Legendary
*
Offline Offline

Activity: 2268
Merit: 1278



View Profile
March 27, 2014, 11:17:51 PM
 #2

Day of the rope, day of the rope.

Look inside yourself, and you will see that you are the bubble.
Wilhelm
Legendary
*
Offline Offline

Activity: 1652
Merit: 1265



View Profile
March 28, 2014, 12:06:32 AM
 #3

Ok the question remains where did Mark leave those coins?

Bitcoin is like a box of chocolates. You never know what you're gonna get !!
thimo
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500

thimo the dev


View Profile
March 28, 2014, 12:45:56 AM
 #4

Ok the question remains where did Mark leave those coins?
He ate them...

i can rent this1
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!