Slashdot Mirror

← Back to Stories (view on slashdot.org)

MtGox's "Transaction Malleability" Claim Dismissed By Researchers

Posted by Unknown on from the did-you-check-the-couch-cushions? dept.

Martin S. (98249) writes "The Register reports on a paper at the arXiv (abstract below) by Christian Decker and Roger Wattenhofer analyzing a year's worth of Bitcoin activity to reach the conclusion that MtGox's claims of losing their bitcoins because of the transaction malleability bug are untrue. The Abstract claims: 'In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. ... In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox.'" Quoting El Reg: "By extracting transaction keys from the transaction set, the researchers say, they were able to identify more than 35,000 transaction conflicts and more than 29,000 “confirmed attacks” covering more than 300,000 Bitcoins." And less than 6000 were actually successful.

14 of 92 comments (clear)

  1. The scam unravels by NotDrWho · · Score: 4, Insightful

    The MtGox guys better get on a plane and head for their secret island.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:The scam unravels by Anonymous Coward · · Score: 2, Informative

      Unfortunately for them, they aren't allowed to (legally) leave the country.

    2. Re:The scam unravels by gstoddart · · Score: 4, Insightful

      I wonder how this plays into this bit coins they mysteriously found in another wallet later that they said they'd give the refunds from.

      Either this was a scam all along, or these guys really dropped the ball.

      And if the researchers are saying their explanation doesn't hold water, it's increasingly hard to believe them.

      --
      Lost at C:>. Found at C.
    3. Re:The scam unravels by prisoner-of-enigma · · Score: 2

      "Never attribute to malice that which can be explained by incompetence." -- Hanlon's Razor

      --
      In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
  2. Money and marijuana don't mix by Anonymous Coward · · Score: 2, Funny

    A bank run by drug dealers and drug addicts won't keep your money safe, period.

    1. Re:Money and marijuana don't mix by Collective+0-0009 · · Score: 4, Insightful

      I'd trust a pot head over a money-grubbing corporate overlord. I have personally worked with the type of psychos that run a lot of companies. They are completely immoral. They often cannot even see their lack of integrity as they have rationalized their decisions long ago. They surround themselves with those that won't rock the boat; "yes men/women". And it's so easy to fall into when you are on top... nobody cares that the emperor has no clothes as long as they get the bonus and raise.

      Remember that commercial where they gave some poor dude 100k and asked him to watch it. Pot smokers don't steal it. Asshole libertarian, free market loving, usually conservative pricks steal*.

      So you keep the c-levels of ING, Chase, etc. I'll take The Dude any day.

      * = I am sorta libertarian, like the free market, and agree with some moderate conservatives. But it seems the psychos all LOVE these things and use them as the basis for their rationalizations.

      --
      I finally updated my sig, but now it's lame.
  3. sounds like it really was sheer incompetence.... by Mr+Krinkle · · Score: 2

    I mean, if you lost 64,564 bitcoins from a known and easy to research flaw....

    then I'm VERY sure that you had a LOT of other security flaws unpatched on your servers.

    I know that even on my home servers I try and do "enough" diligence to ensure all know flaws are patched.. And on work related boxes, we ALL verify constantly all known vectors are closed...
    The fact that they found 10% of the "lost" coins with publicly available information and widely known bugs, lets me know that there are SURE to be a LOT more hidden flaws bleeding bitcoins like crazy...

      (and I'm sure some employees stole some coins to buy private islands)

    --
    I am 31337 or something.
  4. Dear slashdot, by Orgasmatron · · Score: 5, Interesting

    This paper has already been widely dismissed by the bitcoin community. Not that we necessarily think that Mtgox was actually hit by a malleability attack. Just that this paper is nonsense.

    The very short version is that what these "researchers" were looking at isn't actually how the alleged bug would have worked.

    --
    See that "Preview" button?
    1. Re:Dear slashdot, by kasperd · · Score: 4, Interesting

      Just that this paper is nonsense.

      Care to answer a few questions then?

      • How did the transactions found by these researches happen, if not by a malleability attack?
      • If a malleability attack would not result in transactions looking like what was found by these researchers, then what would it look like?
      • What is the explanation for the spike found just after the announcement, if that was not due to copy-cats attempting malleability attacks?
      --

      Do you care about the security of your wireless mouse?
  5. Re:As it was weeks ago... by erroneus · · Score: 2, Insightful

    This is all to be expected isn't it? It seems like when there is opportunity to scam people out of money, someone will set up an operation to exploit it. Every natural disaster results in hundreds of fake charities being set up to collect donations. And digital currency saw all manner of opportunists attempting to participate at every level from bitcoin mining viruses to setting up exchanges with disappearing money "bugs."

    Anyone who didn't expect it was born yesterday under a rock.

  6. Re:As it was weeks ago... by jythie · · Score: 5, Interesting

    Yeah, but it is still kinda cool to see people dissect exactly how it happens or how claims are untrue. Suspecting and knowing are two very different things.

  7. Re:Flawed assumption by Aaden42 · · Score: 2

    You don’t seem to understand the purpose of Bitcoin, or what a Ponzi scheme is...

    ... Or what money is. Fiat currency has no value other than to 1) Pay your taxes, and 2) Conduct business with others who mutually agree that said currency has an effective value. Within about 15 miles of me, there’s at least one pizza joint and one car dealer that will accept Bitcoin in exchange for their products.

    No argument that BTC is less widely accepted than most other currencies, but don’t conflate wide acceptance of a currency with it having an intrinsic value. At the end of the day, one dollar bill is worth exactly what I can exchange it for, no more (with the possible exception of it having some *limited* intrinsic value in terms of heating/energy should it prove more valuable to simply set fire to it rather than exchange it for some other fuel source). I could if I so wished exchange BTC for pizza or a car, so that’s value in my book.

    Granted, BTC’s volatility in terms of value makes it a risky choice as “money,” but it isn’t worthless.

  8. Re:Planning by PRMan · · Score: 2

    Karpeles IS unusually stupid (OK, let's say arrogant and naive). He claimed to have lost 2,000,000 bitcoins until people looked at the PUBLIC blockchain and found that he had previously had access to accounts where some of the "missing" bitcoins were still sitting. Then, all of a sudden, when the Japanese court threatened him with arrest, he was suddenly able to "find" and produce them.

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...
  9. Re:As it was weeks ago... by BourneTolouse · · Score: 3, Informative

    I don't know what prompted the Red Cross comment, but is is easy enough to check through Charity Navigator. The Red Cross spends 4% on administration and 5.1% on fund raising; the rest goes to programs.