It is not even clear that the malleability problem is solvable. Besides the problem that there is innumerable ways to transform a transaction to give it a different hash without affecting scriptSig validity, it is simply unknown whether it is possible to algebraically transform an elliptic curve signature without invalidating it. If so, then no matter what you do to cover up the other holes, that gaping one is left open.
Transactions are malleable. Deal with it. If a transaction is observed on the network that has the same input outpoints and the same outputs, it is the same transaction, and mtgox should treat it as such. This is a simple check to do, and trivial to automate.
And instead of reporting only the hash to the user, they should record, report, and track the transaction itself. You should be able to go to your withdraws and see the actual transaction, including which inputs were used, and what the change address is. You can then go to any block chain service and verify for yourself if/when those same outpoints are spent in a modified transaction.
Eh well, it is Bitcoin's problem in that it's not meant to ever happen. Mt Gox's implementation is based on what is meant to happen in the network (transaction IDs can not change) rather than what does happen (signatures with weird padding are accepted). The network as of late version doesn't relay these either, I seem to remember reading, so it's a problem that's being intentionally reduced.
Mt. Gox could solve the issue without a change to the Bitcoin protocol by tracking the entire transaction and not just the hash.
But instead of fixing their own problem they make it sound like Bitcoin itself is broken.
Why would they do this? Cui bono?
If Mt. Gox has been scammed out of a large amount of Bitcoin, they may not own enough to fill withdrawal requests. If this is true, then a steep decline in the price of Bitcoin could allow them to cover the gap.
So a guy who calls himself "Magical Tux" and describes himself as "PHP Developer working on some weird stuff, like a mail server (POP3/IMAP4/SMTP) written in PHP" was not able to build a reliable worldwide exchange?
It seems to me the trivial solution (ok, "hack") for this problem is to construct a new bitcoin address for every withdrawal that is used as a staging ground and one-time "identity" for the transaction. So like, rather than MtGox sending a hundred bitcoin to a user's address, and then having to sort-of-fail to detect the transaction as it gets mutated, it sends the money to a temporary address and then empties the temporary address into the user's target address.
Now, any transaction coming from that temporary address (which can also be told to the user as "expect the money to come from this address", which might be separately useful for purposes other than transaction proofing) can be considered to be the transaction in question: the computed hash of the transaction is irrelevant.
Of course, I should not be able to solve this problem after two minutes of thinking about it; so: anyone mind teaching me what I'm missing? I can't imagine I could come up with a solution this simple so quickly to a problem that is apparently so well known and so problematic to such an established player in this space ;P.
The issue isn't really that difficult to solve, it's just that their software was doing accounting badly and losing track of what was spent where when the malformed transaction was spent rather than the one they believed they created.
An attacker can rely on this (the transaction ID from their perspective never confirmed) and ask them to resend the funds. The attacker doubles their money and suddenly Gox has outputs they think aren't spent, but really have been in a transaction ID they don't know is their own. When they roll these "unspent" outputs into new transactions they fail to broadcast, and then we are in the situation we are in today with a number of backlogged transactions.
Fortunately for them if any money has been stolen using this, they probably have the ID of the person in question.
Your system would work as a hack, but for somebody as big as Gox they would have a significant impact on the blockchain size for no good reason.
MtGox made the right decision in shutting off withdraws and not implementing hacks. It's important for this problem to be solved once and for all.
MtGox made a very bad decision in its choice of wording in this press release. It shouldn't have framed this as a "design flaw." The only reason this happened was because of MtGox's custom software. No one else was affected. By definition, that's not a design flaw.
You don't need to create a new address - just identify transactions by the inputs it consumes and outputs it generates. Since these parts are signed they won't change.
Of course that's much harder, both in terms of algorithmic and code complexity, than just remembering a hash.
You could do it that way. Inputs, Outputs and Signatures don't change though. So just keep track of that. With each confirmation the tx-id becomes less and less malleable. At some point then store the tx-id.
There are few times in my adult life I've felt like crying actual tears, but this is one of them.
Four times since that first comment, the bitcoin price has recovered to $1,000, then dipped back down again. Four times I didn't sell.
The silver lining is that Gox's explanation is correct on a technical level. There is every reason to believe this explanation to be true. This isn't (just) me being hopeful; this is because if you investigate whether it's true, you'll find out it is true.) For further details see https://news.ycombinator.com/item?id=7203544
Since I've only been able to withdraw 3.4 bitcoin, I'm at the mercy of Gox. It's entirely possible that I'll wind up with less than $1,000, from $11,000. An expensive life lesson, but at least it's recoverable.
EDIT: I apologize if this comment didn't contribute anything. I sometimes use HN for moral support. I'm just shocked at what's happened.
EDIT2: This surely shouldn't be the top comment... it's important to get information out to people in a crisis situation like this. This was just me being sad and gathering information from those more experienced. Thank you though.
You clearly do not have the heart for asset speculation. I am not trying to be mean here, but the emotional reactions you show in these comments and the fact that they utterly destroy your ability to stick to the rational decisions you've made, is comprimising your investment decisions.
So there's two paths from here: Either this is the experience that hardens you and makes you stop thinking "oh shit, I just lost two months' salary in six hours" (this happens all the time when you have a significant amount invested in a volatile asset), or you realize that things won't change and you can't live with the risk of losing your investment.
If you choose the latter option, you will also need to stop kicking yourself if three years from now, the asset you sold has trippled in value. In fact, you should stop kicking yourself right now. The problem here is your emotional reaction, not Bitcoin's volatility. I know how you feel; I've been up and down $30,000 this year over the course of a few weeks in the stock market, but second-guessing yourself only serves to waste your attention. Make a plan, know the consequences and stick to it.
No, you are still learning the lesson, it's not been learned at all.
You are being illogical about your investment. Go back to the moment you bought the Bitcoin. You apparently thought they were worth $1000 per Bitcoin at that moment, there is nothing wrong with that.
That you invested in Bitcoin means you expected them to rise, do you remember how much you expected them to rise? In what timespan? Does the price going down for now affect that estimation? In what way? Why would you sell your Bitcoin?
There's answers to all those questions that go in every direction, but they lie in the future, so the only thing you can do is make a reasonable prediction, and hope it was realistic enough.
Some people think Bitcoin will go to $10k, some people think Bitcoin will prove useless and die out. Decide in which camp you are.
About MtGox: If MtGox would somehow mess up bad enough that your money/btc is not safe there, that would hit the BTC so bad that its value would at least half, if not more, at every exchange. Trying to withdraw your bitcoin now is madness, you're just risking getting it stuck.
Be careful with your panicking. I myself am too afraid to go long on Bitcoin, if I had I'd have over 10x my original investment now, instead I just speculate and profit from panic sellers, it's fun and pretty low risk. I sell whenever Bitcoin is stable, and buy whenever there's panic.
I don't believe in Bitcoin being worth $1000 right now, but I do believe that the technology and ideas are solid enough, that whenever there's a panic the price will recuperate fairly quickly as people realize not actually all that much changed.
Did you not understand what you were getting into? Did you imagine it would rise forever? Did you think that an unregulated exchange in a foreign country designed for a different purpose was a safe bet? Did you ignore the rising tide of complaints about Gox?
Why did you use MtGox. You should of done research before investing that much money. If you'd done rudimentary research, you would of immediately seen that MtGox was a very risky exchange to use... even just for very short term transactions. I'm lost as to why anyone actually still used MtGox over the last 6 months or so.
Secondly if you can't stomach the swings in Bitcoin, it's not the speculatory investment for you. You need to have a plan and stick to it. Buy and hold for 5 years is a reasonable plan.
I'm sorry if this isn't sympathetic, but you need to learn from your mistake.
Having gotten in when they were so (relatively) "cheap", it's hard to imagine pay > $1000/each. I certainly can't complain, as I bought $10k BTC at $7/ea and sold 'em when it hit $30 (c. June 2011), but I sure wish I had held onto 'em!
I suppose it is viscerally obvious to you at this point, but putting money into something like Bitcoin should be considered one step up from putting it all on 31 and letting it ride: don't do it with money you consider important.
Don't panic, the way I see it, is that this is another temporary crash in the price of bitcoin, caused by bad news. Once the mtGox problem is out of the way, bitcoin may resume it's rise. May is the operative word there, of course, but I think it's likely.
Don't expect sympathy from us. It's not like you did a load of hard work and then got taken advantage of. Depending how you look at it you put a bunch of money either into a gamble, or betting on your own judgement (which, if bitcoin loses its value, will have proven to be wrong).
Well technically this is a "technical issue" but lets not fool ourselves to believe that Mtgox is holding out withdrawals just to be on the safe side. If they are doing this then it means they were subject to an attack involving this bug. How much did this attack hurt MTgox financially?
However, it must have really messed up their internal accounting. The problem isn't that they don't have the money - the problem is that they don't know which of the outputs that they own have been used, and which haven't. They have to fix the bug, parse the blockchain, consolidate that with their internal records of ownership, figure out which pending withdrawals have been fulfilled, which haven't, which have been paid twice...
There's a lot of things to do there, and they all need to be fixed before they can tell if a new withdrawal is legit.
<gmaxwell> The Gox press release seems a little ‘spun’ to me. They portray characteristics of the Bitcoin system well known since at least 2011 (which even have their own wiki page ) as something new.
These characteristics are annoying but don’t inhibit basic operation. They are slowly being fixed – but fixing them completely will likely take years as they require changing all wallet software. Correctly-written wallet software can cope with the consequences, and I cannot understand why they would gate their withdraws on external changes.
So the problem is that they are not tracking inputs and outputs, but relying on the transaction ID. This transaction ID can be changed while keeping the signatures valid. The inputs and outputs will _not_ be changed.
It sounds like they need to just watch for duplicate transactions as the protocol is built to prevent those.
So what's the use of tx id's at all then? I mean practically speaking, since they're mutable? I'm thinking of an analogy here but I can't. It's like a git commit hash, but you're "allowed" to append some whitespace to the end of a file so you can keep mutating the hash but it's the "same" commit.
I don't really see a use for tx ids if they keep the spec as-is then or am I missing something?
This is what MtGox should of done over 6 months ago:
- Given $100k or however much it costs to 1-2 top quality devs to write a new exchange from the ground up. Very basic functionality, focus on efficiency and reliability.
- Take MtGox.com offline for a few hours
- Port all user accounts over to the new system
- Launch MtGox v2.
It blows my mind the total level of incompetence, wasted opportunity and lack of common sense MtGox have shown. Literally sitting on a money making factory and they didn't get their shit together for such a long period of time.
They do not deserve all the forgivness the market gives them, they are past the stage of a "bad apple" now and need to die for Bitcoin to move forwards.
I wonder how many other bugs the protocol has. I bet it's not the only one. Maybe i should scan the issues list on github and sell every time a issue is opened...
And even if they didn't notice it right away. It takes a lot of effort to race an unconfirmed transaction and let the coins get respend (double the actual withdraw in your address). Especially when mtgox let's you verify your account with your official documentation.
Additionally with the fees generated just today they would cover 500 Bitcoins in losses just from one day revenue.
Unlikely. They should have noticed that they had to do some transactions repeatedly, probably after being contacted by people who exploited the "flaw". This doesn't scale well.
It seems people in the chatroom and on reddit don't buy this. Blaming their inability to withdraw money for customers on the Bitcoin protocol? And somehow all other exchanges are doing fine? Super suspicious.
Given that a core developer (Gregory Maxwell) has backed up the explanation that it's an implementation issue, you'd have to be fairly stupid to believe otherwise based on the mindless musings or other reddit users.
This information is very public, to the point where people have collected detailed information about the bad transactions going out and noting that they also agree with that story.
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur.
If that is true, it probably affects all alt-coins since they all fork back to btc.
However I bet it's just a matter of getting more confirms since attackers could be using fraudulent nodes to try to fool the network.
MtGox knew about this problem at least 3 months ago already. All of a sudden it's a protocol problem now.
I say this as someone who personally had BTC withdrawals fail 3 months ago when they explained to me on IRC that they couldn't find a bunch of transactions with the TX ids they were looking for and had to rebroadcast them.
[+] [-] maaku|12 years ago|reply
It is not even clear that the malleability problem is solvable. Besides the problem that there is innumerable ways to transform a transaction to give it a different hash without affecting scriptSig validity, it is simply unknown whether it is possible to algebraically transform an elliptic curve signature without invalidating it. If so, then no matter what you do to cover up the other holes, that gaping one is left open.
Transactions are malleable. Deal with it. If a transaction is observed on the network that has the same input outpoints and the same outputs, it is the same transaction, and mtgox should treat it as such. This is a simple check to do, and trivial to automate.
And instead of reporting only the hash to the user, they should record, report, and track the transaction itself. You should be able to go to your withdraws and see the actual transaction, including which inputs were used, and what the change address is. You can then go to any block chain service and verify for yourself if/when those same outpoints are spent in a modified transaction.
This is MtGox's problem, not bitcoin's.
[+] [-] nwh|12 years ago|reply
[+] [-] panarky|12 years ago|reply
Mt. Gox could solve the issue without a change to the Bitcoin protocol by tracking the entire transaction and not just the hash.
But instead of fixing their own problem they make it sound like Bitcoin itself is broken.
Why would they do this? Cui bono?
If Mt. Gox has been scammed out of a large amount of Bitcoin, they may not own enough to fill withdrawal requests. If this is true, then a steep decline in the price of Bitcoin could allow them to cover the gap.
[+] [-] coldtea|12 years ago|reply
This is surprising.
So a guy who calls himself "Magical Tux" and describes himself as "PHP Developer working on some weird stuff, like a mail server (POP3/IMAP4/SMTP) written in PHP" was not able to build a reliable worldwide exchange?
[+] [-] laichzeit0|12 years ago|reply
Clearly MtGox overlooked this and thought it was the obvious way to track a transaction.
Given that they're malleable, what use-case do they have now?
[+] [-] yetfeo|12 years ago|reply
[+] [-] saurik|12 years ago|reply
Now, any transaction coming from that temporary address (which can also be told to the user as "expect the money to come from this address", which might be separately useful for purposes other than transaction proofing) can be considered to be the transaction in question: the computed hash of the transaction is irrelevant.
Of course, I should not be able to solve this problem after two minutes of thinking about it; so: anyone mind teaching me what I'm missing? I can't imagine I could come up with a solution this simple so quickly to a problem that is apparently so well known and so problematic to such an established player in this space ;P.
[+] [-] nwh|12 years ago|reply
An attacker can rely on this (the transaction ID from their perspective never confirmed) and ask them to resend the funds. The attacker doubles their money and suddenly Gox has outputs they think aren't spent, but really have been in a transaction ID they don't know is their own. When they roll these "unspent" outputs into new transactions they fail to broadcast, and then we are in the situation we are in today with a number of backlogged transactions.
Fortunately for them if any money has been stolen using this, they probably have the ID of the person in question.
Your system would work as a hack, but for somebody as big as Gox they would have a significant impact on the blockchain size for no good reason.
[+] [-] sillysaurus2|12 years ago|reply
MtGox made a very bad decision in its choice of wording in this press release. It shouldn't have framed this as a "design flaw." The only reason this happened was because of MtGox's custom software. No one else was affected. By definition, that's not a design flaw.
[+] [-] Anderkent|12 years ago|reply
Of course that's much harder, both in terms of algorithmic and code complexity, than just remembering a hash.
[+] [-] simondlr|12 years ago|reply
[+] [-] sillysaurus2|12 years ago|reply
http://news.ycombinator.com/item?id=6926472
http://news.ycombinator.com/item?id=7195024
http://i.imgur.com/5TAwopR.png
There are few times in my adult life I've felt like crying actual tears, but this is one of them.
Four times since that first comment, the bitcoin price has recovered to $1,000, then dipped back down again. Four times I didn't sell.
The silver lining is that Gox's explanation is correct on a technical level. There is every reason to believe this explanation to be true. This isn't (just) me being hopeful; this is because if you investigate whether it's true, you'll find out it is true.) For further details see https://news.ycombinator.com/item?id=7203544
Since I've only been able to withdraw 3.4 bitcoin, I'm at the mercy of Gox. It's entirely possible that I'll wind up with less than $1,000, from $11,000. An expensive life lesson, but at least it's recoverable.
EDIT: I apologize if this comment didn't contribute anything. I sometimes use HN for moral support. I'm just shocked at what's happened.
EDIT2: This surely shouldn't be the top comment... it's important to get information out to people in a crisis situation like this. This was just me being sad and gathering information from those more experienced. Thank you though.
[+] [-] marvin|12 years ago|reply
So there's two paths from here: Either this is the experience that hardens you and makes you stop thinking "oh shit, I just lost two months' salary in six hours" (this happens all the time when you have a significant amount invested in a volatile asset), or you realize that things won't change and you can't live with the risk of losing your investment.
If you choose the latter option, you will also need to stop kicking yourself if three years from now, the asset you sold has trippled in value. In fact, you should stop kicking yourself right now. The problem here is your emotional reaction, not Bitcoin's volatility. I know how you feel; I've been up and down $30,000 this year over the course of a few weeks in the stock market, but second-guessing yourself only serves to waste your attention. Make a plan, know the consequences and stick to it.
[+] [-] tinco|12 years ago|reply
You are being illogical about your investment. Go back to the moment you bought the Bitcoin. You apparently thought they were worth $1000 per Bitcoin at that moment, there is nothing wrong with that.
That you invested in Bitcoin means you expected them to rise, do you remember how much you expected them to rise? In what timespan? Does the price going down for now affect that estimation? In what way? Why would you sell your Bitcoin?
There's answers to all those questions that go in every direction, but they lie in the future, so the only thing you can do is make a reasonable prediction, and hope it was realistic enough.
Some people think Bitcoin will go to $10k, some people think Bitcoin will prove useless and die out. Decide in which camp you are.
About MtGox: If MtGox would somehow mess up bad enough that your money/btc is not safe there, that would hit the BTC so bad that its value would at least half, if not more, at every exchange. Trying to withdraw your bitcoin now is madness, you're just risking getting it stuck.
Be careful with your panicking. I myself am too afraid to go long on Bitcoin, if I had I'd have over 10x my original investment now, instead I just speculate and profit from panic sellers, it's fun and pretty low risk. I sell whenever Bitcoin is stable, and buy whenever there's panic.
I don't believe in Bitcoin being worth $1000 right now, but I do believe that the technology and ideas are solid enough, that whenever there's a panic the price will recuperate fairly quickly as people realize not actually all that much changed.
[+] [-] pjc50|12 years ago|reply
http://www.shareprice.co.uk/pages/risk-warning-trading : "You may not necessarily get back any of the amount you invested."
[+] [-] TomGullen|12 years ago|reply
Secondly if you can't stomach the swings in Bitcoin, it's not the speculatory investment for you. You need to have a plan and stick to it. Buy and hold for 5 years is a reasonable plan.
I'm sorry if this isn't sympathetic, but you need to learn from your mistake.
[+] [-] jlgaddis|12 years ago|reply
[+] [-] davidw|12 years ago|reply
[+] [-] kristianp|12 years ago|reply
[+] [-] lmm|12 years ago|reply
[+] [-] minikomi|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] krelian|12 years ago|reply
[+] [-] Anderkent|12 years ago|reply
However, it must have really messed up their internal accounting. The problem isn't that they don't have the money - the problem is that they don't know which of the outputs that they own have been used, and which haven't. They have to fix the bug, parse the blockchain, consolidate that with their internal records of ownership, figure out which pending withdrawals have been fulfilled, which haven't, which have been paid twice...
There's a lot of things to do there, and they all need to be fixed before they can tell if a new withdrawal is legit.
[+] [-] michaelt|12 years ago|reply
[+] [-] VMG|12 years ago|reply
[+] [-] VMG|12 years ago|reply
http://www.cryptocoinsnews.com/2014/02/10/mt-gox-blames-bitc...
Excerpt:
<gmaxwell> The Gox press release seems a little ‘spun’ to me. They portray characteristics of the Bitcoin system well known since at least 2011 (which even have their own wiki page ) as something new.
These characteristics are annoying but don’t inhibit basic operation. They are slowly being fixed – but fixing them completely will likely take years as they require changing all wallet software. Correctly-written wallet software can cope with the consequences, and I cannot understand why they would gate their withdraws on external changes.
[+] [-] mathrawka|12 years ago|reply
It sounds like they need to just watch for duplicate transactions as the protocol is built to prevent those.
[+] [-] laichzeit0|12 years ago|reply
I don't really see a use for tx ids if they keep the spec as-is then or am I missing something?
[+] [-] TomGullen|12 years ago|reply
- Given $100k or however much it costs to 1-2 top quality devs to write a new exchange from the ground up. Very basic functionality, focus on efficiency and reliability.
- Take MtGox.com offline for a few hours
- Port all user accounts over to the new system
- Launch MtGox v2.
It blows my mind the total level of incompetence, wasted opportunity and lack of common sense MtGox have shown. Literally sitting on a money making factory and they didn't get their shit together for such a long period of time.
They do not deserve all the forgivness the market gives them, they are past the stage of a "bad apple" now and need to die for Bitcoin to move forwards.
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] dexcs|12 years ago|reply
[+] [-] freakyterrorist|12 years ago|reply
[+] [-] stp-ip|12 years ago|reply
[+] [-] nkuttler|12 years ago|reply
[+] [-] oleganza|12 years ago|reply
[+] [-] snitko|12 years ago|reply
[+] [-] nwh|12 years ago|reply
http://www.reddit.com/r/Bitcoin/comments/1x93tf/some_irc_cha...
This information is very public, to the point where people have collected detailed information about the bad transactions going out and noting that they also agree with that story.
http://skanner.net/MtGox/mtgox_tx.php
Why has nobody else has issues like this? Well they have, talk to Coinbase, they've had their own share of problems with delayed transactions.
[+] [-] sekasi|12 years ago|reply
If you follow the article you'll find that some of the core bitcoin team is confirming the flaw.
But maybe reddit is right. Clearly.
[+] [-] ck2|12 years ago|reply
If that is true, it probably affects all alt-coins since they all fork back to btc.
However I bet it's just a matter of getting more confirms since attackers could be using fraudulent nodes to try to fool the network.
[+] [-] jlgaddis|12 years ago|reply
Yes, you should have kept reading:
> Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.
[+] [-] laichzeit0|12 years ago|reply
I say this as someone who personally had BTC withdrawals fail 3 months ago when they explained to me on IRC that they couldn't find a bunch of transactions with the TX ids they were looking for and had to rebroadcast them.
[+] [-] dsr_|12 years ago|reply
The one thing that makes me suspect otherwise is that they are holding a lot of BTC instead of a lot of cash.
[+] [-] taspeotis|12 years ago|reply
[1] http://bitcoin.clarkmoody.com/
[+] [-] kristianp|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] enscr|12 years ago|reply
[+] [-] surana90|12 years ago|reply