Bitcoin Foundation Confirms Work on Transaction Malleability-Related Bug Fixes
Gavin Adresen has provided the bitcoin community with an update related to theongoing distributed denial of service attack (DDOS) that takes advantage of the transaction malleability issue we’ve been reported so much on these past two days.
“Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions,” wrote Andresen on a blog post. “This is exposing bugs in both the reference implementation and some exchange’s software.”
Users of the reference implementation who are bitten by this bug may see their bitcoins “tied up” in unconfirmed transactions; we need to update the software to fix that bug, so when they upgrade those coins are returned to the wallet and are available to spend again. Only users who make multiple transactions in a short period of time will be affected
Andresen confirms that work on these transaction malleability-related bug fixes are underway.
We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now,” he wrote.
No word on just when a proper workaround or fix will be in place, but we expect Andresen to update the community accordingly as developments come. Read the post on the Bitcoin Foundation’s blog here.
Several articles not concerning Mt Gox or denial of service attacks....
Bitcoin Marketplace Coingig to Close
Popular bitcoin marketplace Coingig is quite surprising closing up shop permanently, according to a banner posted on the site’s homepage and a tweet published on early Tuesday morning.
The to-the-point statement reads: “Coingig is going to be shutting down, we will allow 2 weeks to process all orders so we can make sure everyone is paid.”
What’s interesting here as that no explanation has been provided whatsoever, leaving users of the website and the bitcoin community completely in the dark.
The site closed a recent tweet by saying “We has a good run”, leaving us wondering whether the stress of running such a marketplace was enough to nail the doors shut forever.
newsBTC has reached out to Coingig in hopes of getting some concrete information as to why the site is closing down, but did not receive a response prior to publishing. Should that change, we’ll update this post accordingly.
Coingig follows in the tracks of Bitmit, which closed down in the Summer of 2013. According to an announcement of the site’s closing, Bitmit thought that their service “should be run by a more professional business entity.”
It highlights that we’re still in the infancy in bitcoin where start-ups come and go virtually overnight.
We wish the Coingig team the best of luck in their future endeavors.
New York Hedge Fund Brings in Over $5m in Bitcoin Deposits
A hedge fund based in New York by the name of NYSO HEDGE and specializing in “high risk, high return” investments has revealed that it has accepted roughly $5.4 million in bitcoin deposits.
This news follows an initial announcement by the fund to begin accepting bitcoin for deposits on the 7th of February — so it’s taken just about three days for them to amass that amount from bitcoin holders.
“NYSO HEDGE’s own Risk management team (due to these circumstances), has deemed bitcoin deposits as safe as wire transfers with careful research and considerations.”
NYSO applied to get regulatory approval in order to accept bitcoin in June of 2013, and it’s taken up until now to get approved.
Each of NYSO HEDGE’s accounts require a $25,000 minimum investment, and options range from managed accounts, certified investor accounts, and margin accounts.
Australian Taxation Office Slated to Provide Tax Guidance on Bitcoin by June 30th
Australia’s tax authority is slated to provide tax guidance for users of bitcoin and other “alternative payment systems” before June 30th, according to a statement provided by the Australian Taxation Office’s (ATO) senior assistance commissioner Michael Hardy on the Financial Review‘s Channel 9 program on Sunday.
“The ATO is working on a holistic understanding of the taxation treatment of Bitcoin to be in a position to provide certainty for the Australian community,” he stated.
Hardy said that “paying for goods and services with new types of payment tokens such as Bitcoin still means that the seller may need to account for GST [similar to a value-added tax] and/or include the income in their business tax return.” and “The buyer may also need to keep records of the value of the purchase and account for the tax consequences if it represents a business expense or if the purchase is an asset which may be subject to a capital gain or loss.”
Such guidelines have been long-awaited. Scores of bitcoin and other digital currency users are left somewhat in the dark with regard to how to properly file their taxes. Making matters worse, many accountants hired to file on behalf of taxpayers are not familiar with bitcoin and have no proper guidance to go by.
The case in similar in the United States, where the New York State Department of Financial Services recently held hearings to determine how/if bitcoin should be regulated. Meanwhile, it is being reported that the Internal Revenue Service (IRS) is also working on providing taxpayers with guidance specific to digital currency this year.
Knock on effect - Regulation looms and Bistamp halts bitcoin withdrawals......
New York Regulator May Impose Technology Restrictions on Digital Currencies
Published on February 12, 2014 at 00:34 GMT | Regulation, US & Canada
Two weeks after his agency held extensive hearings on the subject of regulating virtual currencies, New York Department of Financial Services (NYDFS) superintendent of financial services Benjamin Lawskyhas issued statements that provide greater insight into the actions the state may take when it seeks to enact bitcoin legislation this year.
Most notably, Lawsky indicated that the NYDFS now feels as though existing money transmission regulation will not be sufficient for virtual currency firms.
Further, he suggested the NYDFS could move to mandate that all virtual currencies maintain a public block chain due to its potential to help track criminal wrongdoing, and that bitcoin businesses that qualify as money transmitters could be made to comply with certain net worth and permissible investment requirements.
Speaking at the New America Foundation in Washington DC, Lawsky said:
Lawsky continued his organization’s friendly approach to addressing the ecosystem, adding asides to his remarks that noted the benefits virtual currencies could bring to the ecosystem and the ongoing problems in the traditional financial system.
A starting point for regulation
Despite earlier comments that indicated that NYDFS would look to enact regulation for wallets and exchanges, the places where virtual currencies are exchanged for fiat, Lawsky seemed less certain about this action in his statements. He also acknowledged that the ability for the NYDFS to put in place the more extensive oversight desired by law enforcement officials would be limited.
For example, he noted that overseeing every transaction on the network would likely be impossible, and mentioned that the NYDFS will heed FinCEN’s guidance to leave individual miners without any oversight, though it expressed an interest in this area.
In addition, Lawsky indicated that his agency is not as concerned with bitcoin’s potential for money laundering.
Safety and soundness requirements
To help increase safety in the ecosystem, Lawsky noted that virtual currency firms will likely be made to meet similar requirements as traditional money transmitters.
Specifically, he noted that such firms are “limited in the types of investments they can hold”, so as not to put consumers in jeopardy, and that they may need to hold enough capital to provide safeguards against industry turbulence. Said Lawsky:
Consumer disclosure
Lawsky reiterated that stronger consumer protections were needed for virtual currency firms, especially as the industry grows and less experienced and less knowledgeable consumers enter the industry.
“If virtual currencies ultimately garner wider adoption among the general public, it will be important for consumers to be armed with the information they need to make the financial choices that are best for them,” Lawsky said.
In particular, he noted consumers should be warned that all bitcoin transactions are irreversible and that the loss private keys could jeopardize their funds.
However, despite the comments, it should be noted that the NYDFS has yet to announce a formal timeline for any decision-making. For a more extensive overview of the NYDFS hearings as well as the community reaction, read our full report here.
TWO MORE BITCOIN EXCHANGES were hit by distributed denial of service (DDoS) attacks on Tuesday as the digital currency's problems took a turn for the worse.
The Bitstamp Bitcoin exchange temporarily suspended Bitcoin withdrawals on Tuesday amid DDoS attacks, while Bulgarian Bitcoin exchange BTC-e announced that the attacks could cause delays in crediting transactions.
"Currently [we have] suspended processing Bitcoin withdrawals due to inconsistent results reported by our bitcoind wallet, caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking," Bitstamp said in a blog post, adding that Bitcoin withdrawal and deposit processing will be suspended temporarily until it releases a software fix.
Bitstamp said that so far no funds have been lost and no funds are at risk, while BTC-e asked its users to "please be patient" on Twitter.
Bitcoin Foundation chief scientist Gavin Andresen said that users can be assured that it has identified the issue and is "collectively and collaboratively working on a solution", with is development teams creating workarounds and fixes.
"Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions," explained Andersen. "This is exposing bugs in both the reference implementation and some exchanges' software."
The foundation stressed that DoS attacks do not affect people's Bitcoin wallets or funds, but said users of the reference implementation who are bitten by the bug might see their Bitcoins "tied up" in unconfirmed transactions.
"We need to update the software to fix that bug, so when they upgrade those coins are returned to the wallet and are available to spend again," Andersen added. "Only users who make multiple transactions in a short period of time will be affected."
As a result, Andersen said that exchanges are temporarily suspending withdrawals to protect customer funds and prevent funds from being misdirected.
On Monday, Bitcoin exchange Mt Gox has halted withdrawals of the digital currency through its website and cautioned users that other services might also be affected. MT Gox said that "various Bitcoin withdrawals" had raised some issues and that in order to get a proper understanding of the situation it would have to suspend withdrawal processing. µ
http://www.zerohedge.com/news/2014-02-11/another-bitcoin-flash-crash-imminent-second-major-exchange-follows-mtgox-suspending-
Another Bitcoin Flash Crash Imminent? Second Major Exchange Follows MtGox In Suspending Withdrawals
Bitcoin plunged another 15% or so from its bounce highs this morning as volatility has picked up dramatically in the virtual currency. The reasons are numerous: JPMorgan has come out with a scathing attack - "bitcoin looks like an innovation worth limiting exposure to;"CoinDesk reports that major exchanges are under a "massive and concerted attack" by a bot system - creating a "fog of confusion" over the system; and perhaps most critically, BitStamp has followed Mt.Gox and halted withdrawals "due to inconsistent results from their bitcoin wallet" - due to the DDoS attacks...
Basically the main reason why BTC crashed in the past few days was the realization that MtGox had finally halted withdrawals, leading to an escalating blame game in which the finger pointing between the exchanges and the actual bitcoin source code (here and here) meant that something is wrong within the system. This lead to the previously noted flash crash in Bitcoin yesterday:
Alas, that may have been just the beginning when a few hours later, we just learned that the next major Bitcoin exchange, Bitstamp, has just halted Bitcoin withdrwawls, blaming a major DDoS for the suspension.
First, here is JPM's latest hit piece:
Unlike other asset markets, FX rarely welcomes newcomers for the simple reason that launching a widely-used currency traditionally required creating a sovereign or supra-sovereign entity with a central bank to issue the unit and manage its supply over time.
Hence the audacity of bitcoin: it is a stateless, virtual and peer-to-peer currency, so exists only digitally and is associated with no sovereign, central bank or bank payments system. It is also incredibly illiquid extremely volatile and often caricatured.
After a brief Economics 101 refresher on the required functions of money, this research note addresses various frequently-asked questions around this virtual currency: what is it; how is it created and transferred; what are its advantages and disadvantages for corporates and investors compared to fiat currencies; is it a serious contender for a global payments system; and can it prove more durable long-term than other somewhat fixed-supply currencies like gold.
At the risk of sounding like a luddite, bitcoin looks like an innovation worth limiting exposure to. As a medium of exchange, unit of account and store of value, it is vastly inferior to fiat currencies. Since governments are quite unlikely to accord it the status of legal tender, bitcoin or other virtual currencies would not reach the scale and scope to render them worthwhile for widespread commerce, payments or investment.
Bitcoin’s greatest appeal is the apparent cheapness of peer-to-peer fund transfers, though it is unclear how economical these transactions truly are when the virtual world interacts with the real world. As provocative as its underlying technology may be, bitcoin’s practical role may be no larger than that of an emerging markets currency subject to exchange controls.
For corporates, bitcoin’s appeal is two-fold: no or low transaction costs from a peer-to-peer payments system, and the potential brand recognition from trialing a new technology. These advantages must be weighed against extreme illiquidity and volatility, both of which impede risk management. All-in transaction costs may also be higher once the fees from transferring bitcoins to fiat currencies are included.
Investors normally avoid an instrument with bitcoin's trading properties. The unit's main investment appeal is the potential long-term price rise due to limited supply, much like some commodities when the market balance tightens.
But more importantly, the scapegoating begins - DDoS attacks (via CoinDesk):
A “massive and concerted attack” has been launched by a bot system on numerous bitcoin exchanges, Andreas Antonopoulos has revealed.The chief security officer of Blockchain.info said a DDoS attack is taking Bitcoin’s transaction malleability problem and applying it to many transactions in the network, simultaneously.“So as transactions are being created, malformed/parallel transactions are also being created so as to create a fog of confusion over the entire network, which then affects almost every single implementation out there,” he added.
And the culmination: BitStamp has halted withdrawals:
Dear Bitstamp usersBitstamp’s exchange software is extremely cautious concerning Bitcoin transactions. Currently it has suspended processing Bitcoin withdrawals due to inconsistent results reported by our bitcoind wallet, caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking. As such, Bitcoin withdrawal processing will be suspended temporarily until a software fix is issued.No funds have been lost and no funds are at risk.This is a denial-of-service attack made possible by some misunderstandings in the Bitcoin wallet implementation. These misunderstandings have simple solutions that are being implemented as we speak, and we’re confident everything will be back to normal shortly.Withdrawals which failed on the 10th and 11th of February will be canceled and the amounts added back to the customer account balances.We will communicate any further developments regarding this issue.Thank you for your understanding!Best regardsBitstamp team
Best regards indeed.
http://www.zerohedge.com/news/2014-02-11/bitcoin-update-your-money-may-be-tied-unconfirmed-transactions
Bitcoin Update: "Your Money May Be 'Tied Up' In Unconfirmed Transactions"
As the torch of responsibility is rapidly handed off from exchange to exchange to theBitcoin source code, Gavin Andersen (one of Bitcoin's protocol core developers) explains just what is going on - and what it means for the 'wealth' stored in the virtual currency - "Users of the reference implementation who are bitten by this bug may see their bitcoins “tied up” in unconfirmed transactions" - so that's what 'bit' stands for in bitcoin...
You may have noticed that some exchanges have temporarily suspended withdrawals and wondering what’s going on or more importantly, what’s being done about it. You can be rest assured that we have identified the issue and are collectively and collaboratively working on a solution.Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions. This is exposing bugs in both the reference implementation and some exchange’s software.We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now. This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds.Users of the reference implementation who are bitten by this bug may see their bitcoins “tied up” in unconfirmed transactions; we need to update the software to fix that bug, so when they upgrade those coins are returned to the wallet and are available to spend again. Only users who make multiple transactions in a short period of time will be affected.As a result, exchanges are temporarily suspending withdrawals to protect customer funds and prevent funds from being misdirected.Thanks for your patience.
As a reminder, Andersen previously explained:
Transaction malleability has been known about since 2011.In simplest of terms, it is a small window where transaction ID’s can be “renamed” before being confirmed in the blockchain. This is something that cannot be corrected overnight. Therefore, any company dealing with Bitcoin transactions and have coded their own wallet software should responsibly prepare for this possibility and include in their software a way to validate transaction ID’s. Otherwise, it can result in Bitcoin loss and headache for everyone involved.
Bitcoin is no longer in Phase 1 of its evolutionary cycle. I believe Phase 2 for Bitcoin began in earnest back in November 2013, when the Senate Committee on Homeland Security and Governmental Affairs held its first hearings on the topic. Those hearings made it clear that, at least for the moment, no significant roadblocks would be put in place to prevent people from transacting with one another using the crypto-currency. Phase 2 also saw the largest Bitcoin investment to-date, a $25 million infusion led by Silicon Valley VC firm Andreessen Horowitz, as well as acceptance by major U.S. retailers, with Overstock being the most significant. Bitcoin is becoming serious, and serious means serious accountability.
As a free market currency, the market will decide the products required to keep the Bitcoin protocol open and functioning to its highest potential.
http://www.coindesk.com/jpmorgan-report-bitcoin-inferior-fiat-currency/
JPMorgan Report Slams Bitcoin as ‘Vastly Inferior’ to Fiat Currency
Released on 11th February, a new report by US-based multinational financial services company JPMorgan issued a sharp critique of bitcoin and other digital currencies.
The eight-page report, authored by the company’s head of global FX strategy, John Normand, aimed to present the “risks and opportunities” posed by bitcoin.
However, throughout the text, Normand puts much of his focus on the former category.
Most notably, Normand suggests that bitcoin is “vastly inferior to fiat currencies” on several counts, and that it is unlikely to ever be afforded the status of legal tender by world governments. The later quality, Normand says, casts the most doubt on bitcoin’s future.
Normand writes:
While Normand did acknowledge the appeal of bitcoin’s technology – pointing out that fiat currencies could learn from its innovations – he ultimately concluded that “bitcoin’s practical role may be no larger than that of an emerging market’s currency subject to exchange controls”.
Bitcoin as inferior money
Normand writes that there is much to dislike about bitcoin, first and foremost because it fails to meet traditional definitions of a ‘medium of exchange’ because it lacks a common power to compel its use.
Normand explains:
Further, Normand suggested that, because of this deficiency, virtual currencies would need to be able to perform other functions more effectively than fiat currency as both a unit of account and a store of value, which he argues it does not.
Normand used bitcoin’s price fluctuations, which he described as “brutal,” as an example to prove his assertion. He cited the statistic that bitcoin’s volatility has averaged 120% over the last three years, while a typical G10 currency will range from 7% to 16%.
“Such price fluctuations make it impossible to seriously consider bitcoin as a unit of account or store of value for an material amount of corporate or investor exposure,” Normand wrote.
However, Normand did acknowledge that these “swings” may simply represent normal volatility for a startup currency, the same way startup companies in the 1990s saw strong fluctuations in share prices.
Bitcoin’s implications for investors and corporations
Normand opened this section of the report by noting that saving 1% on transaction fees would be an attractive prospect for merchants. However, he stated that such savings would not outweigh the risk of the currencies volatility.
Normand did not mention that major processors such as BitPay and Coinbaselimit merchants from this potentially harmful exposure, as he suggested bitcoin would complicate a company’s cash and risk management.
As for bitcoin’s biggest benefit for investors, its potentially large long-term value, Normand suggested that the currency displays many characteristics investors usually shy away from, and further that there is simply not a sufficient way to assess what bitcoin’s future value would be:
Bitcoin’s appeal
The author did indicate that he was able to see why people are attracted to the idea of a currency without the “alleged recklessness, capriciousness, siphoning and snooping inherent in the traditional financial system”, adding that there “is something” to the idea.
Additionally, Normand noted that fiat currencies can learn from some of bitcoin’s innovations. The currency offers predictable growth in the money supply and it eliminates the risk of capital controls. Bitcoin also provides verification of fund balances to avoid fraud and it reduces transaction costs.
“As fanciful – and indeed Matrix-like – as this bitcoin creation system sounds, perhaps it requires no more suspended disbelief than the traditional fiat system in which a government declares paper to have value and a central bank or national mint thus issues the specie. One doesn’t need to be the caricatured miscreant, Austrian economist or anarchist to appreciate the appeal of such a system.”
https://www.bitstamp.net/article/bitcoin-withdraws-suspended/
BITCOIN WITHDRAWAL PROCESSING SUSPENDED
Dear Bitstamp users
Bitstamp’s exchange software is extremely cautious concerning Bitcoin transactions. Currently it has suspended processing Bitcoin withdrawals due to inconsistent results reported by our bitcoind wallet, caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking. As such, Bitcoin withdrawal and deposit processing will be suspended temporarily until a software fix is issued.
No funds have been lost and no funds are at risk.
This is a denial-of-service attack made possible by some misunderstandings in Bitcoin wallet implementations. These misunderstandings have simple solutions that are being implemented as we speak, and we're confident everything will be back to normal shortly.
Withdrawals which failed on the 10th and 11th of February will be canceled and the amounts added back to the customer account balances.
We will communicate any further developments regarding this issue.
Thank you for your understanding!
Best regards
Bitstamp team
Bitstamp’s exchange software is extremely cautious concerning Bitcoin transactions. Currently it has suspended processing Bitcoin withdrawals due to inconsistent results reported by our bitcoind wallet, caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking. As such, Bitcoin withdrawal and deposit processing will be suspended temporarily until a software fix is issued.
No funds have been lost and no funds are at risk.
This is a denial-of-service attack made possible by some misunderstandings in Bitcoin wallet implementations. These misunderstandings have simple solutions that are being implemented as we speak, and we're confident everything will be back to normal shortly.
Withdrawals which failed on the 10th and 11th of February will be canceled and the amounts added back to the customer account balances.
We will communicate any further developments regarding this issue.
Thank you for your understanding!
Best regards
Bitstamp team
https://www.mtgox.com/press_release_20140210.html
Dear MtGox Customers and Bitcoiners,
As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By "bitcoin withdrawal" we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.
The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.
Addressing Transaction Malleability
MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.
Non-technical Explanation:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.
Technical Explanation:
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.
The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain.
Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.
This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.
We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block's Merkle Tree, the new hash's purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).
This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.
We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.
In the meantime, exchanges and wallet services - and any service sending coins directly to third parties - should be extremely careful with anyone claiming their transaction did not go through.
Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.
Conclusion
To put things in perspective, it's important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.
MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.
More information on the status of this issue will be released as soon as possible.
We thank you for taking the time to read this, and especially for your patience.
Best Regards,
MtGox Team
As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By "bitcoin withdrawal" we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.
The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.
Addressing Transaction Malleability
MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.
Non-technical Explanation:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.
Technical Explanation:
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.
The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain.
Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.
This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.
We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block's Merkle Tree, the new hash's purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).
This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.
We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.
In the meantime, exchanges and wallet services - and any service sending coins directly to third parties - should be extremely careful with anyone claiming their transaction did not go through.
Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.
Conclusion
To put things in perspective, it's important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.
MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.
More information on the status of this issue will be released as soon as possible.
We thank you for taking the time to read this, and especially for your patience.
Best Regards,
MtGox Team
No comments:
Post a Comment