Commentary on the economic , geopolitical and simply fascinating things going on. Served occasionally with a side of snark.
Sunday, February 9, 2014
Why Mt. Gox, the World’s First Bitcoin Exchange, is Dying - the travails of Mt Gox after suspending withdrawals on Friday February 7 , 2014 and promising customers an update Monday February 10, 2014 , bitcoin customers of Mt Gox and the bitcoin world wait to see whether the withdrawal problem was just a technical issue or whether insolvency is the true situation ? Coin Searcher three day protest at Mt Gox and varied points of view regarding Mt Gox set forth......Another Major Bitcoin Exchange ( Local Bitcoins.com ) May Be In Deep Trouble After A Bust In Florida ........ Additional news include examining bitcoin business growth globally ........ Second Market buying bitcoin from the public - just as Mt Gox issue erupted ....... Coinbase stepping up security features with new API Key....
Withdrawal problems across Exchanges other than Mt Gox ? FWIW !
The Embarrassing Fact MtGox Left Out Of Their Press Release: Their Bad Code Hygiene Was The Direct Cause Of Problems
5
+96
CRYPTOCURRENCY
CRYPTOCURRENCY
Yesterday, the bitcoin exchange MtGox – riddled by problems – issued a press release saying the bitcoin protocol was to blame for its ongoing problems. That statement, which caused the markets to nosedive temporarily, is outright false. The problem is, and was, bad code hygiene in the MtGox exchange itself. Here are the details.
Yesterday, when MtGox blamed “transaction malleability” as the cause of MtGox’ problems, implying that the problems at MtGox affected all exchanges and everything bitcoin, that was a sign of a very elastic relationship with facts. It’s true that transaction malleability was a factor, but not nearly in the way that MtGox implied. (We’ll be returning to what the “malleability” is.)
Here’s the real problem: MtGox is running its own homebuilt bitcoin software, and has not cared to update and upgrade that software along with the developments of the bitcoin protocol. Recently, after a very long grace period, the bitcoin protocol tightened slightly in order to disallow unnecessary information in transaction records, and did this to fix the malleability problem that MtGox blamed.
So the problem of malleability remained at MtGox, while having been fixed in the rest of the world. This – the discrepancy itself – was the root cause of the problem, because it meant that MtGox started issuing invalid transaction records for bitcoin withdrawals. Obviously, they were rejected by the bitcoin network.
Let me explain in a bit more detail.
When you write an amount of money, say twenty-three thousand four hundred and twenty-two dollars and fifty-four cents, you typically write that as $23,422.54. But it would also be valid to write it as $0,023,422.54. Or $0,000,023,422.54. This fact – that one number can be written in many ways, all valid – is the malleability. (For the sake of completeness, it wasn’t the amount, but another number in the transaction record that was concerned.)
This was tightened in the bitcoin protocol to only allow the shortest version of writing a number, $23,422.54, in this specific code change, which happened a whole year ago.
This change was ignored by MtGox, if I may speculate, probably because “it kept working anyway”. That is, until bitcoin 0.8, when the core developers decided to enforce this change across the protocol, having had the tightening published for over a year. The moment bitcoin 0.8+ gained majority deployment on the network, such invalid transactions started getting rejected.
In other words, MtGox’ lack of code hygiene and lack of very basic IT release processes led to the MtGox code getting out of sync with the bitcoin protocol itself. It kept writing numbers in a way that wasn’t always the shortest possible way in some of its transaction records, and therefore, the inevitable happened: those transaction records were rejected by the bitcoin network.
As a complete side note, this situation is well described by a saying in Sweden that we use to honor our neighboring Finns and their gung-ho attitude toward life, the universe, and everything. The saying is supposed to be pronounced slowly with a slight sauna-induced slur and a strong Finnish accent, like such:
00:00
00:04
Now, let’s return to MtGox’ press release. There, they state that skilled hackers had the ability to rewrite bitcoin withdrawals with the speed of lightning before they reached the bitcoin network, implying that hackers changed valid transactions enroute. This, skilled hacking, was the cause of all their problems, they claimed. But that’s not what happened at all. MtGox were creating invalid transaction records for some small but significant portion of their bitcoin withdrawals.
What this means is that MtGox wasn’t the subject of some skilled hacking related to transaction malleability. Instead, bad code hygiene was causing MtGox to broadcast invalid transactions, which could trivially be corrected and re-broadcast, causing all these problems downstream.
This, in turn, leads to all the described problems with double-spending, internal databases of account records getting out of sync with the blockchain records, et cetera. Once somebody has corrected one of MtGox’ malformed transactions and re-broadcast it, MtGox would still consider it unsuccessful, making things go out of sync.
So, is this hard to do the right way? No. I can say that authoritatively – I spent seven years as a CTO-for-hire putting exactly these kinds of hygiene, accountability, trackability, and predictability processes into place at startups with growth pains, saving more than one startup from the blame-game death spiral. MtGox is dying from the lack of a very basic leadership and management toolkit.
Oh, and that Swedish saying about the Finns in the audio clip above? The one that references how the protocol strictness tightened but MtGox went gung-ho ahead anyway? It means “The road turned, but Pekka didn’t”.
DISCLOSURE The author is personally affected by the MtGox malfunction, having a five-figure dollar amount in stuck unprocessed bitcoin withdrawals.
As a final note, I can’t help feeling a bit of immature glee at all the doomsday sayers that screamed crash! all over the media, who seemed just waiting to pounce on the opportunity to declare Bitcoin dead. Uhm, yeah. It turns out that over the whole day of February 10, the Bitcoin price fell a total of 19 US cents. As of this writing (01:30 UTC on Feb 11), it’s up a bit (705) from where it opened yesterday (688).
Sources: this post by TheComputerScientist, this post by nullc (Greg Maxwell), and a few other sources whose identity I’ll protect.
http://market-ticker.org/akcs-www?post=228401
( Note the portion that discusses frozen fiat withdrawals - emphasis USD but who knows how extensive problems might be with other currencies ? Good explanation on Exchange protocol .... )
When Is An Exchange Not An Exchange?
The question above is answered thus:
Whenever the so-called exchange has an actual position, and thus is exposed to loss.
An exchange is never supposed to be able to take a loss, as they are only a facilitator between a buyer and seller. Their protocols thus should be designed to detect attempts to defraud either side of a transaction and hold the transaction in a "pending" state until it is ascertained that the transaction is "good", at which point both sides are released in an atomic operation.
As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By "bitcoin withdrawal" we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.
Yes, this flaw in the original protocol has long been known.
There are also means to mitigate against someone trying to exploit it, albeit not trivial ones. In other words, as Mt. Gox puts it, detecting this is not "efficient."
But -- if a particular service holds the transaction in a pending state until it is either confirmed or refuted then the problem doesn't arise as you can't double-spend. The person who tries to scam using this scheme thus fails in their attempt, while the person who does not sees normal transaction clearing times.
In addition, if this does not impact exchanges to other forms of currency as Mt. Gox claims, why are there apparent issues with exchanges to those other forms of currency?
There's no way to know as this is not being addressed.
But -- an exchange is not supposed to design its operations in a form or fashion that leaves it exposed to valuation or transaction risk. That is and to repeat with emphasis, an exchange by definition is a service that earns its funds by facilitating two unaffiliated parties engaging in a transaction.
I would love to see evidence that any of the existing so-called exchanges meet this definition. Indeed, before doing business with any of them I would demand that under strict proof, because if that is not the case then you are at risk as their customer, and that's not what you signed up for.
Now that Bitcoin exchange Mt.Gox has terminally discredited itself following the latest, and likely last, withdrawal halt announced late last week which sent the value of Bitcoin tumbling by 25%, Bitcoin traders are left with just two exchange options on which to transact: BTC-e and Bitstamp. And for those using the former to buy and sell the virtual digital currency, things went from bad to worse a few short hours ago, when Bitcoin had its very own "Waddell and Reed" moment, when the price of Bitcoin cratered by over 80% in the span of seconds, after a modest block of just under 6000 Bitcoins sent the price plunging from over $600 to $102.
However, market gymnastics may just be the tip of the iceberg - a far bigger issue, one we have been warning about since the last March surge in Bitcoin's dollar price, is that the crackdown on Bitcoin both in the US (see "Miami Bitcoin Arrests May Be First State Prosecution"), and around the world (in Russia Bitcoin was just declared illegal) is finally heating up. It's only going to get worse in an insolvent world desperate to halt money laundering.
And since digital currency advocates have finally realized they can't hold the electronic 1s and 0s in their hand in a worst case scenario, the biggest winner of the latest Bitcoin crash is none other than the real alternative currency (in Paul Singer's words), gold, which moments ago just hit a one month high and rising.
CoinDesk has removed Mt. Gox from the Bitcoin Price Index today (as of 16:00 GMT), due to its persistent failure to meet the Index’s standards for inclusion.
Ultimately, the decision to remove Mt. Gox from the BPI was prompted by Friday’s announcement that bitcoin (BTC) withdrawals had been suspended until Monday, and today’s follow-up announcement that bitcoin withdrawals would now be suspended indefinitely. This was due to a previously known technical issue with Mt. Gox’s custom wallet implementation of the Bitcoin core protocol.
However, these recent withdrawal restrictions are just the latest in a series of issues which have made Mt. Gox’s inclusion in the BPI problematic.
Concerns over Mt. Gox’s price variance
A concern separate from timely customer withdrawals which had recently commanded attention was the expansion of the so-called ‘Mt. Gox premium’.
For example, on 28th January, Mt. Gox customers were paying more than 25% more for bitcoins than customers on BTC-e, another BPI component exchange.
The issue of price dispersion across the many different bitcoin exchanges was part of CoinDesk’s original rationale behind the Bitcoin Price Index, and some ongoing dispersion is to be expected for reasons ranging from differences in bitcoin regulation across the globe to the overall maturity of the exchange market for bitcoins.
However, the price dispersion between two other BPI components, Bitstamp andBTC-e, has recently remained in the low single-digit percent range, raising concerns over whether bitcoin prices quoted on Gox were representative of the overall market.
Concerns over excessive price dispersion at Mt. Gox, however, have since subsided as the Gox premium compressed into single percentage digits since 28th January.
Customers’ love-hate relationship with Mt. Gox
Complaints over withdrawal delays at Mt. Gox are nothing new, having dogged the exchange since the first-half of 2013, when Mt. Gox first ran afoul with US regulators after its failure to register as a money transmitter.
Throughout the first-half of 2013, Mt. Gox commanded a very high share of bitcoin trading volume, leaving many feeling that, in spite of its withdrawal issues, Mt. Gox was still a viable option given the available alternatives.
However, as the year progressed Mt. Gox’s market share in total bitcoin trading volume steadily eroded, and in late-2013 Mt. Gox was eclipsed as the number one Bitcoin exchange, first by BTC-China and then Bitstamp.
BTC Volume on BTC China, Mt. Gox and Bitstamp (1st August – 23rd December 2013). Source: BitcoinCharts
Mt. Gox’s persistent withdrawal problems
Reports of Mt. Gox customer withdrawal problems have been rising of late and these complaints have not fallen on deaf ears at CoinDesk.
CoinDesk has been working diligently to independently verify complaints. We recently ran an open poll about Mt. Gox to gather additional details from customers, and a number of Mt. Gox customers have shared their experiences with CoinDesk in confidence.
One recent high-profile example was a Mt. Gox customer who flew to Tokyo to protest outside Gox’s offices over withdrawal delays, alas to no avail.
Importance of timely customer withdrawals
The ability of exchange customers to obtain timely withdrawals is a criterion of the Bitcoin Price Index. Specifically, point 6 in the BPI criteria states:
“Banking and/or bitcoin transfers in or out of the exchange must be completed within seven business days, if deposit and withdrawal methods are not offered for various countries and/or currencies.”
Mt. Gox has been unable to consistently meet this criterion. Also of concern has been Mt. Gox’s failure to provide a sufficiently credible explanation for why the problem is occurring, or a detailed plan/timeline for when the problem of timely customer withdrawals will be resolved.
An exchange’s ability to execute timely customer withdrawals is an important BPI criterion for several reasons.
If timely customer withdrawals are not possible then this could have an influence on the accuracy of the exchange’s price discovery mechanism. For example, customers of Mt. Gox were often thought to be trading bitcoins at rates beyond their value on other exchanges so that they could more easily transfer BTC out of the exchange. In recent days the reverse has occurred, with the ‘Mt. Gox Premium’ becoming a discount during certain periods.
Customer withdrawal delays may be a symptom of other serious problems at the exchange which are difficult to independently verify, such as internal technical issues, legal/regulatory inquiries, or the exchange’s solvency.
CoinDesk has removed Mt. Gox from the calculation of the Bitcoin Price Index effective today at 16:00 GMT.
About the Bitcoin Price Index
Launched in September 2013, the CoinDesk Bitcoin Price Index represents an average of bitcoin prices across leading global exchanges that meet criteria specified by CoinDesk.
The BPI is intended to serve as a standard retail price reference for industry participants and accounting professionals.
The CoinDesk BPI is a professionally curated index with a combination of quantitative and qualitative data points under consideration. Selective criteria such as price volatility, inconsistencies in processing withdrawals, and standard deviation from the mean all play a factor in exchange inclusion.
CoinDesk’s goal is to include all exchanges which meet the BPI criteria in the Price Index so that the Index provides the most accurate, representative real-time measure of bitcoin’s price.
When I saw Bitcoin trading at close to one thousand dollars, I wanted to kick myself! I should have seen it coming, a limited supply and a lot of hype and demand — it looks obvious in hindsight, as many things do.
And I can't excuse myself by claiming not to have been fully aware of Bitcoin, when it was trading far below ten dollars. My well-known libertarian leanings meant that a number of like-minded friends encouraged me to get involved in this new, non-statist, unregulated experiment. Shame on me, for not listening. I hope at least they made a lot of money.
The main reason, however, I did not get involved was longer-term concerns about the viability of Bitcoin, and in my view, those concerns still remain.
Bitcoin has been in the news a lot lately — and not all of it positive, such as the recent arrest of a Bitcoin trader in New York on money laundering charges.
I think Bitcoin has made a mistake by keeping its owners anonymous, although some users — including some highly undesirable ones — are embracing it for that very reason. This offers authorities an excellent excuse to ban it whenever, and wherever they wish. And this could easily be an unfair ban under false pretences simply because the authorities don't like the competition. China and Russia are just the first to react, I fear.
Due to the nature of its structure, banning Bitcoin will of course not eradicate it. But what it will do is make it impossible for law-abiding individuals and businesses to use it — and thereby render it practically useless anyway. So the false sense of security the, admittedly, irrepressible network provides Bitcoin will really not count for much, if there is a concerted move to restrict the Bitcoin market. I think therefore that it may well be advisable to accept and embrace some degree of regulation, although it will be counter-intuitive to many fans, if only to prevent an even worse reaction from governments that are not pleased to see their money printing monopoly challenged.
Of course, for early buyers wiser than me, the huge price rally has been terrific, but it also carries some negative consequences. I think the elevated price and huge volatility — it has swung from a high of USD 1,242 in late November to around USD 500 in hours — will make it more difficult to gain acceptance among serious businesses.
So I think Bitcoin will face serious challenges in the long run, although I believe such digital currencies could have a place in the economy in more well thought-through structures with values better linked to real assets. There is no doubt that many central banks have made a mess of things with their own fiat money without linkage to reality, and it is entirely conceivable that the private sector could also in the area of currencies do a better job than public sector institutions. It does in pretty much every other area under the sun, so why not here?
Anything in the financial space that can be regulated will be regulated. Get used to it! This will also apply to digital currencies. But regulation could be their ticket to real acceptance and success — and should therefore not be seen only as a negative.
Bitcoin is still a very small part of the economic system and will not pose a serious threat to more established models any time soon. But if it does one day and it overcomes regulatory issues, it will be embraced.
Bitcoin is increasingly used by migrant workers to transfer money back home, and is therefore beginning to serve really genuine purposes, not just ideological ones, which is promising to see.
The extreme volatility and opaque ownership structure definitely poses a risk to all users of Bitcoin. And I believe there will be new and better models developing over time. It is rare that the first mover wins and takes all, and given the weaknesses mentioned above, I believe there is a lot of room for improvements.
There are at least 80 known similar initiatives out there, and of course most of them will fail.But I know personally of a couple of projects in the design phase that in my view are better constructions, and will be able to obtain rapid distribution, making them real competitors to Bitcoin. When they launch, I promise myself that I will be less cautious and also that readers of this blog will get to know about it at an early stage, so watch this space!
Saxo Bank does not currently offer trading in Bitcoin due to the concerns listed here. But we are reviewing the digital currency space on an ongoing basis, so we may revise this at a later stage.
( Mt Gox statement confirms it has become a roach motel - no bitcoin withdrawals will be coming anytime soon for customers of Mt Gox . However , fiat can be withdrawn , which one can assume will be happening . And the kicker is Mt Gox say the bitcoin withdrawal problem is not just a Mt Gox issue , but applies to any Exchange ! )
Price Drops as Mt. Gox Blames Bitcoin Flaw for Withdrawal Delays
Mt. Gox has issued a statement in an effort to address concerns raised by users after it suspended bitcoin withdrawals late last week. The exchange insists it is working hard to address a technical issue that has made it impossible for users to make transfers.
The company also points out that currency withdrawals and transfers to any Mt. Gox address are not affected by the issue.
Mt. Gox stressed that the problem is not limited to its exchange – it affects all transactions where bitcoins are sent to a third party. Once the problem was identified, Mt. Gox chose to suspend bitcoin withdrawals until it can be resolved.
Geeky and non-geeky explanation
Mt. Gox offered two explanations for laymen and tech-savvy users. In essence, Mt. Gox says it identified a bug in the Bitcoin software that makes it possible for someone to use the network to alter transaction details, making it seem like bitcoins had not been sent to a bitcoin wallet, when in fact they had.
“Since the transaction appears as if it has not proceeded correctly, the bitcoins may be re-sent. Mt. Gox is working with the Bitcoin core development team and others to mitigate this issue,” Mt. Gox said.
The technical explanation is a lot more detailed.
It points out that bitcoin transactions are subject to a design flaw that has been largely ingored, although it was known to “at least a part” of the Bitcoin core development community. The defect is known as “transaction malleability” and it allows third parties to alter the hash of a fresh transaction without invalidating the signature. Mt. Gox explains:
“Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.”
The “sendtoaddress” API returns a transaction hash as a way to track the insertion of the transaction into the block chain. Since most wallet and exchange services keep a record of this in order to respond to users who make inquiries about their transactions, they could assume that the transaction was not sent – as it would not appear in the block chain with the original hash. For the time being, there is no way of efficiently recognizing alternative transactions.
“This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction’s hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.”
Working on a fix
Mt. Gox believes the problem can be addressed by using a different hash for transaction tracking purposes. The network would continue to employ the current hash for the purpose of including the transaction in each block’s Merkle Tree, while the new hash would be used to track transactions and it could be computed and indexed by hashing the exact signed string via SHA 256, the same way transactions are hashed.
“This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions,” Mt. Gox said. “We have discussed this solution with the Bitcoin core developers and will allow bitcoin withdrawals again once it has been approved and standardized.”
In the meantime Mt. Gox is urging exchanges and wallet services, as well as any other service that sends bitcoins directly to third parties, to be “extremely careful” with anyone claiming their transaction did not go through. The issue also affects altcoins using the same transaction scheme as Bitcoin.
The exchange says it will try to resume withdrawals as soon as possible:
“Mt. Gox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.”
Mt. Gox also noted that more information on the status of the issue will be released as soon as it is available – but for now users will not be able to make bitcoin withdrawals. The fix can’t come soon enough, as the problems have caused a selling frenzy in some circles.
Price fall
Since the announcement was published, the price of bitcoin has witnessed a steep decline. The CoinDesk Bitcoin Price Index shows a sharp fall from $681 at 10:00 (GMT) to $572 at the time of writing.
This news caused bitcoiners across the globe to panic sell their collections of the digital currency, but the price drop didn’t last for long – it increased to $770 by the end of the year.
Responses
Responses to the Mt. Gox statement have been largely negative. Oleg Andreev, a software developer and bitcoin enthusiast, said on Twitter:
Mt. Gox have just released their official statement regarding their recent decision to halt all Bitcoin withdrawals.
Essentially, they are claiming they can’t release customers’ funds until a known bug in the Bitcoin protocol is resolved.
The market is reacting very negatively to the Gox announcement, falling ~$160 on high volume since the news.
Greg Maxwell Responds
I spoke with Bitcoin core developer, Greg Maxwell, about this highly technical issue. Greg Maxwell and Peter Wuille are the core developers in consultation with Mt. Gox, as per their press release.
<gmaxwell> The Gox press release seems a little ‘spun’ to me. They portray characteristics of the Bitcoin system well known since at least 2011 (which even have their own wiki page ) as something new.
These characteristics are annoying but don’t inhibit basic operation. They are slowly being fixed – but fixing them completely will likely take years as they require changing all wallet software. Correctly-written wallet software can cope with the consequences, and I cannot understand why they would gate their withdraws on external changes.
<GG> Andreas Antonopolous has examined Gox’s code to some degree, and remarked that they are using a strange “hodgepodge of technologies that are really not suitable for running an exchange.” Do you believe the problem lies in their code rather than the Bitcoin protocol?
<gmaxwell> Oh there is a “problem” in the Bitcoin protocol, known since at least 2011 (see the link I gave). But for normal applications, not involving unconfirmed transactions, it shouldn’t cause any severe problems because wallets can handle it locally.
Basically, third parties can change the transaction IDs of transactions. This means what wallet software must be written to accomodate that and still recognize them when that happens.
What the press release talks about is adding a second kind of transaction ID, which is robust against changes, which would be helpful for tech support purposes. Though it doesn’t resolve all of the issues that being able to modify transactions presents.
<GG> So in other words, Gox should be able to account for this known problem by modifying their internal systems?
<gmaxwell> Yes, internal only changes should account for it. The only remaining issue for Mt. Gox’s application would be some tech support problems, where if a user’s transaction is mutated by a malicious party the txid ["transaction ID"] Mt. Gox told them to expect wouldn’t be the one that ultimately showed up in the blockchain.
<GG> It seems the market is reacting very negatively to the news. What advice would you give to the average Bitcoiner regarding this situation?
<gmaxwell> The challenge for me in offering something here is that this isn’t news to me – for years – and it’s never been a particularly large concern. This wouldn’t make the top ten list of dangers in the Bitcoin technology.
<GG> Thanks for your comments.
-
Update: as of 13:35 GMT+2, the market has retraced about 60% of the recent loss as the news is digested.
In my personal opinion, Gox have done more harm to the Bitcoin community than good to themselves through their statement. This situation should have been handled in such a way as to minimize the market impact.
MtGox issued a statement that due to “design issue” in Bitcoin protocol, they were having problems with withdrawing BTC and so they had to halt all withdrawals until the problem is fixed.https://www.mtgox.com/press_release_20140210.html
If you need a quick answer: there’s no bug in the Bitcoin itself. You may go to Bitstamp/Coinbase/BTC-E/Bitcoin-Central and buy more BTC with a huge discount before it gets back to $800-$900.
Long answer:
Unconfirmed Bitcoin transactions were always “malleable”, that is you can slightly change a transaction that “floats around” (not yet in the blockchain) and you wouldn’t break its signatures. You can’t change something important about it, like source transactions, amounts, order of inputs and outputs or other important metadata. What you can change is add some bogus data or flip a sign on a signature that doesn’t change the meaning of the transaction, but changes its content.
What it means is this: you may send transaction ABC123, then someone may see it on the network, change slightly to ABC124 and issue too. If he gets lucky, ABC124 will be included first and ABC123 will never be included (because it’d be a double-spend). There’s no problem for the recipient of the transaction: they will still get all their money on the address they expect. But if they were watching the blockchain specifically for transaction ABC123, they will never find it there.
MtGox claims to be fooled this way:
User asks MtGox to withdraw some bitcoins to some address of the user’s choice.
MtGox takes some of its own “unspent transaction outputs” and composes a transaction which sends funds to the user’s address.
MtGox remembers a hash of that transaction (unique fingerprint of its contents) and begins to watch the blockchain for this hash to appear in it.
User or someone else sees unconfirmed MtGox transaction in the p2p network. He changes some bytes in it to keep it valid, but make it different to change its hash.
New, modified transaction gets included in the blockchain. MtGox has sent money where needed, but does not know about it. User also got the funds no problem - his personal wallet will show that he has the funds.
Then, user goes to MtGox support and complains that the money did not go through. Or, MtGox themselves see that they’ve been watching for transaction for too long and could automatically re-send another transaction that sends some other “unspent tx outputs” to the same address (sort of, to “retry” the transaction). One way or another, it creates a lot of confusion for MtGox and initially may even lead them to sending the same money twice, or multiple times to the same user.
Is it a design issue in Bitcoin to allow slight changes in the transactions? Yes, probably is. But it’s not entirely clear how it can be prevented at all. An immediate fix would disallow potentially useful more complex transactions and require a global network consensus to enforce new behavior.
MtGox had this problem because they didn’t know about this Bitcoin property. And for most of the time transactions were not deliberately modified by anyone, so it was okay for most of the time.
MtGox should fix the problem this way: instead of watching blockchain for appearance of the specific hash of a specific transaction, they instead should watch if the address X (specified by user) got amount N (specified by user) from outputs Y, Z and W (used by MtGox). This would guarantee that even if transaction is modified, they will see for sure if the users actually got the money intended to them or not.
In a draft release made available via IRC freenode/#mtgox just now, Mt.Gox states that it will not resume BTC withdrawals to outside addresses until a flaw in the Bitcoin protocol that makes “transaction malleability” possible has been fixed.
The news announcement outlines the Transaction Malleability issue and concludes:
To put things in perspective, it’s important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.
MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.
More information on the status of this issue will be released as soon as possible.
We thank you for taking the time to read this, and especially for your patience.
Best Regards,
MtGox Team
The announcement comes after close of business at 19h00 JST with traders already anxious when Mt.Gox failed to make a statement by 5pm JST. Staff were on the freenode/#mtgox IRC channel to respond to queries and one of the first questions were: “Are you insolvent?” to which came the reply: <SarahCoinBit> No.
The current lockdown of all BTC comes in the wake of months of BTC transaction failures caused by bugs in their custom exchange wallet software. The exchange had failed to communicate the exact reason for their technical woes in previous months, leading to rumors and speculation of pending insolvency. Mt.Gox customer disgruntlement reached fever pitch over the weekend after Mt.Gox halted all BTC deposits and withdrawals last Friday with a brief announcement explaining only that their system needed to be in a “static state”.
Bitcoin Developer, Greg Maxwell, stepped to the podium, via Reddit, to give a technical explanation of the difficulties being experienced by Mt.Gox – something they could easily have done themselves as the nature of the compound problems became evident in past months. Today’s announcement confirms Maxwell’s explanation and Mt.Gox has officially appealed to the Bitcoin core developers to fix the transaction “malleability” flaw.
Although the cat is out of the bag now, the Bitcoin community is still concerned about Mt.Gox communication policy. Lack of transparency and outright failure to reply to communications resembles that of a “couldn’t care less” bank and not that of a stake-holding partner in a close-knit Open Source innovation. There are also untold numbers of customers who had effectively been told to “talk to the hand” since September last year. Their ire and frustration has created much negative sentiment toward Mt.Gox and one can only surmise that their collective action will be to sell or abandon ship once BTC withdrawals are re-enabled. Hence, Mt.Gox would be responsible for more volatility in the BTC price chart – an eventuality that investors and stakeholders have been trying to avoid on the eve of mainstream adoption.
With the information made available today it is apparent that the entire Bitcoin community (and Bitcoin itself) will benefit from planned security fixes. However, some uncomfortable questions remain as to why this issue had not been addressed earlier. According to Maxwell it had been fixed via tightening transaction signature encoding, yet now Mt.Gox are declaring it an existing security flaw.
“I think I just witnessed Mt. Gox die today. I didn’t get my bitcoin, but glad I came and tried.” - Reddit user ‘CoinSearcher’, after conducting a three-day protest at Mt. Gox’s headquarters in Tokyo.
Mt. Gox, the world’s original and once-largest bitcoin exchange, appears to be in a state of disarray after it suspended bitcoin withdrawals to work on what it said were technical issues. Meanwhile, the clamour of angry customer voices is growing.
The exchange’s moves have had a negative impact on the bitcoin markets. The price of 1 BTC plunged from $850 at the start of the week to $681, according to the CoinDesk Bitcoin Price Index, in the wake of the Gox announcement. It has promised an update on Monday 10th February (Japan time).
Gox’s decision to halt bitcoin withdrawals sharply affected the market. Source: CoinDesk
The internal workings of Mt. Gox have long been the focus of discussion in the bitcoin community. Users have reported delays in obtaining a ‘verified’ account there after submitting the required identification documents.
Submitted by Tyler Durden on 02/10/2014 08:23 -0500
No comments:
Post a Comment