4

What's being reported on the news is that millions of Bitcoins were stolen from Mt Gox. But the Bitcoin Foundation blog says something different:

https://bitcoinfoundation.org/blog/?p=422

"Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions. This is exposing bugs in both the reference implementation and some exchange’s software.

We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now. This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds."

So is the transaction malleability issue Mt Gox is suffering from just a denial-of-service attack, or were Bitcoins actually stolen?

Any help would be greatly appreciated.

Thank You in Advance.

  • The two statements are talking about two completely different events. The only thing they have in common is that they are both caused by transaction malleability. One is inherent in Bitcoin's design, the other is specific to Mt Gox. – David Schwartz Feb 27 '14 at 6:38
2

What has been reported for the past two weeks or so is an issue called transaction (id) malleability: A hash calculated from each bitcoin transaction, the transaction id or txid, can be changed until the transaction is confirmed in the blockchain, by third parties. This deviates from the intuitive, and presumably intended, behavior. Any attempt to spend unconfirmed transactions is vulnerable to a denial-of-service attack where the attacker tries to change the transaction id, denying future spending until the spender updates his idea of what happened to his wallet with the blockchain and re-issues those transactions that build on a wrong expectation of what transaction id would be incorporated into the blockchain. Large bitcoin services' hot wallets with their high transaction volume are particularly likely to be vulnerable, since before this issue became known, it would have been very natural to simply keep producing transactions building upon unconfirmed prior transactions.

To turn this denial-of-service attack into something more like a theft requires some social engineering. In the denial-of-service attack, the attacker can potentially force the wallet operator to reduce the rate of his bitcoin transactions to one per new block and bitcoin address, all whilst in a sense hiding the occasional successful transaction because it confirms under an unexpected, changed transaction id. If an attacker can use these circumstances to convince the service provider that he did not receive a bitcoin payment he is entitled to (possibly pointing to the wrong original transaction id), he may be able to trick the service provider into initiating a new transaction. And maybe a third one or even more. This may have happened to MtGox.

For a longer and colorful description of this hypothesis, see the question Wouldn't the “malleable transaction” attack be foiled by common sense?.

    1

    Were bitcoins actually stolen

    Almost certainly yes.

    Update (March 21 2014): 200,000 bitcoin were found recently down the back of an old MtGox sofa (more or less) So some of the bitcoins might have been merely carelessly mislaid. No one has suggested that these bitcoins may have been deliberately hidden by an insider for later retrieval. So far it's reported as incompetence rather than criminal theft. That still leaves a much larger number of bitcoins that currently appear to have been stolen.

    Forbes reports

    The company’s shutdown is rumored to be caused by a “hack” or “security breach” that resulted in a loss up to 744,000 BTC or $409,200,000.

    The BBC reports

    An estimated 744,000 bitcoins - about $350m (£210m) - are believed to have been stolen thanks to a loophole in Tokyo-based MtGox's security.
    ...
    A leaked report - which Mr Karpeles has confirmed is authentic - said the huge theft had made MtGox insolvent.

    The leaked report referred to says

    At this point 744,408 BTC are missing due to malleability-related theft which went unnoticed for several years. The cold storage has been wiped out due to a leak in the hot wallet
    ...
    MtGox's main problems are massive robbery and poor bitcoin accounting.


    Yahoo news reports (on 2014-02-28)

    CEO Mark Karpeles appeared before Japanese TV news cameras, bowing deeply. He said a weakness in the exchange's systems was behind a massive loss of the virtual currency involving 750,000 bitcoins from users and 100,000 of the company's own bitcoins. That would amount to about $425 million at recent prices.
    ...
    It remains unclear if the missing bitcoins were stolen, voided by technological flaws or both.

    Bloomberg reports

    “The company believes there is a high possibility that the Bitcoins were stolen,” Mt. Gox said in a statement.

    • Then what does this mean? "This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds." – Keshav Srinivasan Feb 27 '14 at 19:52
    • @Keshav: That's what Gavin Andresen thought was the case on Feb 11. The sources I quoted are from more than two weeks later. – RedGrittyBrick Feb 27 '14 at 20:20
    3

    As I understand it (and wrote at more length in this question), the statement is technically correct but incomplete.

    The result of a malleable transaction attack is that the targeted transaction (in which the victim voluntarily sent coins to the attacker) does not confirm, but an equivalent transaction with a different ID does confirm. It is true that this does not steal any coins: the recipient gets the same coins they were already getting.

    The theft occurs in the next step, not described in your statement: the attacker points out to the victim that the original transaction didn't confirm, and convinces him to resend the amount, in a new and independent transaction. If the victim doesn't notice the attacker's equivalent transaction, he might do this; then the attacker has received twice as many coins as he was supposed to.

    • i.e. if malleability was the issue, mtGox would have been dealing with a large volume of support calls, or their wallet was doing this automatically – alfwatt Mar 1 '14 at 2:15
    • @Nate, so you are saying that MtGox is plain lying when they claim that it is a DOS attack? – Pacerier May 22 '14 at 17:01
    • @Pacerier: I am not aware that MtGox has made any such claim. The statement quoted above is attributed to gavin of the Bitcoin Foundation, who as far as I know is not affiliated with MtGox. – Nate Eldredge May 22 '14 at 17:07

    Your Answer

    By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

    Not the answer you're looking for? Browse other questions tagged or ask your own question.