March 27, 2014 § Leave a comment
New research by Christian Decker and Roger Wattenhofer from the ETH Zürich comes to the conclusion that the claimed loss of 850k bitcoins through “Transaction Malleability” (TM) is not plausible.
Their research, published on March 26th 2014 on arxiv.org, shows that the number stolen through TM should not exceed 386 coins. Quoting from their paper:
The transaction malleability problem is real and should be considered
when implementing Bitcoin clients.
However, while MtGox claimed to have lost 850,000 bitcoins due to malleability
attacks, we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins. Even more,
78.64% of these attacks were ineffective. As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.
The paper can be found at http://arxiv.org/abs/1403.6676
March 10, 2014 § Leave a comment
Lots of noise, no signal
Since the company filed for bankruptcy protection at the end of february, there have been 2 events that would be great to see explained, but knowing MtGox, they probably won’t be.
According to CoinSight, which publishes data taken directly from MtGox itself, the company started moving a considerable amount of coins at March 08th. These transactions seem to be linked to a single 180k transaction a day earlier, as some restless blockchain detectives have found out.
This is contradictory to their bankruptcy protection filing and earlier leaked documents indicating MtGox had lost 850k BTC, and has only 2000 left.
In a related event, a large part of MtGox internal accounting data has been leaked, allegedly by hackers, via MtGox CEO Mark Karpeles’ personal blog and Reddit account.
The data was quickly removed, but is already widely available via the P2P torrent network. (Link removed because EXECUTABLE FILE CONTAINS WALLET-STEALING SOFTWARE! )
Although the data seems to be legit, as numerous users (including myself) verified that the reported transactions and balances matched their own data, it does not reveal any new information. Also it is not complete, with some users not finding their accounts, and with no data prior to June 2011.
Notably, there is no trading data included since the beginning of 2014, which might be the most interesting part, as it could prove or disprove rumored insider trading by MtGox.
According to the documents, MtGox should have been in possession of 951k Bitcoins, but since this number comes from their internal accounting, it only matches the explanation given by MtGox that they were robbed by an error in their accounting software, so they would have wound up with 951k BTC only on paper, while all real coins were long gone.
As usual, this new information regarding Gox only brings up more questions, namely
- Who leaked the data?
- Is there more data, which contains anything actually interesting?
- How much BTC are still in control of MtGox?
As always, the fastest way to resolve these questions would be a statement from Mark Karpeles himself, but that’s probably not going to happen. As usual.
The alleged hackers who gained control over Karpeles’ accounts stated that no user data has been revealed, and that they only want to take down MtGox and do no harm to users. Rumors of a larger leak containing user data being up for sale have so far proven unsubstantiated, but given the presence of wallet-stealing software in the leak, their motives are to be questioned.
February 25, 2014 § Leave a comment
MtGox goes offline, leaked “crisis strategy” document surfaces, CEO comments
[Update1: Added MtGox CEO comment]
On the morning of the 25th February 2014, Bitcoin exchange MtGox went offline.
One day earlier, the blogger “Two-Bit Idiot” posted an article speculating that MtGox may have lost up to 750.000 Bitcoins, backed by a supposedly leaked document describing the extent of MtGox problems.
The author of the document and its authenticity is not yet known, but several high-profile industry members already put out a joint statement in reaction to it and MtGox shutting down.
As there is no reliable information available, MtGox being insolvent therefore seems like the most likely scenario right now.
[Update 1:] In an email to Reuters, MtGox CEO Mark Karpeles stated that MtGox was “at a turning point” and that an official announcement will be made “soon-ish”, but no other information could be given due to “other parties” being involved.
While this, again, does not reveal anything, it matches the information given in the leaked document. Time to wait for the next Gox announcement. Again.
There still is no exact information on how many and in which way coins were lost, but there is now a site trying to collect information on how many coins were deposited at MtGox on GoxBalance.
February 20, 2014 § 1 Comment
Whose foundation anyway?
The Bitcoin Foundation has so far failed to address the ongoing problems of Bitcoin exchange MtGox.
MtGox’ constant refusal to comment on its financial situation is fueling speculation that it might be headed for bankruptcy. This speculation is only countered by a stream of meaningless MtGox press releases which are starting to sound like bad excuses.
At the same time, the Bitcoin Foundation with its mission statement of “standardizing, promoting and protecting bitcoin” does nothing to act on the actions of one of its “Gold” members, which are by now affecting the whole bitcoin economy.
With the Foundation neither requesting more detailed information from MtGox, nor taking any public stance at all, some bitcoin users are feeling that:
“With every hour that goes by, that the Bitcoin Foundation doesn’t radically distance themselves from Karpeles and Gox, their reputation goes one more step down the drain.”
The recent petition to have Mark Karpeles removed as a board member should be a sign to the Foundation that they are expected to take action regarding MtGox’ problems.
They have a chance to improve their legitimacy, and help everyone involved, by taking a clear stance on MtGox and Mark Karpeles, but have so far failed to do so.
For claiming to be the public voice of bitcoin, they are awfully quiet.
And a clear statement would also help answer the longstanding question:
“Who are they talking for, anyway?”
February 12, 2014 § 1 Comment
Bitcoin network and exchanges under DDOS attack.
[UPDATE 12.02.2014 3:40 GMT : edited to include information about ongoing DDOS attack ]
In an update posted on monday, Bitcoin Exchange MtGox stated that all BTC withdrawals are halted indefinitely, and claim a flaw in the Bitcoin protocol to be the reason.
This flaw ( called “transaction malleability ) has been known since 2011 and had so far not affected any other exchange, as its effects can be mostly nullified by correct security implementation.
Bitcoin developer Gregory Maxwell stated that their press release “sounds a bit spun“, and that it is not a critical error which prohibits any exchange or Bitcoin itself to function.
Bringing attention to flaw has, however, prompted an unknown entity to issue lots of changed transactions IDs, which in turn lead to other exchanges (BitStamp and BTC-E) temporarily halting withdrawals to check if they are able to withstand the flood of manipulated transaction IDs.
It appears that this flaw is exposing bugs in both the reference implementation and some exchange’s software. and can lead to transactions not confirming, as noted by lead Bitcoin developer Gavin Andresen.
Developers, exchanges and mining pools are currently creating workarounds and fixes.
It appears that while MtGox’ handling of public relations is still questionable, their warning about the flaw carried more weight than initially assumed.
However, as stated by Andresen, the attacker is not able to do anything besides delaying transactions, funds in wallets are still safe, and only users who make multiple transactions in a short period of time will be affected.
As much as MtGox has deserved a lot of criticism, it appears that their warning was not as baseless as widely assumed and even stated in this blog. Now that the full extent of the flaw is known, it can be fixed, and it is probably for the best of the whole network that it was discovered now rather than later.
As noted by Gavin Andresen: “You can be rest assured that we have identified the issue and are collectively and collaboratively working on a solution.”
It looks like Bitcoin will survive yet again, and come out of the Gox fiasco even stronger than before.
February 6, 2014 § 3 Comments
First bank run in the history of Bitcoin.
[UPDATED on Feb.06 17:45 GMT with information on the technical error]
[UPDATE 2 Feb.07 07:48 GMT : Mt.Gox has released a more detailed statement saying all withdrawals are halted to be able to fix the problem, promising further updates on Feb.10th.]
[UPDATE 3 Feb 07 11:17 GMT: The details of the bug have been explained by Bitcoin developer Gregory Maxwell on Reddit. In essence it is a combination of a design flaw in the Bitcoin protocol coupled with the way the custom Mt.Gox software handles transactions.]
Withdrawing USD from Bitcoin Exchange Mt.Gox already used to take anything from weeks to months, but it is now becoming similarly difficult to withdraw Bitcoins.
As of Feb.06, over 50.000 (50k) Bitcoins ( ~40 MIO USD) are “stuck” inside of Mt.Gox according to their own data, collected by Coinsight and “The Gox Report”, and this number is growing fast. While being inflated due to the “change” of transactions, and possibly being closer to 20-30k, just the rate at which this amount is rising is a cause for concern.
The problem became apparent around the 25th of January, when a rapidly growing number of users started voicing their concerns on Bitcointalk , Reddit and Twitter. Some users report waiting over a week to be refunded for failed withdrawals, only to have the transaction fail again on the next attempt.
While some withdrawals seem to go through, the overall success rate as stated by users, and backed up by data from Mt.Gox and IRC support, seems to be below 30%.
The official statement by Mt.Gox is that they are aware of the problem and are working hard to fix it, but is providing no further information.
[UPDATE: Sources close to Mark Karpeles claim progress has been made on finding the cause of the problem, pointing to a misinterpretation of the wallet software as to which outputs are already spent. It is further claimed that he has personally confirmed this error, and progress is being made in fixing it. Due to security concerns the details cannot be disclosed here, as other wallets might be affected.]
This has lead to speculation about the situation of Mt.Gox, with even members of the Bitcoin Foundation asking for clarification and for Gox’ CEO, Mark Karpeles, to step forward.
Karpeles has so far not commented on the issue, and is apparently not even in touch with fellow members of the Foundation, of which Mt.Gox is one of the two only “Gold” members.
Looking at the transactions inside of Mt.Gox wallets via the “Skanner” website reveals a tangled mess of interdependent double spends, causing whole chains of transactions to fail over time.
According to Bitcoin Developer Mike Hearn, Mt.Gox is running a customized version of the Bitcoin software which is maintained by Karpeles himself, and the ongoing problems are leading to the assumption that for some reason he is currently unable to fix it.
With support tickets not being answered, their Twitter & Reddit support sending out prefabricated messages, and their IRC support being overloaded, speculation is running wild about the true nature of their problems, including that the technical problems might be intentional to mask underlying problems. However, support in IRC keeps stating that the problem is being worked on, that Mt.Gox is running a full-reserve operation, and all coins are safe and will be paid out.
Even if these are just errors in the software, Mt.Gox’ failure to properly communicate the issues is alarming in itself, and is already showing to be eroding trust in the exchange, as an increasing number of customers is trying to leave.
At the time of writing Bitcoin prices have been tumbling, with Mt.Gox rates dropping up to 15% in what seems to be Bitcoins first Bank run.
With Bitcoin slowly gaining legitimacy around the world, one stands to question the way Mt.Gox is handling this problem, and whether the Bitcoin Foundation is watching their members to uphold the standards and level of professionalism they have ascribed to themselves.
The current situation can only be defused by either fixing the problems within the next days, or by Mt.Gox stepping up and providing evidence of having enough funds, and giving clear information about the exact nature of the technical problem. It would be in the best interest of Mt.Gox, as well as the Bitcoin Foundation, to step up and address this problem openly and transparently, as the speculation alone might prove detrimental to the further evolution of the emerging Bitcoin economy.