Author

Topic: Has someone calculated the volume of Gox double payments? (Read 578 times)

hero member
Activity: 602
Merit: 500
noone probably can guess at this moment, not even gox themselves.

the good:
mtgox has verified everyones ID even for bitcoin withdrawls ->
they can take legal action against the criminals
they could freeze the accounts of those that "double received" and "uncredit" them

they may attempt to contact those that robbed them to ask for the coins back. depending on how that goes they could take further legal action.
theft is theft.

between "uncrediting" accounts and pursuing legal action against anyone who took a lot of btc this way they should be ok.

this could have ALL been "prevented" but i guess mtgox will/should take whatever "loss" comes of it.

once they release midas and imporove their site, make it professional in most ways i'm sure they can regain their dominance. japan is a good place for an exchange like them.

the bad:
pursuing legal action
full member
Activity: 181
Merit: 104
back in the day I did work at a place that would process hundreds/thousand transactions.  At the end of the day you'd make sure those numbers added up correctly.  If you things didn't line up with the logs/receipts you needed to see where things went wrong.  At the end of each day this was done, at the end of the month inventory was done and everything usually added up, there was a small percentage that was allowed for leakage.  So at worst they should have noticed this in 1 day, max 1 month.  Their excuse doesn't seem plausible if they did any accounting.

Funnily enough, this sounds like EXACTLY the kind of thing Gox wouldn't do.
newbie
Activity: 54
Merit: 0
back in the day I did work at a place that would process hundreds/thousand transactions.  At the end of the day you'd make sure those numbers added up correctly.  If you things didn't line up with the logs/receipts you needed to see where things went wrong.  At the end of each day this was done, at the end of the month inventory was done and everything usually added up, there was a small percentage that was allowed for leakage.  So at worst they should have noticed this in 1 day, max 1 month.  Their excuse doesn't seem plausible if they did any accounting.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Or was this error in the Gox payment system exclusively exploited by criminals?

This.

At the time there was no mass mutation of transactions.  The attackers were mutating their own transactions something like this:
1 ) Attacker request withdraw.
2 ) MtGox generates tx id A (likely defective in a host of ways making the rest of the attack easier).
3 ) Attacker grabs a copy of the "busted tx" and cleans it up (mutates it). Call this tx id "B".
4 ) Attacker pushes mutated version (tx id "B") to a miner.
5 ) Tx id "B" is included in a block.  Attacker has been paid.
6 ) Attacker contact MtGox stating they had not received withdraw (this is made more believable because MtGox broken wallet had created tens of thousands of legit broken transactions).
7 ) MtGox checks blockchain and tx id "A" does not exist.
8 ) MtGox pays the attacker again.

So distilled down the only way you got double paid was if you did all of the following:
a) you noticed MtGox was generating broken transactions
b) you used their API to pull a copy of the tx (because it was being dropped by relay nodes)
c) you modified the transaction to clean it up
d) you received payment and then contacted MtGox claiming you didn't.

It didn't happen by accident.  Even if someone legitimately cleaned up (mutated) their transaction because MtGox was generating broken garbage, they still wouldn't get paid again unless they then lied to MtGox and told them the transaction never went through so MtGox would cut another payment.  

There is no way of knowing how many times attackers did this, or even how many people working together or independently tricked MtGox into overpaying them.  The withdraw issues (legitimate complaints about unconfirmed payments due to MtGox broken wallet) have been going on a month.  Did the attackers realize on day 1 or only a few days ago?  Only MtGox knows.
legendary
Activity: 1792
Merit: 1059
This is now a pretty difficult question, but I ask it anyway: Has someone seriously attempt to calculate the volume of the Gox double payments?

Anyone who has received such duplicate payments? Until now I have not heard of anyone. Sure, many might enjoy and be silent, but every recipient? Or was this error in the Gox payment system exclusively exploited by criminals?

How can we find out how much money Gox has lost? How likely is it that they can compensate the losses with savings?

Please let have a serious discussion without pointless Gox bashing.
Jump to: