Pages:
Author

Topic: MtGox blames Bitcoin protocol problem for BTC withdrawal issue - page 8. (Read 15254 times)

member
Activity: 182
Merit: 10
This is such an egghead problem.

They decide to suspend all withdrawals because people can say they didn't receive a withdrawal and get paid out twice.

So, they could just hire humans to certify the claims and take however long need be to confirm they are legit.

What's that you say? Human intervention?

Well that is preposterous. No what we will do instead is lock the place down and hold all of our customers hostage until our thuper devs rewrite and implement the errant code.

Clearly that is the best and only solution here.

Painfully oblivious. Well go ahead and vaporize a few more billion in market cap then.
full member
Activity: 124
Merit: 101
Basically they are saying "We are not to blame. There is huge security issue in Bitcoin protocol!!! affecting whole bitcoin network"
full member
Activity: 124
Merit: 101
https://www.mtgox.com/press_release_20140210.html

Quote
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.

The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain.
Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.

This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.

We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block's Merkle Tree, the new hash's purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).

This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.

We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.

Can any "Bitcoin core developer" confirm/deny this?
Pages:
Jump to: