Pages:
Author

Topic: Mt.Gox technical autopsy - page 3. (Read 4226 times)

sr. member
Activity: 378
Merit: 250
Born to chew bubble gum and kick ass
February 26, 2014, 01:12:32 PM
#5
After browsing the threads about Mt.Gox and the malleability issue here are a couple of questions.

Q1. Is there any way to ascertain that the Mt.Gox bankrupcy was indeed induced by transaction malleability?

Let's say person X (attacker) withdrew e.g. BTC 666.696969 from Gox (or any other exchange). The same person X needed to claim exactly the same amount (BTC 666.696969) from Gox a week or two weeks later, right?

What could be done is to run a query on blockchain data to identify such transaction pairs, initiated from addresses that once had a fairly high value of ''total received'' (indicating they were exchange address) and sent the same amount (BTC 666.696969) twice within a certain period of time.

If someone identifies such pairs, then we might at least get the idea of the maximum possible malleability threshold that went on the Bitcoin network.


Q2. Are we sure that the whole thing wasn't orchestrated with the complicity of Mt.Gox management? Can we ever be sure?

We are not sure and cannot be sure at the moment. The malleability can very well be a real thing or just an excuse. Someone brainy needs to investigate this through blockchain data analysis.
full member
Activity: 121
Merit: 103
February 26, 2014, 08:39:25 AM
#4
After browsing the threads about Mt.Gox and the malleability issue here are a couple of questions.

Q1. Is there any way to ascertain that the Mt.Gox bankrupcy was indeed induced by transaction malleability?

I understand that the malleability issue is real. Indeed it has been real and known for more than two years. I still fail to understand how it could be realistically harnessed to heist hundreds  of thousands of bitcoins.

i am not normally one to speak positively of regulation, but this is one of several reasons that money transmitters and MSBs require licenses in the US: too many unscrupulous people have started up such businesses, then there is a "theft" of funds and all the customers are missing money.

there are numerous ways a tx malleability exploit should have been stopped at mtgox. incompetence is a decent defense in the BTC markets when you consider how little most people know about BTC.

Quote
Q2. Are we sure that the whole thing wasn't orchestrated with the complicity of Mt.Gox management? Can we ever be sure?

Q3. Consider a Bitcoin maketplace model where major exchanges  mysteriously go bankrupt and handwave their alleged losses to some technical issue, previously regarded as minor.  Is such a model viable in the long tem?

if BTC 600K or more has been "stolen", which has not been reliably confirmed by any means, i would bet a large amount of money on it being an inside job. you don't just end up having your cold wallets emptied and not know something is up, even if you're as incompetent as MK.
newbie
Activity: 9
Merit: 0
February 26, 2014, 05:08:36 AM
#3
Quote
How do you answer rhetorical questions?..

I doubt my questions are rhetorical. Let me sketch some tentative answers, although I would obviously prefer to hear something from outside my head

A:Q1+Q2. That largely depends on Mt.Gox. If they release all the data they hold, including all their code and records, we may get an idea of what happened, which techniques were used and how transaction malleability was used in the heist.

I personally believe that insider support must have  played a role, but I am less sanguine about wilful involvement of top management. Anyways, IMO there are lessons to be learnt here, both at the technical and at the management level.

A:Q3. Probably not, although some amount fraud may be tolerable. In the current ecosystem, as far as I understand, major exchanges are trust repositories. if trust repositories are necessary, then they should be fully accountable entities. But perhaps trust repositories are not necessary and the Bitcoin ecosystem should move away from them.
hero member
Activity: 595
Merit: 500
February 26, 2014, 04:13:34 AM
#2
After browsing the threads about Mt.Gox and the malleability issue here are a couple of questions.

Q1. Is there any way to ascertain that the Mt.Gox bankrupcy was indeed induced by transaction malleability?

I understand that the malleability issue is real. Indeed it has been real and known for more than two years. I still fail to understand how it could be realistically harnessed to heist hundreds  of thousands of bitcoins.

Q2. Are we sure that the whole thing wasn't orchestrated with the complicity of Mt.Gox management? Can we ever be sure?

Q3. Consider a Bitcoin maketplace model where major exchanges  mysteriously go bankrupt and handwave their alleged losses to some technical issue, previously regarded as minor.  Is such a model viable in the long tem?
How do you answer rhetorical questions?...
newbie
Activity: 9
Merit: 0
February 26, 2014, 12:52:37 AM
#1
After browsing the threads about Mt.Gox and the malleability issue here are a couple of questions.

Q1. Is there any way to ascertain that the Mt.Gox bankrupcy was indeed induced by transaction malleability?

I understand that the malleability issue is real. Indeed it has been real and known for more than two years. I still fail to understand how it could be realistically harnessed to heist hundreds  of thousands of bitcoins.

Q2. Are we sure that the whole thing wasn't orchestrated with the complicity of Mt.Gox management? Can we ever be sure?

Q3. Consider a Bitcoin maketplace model where major exchanges  mysteriously go bankrupt and handwave their alleged losses to some technical issue, previously regarded as minor.  Is such a model viable in the long tem?
Pages:
Jump to: