Topic: New Mt Gox Press Release - Feb 10 - they are claiming flaw in bitcoin protocol ! (Read 33066 times)

Good luck I sent btc from btc-e to vircurex on Monday.  The problem is surely on btc-e end but I've got some other deposits to vircurex that are showing as 0/4 confirmations sent about 10 emails and not one response in 5 days.  Another one of my favorite exchanges that I've now lost complete trust in.  How can people trust these exchanges with millions of dollars when they can't even return an email, have no phone number, their physical address does not exist etc.

Dear Bitstamp clients,

After rigorous testing, we have restored fully automated processing for Bitcoin withdrawals.

Unforeseen incidents like this DoS attack against an edge case in the Bitcoin protocol are to be expected with such a young technology. The core protocol remains sound and the world has seen how these incidents are addressed by the Bitcoin community. Every challenge that is successfully overcome is a milestone that allows the world to grow their confidence in Bitcoin.

We recognize that for many of clients the inability to make withdrawals may have been stressful and we are thankful for your patience and understanding.

Best regards,

The Bitstamp team

The problem, though, and I agree the "outside world" doesn't understand this and wouldn't without lengthy explanations they also probably wouldn't understand, is that on one side, you have the erring party, Gox, refusing to fix its own mistake.  The "other side," to the extent there even is an other side, is Gox's insane demand the entire rest of the Bitcoin world alter the way it does business in order to accommodate their mistake.

Clearly, this can't be done. 

This problem has been on the to-do list for some time, and using the temporary transaction ID has been deprecated for literally years.  But to fix this issue, basically every piece of software out there has to be replaced.  This isn't going to be done instantly.

Signed

Signed and tweeted

signed

I'll just leave this here:

https://www.change.org/en-GB/petitions/petition-to-remove-mark-karpeles-from-the-board-of-the-bitcoin-foundation#share

My point is that this week has not helped Bitcoin gain the trust it needs to thrive. Instead, this blame-game has been harmful to Bitcoin's future as a real-life payment option. I'll say again, it doesn't matter who is right or wrong. All a company thinking about accepting Bitcoin for their business see is mud-throwing between big players and no (or little) news about a sollution. Meanwhile the value of BTC drops.

If my power goes out all i want is for someone to get it back on again. I don't care who is to blame and i'm certainly at that moment not interested in a technical discussion about who did what.

Ofcourse we (i assume no BTC newbies) agree on all your arguments. But to the outside world that is not important.

Mt Gox is unable or unwilling to act proactively since 2011.

They don't fix issues before they turn into real problems - they only take action after those issues have escalated into a catastrophe. Then, to add insult to injury, they barely talk to their customers at all and what little information they do release is incomplete and typically raises more questions than answers.

What do we know about Mt Gox's wallet problems?

1. It doesn't know the difference between newly-minted coins which can not be spent for 100 blocks and old coins which can be immediately withdrawn, so sometimes is credits customers for deposits which can not actually be withdrawn and it sometimes also attempts to include unmatured inputs into outgoing transactions.

2. It has a habit of producing invalid signatures, which it did not correct last year after the network started rejecting transactions with invalid signatures.

3. 1 and 2 combined to create a situation where a certain percentage of all withdrawals would end up "stuck" and never confirm. Instead of fixing the two root causes of this situation, they instead created a permanent workaround in the form of reissuing withdrawals. Maybe this was intended to be temporary, but it turned into just a normal part of doing business.

4. Their method for reissuing stuck transactions was sloppy in that the new did not invalidate the old one therefore it was theoretically possible for both transactions to be included in a block (customer gets paid twice).

5. Their wallet did not continually reconcile the blockchain against their internal accounting. If one of the inputs they believed was unspent got consumed by a transaction that was included in a block other than a transaction they were expecting, their wallet would not notice this. Presumably this happened because it only checked the blockchain for what it was expecting to see.

6. Because of the previous 5 mistakes, transaction malleability made it possible for malicious customers to trick Mt Gox's internal accounting system and pay them twice (or more).

So naturally they blame the Bitcoin protocol.

R.I.P MtGox !

Gox led with an attack.  The fact that their problem is their fault is just that, a fact.  It isn't an "attack" to point that out.  Their false claims that this is somehow the fault of the devs, though, are, well, false.  They had every opportunity to avoid making this mistake, and made it anyway.  Apparently, so did other exchanges, but Gox is unique in not rolling out a fix and instead blaming everyone else for their shoddy implementation.

Has any other exchange behaved in this atrocious manner?

I'll compare, for instance, Bitstamp.  Did they go around blaming everyone other than themselves?  No.  Their own press release was basically "Whoops.  Made a mistake, we're fixing it now."  And then they IMMEDIATELY fixed it.  That's how you do it if you're a professional.  Gox isn't unprofessional because they made a mistake.  Everyone makes mistakes.  They are unprofessional because of their pathetic and disgusting attempts at damage control, which involved trying to deflect blame to the entire world other than themselves.

Great news !

"Dear Bitstamp clients,

A denial-of-service attack caused us to suspend the processing of Bitcoin withdrawals. Bitstamp, with help from the Bitcoin core developers, has implemented a solution that passes our preliminary tests and audits.

After additional testing, we plan to enable Bitcoin withdraws later today.

Thank you for your understanding!

Best regards,

The Bitstamp team"

http://blogs.wsj.com/japanrealtime/2014/02/14/bitcoin-protester-confronts-mt-gox-executive/

I get that, i think you misunderstood. "they" was meant to be Gox. I'm sure everyone is trying to help. Gox does have a business but is blaming devs instead of rolling out a fix (like most other exchanges have or are). In return devs start blaming Gox. Just put aside for a minute whoever is right, all this attracts is non-tech-savvy media looking for a good story. What should have happened was people communicating about this issue and its sollution. Constructive critisism instead of mud-throwing. We've reached a point with Bitcoin where real businesses are getting in the game and using this technology for real-life payment purposes. This, in the end, is the real value of Bitcoin. The companies accepting Bitcoin don't necessarily have technical knowledge so all they see is the value of BTC rapidly deminishing and Gox and devs fighting out their differences in public media. This is harmful.

It's hilarious. They are pretty much admitting they stole the coins.

http://www.reddit.com/r/DarkNetMarkets/comments/1xtqty/sr_has_been_hacked/

so just another hoax in the blame game ??

So he admits gox didn't keep up to date with the new fixes and then asks why the devs didn't fix it?  Is he possibly a little brain damaged?  Maybe he thinks someone invented time travel in the last few years.

Fuck this smug, fat cocksucker.

I wish he were a tenth as good at doing his job as he is at damage control and deflecting blame.

The devs don't have a "business."  They're maintaining an open source project.  They don't need this terrorism.

Also, they can't simply just roll out a fix.  That idea is bullshit, and is basically Gox propaganda.  First, any problems resulting from this non-optimal implementation are easily avoidable by people who are not morons, but second, fixing it will take literally years.  This isn't because of the inherent technical issues, but because it will require re-writing existing clients as well.  So the devs can't just roll out a fix, the community has to absorb the brunt of the change as well.

The devs may be wizards, but they're not gods, and at this point, Bitcoin is widespread enough a lot of the software people are using is NOT under their control.  Wreaking havoc to fix Gox's problem is not something that makes any sense.

Mt Gox CEO Mark Karpeles Responds To Widespread Bitcoin Criticism

http://www.forbes.com/sites/leoking/2014/02/13/mt-gox-ceo-mark-karpeles-responds-to-widespread-bitcoin-criticism/