New Mt Gox Press Release - Feb 10 - they are claiming flaw in bitcoin protocol ! - page 6.

Brangdon

sr. member

Activity: 365

Merit: 251

Quote from: njcarlos on February 10, 2014, 10:05:09 AM

I think my point was that there is not real utility in allowing a TX ID to be modified. I'd be open to hearing what I might be overlooking but at face value it seems like a very poor decision in design.

It wasn't really a design decision. Malleability is naturally allowed unless they take steps to prevent it, which they presumably didn't think was necessary at the time. Which it isn't, really. Only one transaction makes it into the block chain, and that has a single, unambiguous hash. Even now, they have taken steps to tighten it up, but it's not a priority for devs compared to more fundamental issues (like scalability).

Quote from: dorobotsdream on February 10, 2014, 10:20:30 AM

I think this txid mutability doesn't cause double-spend by itself. But if the sender (i.e. Mt. Gox) thinks (erroneously) the coins didn't arrive because they didn't see the txid and somebody complained and they did the spend again, then it depends. If the sending address still holds enough coin, or if they use a different address then the sender does a double-spend.

That's not actually a Bitcoin double-spend, though. The second spend involves different bitcoins to the first. There are no double-spent coins in the block chain.

When you think you hold bitcoin in MtGox, you actually hold an IOU for the bitcoin, and you might be able to double-spend that IOU. That's a matter internal to MtGox. It's not a problem for the wider Bitcoin community, any more than MtGox getting hacked would be.

gabbello

member

Activity: 116

Merit: 11

Quote from: dorobotsdream on February 10, 2014, 10:20:30 AM

I think this txid mutability doesn't cause double-spend by itself. But if the sender (i.e. Mt. Gox) thinks (erroneously) the coins didn't arrive because they didn't see the txid and somebody complained and they did the spend again, then it depends. If the sending address still holds enough coin, or if they use a different address then the sender does a double-spend. It could be that somebody acquired knowledge of their accounting flaw and used it to their advantage.

+1.

If this truly happened (a lot of times) than Mt.Gox is in trouble as they double-spent the money themselves without double-checking what really happened.

However, it is funny how they managed to move the discussion in to a different direction (bug in bitcoin) instead of explaining why they stopped the withdrawals. Ok, they were using txid and their systems where not able to pick up the transactions after they sent it automatically, however why do they stop all withdraws and request a change in code of BTC and do not simply change their own code (or give a timeline how long it takes to change their code)?

atp1916

legendary

Activity: 854

Merit: 1000

Quote from: 5flags on February 10, 2014, 11:11:19 AM

http://www.businessweek.com/news/2014-02-10/is-bitcoin-over-mt-dot-gox-pauses-withdrawals

Sigh

All of the old world institutions that worship ‎John Maynard Keynes will be shamed.

We need to amass an army of commenters at the bottom of every single article like this one to refute such foolishness with facts and history about the bitcoin network's resiliency rating.

The BTC train has already left the building. Get on or get flattened.

callem

member

Activity: 130

Merit: 10

Karpeles just threw bitcoin under the bus as a distraction from obvious liquidity issues at mtgox.

Rest assured that it's all FUD to those who understand the protocol, so enjoy this excellent buying opportunity while it lasts.

(just not on mtgox - the exploding Death Star of bitcoin exchanges)

il--ya

newbie

Activity: 47

Merit: 0

It was discussed back in 2011
https://bitcointalksearch.org/topic/new-attack-vector-8392

The patches were submitted in late 2012: https://github.com/bitcoin/bitcoin/blame/master/src/script.cpp

The protocol specification was updated in April 2011:
https://en.bitcoin.it/w/index.php?title=Protocol_specification&oldid=7624
Edited on 24 April 2011:
"Signatures use DER encoding to pack the r and s components into a single byte stream (because this is what OpenSSL produces by default). "

MtGox is a bunch of liars (should make this a signature, probably).

5flags

full member

Activity: 224

Merit: 100

Professional anarchist

http://www.businessweek.com/news/2014-02-10/is-bitcoin-over-mt-dot-gox-pauses-withdrawals

Sigh

franky1

legendary

Activity: 4424

Merit: 4794

Quote from: td services on February 10, 2014, 11:01:24 AM

There is never any legitimate excuse for any financial services company to not immediately return a customer's money upon request. Mtgox has delayed customer withdrawals for almost a year now. This means Mtgox is insolvent. Do NOT keep any more money there than you are willing to lose.

wow.. hang on.. you must not have a bank

daily limits, AML query's and that such. look at Cyprus and other noteworthy government led bank blockages

although i morally agree that no financial service of any kind should block peoples funds... it does happen.

and i totally agree that there is no viable reason to block a bitcoin transaction, bitcoins are stored on private keys.. so blaming a protocol is simply blaming software, which can be altered/replaced

deforme

member

Activity: 76

Merit: 10

Quote from: yannis7777 on February 10, 2014, 10:56:00 AM

Worst thing is not to panic sell. Rather it is to purchase at the start of the panicking process.
MtGox manipulate the market indirectly this is so effin apparent.

or maybe getting fiat end of the panic

Rampion

legendary

Activity: 1148

Merit: 1018

Quote from: Rannasha on February 10, 2014, 10:48:47 AM

Quote from: FrictionlessCoin on February 10, 2014, 10:31:00 AM

This is just poor bookeeping on Mt.Gox side.

This is exactly what it is. Poor bookkeeping, nothing more, nothing less.

Pretty clear to anybody with an average understanding of Bitcoin... But I have to say that I'm enjoying all this noobs with low activity screaming and crying about Bitcoin possibly going to 0... I bet that they are the ones who sold me all those $550 coins on Bitstamp, now hoping to grab some $450 coins.

franky1

legendary

Activity: 4424

Merit: 4794

mtgox have bitcoin on private keys... a private key is just a private key, even without a client involved the funds are on a private key.

the only code issue is with their own version of the client, which they have adapted to work with their systems autonomously

there are plenty of other client programs around to drop mtgox private keys into, and then using their own eyes to look at the database of balances, to manually repay the BTC.

i think even a 10yo could script something that looks at a database and sends info to a bitcoin client to send funds, and they would do it in under 24 hours.

td services

sr. member

Activity: 448

Merit: 250

black swan hunter

There is never any legitimate excuse for any financial services company to not immediately return a customer's money upon request. Mtgox has delayed customer withdrawals for almost a year now. This means Mtgox is insolvent. Do NOT keep any more money there than you are willing to lose.

dorobotsdream

newbie

Activity: 14

Merit: 0

Quote from: FrictionlessCoin on February 10, 2014, 10:31:00 AM

Quote from: dorobotsdream on February 10, 2014, 10:20:30 AM

Quote from: Brangdon on February 10, 2014, 10:03:21 AM

Quote from: njcarlos on February 10, 2014, 09:30:24 AM

I haven't read this entire thread yet, but is this true? The TX ID can be modified and re-broadcast to effectively double-spend?

It's not true. Both versions of the transaction will have the same inputs, outputs and amounts; they are two different ways of expressing the same transaction, and only one will be accepted by the network, so there is no double-spend. No-one should care which version of the transaction gets accepted. (MtGox did care, and that's their mistake.)

I think this txid mutability doesn't cause double-spend by itself. But if the sender (i.e. Mt. Gox) thinks (erroneously) the coins didn't arrive because they didn't see the txid and somebody complained and they did the spend again, then it depends. If the sending address still holds enough coin, or if they use a different address then the sender does a double-spend. It could be that somebody acquired knowledge of their accounting flaw and used it to their advantage.

This is just poor bookeeping on Mt.Gox side.

If 5 BTC is sent from address X to address Y, then it will be permanently on record in the block chain. Does not matter which TXID was used.

That is true. But if Mt. Gox used a shortcut to finding out if THEIR transaction to Y went through by comparing txid in the blockchain with their originally created txid, then they would miss the transaction having gone through. Someone making use of this shortcut flaw (probably the one who caused the difference txid? Or could it have naturally occurred (experts?)) could have convinced Mt.Gox to then double spend.

Meuh6879

legendary

Activity: 1512

Merit: 1012

Quote from: Draino on February 10, 2014, 10:15:23 AM

If that's the case, I'd hope that the core developers would continue working on Bitcoin's problem with scaling, and not escalate the malleability thing much at all.

One more time.
Bitcoin DEV have nothing to do with INTERNAL MtGox API ... that it "emulate" bitcoin transaction (internal balance to reduce bandwidth on bitcoin network ... and don't send the amount of bitcoin buy AND sell with a 0 INTERNAL balance at the end).

CoinShovel

newbie

Activity: 11

Merit: 0

Quote from: yatsey87 on February 10, 2014, 10:53:53 AM

Quote from: CoinShovel on February 10, 2014, 10:45:20 AM

How can we get MT Gox stripped from the Bitcoin Foundation along with it's CEO, Mark Karpeles?

This is doing tremendous damage to the community and they're still plastered all over the face of the Foundation that is supposed to be helping the community grow.

Keep protesting and demanding he resign or be booted out.

I would assume other BF members have some pull and can force a resignation as well as also strip away a "Platinum" membership rating.

goxed

legendary

Activity: 1946

Merit: 1006

Bitcoin / Crypto mining Hardware.

<-
Mountain out of a molehole. goxstyle. to buy in cheap btc. buggers!

yannis7777

member

Activity: 84

Merit: 10

Worst thing is not to panic sell. Rather it is to purchase at the start of the panicking process.
MtGox manipulate the market indirectly this is so effin apparent.

yatsey87

hero member

Activity: 840

Merit: 509

Quote from: CoinShovel on February 10, 2014, 10:45:20 AM

How can we get MT Gox stripped from the Bitcoin Foundation along with it's CEO, Mark Karpeles?

This is doing tremendous damage to the community and they're still plastered all over the face of the Foundation that is supposed to be helping the community grow.

Keep protesting and demanding he resign or be booted out.

WesandEAC

full member

Activity: 140

Merit: 100

Hehe so fellas, here we have Mt Gox blaming the core development team even though the problem was well documented in 2011

https://en.bitcoin.it/wiki/Transaction_Malleability

And then after blaming them, they ask for help to adopt their proposal which clearly is an undefined rendition of what the rest of the community is doing because no other exchange has any problem and are operating just fine.

I see this as the chess pieces being stacked to make a sacrifice and cut Gox loose, they could use the excuse that the core team did not want to help them. Good try but we see the play pretty clearly here hehe. I am sure from Mark's perspective he feels right and just. However he is wrong Sad

By some miracle the tightly knit community may come together and fix this as there has never been a phenomenon of people working together as is occurs in the Bitcoin World to my knowledge - that is the only mitigating factor. Good luck everyone.

Rannasha

hero member

Activity: 728

Merit: 500

Quote from: FrictionlessCoin on February 10, 2014, 10:31:00 AM

This is just poor bookeeping on Mt.Gox side.

This is exactly what it is. Poor bookkeeping, nothing more, nothing less.

nosf009

full member

Activity: 196

Merit: 100

Quote from: FrictionlessCoin on February 10, 2014, 10:44:36 AM

Quote from: g0re79 on February 10, 2014, 10:31:54 AM

Recently released MtGox´s statement at https://www.mtgox.com/press_release_20140210.html is largest pile of BS FUD I ever saw - does anybody actually believe them? No reference to anyone from BitCoin devs, no proof of anything, just bullcrap. They picked up (or made up, whatever) minor, hardly achievable and easilly trackable flaw and build a story around it, which in the end sounds to me like arguing that someone with time machine can pause time and rob Your pockets meanwhile.. They fucked up badly with their amateurish coding sklills, thats all. And the most horrible about theese sick fucks is that they are trying to drag whole cryptoscene to hell with them, as they know this is theirs end:

Quote

Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.

Pricks..

They are trying to come up with any plausible excuse to prevent a massive bank run.

The question I have is, if this is a Bitcoin problem, then why are there also delays for withdrawing USD?

Because that yacht and expensive hoes cost soo much, and also are appealing to the (not only) eye, so, enjoy while you can?
Kidding. Ofc, it's about delaying doom.

And yes, community should strike back hard and with no compromise, fuck them off, and continue. Help the fellow crypto guys who got their money fucked by putting a large pressure on them and cut off that cancer once for all. Why so harsh? Because if there was no statement that's more or less insult to our IQ, we could talk, but this seems like they don't much give a F for community, so why should we give back anything but FUD and bad stuff? Simple.

Topic: New Mt Gox Press Release - Feb 10 - they are claiming flaw in bitcoin protocol ! - page 6. (Read 33066 times)