Pages:
Author

Topic: New Mt Gox Press Release - Feb 10 - they are claiming flaw in bitcoin protocol ! - page 8. (Read 33066 times)

sr. member
Activity: 308
Merit: 250
legendary
Activity: 1400
Merit: 1013
MtGox, continuing to prove the dunning-kruger effect

Their incompetence and arrogance really boggles the mind-- have they really not hired a consultant, ever?  They really feel like they're this brilliant powerhouse that discovered this (non)-issue?

I'm willing to bet an exploit using this very tactic was reported dozens of times, only to fall into customer support limbo.  And if that's the case, they deserve whatever lawsuit and/or criminal punishment is coming to them.

"The brillianty smart-people at MtGox have created a new way to store coins long term, in an encrypted zip file!  MtGox a hub of innovation and security!  A pillar of the community!  We discover critical security flaws only after they've made us insolvent!  HOORAY!"


Seriously this shit makes me rage so hard.  Fade into irrelevance MtGox, you served your purpose, and now you're like a herpes sore that just refuses to dry up.
Had Mt Gox been competent at all when designing their custom wallet software, they would have noted that tx-ids are mutable, so not reliable as an identifier until after being confirmed in the blockchain. They also should have been tracking UTXOs directly, not just blindly assuming that as long as no transaction matching a tx-id they generated those outputs remained unspent.
sr. member
Activity: 280
Merit: 250
I'm sure at this point they realize that but are going to "punish" the community (and by extension the core developers) by suspending withdrawals until it's fixed. As "trendy" as it is to blame Gox, there's enough blame to go around to both the developers and Gox. Mistakes on both sides that have cost many people a lot of money.
member
Activity: 110
Merit: 10
So, has anyone tried contacting Gox, and informing them that this "fundamental flaw" can be fixed simply by keeping a proper full record of the transaction rather than only keeping the tx-id?
legendary
Activity: 1512
Merit: 1012
MtGox is a clown.
They don't use a connected bitcoin API (blabla hacked, blabla hole secure, blabla bandwidth, blabla balance) ... and now, they talk that the bitcoin is in fault ?


Ah Ah Ah  Grin

newbie
Activity: 14
Merit: 0

...

But if it did occur, then a spend with the same input,output and quantity should have shown up to the receiver address right? Just not with the original txout. It wouldn't explain a transaction delay where nothing is transacted or would it?

Let me explain further, ppl dont receive their coins isnt because of this. Its because Gox system (bookkeeping) got messed up and send out non available coins since all tx are chain-linked.


Ok, so they sent out some coins. Then because they didn't see the txout in the blockchain (whether by helpful or malicious use of malleability), they considered the coins not spent and kept trying to send out the same coins that were not theirs anymore, blowing up their whole accounting system?

Given my own experience this must have been going on already on the 28th of january.
full member
Activity: 168
Merit: 100
MtGox, continuing to prove the dunning-kruger effect

Their incompetence and arrogance really boggles the mind-- have they really not hired a consultant, ever?  They really feel like they're this brilliant powerhouse that discovered this (non)-issue?

I'm willing to bet an exploit using this very tactic was reported dozens of times, only to fall into customer support limbo.  And if that's the case, they deserve whatever lawsuit and/or criminal punishment is coming to them.

"The brillianty smart-people at MtGox have created a new way to store coins long term, in an encrypted zip file!  MtGox a hub of innovation and security!  A pillar of the community!  We discover critical security flaws only after they've made us insolvent!  HOORAY!"


Seriously this shit makes me rage so hard.  Fade into irrelevance MtGox, you served your purpose, and now you're like a herpes sore that just refuses to dry up.
sr. member
Activity: 280
Merit: 250
It seems more like a protocol exploit than a bug or failure.
But it's one that has now been seen in the wild at least twice:
the ghash.io double-spend attacks against SD and now with withdraws from Gox.

Even if it is an exploit that affects certain types of business practices rather than a real protocol-level failure, it still seems serious.
At the time of the ghash double spend I remember gmaxwell saying essentially 'that's what you get if you base your business model on unconfirmed transactions," which I thought was a bit flip, but now it sounds like mutated transactions can make it into the block chain which seems to cement the obfuscation into a kind of "he said, she said" scenario.  

Even if it has been known about for several years, it has now come to life in a big way. Not good.

You can PM me your apology if you're too shy to make it in public.
legendary
Activity: 2212
Merit: 1199
1 thing is good that MtGox mess does :

they make cheap coins Cheesy
hurray!
sr. member
Activity: 263
Merit: 250
I haven't read this entire thread yet...

Why do people insist on talking about things they do not understand?  That puts you on a par with the journalists who tell the world that Bitcoin is a Ponzi scheme.

God gave you two ears and one mouth so you would spend more time listening than talking.  Unfortunately, he goofed and gave you 2 eyes and 10 fingers.  Big mistake!
hero member
Activity: 840
Merit: 509
Quote
from gmaxwell
21 January 2013‎
And you'll note that page is citing a forum thread from 2011.  Bitcoin v0.8 rolled out the first round of fixes to eventually remove malleability way back then too... and we've seen bouts of amounts of malleability use on the network, back in 2012 if not sooner— I haven't grepped my logs.

I overlooked the 2013  Sad

But if it did occur, then a spend with the same input,output and quantity should have shown up to the receiver address right? Just not with the original txout. It wouldn't explain a transaction delay where nothing is transacted or would it?

Let me explain further, ppl dont receive their coins isnt because of this. Its because Gox system (bookkeeping) got messed up and send out non available coins since all tx are chain-linked.


What the hell were they sending out then? Do they have a coin deficit or something?
legendary
Activity: 2156
Merit: 1131

I post here to say that I'm not gonna read a single word of all that crap.

Thank you.
sr. member
Activity: 406
Merit: 250
This is bad. Only reason I see them doing this is so they can lower value of Bitcoin so their loss is lower. That is if Bitcoin is worth less maybe they can pull trough.
hero member
Activity: 658
Merit: 500
I haven't read this entire thread yet, but is this true? The TX ID can be modified and re-broadcast to effectively double-spend? If this is the case, not only is MtGox justified in their issues, but they've also demonstrated to the entire world how stupid this community is to believe BTC is without flaw and can't be taken to $0 if the right individuals were to go through this protocol with a fine-toothed comb. What a terrible concept to implement. What is the purpose of a TX ID if not to identify a TX? What could possibly be achieved by allowing such an ID to be modified?

No you're stupid.


Go read again.
sr. member
Activity: 308
Merit: 250
I haven't read this entire thread yet, but i......................

I stopped reading your post there.
hero member
Activity: 658
Merit: 500

Trying to dumb this down for me so I can understand it better and explain it to my friends:

I request $1,000 to be wired to me from Company A. Since there are so many wires with Company A, they have developed their own automated process. I notice a flaw in their code, so that after they send the wire, I can screw with the receipt that they get from the bank, making it seem to them that the wire didn't go through. Their flawed system doesn't check the bank balance, it just goes off of their flawed receipt. Therefore, I can request they send again.

Is this about accurate?

Yup.... now do you blame the bank or yourself for not checking the balance?
sr. member
Activity: 280
Merit: 250
I haven't read this entire thread yet, but is this true? The TX ID can be modified and re-broadcast to effectively double-spend? If this is the case, not only is MtGox justified in their issues, but they've also demonstrated to the entire world how stupid this community is to believe BTC is without flaw and can't be taken to $0 if the right individuals were to go through this protocol with a fine-toothed comb. What a terrible concept to implement. What is the purpose of a TX ID if not to identify a TX? What could possibly be achieved by allowing such an ID to be modified?
legendary
Activity: 1639
Merit: 1006
If I am correct, I think a class action against Gox is in order. Please tell me if I am right....

1. This "flaw" will never be exposed to an individual paying another individual as you can always use your eyeballs to check your address for payment. If you got paid, and if your payment went to the address... then Blockchain.info or any blockchain site would show your payment.
2. This "flaw" is really just an exploit against stupid exchanges or people that write their own program to confirm payments are complete. If the program you write is not smart enough to see that the transaction was actually successful you might stupidly pay again....

So Gox blames the protocol so they don't look so dumb. Isn't this like screaming fire in a theater or spreading rumors that all cows have mad-cow disease.

Am I right? If so, Gox is doomed.... and we should all be buying bitcoin crazy at these prices.

One other thought. I think the US government is behind this exploit as they are just paying Gox a little revenge for not using AML effectively. Gox will know which accounts are stealing from them, but they won't be able to do anything about it because all they will have is an email address for an account created three years ago....... funny....

hero member
Activity: 658
Merit: 500
Quote
from gmaxwell
21 January 2013‎
And you'll note that page is citing a forum thread from 2011.  Bitcoin v0.8 rolled out the first round of fixes to eventually remove malleability way back then too... and we've seen bouts of amounts of malleability use on the network, back in 2012 if not sooner— I haven't grepped my logs.

I overlooked the 2013  Sad

But if it did occur, then a spend with the same input,output and quantity should have shown up to the receiver address right? Just not with the original txout. It wouldn't explain a transaction delay where nothing is transacted or would it?

Let me explain further, ppl dont receive their coins isnt because of this. Its because Gox system (bookkeeping) got messed up and send out non available coins since all tx are chain-linked.
global moderator
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
This type of stuff must and will happen.  Sucks for the people who have their coins in Gox, and nothing can be done to alleviate that feeling or loss.

BTC has never been stress-tested in the public eye in its history ever before like this, and thus this situation is nothing more than an excellent PR opportunity for the BTC community to demonstrate the innate resiliency of the network as a whole.

Yeah, whilst I don't sweat the fluctuations, the only comforting thing about them is the price bounces back quite quickly. Bubbles and crashes usually don't.
Pages:
Jump to: