Topic: New research proves: MtGox bitcoins NOT stolen using transaction malleability (Read 25228 times)

If Mark is alive you have a better chance of getting the coins back.  (better than zero)

yea we need to get this guy in the trials to testify, I hope Karplese goes to jail

Even Houdini couldn't lose himself this day and age.

Let's see, so if I owned one of the largest bitcoin exchanges, I might be tempted to shut down as well; claiming that most of coins were stolen while I was secretly funneling them into multiple personal anonymous accounts. Then eventually when I had enough coins stored up, I would let the shit hit the fan by saying the coins are stolen, and then proceed to file for bankruptcy. Lastly, I'd sneak off and buy my own little island where nobody would find me.

If Empty Gox was selling empty Bitcoin place-holders then whatever was in the hot-wallet (the fraction of the reserve) was all they had. The "missing" Bitcoins are simply the revelation of null Bitcoins. It looks more like fraudulently obtained fiat than missing crypto IMO.

The bigger problem I see here is that banks all run on this fractional reserve system. Anybody holding fiat risks getting "goxed".

Just one point in time.  The list was updated every 20 minutes, and my version contains 1211 transactions.  Not sure of the time.

Which if from which to which date?

I only kept this last file. 

You seem to have separate data, which are suitable for similar scans?

There are different ways to mutate a transaction.  The "researchers" detected one special kind where both versions of the transaction were standard.  Just an opcode changed to another with the same function.  The vulnerable MtGox transactions were of a different kind and non-standard since 0.8, so they could only detect the version which was confirmed.  Not the original from MtGox.

I think at least 1257 BTC, and probably not much more, were lost through the malleability bug.  Based on the fact that there were 1257 BTC in double spent inputs in the last full bitcoin_tx.php I could get hold of before they shut down.  MtGox wouldn't detect the fact that the inputs were spent when the transaction got a new txid, and try to spend them again in another transaction.
A few of MtGox's transactions may have been mutated this way as well.  It is certainly an exception.

I can only barely understand the technical details of the paper, I must admit that. But if what your are saying is correct, how could thexy detect the TM after the media impact, if their algorithms were based on rejecting nodes? That i do not understand.

However, when it should turn out, that the paper is plain wrong, there is still a huge doubt about the purpordedtly loss of ALL BITCOINS by means of this "bug". The simple difference is, that we do not a have a proof yet.

Still there is one thing to check, in my opinion. The authors claimed that they could fit their recorded data to the database-data from Mt.Gox. That should be done before rejecting their work as "wrong", shouldnt it?

Because the transactions will not be accepted by bitcoin nodes.  Invalid transactions are discarded and not relayed to other clients, just as when someone send your client some random data.  It may even disconnect the other node and blacklist it.  (The MtGox transactions were not invalid enough to warrant a blacklist, just non-standard so normal bitcoin nodes won't accept or relay them, but will accept them if mined in a block by someone else.)
They don't have the data.  They would have to connect directly to MtGox's bitcoin nodes to get the transactions directly from them, and it is safe to assume they didn't.  From their paper:
Bamert et al. assumes the double spending transactions will be relayed through the network.  The vulnerable transactions from MtGox lacked this property, and it is unlikely to detect them when only conncted to 20% of all bitcoin nodes.  (Assuming they removed the standard test before compiling their own node; otherwise they wouldn't be able to detect the vulnerable transactions at all.)

Also: the problem with MtGox's vulnerable transactions was invalid padding of the S- or R-value in the signature.  Those were easy to fix by removing the extra padding.  The "researchers" didn't detect a single incident of this modification.  Indicating that they probably had the standard test in place in their client.

The paper is worthless.

Yes, mark stole them.

Can you explain that? How can transactions be made "invisible"?
Of course the API would have been a better source, but still they also must have appeared in the public history... that is why they had the data.

All I know for sure is Gox is incompetent noth saying this may not have been a legitimate mistake but I am saying that they have not been very professional many times in the past. 

Yep. most ppl in here know that.

If MTGOX really like that if they can not be released before the withdrawal, then the attacker would not be eyeing MTGOX. Therefore, these attacks did not come to investigate the transaction scalability of this loophole is purveyed for personal gain and attacks before the suit. Bitcoin from the existing number, the latter is more likely motive.

Still questionable whether there are other services because MTGOX promptly inform the message prepared for the sudden surge. Is not that the news release caused commercial damage (to remind imitators to attack them) examples?

It has already been shown to be wrong.

They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients.  MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed.  The transactions were only published through MtGox's API, and the researchers didn't look there.  The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.

I didn't know about the non-standard form - who was mining the Mt.Gox transactions?

+1
This story was shady from the start. Some kind of malleabilty that no one can comprehend... jesus it was a biggest bitcoin exchange how can they fail so miserably?