Pages:
Author

Topic: New research proves: MtGox bitcoins NOT stolen using transaction malleability (Read 25278 times)

legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
Well, this is just another proof to something we already know. Mark Karpeles is a thief.

How long before a lynch mob hunts him down? How many people lost $10+?

If Mark is alive you have a better chance of getting the coins back.  (better than zero)
sr. member
Activity: 364
Merit: 250
yea we need to get this guy in the trials to testify, I hope Karplese goes to jail
sr. member
Activity: 308
Merit: 251
I like big BITS and I cannot lie.
LoL...

Mark Karpeles got Goxed for his lie  Grin
Let's see, so if I owned one of the largest bitcoin exchanges, I might be tempted to shut down as well; claiming that most of coins were stolen while I was secretly funneling them into multiple personal anonymous accounts. Then eventually when I had enough coins stored up, I would let the shit hit the fan by saying the coins are stolen, and then proceed to file for bankruptcy. Lastly, I'd sneak off and buy my own little island where nobody would find me.

Even Houdini couldn't lose himself this day and age.
newbie
Activity: 42
Merit: 0
LoL...

Mark Karpeles got Goxed for his lie  Grin
Let's see, so if I owned one of the largest bitcoin exchanges, I might be tempted to shut down as well; claiming that most of coins were stolen while I was secretly funneling them into multiple personal anonymous accounts. Then eventually when I had enough coins stored up, I would let the shit hit the fan by saying the coins are stolen, and then proceed to file for bankruptcy. Lastly, I'd sneak off and buy my own little island where nobody would find me.
legendary
Activity: 2212
Merit: 1038
If Empty Gox was selling empty Bitcoin place-holders then whatever was in the hot-wallet (the fraction of the reserve) was all they had. The "missing" Bitcoins are simply the revelation of null Bitcoins. It looks more like fraudulently obtained fiat than missing crypto IMO.

The bigger problem I see here is that banks all run on this fractional reserve system. Anybody holding fiat risks getting "goxed".
legendary
Activity: 1437
Merit: 1002
https://bitmynt.no
Which if from which to which date?
Just one point in time.  The list was updated every 20 minutes, and my version contains 1211 transactions.  Not sure of the time.
newbie
Activity: 37
Merit: 0
Which if from which to which date?
legendary
Activity: 1437
Merit: 1002
https://bitmynt.no
I think at least 1257 BTC, and probably not much more, were lost through the malleability bug.  Based on the fact that there were 1257 BTC in double spent inputs in the last full bitcoin_tx.php I could get hold of before they shut down.  MtGox wouldn't detect the fact that the inputs were spent when the transaction got a new txid, and try to spend them again in another transaction.
You seem to have separate data, which are suitable for similar scans?
I only kept this last file.  Sad
newbie
Activity: 37
Merit: 0
I think at least 1257 BTC, and probably not much more, were lost through the malleability bug.  Based on the fact that there were 1257 BTC in double spent inputs in the last full bitcoin_tx.php I could get hold of before they shut down.  MtGox wouldn't detect the fact that the inputs were spent when the transaction got a new txid, and try to spend them again in another transaction.

You seem to have separate data, which are suitable for similar scans?
legendary
Activity: 1437
Merit: 1002
https://bitmynt.no
Because the transactions will not be accepted by bitcoin nodes.  Invalid transactions are discarded and not relayed to other clients, just as when someone send your client some random data.  It may even disconnect the other node and blacklist it.  (The MtGox transactions were not invalid enough to warrant a blacklist, just non-standard so normal bitcoin nodes won't accept or relay them, but will accept them if mined in a block by someone else.)
I can only barely understand the technical details of the paper, I must admit that. But if what your are saying is correct, how could thexy detect the TM after the media impact, if their algorithms were based on rejecting nodes? That i do not understand.
There are different ways to mutate a transaction.  The "researchers" detected one special kind where both versions of the transaction were standard.  Just an opcode changed to another with the same function.  The vulnerable MtGox transactions were of a different kind and non-standard since 0.8, so they could only detect the version which was confirmed.  Not the original from MtGox.

Quote
However, when it should turn out, that the paper is plain wrong, there is still a huge doubt about the purpordedtly loss of ALL BITCOINS by means of this "bug". The simple difference is, that we do not a have a proof yet.
I think at least 1257 BTC, and probably not much more, were lost through the malleability bug.  Based on the fact that there were 1257 BTC in double spent inputs in the last full bitcoin_tx.php I could get hold of before they shut down.  MtGox wouldn't detect the fact that the inputs were spent when the transaction got a new txid, and try to spend them again in another transaction.
Quote
Still there is one thing to check, in my opinion. The authors claimed that they could fit their recorded data to the database-data from Mt.Gox. That should be done before rejecting their work as "wrong", shouldnt it?
A few of MtGox's transactions may have been mutated this way as well.  It is certainly an exception.
newbie
Activity: 37
Merit: 0
Looks good, I hope this result can be verified!
It has already been shown to be wrong.

They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients.  MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed.  The transactions were only published through MtGox's API, and the researchers didn't look there.  The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.
Can you explain that? How can transactions be made "invisible"?
Because the transactions will not be accepted by bitcoin nodes.  Invalid transactions are discarded and not relayed to other clients, just as when someone send your client some random data.  It may even disconnect the other node and blacklist it.  (The MtGox transactions were not invalid enough to warrant a blacklist, just non-standard so normal bitcoin nodes won't accept or relay them, but will accept them if mined in a block by someone else.)


I can only barely understand the technical details of the paper, I must admit that. But if what your are saying is correct, how could thexy detect the TM after the media impact, if their algorithms were based on rejecting nodes? That i do not understand.

However, when it should turn out, that the paper is plain wrong, there is still a huge doubt about the purpordedtly loss of ALL BITCOINS by means of this "bug". The simple difference is, that we do not a have a proof yet.

Still there is one thing to check, in my opinion. The authors claimed that they could fit their recorded data to the database-data from Mt.Gox. That should be done before rejecting their work as "wrong", shouldnt it?
legendary
Activity: 1437
Merit: 1002
https://bitmynt.no
Looks good, I hope this result can be verified!
It has already been shown to be wrong.

They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients.  MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed.  The transactions were only published through MtGox's API, and the researchers didn't look there.  The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.
Can you explain that? How can transactions be made "invisible"?
Because the transactions will not be accepted by bitcoin nodes.  Invalid transactions are discarded and not relayed to other clients, just as when someone send your client some random data.  It may even disconnect the other node and blacklist it.  (The MtGox transactions were not invalid enough to warrant a blacklist, just non-standard so normal bitcoin nodes won't accept or relay them, but will accept them if mined in a block by someone else.)
Quote
Of course the API would have been a better source, but still they also must have appeared in the public history... that is why they had the data.
They don't have the data.  They would have to connect directly to MtGox's bitcoin nodes to get the transactions directly from them, and it is safe to assume they didn't.  From their paper:
Quote
In average we connected to 992 peers, which at the time of writing is approximately 20% of the reachable nodes. According to Bamert et al. [4] the probability of detecting a double spending attack quickly converges to 1 as the number of sampled peers increase
Bamert et al. assumes the double spending transactions will be relayed through the network.  The vulnerable transactions from MtGox lacked this property, and it is unlikely to detect them when only conncted to 20% of all bitcoin nodes.  (Assuming they removed the standard test before compiling their own node; otherwise they wouldn't be able to detect the vulnerable transactions at all.)

Also: the problem with MtGox's vulnerable transactions was invalid padding of the S- or R-value in the signature.  Those were easy to fix by removing the extra padding.  The "researchers" didn't detect a single incident of this modification.  Indicating that they probably had the standard test in place in their client.

The paper is worthless.
sr. member
Activity: 308
Merit: 251
I like big BITS and I cannot lie.
My question is, if only 1,811 bitcoins were attacks on Mt Gox, where are the 300,189 others stolen from?
Who said that they were stolen?

Yes, mark stole them.
newbie
Activity: 37
Merit: 0
Looks good, I hope this result can be verified!
It has already been shown to be wrong.

They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients.  MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed.  The transactions were only published through MtGox's API, and the researchers didn't look there.  The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.

Can you explain that? How can transactions be made "invisible"?
Of course the API would have been a better source, but still they also must have appeared in the public history... that is why they had the data.
hero member
Activity: 798
Merit: 500
Time is on our side, yes it is!
All I know for sure is Gox is incompetent noth saying this may not have been a legitimate mistake but I am saying that they have not been very professional many times in the past. 
full member
Activity: 210
Merit: 100
Yep. most ppl in here know that.
newbie
Activity: 56
Merit: 0
If MTGOX really like that if they can not be released before the withdrawal, then the attacker would not be eyeing MTGOX. Therefore, these attacks did not come to investigate the transaction scalability of this loophole is purveyed for personal gain and attacks before the suit. Bitcoin from the existing number, the latter is more likely motive.

Still questionable whether there are other services because MTGOX promptly inform the message prepared for the sudden surge. Is not that the news release caused commercial damage (to remind imitators to attack them) examples?
legendary
Activity: 1437
Merit: 1002
https://bitmynt.no
Looks good, I hope this result can be verified!
It has already been shown to be wrong.

They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients.  MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed.  The transactions were only published through MtGox's API, and the researchers didn't look there.  The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.
full member
Activity: 214
Merit: 101
Still not sure about this - if for example Gox had a private arrangement with a certain mining pool, that would not re-broadcast it's transactions outside of this pool, could not someone take said transactions and broadcast a malleable form to the rest of the Network?
The data collection method in the article would not seem to account for such a possibility.
The problematic transactions weren't accepted by normal nodes, or relayed, because the signature was on a non-standard format.  The transactions were only available through MtGox's API, where an attacker could change the signature into a standard format, mutating it and making it relayable.  To me this entire paper seems seriously flawed.  The authors haven't understood the issue specific to MtGox.

I didn't know about the non-standard form - who was mining the Mt.Gox transactions?
newbie
Activity: 42
Merit: 0
thanks for sharing the info but I for one never really believed what Gox had said was even remotely true mainly because if that was the case I'd suspect there would have been more transparency after the fact.
+1
This story was shady from the start. Some kind of malleabilty that no one can comprehend... jesus it was a biggest bitcoin exchange how can they fail so miserably?
Pages:
Jump to: