We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:
How did you pick up the vulnerable transactions? Those weren't relayed through the bitcoin network, just published through their API. With signatures which were mutable into standard format. (Which we can assume the attacker did for his own transactions.) 
Topic: New research proves: MtGox bitcoins NOT stolen using transaction malleability - page 3. (Read 25229 times)
March 27, 2014, 06:20:36 AM
March 27, 2014, 06:14:50 AM
It seems that hacker messed Mt Gox Off-Chain Bitcoin Balance.
March 27, 2014, 05:54:51 AM
Another goxxing, it never stops! 
March 27, 2014, 05:45:39 AM
Quote from: Conclusion
we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins.
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins.
My question is, if only 1,811 bitcoins were attacks on Mt Gox, where are the 300,189 others stolen from?
no one said they were stolen from anywhere.
March 27, 2014, 05:34:52 AM
Quote from: Conclusion
we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins.
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins.
My question is, if only 1,811 bitcoins were attacks on Mt Gox, where are the 300,189 others stolen from?
March 27, 2014, 05:30:47 AM
thanks for sharing the info but I for one never really believed what Gox had said was even remotely true mainly because if that was the case I'd suspect there would have been more transparency after the fact.
+1This story was shady from the start. Some kind of malleabilty that no one can comprehend... jesus it was a biggest bitcoin exchange how can they fail so miserably?
I think this is less for us and more for the morons out there who don't know anything about Bitcoin, part of the problem that MTGOX became was the fact that the media was giving them so much free advertising so of course all the new people who had never heard of Bitcoin before went there for Bitcoin trading, since they didn't know any better and didn't do research they got conned. I'm convinced now that Mark is going to prepare to run off the moment he gets his chance as all the evidence starts coming out about what he's been up to if he hasn't got a plan already, I'd be very surprised if he ends up in jail because governments just refuse to learn anything about how Bitcoin works especially since we've had our first major case of fraud with lots of victims involved.
March 27, 2014, 05:23:11 AM
http://arxiv.org/abs/1403.6676 <-- non-obscured link
While I suspect that their conclusion is correct, I really take exception to their methodology and assumptions. Mostly, they assume that a mutation will be visible as a double spend. However, the reference client's behavior regarding relaying transactions with degenerate signatures changed, so a sparse sensor network would likely only see the mutated transaction instead of a pair.
While I suspect that their conclusion is correct, I really take exception to their methodology and assumptions. Mostly, they assume that a mutation will be visible as a double spend. However, the reference client's behavior regarding relaying transactions with degenerate signatures changed, so a sparse sensor network would likely only see the mutated transaction instead of a pair.
I think that given bitcoin's 10 minute timeframe for rounds, and their decent connection of nodes, it is reasonable to assume that they customised clients logged the majority of such transactions.
March 27, 2014, 04:38:41 AM
Is it definite that you would have received both copies of a malleable transaction on the Nodes in question?
March 27, 2014, 03:58:00 AM
What a surprise! 
March 27, 2014, 03:54:37 AM
Some kind of malleabilty that no one can comprehend...
Although I agree with you 100% on the dubious nature of Gox's story, I have to argue one point. Many people can, and do, understand the malleability just fine. It is a real thing and was documented a long time ago.
But no, it most likely didn't cause the downfall of Gox.
March 27, 2014, 03:08:12 AM
thanks for sharing the info but I for one never really believed what Gox had said was even remotely true mainly because if that was the case I'd suspect there would have been more transparency after the fact.
+1This story was shady from the start. Some kind of malleabilty that no one can comprehend... jesus it was a biggest bitcoin exchange how can they fail so miserably?
March 27, 2014, 02:24:47 AM
Now this is an expert opinion that can be used in a court filing. Dr. Roger Wattenhofer is a full professor at ETH Zurich, working on distributed systems. He's published some good papers. He was at Microsoft Research for a few years, too.
It looks like the only Mt. Gox creditor who got off their butt and went to the Tokyo District Court is the guy behind "http://www.mtgoxrecovery.com/". So get this to them.
It looks like the only Mt. Gox creditor who got off their butt and went to the Tokyo District Court is the guy behind "http://www.mtgoxrecovery.com/". So get this to them.
March 27, 2014, 02:10:24 AM
thanks for sharing the info but I for one never really believed what Gox had said was even remotely true mainly because if that was the case I'd suspect there would have been more transparency after the fact.
March 27, 2014, 02:05:42 AM
Well, this is just another proof to something we already know. Mark Karpeles is a thief.
March 27, 2014, 02:04:23 AM
LoL...
Mark Karpeles got Goxed for his lie
Mark Karpeles got Goxed for his lie
March 27, 2014, 01:44:26 AM
good job
March 27, 2014, 01:43:36 AM
Wow -
So roughly 66k bitcoins were stolen after MtGox freeze? Who lost that much and is still afloat?
So roughly 66k bitcoins were stolen after MtGox freeze? Who lost that much and is still afloat?
I don't see where you're getting that number from, but even if it is correct, 66k of malleated bitcoins doesn't mean any coins were stolen. TM doesn't cause loss unless coupled with really bad software.
March 27, 2014, 12:52:06 AM
Maybe this will pressure gox into finding the rest of its bitcoins? maybe? 
March 27, 2014, 12:30:23 AM
Wow -
So roughly 66k bitcoins were stolen after MtGox freeze? Who lost that much and is still afloat?
So roughly 66k bitcoins were stolen after MtGox freeze? Who lost that much and is still afloat?
March 27, 2014, 12:20:56 AM
We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:
The complete results are here: http://bit.ly/1rCqKED
Quote from: Conclusion
The transaction malleability problem is real and should be considered
when implementing Bitcoin clients.
However, while MtGox claimed to have lost 850,000 bitcoins due to malleability
attacks, we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins. Even more,
78.64% of these attacks were ineffective. As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.
when implementing Bitcoin clients.
However, while MtGox claimed to have lost 850,000 bitcoins due to malleability
attacks, we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins. Even more,
78.64% of these attacks were ineffective. As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.
The complete results are here: http://bit.ly/1rCqKED
Great.
Now .... what are you going to do, to get this data into the hands of someone who can actually do something about it?
Cuz posting it here isn't going to matter much.
-B-
Jump to: