The research looks quite solid. They looked for the right things, and if their data is complete I agree with the conclusions.
There are 3 possible weaknesses to this study in relation to Mt. Gox:
1. The data started in January 2013, so it's possible Gox was hit much harder in previous years. Although that would also mean the amount of time they spent oblivious to the problem increases.
2. It's possible there was more information on the network that the researches weren't able to log. For example if an attacker had control of many nodes very close (physically) to Mt. Gox, and were somehow able to send out their modified transactions faster and "better", then it's possible the authentic transactions were killed before being recorded by the researchers.
3. As the researchers admit, we can't see how Gox actually reacted to the modified transactions. Gox resent transactions using different inputs (or addresses, even) so it's very hard to detect a resend. If they were to release their records of all withdrawal requests we could compare them to the blockchain and find any discrepancies, but they haven't done that (and it's possible they don't have complete records anyway).
Anyway, good job on the study!
Topic: New research proves: MtGox bitcoins NOT stolen using transaction malleability - page 4. (Read 25229 times)
March 26, 2014, 11:55:59 PM
March 26, 2014, 11:23:32 PM
it seems to be truth, guys, hope anybody can verify it.
March 26, 2014, 11:19:57 PM
As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.
No surprise here.
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.
No surprise here.
March 26, 2014, 11:17:49 PM
http://arxiv.org/abs/1403.6676 <-- non-obscured link
While I suspect that their conclusion is correct, I really take exception to their methodology and assumptions. Mostly, they assume that a mutation will be visible as a double spend. However, the reference client's behavior regarding relaying transactions with degenerate signatures changed, so a sparse sensor network would likely only see the mutated transaction instead of a pair.
While I suspect that their conclusion is correct, I really take exception to their methodology and assumptions. Mostly, they assume that a mutation will be visible as a double spend. However, the reference client's behavior regarding relaying transactions with degenerate signatures changed, so a sparse sensor network would likely only see the mutated transaction instead of a pair.
March 26, 2014, 10:48:27 PM
send it to FBI
March 26, 2014, 10:33:49 PM
Good job. Let's find the truth.
March 26, 2014, 09:01:45 PM
We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:
Quote
In this work we use traces of the Bitcoin network for over a year preceding the filing to show that[...]
Although I'm sure your conclusion is correct, if you only examined a year's worth of data that doesn't conclusively prove there was no TM loss. Results for previous years would likely be the same, but we can't just assume that.
March 26, 2014, 08:38:34 PM
wow very good work and shocking results.. waiting for this to be validated
March 26, 2014, 08:36:03 PM
Thank you, looks like TM was just a convenient excuse for MK.
March 26, 2014, 08:32:39 PM
Do we have any bitcoin experts on this board that can validate these findings?
March 26, 2014, 08:17:18 PM
We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:
The complete results are here: http://bit.ly/1rCqKED
Quote from: Conclusion
The transaction malleability problem is real and should be considered
when implementing Bitcoin clients.
However, while MtGox claimed to have lost 850,000 bitcoins due to malleability
attacks, we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins. Even more,
78.64% of these attacks were ineffective. As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.
when implementing Bitcoin clients.
However, while MtGox claimed to have lost 850,000 bitcoins due to malleability
attacks, we merely observed a total of 302,000 bitcoins ever being
involved in malleability attacks. Of these, only 1,811 bitcoins were in
attacks before MtGox stopped users from withdrawing bitcoins. Even more,
78.64% of these attacks were ineffective. As such, barely 386 bitcoins could
have been stolen using malleability attacks from MtGox or from other
businesses. Even if all of these attacks were targeted against MtGox,
MtGox needs to explain the whereabouts of 849,600 bitcoins.
The complete results are here: http://bit.ly/1rCqKED
Jump to: