Mt Gox is down in Bitcoin heist, “transaction malleability” to blame

The latest in the Bitcoin saga is a crisis at Mt Gox, one of the major Bitcoin exchanges in the world. A few judicious news clippings will give you a sense of the chaos.


From Reuters: Bitcoin exchange Mt. Gox goes dark in blow to virtual currency

The website of Mt. Gox suddenly went dark on Tuesday with no explanation, and the company’s Tokyo office was empty – the only activity was outside, where a handful of protesters said they had lost money investing in the virtual currency.

Hours later, Mt. Gox CEO Mark Karpeles told Reuters in an email: “We should have an official announcement ready soon-ish. We are currently at a turning point for the business. I can’t tell much more for now as this also involves other parties.” He did not elaborate on the details or give his location.

From the New York Times: Apparent Theft at Mt. Gox Shakes Bitcoin World

On Monday night, a number of leading Bitcoin companies jointly announced that Mt. Gox, the largest exchange for most of Bitcoin’s existence, was planning to file for bankruptcy after months of technological problems and what appeared to have been a major theft. A document circulating widely in the Bitcoin world said the company had lost 744,000 Bitcoins in a theft that had gone unnoticed for years. That would be about 6 percent of the 12.4 million Bitcoins in circulation.

The document circulating widely is this crisis plan.

For several weeks MtGox customers have been affected by bitcoin withdrawal issues that compounded on themselves. Publicly, MtGox declared that “transaction malleability” caused the system to be subject to theft, and that something needed to be done by the core devs to fix it. Gox’s own workaround solution was criticized, and eventually a fix was provided by The truth, it turns out, is that the damage had already been done. At this point 744,408 BTC are missing due to malleability-related theft which went unnoticed for several years. The cold storage has been wiped out due to a leak in the hot wallet.

The underlying problem is “transaction malleability”, and how Mt Gox’s software didn’t account for it when approving trades. From Ed Felten’s Freedom to Tinker:

It has been known since roughly 2011 that signed transactions are slightly “malleable” in the sense that it is possible to modify a signed transaction in certain minor ways, without invalidating the signature. The critical details about payment—who is paying how much, and to whom—can’t be changed, but certain peripheral information can be modified in a way that causes the transaction ID to change. [Technical detail for crypto nerds: This happens because the transaction ID is computed by hashing a set of fields that is a superset of the fields covered by the signature.]

The mostly dormant crypto nerd in me rolls my eyes, but of course this was not an obvious problem to those first looking at Bitcoin. I don’t know off hand if other cryptocoins like Dogecoin have the same transaction malleability flaw.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s