How Bitcoin Bug Killed Largest ExchangeAdded: Wednesday, March 12th, 2014
Category: Recent Headlines Involving File Sharing > Current Events
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2013, www.extratorrent.cc
The market players agree that story behind the collapse of MtGox is almost unbelievable. How could a huge business not notice that assets worth millions of dollars had simply vanished?
It all happened due to a flaw in Bitcoin itself, compounded by MtGox’s implementation of the protocol and its bizarre internal practices. A situation was created where a hacker could convince the company to hand over money without even realizing what it was doing.
The trouble starts with an issue with Bitcoin known as “transaction malleability”. When a Bitcoin transaction is carried out, the account sending the money has to digitally sign the following information: the amount of Bitcoin sent, who it’s coming from, and where it’s going to. As a result of this operation, a unique transaction ID is generated from all of the data in the transaction.
However, some of the information required to generate the transaction ID came from the unsigned, insecure part of the transaction. This is why it appeared possible to alter the transaction ID without the sender’s permission. Although the crucial payment information was still securely signed, it could cause problems down the line if the sender was expecting the transaction to be performed under a particular ID.
In our case, it turns out that the website was expecting transactions to show up in the public ledger under the specific transaction ID it had recorded. If such transactions never showed up (because their ID were edited), the thief could complain that the transaction had failed, and the system automatically retried, sending out more Bitcoins.
As such, the transaction malleability is a flaw in the coins themselves, and it wasn’t the fault of the exchange that transactions could be renamed in that way. However, this flaw has been known about for the last three years and rendered harmless with software that could accurately report balances and transactions.
However, simply allowing some cyber currency to be stolen due to a bad implementation of the Bitcoin protocol would not be enough to crash MtGox. That collapse would also require serious lapses in how the exchange audited its accounts and how the company dealt with the financial trouble. And here the investigation paints a picture of an almost unbelievably lax approach to accounting.
It turned out that MtGox has allegedly never conducted a single audit of its customer deposits. Moreover, it seems that its CEO may have been the only one to have knowledge of how to actually tap the company’s cold storage. It is still not clear how this type of storage leak could have happened over a multi-year period without any knowledge on the part of the executives at the exchange.
It is also unknown how long MtGox had been operating without enough funds to pay every depositor. Taking into account that the transaction malleability issue was found in 2011, the thefts were likely to start around then.
The real trouble for the Bitcoin exchange began last summer, when the company suspended withdrawals in US dollars entirely for 2 weeks. Exchange users started pulling their money and Bitcoins out of the company, which eventually led to the company not having the Bitcoins to return deposits. At the time, MtGox held only 2,000 Bitcoin, while customer deposits totaled over 600,000. It was the moment when the company suspended Bitcoin and cash withdrawals. Few weeks later, MtGox CEO resigned from the Bitcoin Foundation, MtGox closed its website and filed for bankruptcy.
Posted by: Date:
Wednesday, March 12th, 2014
|posted by (2014-03-13 06:57:29)|
|Probably a sign of times to come. I don't trust any digital currency, they're too volatile for my taste.|
|posted by (2014-03-13 08:42:27)|
|imo who cares about bit coin more hassel then good|
|MTGOX started out as "Magic The Gathering Online Exchange (MTGOX)." An online game company. How they transitioned to a currency exchange is dubious at best. Sorry folks, an MMPORG site w/ 300,000 players doesn't give one the creds to run a worldwide virtual currency exchange. Others haven't fared much better. Money is a serious business & the best of the best need to step up to protect us all. MTGOX was an inside job.|
|posted by (2014-03-14 02:48:13)|
|Incompetence and thievery are the actual causes, not the "bug". The bug didn't cause it all on its own without intervention. I wouldn't even say its a bug (a bug being defined as not behaving the way as intended), but incomplete protocol implementation.|
|posted by (2014-03-15 13:46:00)|
|And someone walked away with hundreds of millions of dollars. I'd be checking the people who resigned, companies who filed bankruptcy and just see how they are living. Sounds like just a modern version of a Ponzi scheme. The more things change, the more they stay the same. Just follow the money. If they know how it was done, then they can find where the money went. Unless of course, they don't want to. We already had one death because of this. Sounds more like the crash of 1929.|
|Anyone ever going to trust mtgox or the people behind it again lolz||
Most Popular Stories