Stories
Slash Boxes
Comments

SoylentNews is people

posted by Dopefish on Tuesday February 25 2014, @06:00PM   Printer-friendly
from the that-didn't-end-well dept.
lennier writes "Has Magic the Gathering Online Exchange tapped all its mana? MtGox, the first and best known Bitcoin exchange, has abruptly shut down, and CEO Mark Karpeles has resigned from the Bitcoin Foundation after rumors of ongoing theft related to the transaction malleability issue reported several weeks ago. According to the latest news reports, Bitcoin has hit a three-month low of $465 USD per coin."
 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by tftp on Wednesday February 26 2014, @01:54AM

    by tftp (806) on Wednesday February 26 2014, @01:54AM (#7050) Homepage

    I wonder if they'll ever figure out who was behind this.

    You don't have to be Sherlock Holmes to realize that it's physically impossible for a major financial institution to run open loop, without ever checking the ledger, for several years. Nobody is that dumb. This means that they knew it all along, but continued to disburse BTC as if there is no tomorrow. Cui bono?

  • (Score: 1) by tynin on Wednesday February 26 2014, @02:05PM

    by tynin (2013) on Wednesday February 26 2014, @02:05PM (#7279) Journal

    Completely agreed. The idea they were not auditing there own ledger is just too much to be believed. It is just amazing they kept the lie running for so long. It is something that should have been caught years ago. It'll be interesting to see what the Japanese authorities determine, though that might take some time.

    • (Score: 1) by mth on Wednesday February 26 2014, @04:42PM

      by mth (2848) on Wednesday February 26 2014, @04:42PM (#7396) Homepage

      If I understood it correctly, the problem was that they used a hash to identify transactions that is not the same hash that they sign to authorize transactions, so people could modify non-critical parts of a transaction and for the block chain the transaction would go through but to the exchange it seemed that the transaction hadn't happened, so they would retry the transaction.

      As you said, it is very unlikely they wouldn't notice this if it had been going on for years. Also it sounds like a bug that is relatively easy to fix, so why would they not fix it if they knew about it? And why are they calling it a core protocol problem when it is in fact a problem of the exchange software? Are they really that incompetent?

      Shouldn't it be possible to spot the retried transactions in the block chain? I assume they would have the same amount and destination address as the forged ones. Then it would be possible to determine an upper bound for how long this flaw has been exploited and how many bitcoins were taken.

      • (Score: 1) by tynin on Wednesday February 26 2014, @10:28PM

        by tynin (2013) on Wednesday February 26 2014, @10:28PM (#7594) Journal

        I suspect you are very much correct in your understanding of the problem. You should be able to analyze the blockchain for these occurances. However you'd first need to identify all of the wallets mtgox uses to send out btc's. You could analyze the entire blockchain, but I suspect you'll find a shockingly large number of false positives due to things like pool payouts where you can setup your threshold on when they payout or even people manually moving the same amount of bitcoins over and over. I've seen some automated/bot bitcoin sellers that slowly trickle out sales of the same size over and over again (with the purpose of slowly selling btc's so to not impact the market price).

      • (Score: 2) by tftp on Thursday February 27 2014, @03:29AM

        by tftp (806) on Thursday February 27 2014, @03:29AM (#7743) Homepage

        to the exchange it seemed that the transaction hadn't happened, so they would retry the transaction.

        Imagine that you pay for rent with checks. Periodically the landlord calls you and says that he hasn't received the check. What would you, as a sane person, do? Would you simply cut another check and mail it in, without bothering to look if the original check had been paid? Or, perhaps, you will make sure that the double payment will not occur?

        If the exchange felt the need to retry payments, this shows that the BTC system (in their opinion!) is fundamentally broken. It is unacceptable to submit a payment and then guess if it went through or not. (Especially if you haven't added the bribe to miners, also known as the voluntary fee.) Banks ensure that your payments are atomic, reliable, and verifiable at many checkpoints - and all that happens entirely for free to you. If BTC is not as reliable as a bank, who would need it? Now Mt. Gox tells us that they thought that the BTC network is not reliable. Is it true (and BTC is bad) or is it a lie (and then Mt. Gox is responsible for the loss?)