Solid research has proven what many bitcoiners have long suspected; transaction malleability did not play a significant, if any, role in the disappearance of 850,000 BTC from Japanese exchange Mt. Gox.
Christian Decker and Roger Wattenhofer of ETH in Zurich, Switzerland, combed through the blockchain to tally each instance of a potential transaction malleability attack in order to figure out exactly how much Bitcoin was put at risk by the alleged attacks.
Their research concludes:
The transaction malleability problem is real and should be considered when implementing Bitcoin clients.
However, while MtGox claimed to have lost 850,000 bitcoins due to malleability attacks, we merely observed a total of 302,000 bitcoins ever being involved in malleability attacks. Of these, only 1,811 bitcoins were in attacks before MtGox stopped users from withdrawing bitcoins. Even more, 78.64% of these attacks were ineffective. As such, barely 386 bitcoins could have been stolen using malleability attacks from MtGox or from other businesses. Even if all of these attacks were targeted against MtGox, MtGox needs to explain the whereabouts of 849,600 bitcoins.
Of course, 200k BTC was inexplicably “recovered” from a misplaced “old format” wallet earlier this month, which still leaves 650k missing.
If transaction malleability did not result in the loss of 650,000 BTC, then why would Mark Karpeles make up such a story? Some have posited that he is under a “gag order” placed on him by a law enforcement agency investigating drug operations connected to the Silk Road busts, an investigation that has supposedly seized the bitcoins in cold storage.
Such an investigation would not be permitted to cause the exchange to file bankruptcy. The fact is, it will be a long time before the community will actually know what happened to that 6% of all Bitcoin.
Decker and Wattenhofer also discuss the nature of the widespread halting of withdrawals by many service providers following Mt. Gox’s:
Assuming MtGox had disabled withdrawals like they stated in the first press release, these attacks can not have been aimed at MtGox. The attacks therefore where either attempts to investigate transaction malleability or they were aimed at other businesses attempting to imitate the purveyed attack for personal gain. The sheer amount of bitcoins involved in malleability attacks would suggest that the latter motive was prevalent.
It remains questionable whether other services have been informed by MtGox in time to brace for the sudden increase in malleability attacks. Should this not be the case then the press release may have harmed other businesses by triggering imitators to attack them.
The facts presented in the publication bring a new level of dismay when thinking about Mark Karpeles’ comments regarding how people should be thankful for Mt. Gox acting quickly to bring transaction malleability to our attention.
And there is still the question of what exactly happened to Silk Road 2 when they claimed to lose funds to transaction malleability.
Should any further information come to light regarding this, we will be sure to bring it to you here in a new article here on CryptoCoinsNews.
original report:
Bitcoin Transaction Malleability and MtGox
Christian Decker, Roger Wattenhofer
(Submitted on 26 Mar 2014)
In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. This allows an attacker to mount a malleability attack in which it intercepts, modifies, and rebroadcasts a transaction, causing the transaction issuer to believe that the original transaction was not confirmed. In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts. In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox.
source: http://www.cryptocoinsnews.com/2014/03/27/malleability-bankrupt-mt-gox/ & http://arxiv.org/abs/1403.6676
Guugll Search
http://www.guugll.eu/evidence-that-transaction-malleability-did-not-bankrupt-mt-gox/
No comments:
Post a Comment