MtGox's "Transaction Malleability" Claim Dismissed By Researchers

Martin S. (98249) writes "The Register reports on a paper at the arXiv (abstract below) by Christian Decker and Roger Wattenhofer analyzing a year's worth of Bitcoin activity to reach the conclusion that MtGox's claims of losing their bitcoins because of the transaction malleability bug are untrue. The Abstract claims: 'In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. ... In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox.'" Quoting El Reg: "By extracting transaction keys from the transaction set, the researchers say, they were able to identify more than 35,000 transaction conflicts and more than 29,000 “confirmed attacks” covering more than 300,000 Bitcoins." And less than 6000 were actually successful.

The scam unravels

[NotDrWho]

The MtGox guys better get on a plane and head for their secret island.

Re:The scam unravels

[gstoddart]

I wonder how this plays into this bit coins they mysteriously found in another wallet later that they said they'd give the refunds from.

Either this was a scam all along, or these guys really dropped the ball.

And if the researchers are saying their explanation doesn't hold water, it's increasingly hard to believe them.

Re:As it was weeks ago...

[erroneus]

This is all to be expected isn't it? It seems like when there is opportunity to scam people out of money, someone will set up an operation to exploit it. Every natural disaster results in hundreds of fake charities being set up to collect donations. And digital currency saw all manner of opportunists attempting to participate at every level from bitcoin mining viruses to setting up exchanges with disappearing money "bugs."

Anyone who didn't expect it was born yesterday under a rock.

Re:The scam unravels

[jythie]

Actually, I think the research lines up rather nicely with them dropping the ball too. It could be an example of them having no clue what they are doing or having their own understanding of how things work. So 'incompetence' is still firmly in the running.

Re:Money and marijuana don't mix

[Collective 0-0009]

I'd trust a pot head over a money-grubbing corporate overlord. I have personally worked with the type of psychos that run a lot of companies. They are completely immoral. They often cannot even see their lack of integrity as they have rationalized their decisions long ago. They surround themselves with those that won't rock the boat; "yes men/women". And it's so easy to fall into when you are on top... nobody cares that the emperor has no clothes as long as they get the bonus and raise.

Remember that commercial where they gave some poor dude 100k and asked him to watch it. Pot smokers don't steal it. Asshole libertarian, free market loving, usually conservative pricks steal*.

So you keep the c-levels of ING, Chase, etc. I'll take The Dude any day.

* = I am sorta libertarian, like the free market, and agree with some moderate conservatives. But it seems the psychos all LOVE these things and use them as the basis for their rationalizations.

Re:sounds like it really was sheer incompetence...

[Aaden42]

then I’m VERY sure that you had a LOT of other security flaws unpatched on your servers.

Transaction malleability is a lot different than having an unpatched OpenSSL on your server or something. Security bugs in unpatched software are a thing that are well-understood by sysadmins and security researchers. Weaknesses in the cryptography underlying Bitcoin are truly understood by perhaps a handful of people on the Earth at this time. It would be nice to presume that an organization positioning itself as an exchange for Bitcoin would have that expertise on staff, but you can’t meaningfully compare the two things. Additionally, this isn’t an unpatched security flaw where upgrading to Bitcoin 1.1 would have fixed the issue. It’s a weakness inherent to the Bitcoin protocol which may or may not be able to be repaired without invaliding all existing BTC transactions.

The research in TFA seems to confirm the existing belief that this attack is very unlikely to pull off in the real world, therefore the severity of it seems low.

there are SURE to be a LOT more hidden flaws bleeding bitcoins like crazy

Really? Please do share your cryptography credentials that qualify you to analyze the Bitcoin protocol and arrive at this certainty. Unless you’re prepared to present “a meaningful interpretive dance that compares and contrasts cache-based timing, and other side channel attacks and their countermeasures,” (http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html), I rather doubt you’ve got the background to comment meaningful on undiscovered weaknesses in the Bitcoin protocol.