Tag Archives: malleability

Troubled Bitcoin exchange MtGox promises resumption of services “soon”

4 hours ago

No Comments


photo: Guardian/Guy Grandjean, James Ball
Summary:The outfit has apologized for freezing withdrawals and says it now has a workaround to avoid the “malleability issue” that makes certain implementations of Bitcoin services open to fraud.

The Tokyo-based Bitcoin exchange MtGox has apologized (PDF) for suspending the ability of its customers to get their money out and promised an end to the suspension “soon”.

MtGox said the people over at Bitcoin wallet service Blockchain.info had helped it develop a workaround for the so-called malleability issue that caused the withdrawal freeze. The workaround involves a new identifier to check whether transactions have been modified or not.

MtGox has always maintained that the problem is a bug in Bitcoin, while others have said it was in the outfit’s handling of the protocol. The exchange’s version of events got something of a boost when it emerged that there was a wave of fraudulent attacks stealing people’s bitcoins from various services, based on the malleability issue.

“With this new system in place, MtGox should be able to resume withdrawals soon. At the beginning we will do so at a moderated pace and with new daily/monthly limits in place to prevent any problems with the new system and to take into account current market conditions,” MtGox’s statement read.

The firm is also bringing in email notifications for each successful account access, as an extra layer of security. It said more details about the resumption of services would come out on Thursday at the latest.

The price of a bitcoin on MtGox is now just $330, compared with around $625 on less troubled exchanges.

4 hours ago
Like this post? Share it!

Follow @superglaze or @gigaom for more stories like this.


Silk Road 2 Hacked, Over 4,000 Bitcoin Allegedly Stolen

Next Story

Silk Road 2 moderator Defcon reported in a forum post that hackers have used a transaction malleability exploit to hack the marketplace. The hackers stole over 88,000 4474.26 bitcoins worth $2,747,000, emptying the site’s escrow account.

UPDATE – Fixed estimate.

The site used a central escrow service to send bitcoins from buyers to sellers. The hackers exploited the transaction malleability bug – essentially a way users can mask transfers and ask for the same amount of BTC multiple times – to clean out this wallet. This is the same bug that forced Mt. Gox to halt all withdrawals and recent updates have made average bitcoin wallets secure against this sort of attack. According to the site, hackers used the Silk Road’s automatic transaction verification system to order from each other and then request refunds for unshipped goods. Hackers were able to use the transaction malleability bug because the Silk Road used only transaction ID to confirm the transfer of bitcoins. You can read more about the problem here.

They supposedly run an automated refund system for their vendors that relies on the TXID to verify transactions. Their claim is that six vendors colluded to exploit that system by ordering from one another and then submitting circular refund requests.

Defcon is calling on the hackers to return the bitcoin. “Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward,” the moderator wrote.

The site’s users are currently attempting to track down the thief. Writes Defcon:

# Attacker 1: (Responsible for 95% of theft)
Suspected French, responsible for vast majority of the thefts. Used the following six vendor accounts to order from each other, to find and exploit the vulnerability aggressively.
## Usernames used:

News of the theft has driven the price of BTC down by about 50 points and it’s currently hovering at 600. We’ll post more information on the hack and the exploit as we get it. Defcon, for his part, is calling for further decentralization of online markets and currency.

“No marketplace is perfect. Expect any centralized market to fail at some point. This is precisely why we must unite in the decision to decentralize,” he wrote.

Screen Shot 2014-02-13 at 4.39.57 PM
via DeepDotWeb