Mt. Gox Blames Bitcoin – Core Developer Greg Maxwell Responds [Update: Further Technical Details]

reddit share twitter share facebook share google share linkedin share

Mt. Gox Official Statement

Mt. Gox have just released their official statement regarding their recent decision to halt all Bitcoin withdrawals.

Essentially, they are claiming they can’t release customers’ funds until a known bug in the Bitcoin protocol is resolved.

The market is reacting very negatively to the Gox announcement, falling ~$160 on high volume since the news.

The market is reacting very negatively to the Gox announcement, falling ~$160 on high volume since the news.

Greg Maxwell Responds

I spoke with Bitcoin core developer, Greg Maxwell, about this highly technical issue. Greg Maxwell and Peter Wuille are the core developers in consultation with Mt. Gox, as per their press release.

<gmaxwell> The Gox press release seems a little ‘spun’ to me. They portray characteristics of the Bitcoin system well known since at least 2011 (which even have their own wiki page ) as something new.

These characteristics are annoying but don’t inhibit basic operation. They are slowly being fixed – but fixing them completely will likely take years as they require changing all wallet software. Correctly-written wallet software can cope with the consequences, and I cannot understand why they would gate their withdraws on external changes.

<GG> Andreas Antonopoulus has examined Gox’s code to some degree, and remarked that they are using a strange “hodgepodge of technologies that are really not suitable for running an exchange.” Do you believe the problem lies in their code rather than the Bitcoin protocol?

<gmaxwell> Oh there is a “problem” in the Bitcoin protocol, known since at least 2011 (see the link I gave). But for normal applications, not involving unconfirmed transactions, it shouldn’t cause any severe problems because wallets can handle it locally.

Basically, third parties can change the transaction IDs of transactions. This means what wallet software must be written to accomodate that and still recognize them when that happens.

What the press release talks about is adding a second kind of transaction ID, which is robust against changes, which would be helpful for tech support purposes. Though it doesn’t resolve all of the issues that being able to modify transactions presents.

<GG> So in other words, Gox should be able to account for this known problem by modifying their internal systems?

<gmaxwell> Yes, internal only changes should account for it. The only remaining issue for Mt. Gox’s application would be some tech support problems, where if a user’s transaction is mutated by a malicious party the txid ["transaction ID"] Mt. Gox told them to expect wouldn’t be the one that ultimately showed up in the blockchain.

<GG> It seems the market is reacting very negatively to the news. What advice would you give to the average Bitcoiner regarding this situation?

<gmaxwell> The challenge for me in offering something here is that this isn’t news to me – for years – and it’s never been a particularly large concern. This wouldn’t make the top ten list of dangers in the Bitcoin technology.

<GG> Thanks for your comments.


Update 1: Market Stabilising

As of 13:35 GMT+2, the market has retraced about 60% of the recent loss as the news is digested.

In my personal opinion, Gox have done more harm to the Bitcoin community than good to themselves through their statement. This situation should have been handled in such a way as to minimize the market impact.

Bitstamp 30 minute chart.

Bitstamp 30 minute chart.

Update 2: Further technical details.

In a BitcoinTalk thread relating to Mt. Gox’s statement, Rannasha offers this concise summary of the situation:

The flaw isn’t so much in Bitcoin as it is in exchange-systems. Many exchanges use the tx-id to uniquely identify transactions, but as it turns out, an attacker can change the tx-id without changing the actual transaction, rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn’t. The exchange will then check their db, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins.

A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the set of (amount, address, timestamp) instead. If a user complains about not receiving their withdrawal, support can look it up using these 3 variables. It takes a little bit more work from support, but it prevents this attack from succeeding.

While it’d be nice if the tx-id isn’t malleable, blaming this problem on a flaw in the protocol is quite a stretch.

I asked Greg Maxwell whether he agreed with this summary. His reply:

I don’t disagree but it’s actually missing a critical point on that subject that I posted about on Bitcoin-development just now.

As per the above link, Drak posed the following question:

On Mon, Feb 10, 2014 at 3:28 AM, Drak <drak@…> wrote: What is the official response from the Bitcoin Core developers about MtGox’ assertion that their problems are due to a fault of bitcoin, as opposed to a fault of their own?

The technical analysis preluding this mess, was that MtGox was at fault for their faulty wallet implementation.

Gmaxwell replied:

In the real world fault seldom falls in a single place. Bitcoin is at fault – in many places – for making it harder for implementers to get things right.

MtGox is at fault for not implementing in a way that copes with behaviors in the Bitcoin protocol which have been known since at least 2011.

Not that Bitcoin-QT handles Malleability fantastically – but because it tracks inputs it will still detect the mutant transactions. An interesting point which I haven’t pointed out elsewhere is that for the question of basic funds safety in re-issuing a transaction malleablity is basically irrelevant.

Say you pay someone and it doesn’t go through (or it does and you don’t see it because its been mutated and your software can’t detect that), and they ask you to reissue…. if you reissue without double-spending any of the original inputs you are at risk of getting robbed. This is true with or without malleability. Without the double-spend of at least one input the original transaction could just go through in addition to your reissue.

Say that you do make sure to double spend at least one input – then the result is funds safe safe, regardless of if a mutation happened.

Say you want to support _canceling_ a payment (send me the goat instead!) rather than reissue you still must double-spend the attempted payment to cancel it, since it still might go through if you don’t. And the double spend works to protect this case regardless of if the transaction was mutated.

For support and accounting purposes you absolutely do need tools to identify mutated transactions, so long as mutation exists… so we ought to provide some better tools there. But I can’t think a case where mutation handling is necessary or sufficient for cancellation security, but – rather – input tracking appears to be both necessary and sufficient in all cancellation cases.

This helps explain why Bitcoin-QT – whose mutation handling kinda stinks – doesn’t ever end up in a really bad situation with mutants: it tracks inputs pretty well.

In any case, I’ve always been happy to help out Mt. Gox with technical issues. Having some specs for a stable transaction ID would probably be helpful to many applications, even if it isn’t the critical key you need for cancellation security. Removing malleability entirely has been a soft long term goal, and there were recently (as in today) some posts about it – look at the list archives… though it won’t happen fast since all signers/wallets will need to be updated.

reddit share twitter share facebook share google share linkedin share

24 Responses

  1. Sean Moore

    MtGox is either an inept clown (ignorant) or a bad actor (malfeasant). Either way they are a bane to the community.

  2. HonestView

    Smells like scam blame shifting …. Mt. Gox are constantly known for offering attractive sell prices and as soon as your transfer them funds or sell Bitcoins its an impossibility
    to get them to release your funds.

    The complaints have been mounting up for sometime and then suddenly they blame a
    well known bug that’s been around since 2011 as to the reason know one can ever get to their money / coins …… coincidence .. yeah.

  3. LibertyTeeth

    This is akin to, “We’ve found a tiny, rare, cryptic loophole in our banking forms. Until our attorneys have fixed this form, we refuse to honor our existing agreements with customers.”

    It’s ridiculous, and is evidence of malice. Where’s the Maserati now?

  4. Amberdark

    so many words, so much beating around the bush.. let’s try to make a more simple explanation for the actions of Mt. Gox:

    “we were stupid, we got robbed on multiple occasions, and when we noticed this we figured out a scheme to repay the bitcoins to their true owners. So we decided to sell some of the bitcoins we hold, crash the bitcoin prices then buy back in when it’s low so that we can cover our butts without paying for our own stupidity, to hell with the bitcoin community – as long as we don’t have to pay out of our pockets”

    • None

      Yep there you go. Mt Gox through their own stupid internal programming mess got scammed out of some coins(Which if they would have just resent the same inputs NEVER could have happened). So they were insolvent but hey here is an idea!

      “Lets blame the Bitcoin protocol about something known about for YEARS then when the market crashes we can buy back all the Bitcoin’s we lost for cheep and viola problem solved.”

      Criminals, that is Mt Gox, I hope their exchange goes under and exposed for the truth. I have been noticing for the last WEEK large differences in how Mt. Gox has been trading vs the other exchanges. I now am almost sure this was due to Gox unloading BTC they own at higher prices before they induced this crash.

      • Amberdark

        actually the higher prices were due to the fact that cash withdrawals from Mt. Gox take roughly 2 months, they unloaded the BitCoins just before they closed the withdrawals – that’s why the spike happened before the lockdown was announced (as another guy suggested above – it’s not that someone had inside info, it was actually them)

  5. Dman

    Did anyone notice that the sell off started 20 minutes earlier on MT. Gox.
    When their statement came out the Bitcoin price was almost at the bottom.
    Looks like insider trading to me or MT. Gox manipulating the price for their gain.

  6. Joerg Baach

    Greg is quoted saying “This wouldn’t make the top ten list of dangers in the Bitcoin technology.”. Now I wonder, what exactly is in the top ten?

    • Mark

      Research it for yourself if you want to take advantage of the errors :P

      You can start by thinking about 51% and the big mining pools…

  7. AUser

    It’s not clear to me from the press release if Mt. Gox is expecting a change in the Bitcoin client or not. They key paragraph are:

    “We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block’s Merkle Tree, the new hash’s purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).

    This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.

    We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized. ”

    It’s not clear from the press release and this article whether such a new, separate, transaction hash would require all clients to have support for it or not. It certainly seems that the new transaction hash could be calculated independently without needing any changes to clients. But does Mt. Gox need other clients in the network to relay this new transaction hash, or is it enough for Mt. Gox to calculate the hash themselves? That is the key bit which is not clear at this point.

    In any event, this does seem like a red herring. According to the Wiki article, the intended recipient still receives the same number of coins even if a transaction has been modified. So Mt. Gox should be able to easily query (even in an automated way) for transactions to a recipient, at roughly the same time, for the same amount as the original transaction. If such a matching transaction is found, then they can assume the withdrawal was processed correctly. They don’t need to rely on the malleable transaction hash.

    It also seems very odd that they would stop all BTC withdrawals over this issue. Surely only a very tiny percent of withdrawals fail and end up in the support queue. Effectively shutting down your entire exchange because of the possibility someone could fake a withdrawal failure does not make sense. At the worst Mt. Gox could have suspended re-sending any failed withdrawals until they came to a solution. There was no need at all to suspend all withdrawals. Perhaps they got bit by a huge fake failed withdrawal and are “on tilt” about it — reacting emotionally to the possibility of a repeat incident instead of dealing with it logically.

  8. Ilya

    > Gox have done more harm to the Bitcoin community than good to themselves through their statement.

    Oh, they’ve done a lot of good to themselves, don’t worry. They recovered most, if not all stolen coins. This shouldn’t be underestimated when comparing with the harm they did to the community. And they were bust anyway. So this was a best way for them to minimize their liabilities.

  9. Sturle

    “Essentially, they are claiming they can’t release customers’ funds until a known bug in the Bitcoin protocol is resolved.”

    No, they don’t claim that at all! This is pure bs.

    What MtGox actually say is:
    “We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once [a workaround involving a different hash for transaction tracking purposes] has been approved and standardized.”

    No bug has to be fixed, nothing has to be implemented, they just want a standard general solution to be approved before implementing this solution and resuming withdrawals.

    • mmortal03

      To quote the press release, they said two things:

      “We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.”

      and later,

      “MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.”

      I’m not necessarily disagreeing with you, but their ambiguous language here is a big problem.

      • Avatar of Venzen Khaosan
        Venzen Khaosan

        MtGox actions can easily be interpreted as an exercise in balacing their books via a self-induced market crash. Blame the protocol and the developers, cause a price drop and regain the liquidity (or buy time) to pay those BTC witdrawals before “re-enabling” them.

    • Avatar of Venzen Khaosan
      Venzen Khaosan

      … and whipsawing the market in the process whilst holding customer funds as ransom!

      Mt.Gox are blameshifting. This Transaction malleability issue has been knon for a longtime and Maxwell helped them implement a workaround on a previous occasion – now they turn around and use it as a septer of decree against the developers and the protocol!

      Mt.Gox’s behaviour resembles that of the very criminals Bitcoin has come to undermine.

  10. Lexxus

    This issue was well know since old times, as Greg said. If even it can theoretically happed such exchange should have connection to p2pools and other pools, to assure their transactions are included in blockchain as fast as possible.

  11. midnightmagic

    No, this is incorrect. MtGox is NOT claiming that without dev participation in a fix and a standards change, nobody gets any money. That is pure FUD.

Leave a Reply