What You Need to Know About Mt. Gox and the Bitcoin Software Flaw

Photo: Simon Dawson/Bloomberg/Getty Images

Here's what a terrible week looks like in the world of Bitcoin: Two of the most trafficked Bitcoin exchanges, Mt. Gox and Bitstamp, temporarily halt trading and suspend bitcoin withdrawals in the midst of a distributed denial of service attack (DDoS). On exchanges that are still open for business, the value of the currency takes a brutal, sudden hit and then continues to tumble. Bitcoin users notice strange errors in their wallet balances after making routine transactions. Rumor spreads that the Bitcoin protocol is critically flawed. And where rumor is lacking, conspiracy theories abound.

All this, and it's barely Thursday.

Some of it is true. Some of it is half true. Some of it is completely false. Here is what's really going on.

Mt. Gox, which until recently was the most trafficked of the Bitcoin exchanges, is at the center of this mess. Whether they actually caused it is a separate question and still up for debate. Either way, they've been in the Bitcoin doghouse for at least a year now, during which time they have been reliably generating bad Bitcoin press. Many traders who frequent the online exchange choose to leave some of their money (both bitcoin and fiat) in an account set up by the company. Keeping the money on site allows clients to do quick trades, but people are beginning to wonder whether Mt. Gox can be trusted to be responsible with the funds they have.

Last May,confidence was shaken by the news that the Department of Homeland Security had seized the Dwolla e-payments account of Mt. Gox CEO Mark Karpeles and accused him of operating without the proper license. After the loss of this currency conduit, customers began reporting long delays withdrawing dollars from their Mt. Gox accounts. Poor communication fomented a deep mistrust in the exchange and people began to wonder whether Mt. Gox might have squandered its clients' money. And now, as of last Friday, Mt. Gox customers can't even withdraw bitcoins.

In a statement on its website, Mt. Gox claimed that it had identified a serious flaw in the Bitcoin protocol, one that behooved it to cease transactions until developers could find a solution. Conspiracy theories immediately followed. Several people implored Mt. Gox to somehow verify the solvency of their exchange. (One guy even staked out the office in Japan to confront Karpeles himself.) But the mob lowered its pitchforks after core Bitcoin developers announced that the flaw Mt. Gox outlined does indeed exist. It's called transaction malleability, and according to Bitcoin developers, it does need to be fixed.

"Generally, malleability is a design flaw in Bitcoin, albeit a very subtle one. So we can forgive Satoshi for overlooking it," says Mike Hearn, a developer who works on the Bitocin protocol. (Satoshi Nakamoto is the pseudonym for the inventor of the Bitcoin protocol.)

In order to understand transaction malleability, you need to know that the balances of all Bitcoin addresses are maintained on a public ledger and that the changes made to this ledger are what constitute the transfer of funds.

When a transaction is broadcast to the network, it is relayed with a digital fingerprint that identifies it. Bitcoin miners then scoop it up, verify it, and send it on to the rest of the network for confirmation. Once the transaction has been confirmed, there is no way for that same person to spend those same bitcoins because they are being checked against the public ledger.

The malleability feature allows a person to intervene, right after the transaction request has been sent, modify the fingerprint and create a duplicate transaction. So, now you have two unconfirmed transactions flying around the network. They are both for the exact same payment, but they have different fingerprints and only one of them can be added to the public ledger. "The first one that is confirmed will be accounted for in the blockchain and will become the definitive record," says Andreas Antonopoulos, the chief security officer for the Blockchain.info Bitcoin wallet. "The other will be dropped as a double spend attempt."

It's when the mutated version gets added that we start to have problems. It turns out that when Mt. Gox needs to verify that a transaction has gone through, it scans the public ledger for confirmations on the fingerprint that the transaction generated. If its software doesn't see it, it assumes that the payment was not successfully sent. There are other, more reliable ways to set up the accounting, but from the little explanation Mt. Gox has given, this seems to be how it's running its operation.

Using transaction malleability, it seems that some Mt. Gox customers were able to pull off a version of refund fraud, says Antonopoulos. Mt. Gox is claiming that some customers requested a bitcoin transaction and were able to quickly change the fingerprint on the transaction, making it looks like it hadn't gone through. When they returned to Mt. Gox to complain, the exchange would agree to send payment again.

But it's not just a headache for the exchanges. Malleability can also cause problems for people who conduct multiple Bitcoin transactions in rapid succession, causing some transactions to be voided and wallet balances to get out of sync with what's reflected in the network. In essence, however, this is an accounting problem. It is not possible to use this flaw to steal or misdirect Bitcoins that you do not own.

"What these are are phantom transactions that don't affect the balance but can fool your wallet into thinking that it has less than it has—which is scary but harmless," says Antonopoulos.

If you are using Bitcoin right now, it's quite possible that this will affect you. Shortly after Mt. Gox shined a spotlight on the problem, someone rushed to capitalize on it. The whole network is now experiencing a massive DDoS attack from a collection of rogue nodes that are working to change transaction fingerprints.

Every wallet will deal with this differently. Antonopoulos's Blockchain.info wallet (which Apple just yanked from the iOS app store) interprets the event as a double spend attempt and alerts users accordingly. But, in all cases, the effects can be mitigated by simply waiting ten minutes between each payment.

Hearn says that coming up with a complete fix is a long-term goal. In the meantime, exchanges will have to change their implementation to account for mutated transactions—something which some exchanges already do. Antonopoulos says he expects Bitstamp to be up and running by next week.

It will be very interesting to see what happens when Mt. Gox re-opens. With all of the mischief they've created and ill-will they've inspired, a lot of people are going to be looking to get out as soon as they have the chance, and I expect them to do everything they can to avoid a bank run.

"They have to handle their return path very carefully," says Antonopoulos. "They've burnt the credibility that would give them enough breathing room to do it right."

But when it comes to the Bitcoin protocol and the currency itself, Antonopoulos is not worried at all. In fact, he says, "attacks make it more resilient."

Advertisement

Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Advertisement