What Did Not Happen At Mt. Gox(hackingdistributed.com) |
What Did Not Happen At Mt. Gox(hackingdistributed.com) |
- technical one - Bitcoin clients have a 100 ms delay before they relay messages. An attacker can compile a modified client that doesn't have these limitations and successfully outrun the rest. It was shown once that an attacker managed to successfully modify most of Bitcoin transactions on the network for some time in February
- social one - IIRC Gox had an automatic system, which reissued Bitcoin transfers if they failed. So you didn't need to phone them or convince in any way - Mt.Gox would send you a new transfer (and exhausting inputs has nothing to do here since they had no reason to use raw transactions API which lets you to use specific inputs, and instead they probably just used the more common sendto API) after it detected the old one failed (TXID not found on the network).
Ittay Eyal and I were the ones who discovered an attack against Bitcoin called selfish mining, where we showed how a miner could earn more than his fair share. This attack did not require, but could benefit from, the attacker racing against honest participants on the peer-to-peer network. Some members of the Bitcoin community claimed that the attacker would reliably lose these races because they start behind.
In the article, I point out that there is indeed a transaction race in this case, that people have demonstrated an ability to outrun transactions, and that this has ramifications for selfish mining. I do not claim that there is a technical impossibility -- quite the contrary! The tricks used to make that succeed are identical to what an aggressive selfish miner would use.
To be fair, malleability attacks require a modified client and some network positioning, so there is nevertheless a technical obstacle. Not one that is impossible to surmount, but one that requires some effort.
I did not know that Mt. Gox performed automatic reissues -- thank you for bringing that up. Would you happen to have a pointer that establishes this?
On the whole, I do not believe that malleability accounts for Gox's collapse at all. Even automatic reissues would put at most the hot wallet at risk. Studies of malleable transactions do not show anywhere near the volume required to account for Gox's collapse. And something I did not mention in the post is that the timing of the observed malleable transactions doesn't match the story from Mt. Gox at all. There is undoubtedly more to this story.
[1] http://www.righto.com/2014/02/the-bitcoin-malleability-attac...
Parsing recent industry statements, it's notable how Coinbase and peers have been using a rather loaded term of art, "bad actor", in reference to Mt. Gox, both directly and indirectly.
Yet even after all that has happened, many are still basing their conclusions on Mt. Gox's past public statements.
Regarding MtGox scenarios:
Reliable evidence on what MtGox truly did is scarce, but people have widely speculated that at times they auto-reissued payouts, and without the protective measure of reusing the same inputs. It would be in character – see other examples of their recklessness below.
So while I share your doubt that malleability could have resulted in significant losses, there is a theory for that, which doesn't require extensive social engineering/human-in-the-loop processes. And, if it had been happening for years, only outsiders with a giant archive of long-ago race-losing transactions (that never reached blocks) would be able to estimate the magnitude of the losses. (I don't know any public source for such an archive.)
Similarly, at times Karpeles mentioned that the cold storage was a "paper-based RAID" in 3 parts, or some other scheme in 6 places. As the 'key man' in an enterprise that suddenly found itself atop $100MM+ in easily-transferable assets, his feared threats may have included kidnapping/extortion to force disclosure of the keys. Thus his cold storage scheme may have involved putting necessary key-shares totally outside his easy control, even via people and safety-deposit boxes in other countries. Any "key-loss" scenario should consider the chance law-enforcement-actions or other calamities, far from the MtGox offices or Japanese accounts, have made essential parts of the cold-storage keys unrecoverable, for now and perhaps permanently.
There's a forum thread from years ago where people mention 2600+ bitcoins MtGox lost from their own bad-transaction-issuing code (https://bitcointalk.org/index.php?topic=50206.0;all). Karpeles wrote his own SSH server in PHP. Over the years MtGox suffered SQL injection & cross-site scripting attacks. In the June 2011 'flash crash', the entire user database with weakly-hashed passwords was lost (supposedly via an auditor compromise), allowing outsiders to carry off some unknown number of artificially-cheap bitcoin – but MtGox made customers 'whole' via a database rollback. MtGox later that year made the customers of competing exchange Bitomat whole, at a cost of 17,000 BTC or more, after that exchange lost its keys.
So when speaking of MtGox, we're already in Alice-in-Wonderland territory, with both custom (and often unwisely eccentric) implementation choices, and overconfident grand gestures. It's hard to rule anything out, based on ideas from elsewhere about plausible engineering or business practices.
FWIW, I submitted the 'what most likely happened' post last night: https://news.ycombinator.com/item?id=7328219. It's a bit shorter and seems less speculative.
There's a very good reason to use specific inputs - the only correct way to re-issue transactions is with the same inputs from the failed transaction, ensuring that its impossible for both the old failed transaction and the new one to both exists on the same blockchain.
Not totally true, not every input can yield a valid private key. The very upper ranges of the private key space are limited, as only integers 0x0 through 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140 are valid private keys for Bitcoin.
You'd have to be stupid unlucky to randomly generate an invalid private key, but it can possibly happen.
> If one must pick a cryptocurrency, the lowly dogecoin, of all things, is doing everything right.
Yeah, an ancient fork of Litecoin with a meme name is going to save us. Has absolutely no relevancy to the issue at hand of course.
If I'm not mistaken the Nobel leaurate [sic] in question wrote an article entitled "Bitcoin is evil." That seems to be slightly more than asking questions.
Alfred Nobel had nothing to do with the Swedish Bank Prize. It's a scheme between a bank and the Nobel Foundation. http://en.wikipedia.org/wiki/Nobel_Memorial_Prize_in_Economi...
(20 seconds in) http://www.youtube.com/watch?v=15IZtzWOzRU
So he is French, educated in Paris and living in Japan since 2009?
Speaks French, English and Japanese. Sounds interesting, he's no dummy.
http://www.reddit.com/r/Bitcoin/comments/1wc2mg/things_just_...
Does someone know who he's referring to?
Edit: Thanks!
Krugman post: http://mobile.nytimes.com/blogs/krugman/2013/12/28/bitcoin-i...
If the bitcoins were stolen, and the thieves later try to trade them, will that be obvious from the blockchain? Or can they successfully spend them without anyone realizing they are stolen?
You wouldn't have be a super hacker to pull it off. Some hidden cameras, USB key loggers and some microphones in the office could probably have gotten you a lot closer to that money.
And if you then could lure MtGox into emptying their hot wallet with the tx mal problem, then even better, but that was probably not even necessary.
Unfortunately I don't know that the Japanese government is going to have the technical expertise to properly identify the theft and track where the coins have moved. I can't imagine that the thieves have managed to squander all of the 750k BTC.
Did he say something specifically stupid there? Or is the very medium tainted?
It contradicts the image of a corporate heavyweight, who by definition would want to avoid making informal remarks that might be misinterpreted by stockholders or the public. In some contexts, informal remarks by a corporate insider could be taken to suggest an intent to manipulate the public's perception of the company and therefore its market valuation.
> Did he say something specifically stupid there? Or is the very medium tainted?
Answers: Not necessarily, and yes, definitely.
The one element that seems believable are questions about the malleability attack. I do not understand how Gox or any exchange or service wouldn't have an up to the minute, blockchain verified knowledge of exactly what their positions are. Maybe they only did such accounting weekly, or even monthly...but at some point over the supposed multi-year exploit they would have seen that account balances > address holdings.
Would be better if it weren't built on speculation, and limited by the things the author clearly doesn't understand about crypto.
Articles like this hurt the Crypto Currency movement because the things they get wrong about what did or didn't happen are speculation that just fuels fires of mistrust for what could happen. And the thing touted as solutions to it happening in the future aren't well researched so they give false security and opportunity for things to happen again.
I appreciate the authors effort to drive up the price of Dogecoin, and prevent further fall of BTC prices, but that's all this is.
You can't just say 'someone doesn't understand' crypto and not explain why. It reeks of an appeal to an authority and is not conducive to discussion.
The Dogecoin mentioned at the end was a joke.
It's also disingenuous to accuse someone of trying to inflate the price (without evidence) and to say that someone is 'hurting the cryptocurrency movement'. You accuse someone of speculating and and that fuels mistrust and yet oblivious to yourself doing it.
The whole article was a joke. The stuff about Dogecoin seems less a joke than the rest of the article.
It is clear the author owns Bitcoins or Dogecoins or both. I can't prove this, but I'll bet 1 cryptocoin of my choosing on it.
I don't currently own any Cryptocoins. I sold just shy of $950 after the first fall from $1000 to nearly $550. I bought 10 at $650-ish. It was a good deal, I did not make any comments about BTC while I held with out disclosing my investment in the currency. (I have some journalistic ethics)
I'd love to see a deeper analysis, but it probably can't come from a computer scientist.
> The community does not take itself seriously. Most importantly, no one pretends that Doge is an investment vehicle, a slayer of Wall Street, or the next Segway. No one would be stupid enough to store their life savings in Dogecoins.
[0]: Based on Middlecoin.com's performance a few weeks ago, before their hashrate dropped, they were pulling a clean 400BTC from dogecoin and friends (and this is only one single pool!). For them to be pulling 400BTC a day there must be considerably more volume going into the altcoin markets beforehand. No doubt "investors" getting in on the "next big coin" and losing out.
That said, I do think the author was a bit naive about the Dogecoin reference. Weren't they implicated in some kind of fraud as well? Seems as though that is the primary reason why no one would store their life savings in Dogecoin.
Yet. No one would do that - yet.
Author must have missed that Reddit thread on Gox horror stories. There were some really awful decisions people made with their savings. I bet someone is going to make a similar mistake with Doge. We already have folks like this: https://news.ycombinator.com/item?id=7166318
Read the rest of what he says. Plus, how is "Dogecoin" any worse than "MagicalTux"?
The point of this kind of apology is to tell people you are sorry and you have caused trouble to other people, and you are repenting for this trouble. There is no such feeling in this act of Karpeles.
Moushi-wake-arimasen is a phrase used to mean "there is no excuse [for what I have commited]". He was unable to finish it, and half way through he goes, nan-dakke? Meaning "what was it?". If Mark is really trying to do it Japanese style, he would not have messed up like this. Some people say he is under stress. I don't think that gives a free pass for such a shameful performance.
It's like a foreigner going to US court and thinking, I should act American, so starts by saying "Yo dude, my bad."
Involved with the internet, so he speaks English.
Lives in Japan, so he speaks Japanese.
This is not impressive.
He may know enough Japanese to get along in daily life -- many people I know who have lived here for a number of years develop some level of listening proficiency regardless of whether they can speak it -- but the Japanese he uses in the video does not convince me that he can "speak Japanese" in either the normal usage of the phrase (proficiency in the language) or the cultural usage of the phrase (understanding register and when and how to say things).
This should be a perfect, well-rehearsed apology. There's really no excuse for the level of Japanese he demonstrates in there. At the least, he should have written something, had a native check it, and then practiced saying it. He should also have gotten a suit/shirt that fit properly.
I know this comes across as sounding very superficial and nitpicky, but image means a lot here, especially in business situations, and especially with these formal apologies.
I don't know about his motives or feelings, but when I watch that video, it comes across as very half-assed, as if he doesn't really care and someone is making him do it. It's very unprofessional and culturally deaf; I would not use it as evidence that "he's no dummy."
Just that he seems rather smart in general, or rather not stupid.
I wonder what the motivation to move to Japan was.
If people are expected to learn languages early, polyglots are the norm.
When the currency stabilizes, I'll consider getting some.
I don't see how this is incompatible with it being "all for fun." People cheer for sports teams they've bet on, and that's "all for fun." They're not investing in it in a way you'd invest in stocks and bonds; they're just gambling in the same way you'd do at a casino.
For a majority of the people on this planet, this isn't the case.
Additionally, if you're exposed to a new language early in life, it becomes much easier to learn new languages in the future. And being immersed in it forces you to learn, as your survival depends on it.
So, incredibly impressive? Nah. Mind you, if someone is legitimately a fast language learner, given that I am not at all, it does impress me, especially if they truly master it and can think in that language.
I'm only fluent in 3 languages.
I never heard of that one, although I know Mark Karpeles is the author of a few tools in PHP. I met him around 2003 when he developed, hosted and managed a Ragnarok Online (not so) private server (fRO) on Linux (hence his surname, MagicalTux). The whole time he paid the hosting himself. Contrary to more known servers such as eAthena, this server had a unique feature is that it was written in PHP and developed mostly by himself. The server was stable, allowed for quick iteration and took the load quite fine. The whole time he paid the hosting himself. He also wrote an inetd daemon in PHP. Another PHP game project that never took of was 'Inochi', but I can't remember what it was about. He started a few other projects such as a homegrown OS and a VoIP system/company.
Still I can't tell much about the quality of his code since I never read it, and all traces of his code have vanished, and that's been more than 10 years ago. What I can remember though is that he was smart and friendly, but very sloppy at communicating.
For a side story, fRO grew sufficiently big that it caught attention of Gravity and Mark received a cease and desist letter, which he obeyed short of facing a trial. He rebuilt the server soon after though, authorising only a select few members (of which I was one) resulting in something more like a permanent, albeit remote, LAN party, and finally abandoned the project, stepping down and transitioning the management to the player community. The community stayed strong enough even without access to the server that Gravity offered an exit in a form of an officially sanctioned, monthly-paid server. That server was eventually integrated into the official Gravity managed euRO.
Is that actually the case, or can most/all forms of malleability be detected by looking abnormal transactions that wouldn't have been generated by any known client?
Looking at the known sources of malleability, most of them would never be done intentionally: https://gist.github.com/sipa/8907691
Has anyone done a comprehensive analysis like this yet?
The issue with using it to estimate an upper bound on potential MtGox losses is that since some portion of MtGox's historic transactions were non-canonical, a third-party mutation could result in a 'normal' transaction entering the blockchain... but MtGox still confused, perhaps to the point of loss. Any survey would miss such transactions.
Maybe there's a private archive of never-confirmed transactions. Since it seems MtGox at times provided a public feed of (some of?) its own intended transactions, someone who'd been scraping/saving that for long enough might have a useful estimator dataset.
That they've long been issuing valid but unusual signatures was mentioned among other places at: http://www.reddit.com/r/Bitcoin/comments/1x93tf/some_irc_cha...
I'm not sure if this was just a tiny sliver of their transactions, or a large proportion... but it complicates easy analysis of what the malleability losses could be.
He may have a high IQ, but he is not fit to run a giant financial exchange. I'm not sure any single person is, this is why large financial organizations have tons of people with different areas of expertise (development, security, law, finance, risk, etc etc). He rode "internet freedom" all the way to being way over his head and took everyone else down with him.
I'm beginning to think that the only constant in security/crypto is that people fuck it up.
Coding aside, I don't think anyone at HN tries to push the mentality that you should try a financial startup without any accountants or a compliance department.
Here are some of my "favorite"(anger inducing) comments:
▻ Poor student, all he had... http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s...
▻ Son's college fund wiped out... http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s...
▻ Used many credit cards... http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s...
▻ Holding coins for a friend(even outside of bitcoin, don't hold money for friends. Usually won't work out)... http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s...
▻ Everything he owns is gone, doesn't know how he's going to eat... http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s...
▻ Sold his car, put everything he had into bitcoin... http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s...
▻ This one is probably fake, too dramatic... http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s...
▻ This guy lost $8,550 of his wife's money... http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_s... ..and if you read all his comments on that thread, I get the impression he's going back in without his wife's support.
Just keep on reading that whole post. At first you'll feel sorry for them, but quickly that sorrow will turn into anger. "Why the @!#&^%$ did you do that?!" is what you'll be repeating in your mind over and over. But none of them beat this one by a Reddit admin from awhile back:
▻ http://www.reddit.com/r/Bitcoin/comments/1c525e/ive_lost_mor... ...just the title alone is epic.
Bitcoin, and all the services around it, are gambles. Never gamble with money you can't afford to lose. Reddit should have a huge red glowing banner at the top of /r/bitcoin reminding their users of that at least weekly.
Are you saying Nathanspups is a reddit admin?
High risk investment, like, oh, some totally unproven payment technology, is only for money you can afford to lose.