Bitcoin Transaction Malleability and MtGox - MAFIADOC.COM

MtGox use old non-standard protocol, get exploited, blame Bitcoin

MtGox use old non-standard protocol, get exploited, blame Bitcoin submitted by darrenturn90 to Bitcoin [link] [comments]

Anybody else still think that the MtGox theft was an inside job?

submitted by ronschnarr to Bitcoin [link] [comments]

Technical: A Brief History of Payment Channels: from Satoshi to Lightning Network

Who cares about political tweets from some random country's president when payment channels are a much more interesting and are actually capable of carrying value?
So let's have a short history of various payment channel techs!

Generation 0: Satoshi's Broken nSequence Channels

Because Satoshi's Vision included payment channels, except his implementation sucked so hard we had to go fix it and added RBF as a by-product.
Originally, the plan for nSequence was that mempools would replace any transaction spending certain inputs with another transaction spending the same inputs, but only if the nSequence field of the replacement was larger.
Since 0xFFFFFFFF was the highest value that nSequence could get, this would mark a transaction as "final" and not replaceable on the mempool anymore.
In fact, this "nSequence channel" I will describe is the reason why we have this weird rule about nLockTime and nSequence. nLockTime actually only works if nSequence is not 0xFFFFFFFF i.e. final. If nSequence is 0xFFFFFFFF then nLockTime is ignored, because this if the "final" version of the transaction.
So what you'd do would be something like this:
  1. You go to a bar and promise the bartender to pay by the time the bar closes. Because this is the Bitcoin universe, time is measured in blockheight, so the closing time of the bar is indicated as some future blockheight.
  2. For your first drink, you'd make a transaction paying to the bartender for that drink, paying from some coins you have. The transaction has an nLockTime equal to the closing time of the bar, and a starting nSequence of 0. You hand over the transaction and the bartender hands you your drink.
  3. For your succeeding drink, you'd remake the same transaction, adding the payment for that drink to the transaction output that goes to the bartender (so that output keeps getting larger, by the amount of payment), and having an nSequence that is one higher than the previous one.
  4. Eventually you have to stop drinking. It comes down to one of two possibilities:
    • You drink until the bar closes. Since it is now the nLockTime indicated in the transaction, the bartender is able to broadcast the latest transaction and tells the bouncers to kick you out of the bar.
    • You wisely consider the state of your liver. So you re-sign the last transaction with a "final" nSequence of 0xFFFFFFFF i.e. the maximum possible value it can have. This allows the bartender to get his or her funds immediately (nLockTime is ignored if nSequence is 0xFFFFFFFF), so he or she tells the bouncers to let you out of the bar.
Now that of course is a payment channel. Individual payments (purchases of alcohol, so I guess buying coffee is not in scope for payment channels). Closing is done by creating a "final" transaction that is the sum of the individual payments. Sure there's no routing and channels are unidirectional and channels have a maximum lifetime but give Satoshi a break, he was also busy inventing Bitcoin at the time.
Now if you noticed I called this kind of payment channel "broken". This is because the mempool rules are not consensus rules, and cannot be validated (nothing about the mempool can be validated onchain: I sigh every time somebody proposes "let's make block size dependent on mempool size", mempool state cannot be validated by onchain data). Fullnodes can't see all of the transactions you signed, and then validate that the final one with the maximum nSequence is the one that actually is used onchain. So you can do the below:
  1. Become friends with Jihan Wu, because he owns >51% of the mining hashrate (he totally reorged Bitcoin to reverse the Binance hack right?).
  2. Slip Jihan Wu some of the more interesting drinks you're ordering as an incentive to cooperate with you. So say you end up ordering 100 drinks, you split it with Jihan Wu and give him 50 of the drinks.
  3. When the bar closes, Jihan Wu quickly calls his mining rig and tells them to mine the version of your transaction with nSequence 0. You know, that first one where you pay for only one drink.
  4. Because fullnodes cannot validate nSequence, they'll accept even the nSequence=0 version and confirm it, immutably adding you paying for a single alcoholic drink to the blockchain.
  5. The bartender, pissed at being cheated, takes out a shotgun from under the bar and shoots at you and Jihan Wu.
  6. Jihan Wu uses his mystical chi powers (actually the combined exhaust from all of his mining rigs) to slow down the shotgun pellets, making them hit you as softly as petals drifting in the wind.
  7. The bartender mutters some words, clothes ripping apart as he or she (hard to believe it could be a she but hey) turns into a bear, ready to maul you for cheating him or her of the payment for all the 100 drinks you ordered from him or her.
  8. Steely-eyed, you stand in front of the bartender-turned-bear, daring him to touch you. You've watched Revenant, you know Leonardo di Caprio could survive a bear mauling, and if some posh actor can survive that, you know you can too. You make a pose. "Drunken troll logic attack!"
  9. I think I got sidetracked here.
Lessons learned?

Spilman Channels

Incentive-compatible time-limited unidirectional channel; or, Satoshi's Vision, Fixed (if transaction malleability hadn't been a problem, that is).
Now, we know the bartender will turn into a bear and maul you if you try to cheat the payment channel, and now that we've revealed you're good friends with Jihan Wu, the bartender will no longer accept a payment channel scheme that lets one you cooperate with a miner to cheat the bartender.
Fortunately, Jeremy Spilman proposed a better way that would not let you cheat the bartender.
First, you and the bartender perform this ritual:
  1. You get some funds and create a transaction that pays to a 2-of-2 multisig between you and the bartender. You don't broadcast this yet: you just sign it and get its txid.
  2. You create another transaction that spends the above transaction. This transaction (the "backoff") has an nLockTime equal to the closing time of the bar, plus one block. You sign it and give this backoff transaction (but not the above transaction) to the bartender.
  3. The bartender signs the backoff and gives it back to you. It is now valid since it's spending a 2-of-2 of you and the bartender, and both of you have signed the backoff transaction.
  4. Now you broadcast the first transaction onchain. You and the bartender wait for it to be deeply confirmed, then you can start ordering.
The above is probably vaguely familiar to LN users. It's the funding process of payment channels! The first transaction, the one that pays to a 2-of-2 multisig, is the funding transaction that backs the payment channel funds.
So now you start ordering in this way:
  1. For your first drink, you create a transaction spending the funding transaction output and sending the price of the drink to the bartender, with the rest returning to you.
  2. You sign the transaction and pass it to the bartender, who serves your first drink.
  3. For your succeeding drinks, you recreate the same transaction, adding the price of the new drink to the sum that goes to the bartender and reducing the money returned to you. You sign the transaction and give it to the bartender, who serves you your next drink.
  4. At the end:
    • If the bar closing time is reached, the bartender signs the latest transaction, completing the needed 2-of-2 signatures and broadcasting this to the Bitcoin network. Since the backoff transaction is the closing time + 1, it can't get used at closing time.
    • If you decide you want to leave early because your liver is crying, you just tell the bartender to go ahead and close the channel (which the bartender can do at any time by just signing and broadcasting the latest transaction: the bartender won't do that because he or she is hoping you'll stay and drink more).
    • If you ended up just hanging around the bar and never ordering, then at closing time + 1 you broadcast the backoff transaction and get your funds back in full.
Now, even if you pass 50 drinks to Jihan Wu, you can't give him the first transaction (the one which pays for only one drink) and ask him to mine it: it's spending a 2-of-2 and the copy you have only contains your own signature. You need the bartender's signature to make it valid, but he or she sure as hell isn't going to cooperate in something that would lose him or her money, so a signature from the bartender validating old state where he or she gets paid less isn't going to happen.
So, problem solved, right? Right? Okay, let's try it. So you get your funds, put them in a funding tx, get the backoff tx, confirm the funding tx...
Once the funding transaction confirms deeply, the bartender laughs uproariously. He or she summons the bouncers, who surround you menacingly.
"I'm refusing service to you," the bartender says.
"Fine," you say. "I was leaving anyway;" You smirk. "I'll get back my money with the backoff transaction, and posting about your poor service on reddit so you get negative karma, so there!"
"Not so fast," the bartender says. His or her voice chills your bones. It looks like your exploitation of the Satoshi nSequence payment channel is still fresh in his or her mind. "Look at the txid of the funding transaction that got confirmed."
"What about it?" you ask nonchalantly, as you flip open your desktop computer and open a reputable blockchain explorer.
What you see shocks you.
"What the --- the txid is different! You--- you changed my signature?? But how? I put the only copy of my private key in a sealed envelope in a cast-iron box inside a safe buried in the Gobi desert protected by a clan of nomads who have dedicated their lives and their childrens' lives to keeping my private key safe in perpetuity!"
"Didn't you know?" the bartender asks. "The components of the signature are just very large numbers. The sign of one of the signature components can be changed, from positive to negative, or negative to positive, and the signature will remain valid. Anyone can do that, even if they don't know the private key. But because Bitcoin includes the signatures in the transaction when it's generating the txid, this little change also changes the txid." He or she chuckles. "They say they'll fix it by separating the signatures from the transaction body. They're saying that these kinds of signature malleability won't affect transaction ids anymore after they do this, but I bet I can get my good friend Jihan Wu to delay this 'SepSig' plan for a good while yet. Friendly guy, this Jihan Wu, it turns out all I had to do was slip him 51 drinks and he was willing to mine a tx with the signature signs flipped." His or her grin widens. "I'm afraid your backoff transaction won't work anymore, since it spends a txid that is not existent and will never be confirmed. So here's the deal. You pay me 99% of the funds in the funding transaction, in exchange for me signing the transaction that spends with the txid that you see onchain. Refuse, and you lose 100% of the funds and every other HODLer, including me, benefits from the reduction in coin supply. Accept, and you get to keep 1%. I lose nothing if you refuse, so I won't care if you do, but consider the difference of getting zilch vs. getting 1% of your funds." His or her eyes glow. "GENUFLECT RIGHT NOW."
Lesson learned?

CLTV-protected Spilman Channels

Using CLTV for the backoff branch.
This variation is simply Spilman channels, but with the backoff transaction replaced with a backoff branch in the SCRIPT you pay to. It only became possible after OP_CHECKLOCKTIMEVERIFY (CLTV) was enabled in 2015.
Now as we saw in the Spilman Channels discussion, transaction malleability means that any pre-signed offchain transaction can easily be invalidated by flipping the sign of the signature of the funding transaction while the funding transaction is not yet confirmed.
This can be avoided by simply putting any special requirements into an explicit branch of the Bitcoin SCRIPT. Now, the backoff branch is supposed to create a maximum lifetime for the payment channel, and prior to the introduction of OP_CHECKLOCKTIMEVERIFY this could only be done by having a pre-signed nLockTime transaction.
With CLTV, however, we can now make the branches explicit in the SCRIPT that the funding transaction pays to.
Instead of paying to a 2-of-2 in order to set up the funding transaction, you pay to a SCRIPT which is basically "2-of-2, OR this singlesig after a specified lock time".
With this, there is no backoff transaction that is pre-signed and which refers to a specific txid. Instead, you can create the backoff transaction later, using whatever txid the funding transaction ends up being confirmed under. Since the funding transaction is immutable once confirmed, it is no longer possible to change the txid afterwards.

Todd Micropayment Networks

The old hub-spoke model (that isn't how LN today actually works).
One of the more direct predecessors of the Lightning Network was the hub-spoke model discussed by Peter Todd. In this model, instead of payers directly having channels to payees, payers and payees connect to a central hub server. This allows any payer to pay any payee, using the same channel for every payee on the hub. Similarly, this allows any payee to receive from any payer, using the same channel.
Remember from the above Spilman example? When you open a channel to the bartender, you have to wait around for the funding tx to confirm. This will take an hour at best. Now consider that you have to make channels for everyone you want to pay to. That's not very scalable.
So the Todd hub-spoke model has a central "clearing house" that transport money from payers to payees. The "Moonbeam" project takes this model. Of course, this reveals to the hub who the payer and payee are, and thus the hub can potentially censor transactions. Generally, though, it was considered that a hub would more efficiently censor by just not maintaining a channel with the payer or payee that it wants to censor (since the money it owned in the channel would just be locked uselessly if the hub won't process payments to/from the censored user).
In any case, the ability of the central hub to monitor payments means that it can surveill the payer and payee, and then sell this private transactional data to third parties. This loss of privacy would be intolerable today.
Peter Todd also proposed that there might be multiple hubs that could transport funds to each other on behalf of their users, providing somewhat better privacy.
Another point of note is that at the time such networks were proposed, only unidirectional (Spilman) channels were available. Thus, while one could be a payer, or payee, you would have to use separate channels for your income versus for your spending. Worse, if you wanted to transfer money from your income channel to your spending channel, you had to close both and reshuffle the money between them, both onchain activities.

Poon-Dryja Lightning Network

Bidirectional two-participant channels.
The Poon-Dryja channel mechanism has two important properties:
Both the original Satoshi and the two Spilman variants are unidirectional: there is a payer and a payee, and if the payee wants to do a refund, or wants to pay for a different service or product the payer is providing, then they can't use the same unidirectional channel.
The Poon-Dryjam mechanism allows channels, however, to be bidirectional instead: you are not a payer or a payee on the channel, you can receive or send at any time as long as both you and the channel counterparty are online.
Further, unlike either of the Spilman variants, there is no time limit for the lifetime of a channel. Instead, you can keep the channel open for as long as you want.
Both properties, together, form a very powerful scaling property that I believe most people have not appreciated. With unidirectional channels, as mentioned before, if you both earn and spend over the same network of payment channels, you would have separate channels for earning and spending. You would then need to perform onchain operations to "reverse" the directions of your channels periodically. Secondly, since Spilman channels have a fixed lifetime, even if you never used either channel, you would have to periodically "refresh" it by closing it and reopening.
With bidirectional, indefinite-lifetime channels, you may instead open some channels when you first begin managing your own money, then close them only after your lawyers have executed your last will and testament on how the money in your channels get divided up to your heirs: that's just two onchain transactions in your entire lifetime. That is the potentially very powerful scaling property that bidirectional, indefinite-lifetime channels allow.
I won't discuss the transaction structure needed for Poon-Dryja bidirectional channels --- it's complicated and you can easily get explanations with cute graphics elsewhere.
There is a weakness of Poon-Dryja that people tend to gloss over (because it was fixed very well by RustyReddit):
Another thing I want to emphasize is that while the Lightning Network paper and many of the earlier presentations developed from the old Peter Todd hub-and-spoke model, the modern Lightning Network takes the logical conclusion of removing a strict separation between "hubs" and "spokes". Any node on the Lightning Network can very well work as a hub for any other node. Thus, while you might operate as "mostly a payer", "mostly a forwarding node", "mostly a payee", you still end up being at least partially a forwarding node ("hub") on the network, at least part of the time. This greatly reduces the problems of privacy inherent in having only a few hub nodes: forwarding nodes cannot get significantly useful data from the payments passing through them, because the distance between the payer and the payee can be so large that it would be likely that the ultimate payer and the ultimate payee could be anyone on the Lightning Network.
Lessons learned?

Future

After LN, there's also the Decker-Wattenhofer Duplex Micropayment Channels (DMC). This post is long enough as-is, LOL. But for now, it uses a novel "decrementing nSequence channel", using the new relative-timelock semantics of nSequence (not the broken one originally by Satoshi). It actually uses multiple such "decrementing nSequence" constructs, terminating in a pair of Spilman channels, one in both directions (thus "duplex"). Maybe I'll discuss it some other time.
The realization that channel constructions could actually hold more channel constructions inside them (the way the Decker-Wattenhofer puts a pair of Spilman channels inside a series of "decrementing nSequence channels") lead to the further thought behind Burchert-Decker-Wattenhofer channel factories. Basically, you could host multiple two-participant channel constructs inside a larger multiparticipant "channel" construct (i.e. host multiple channels inside a factory).
Further, we have the Decker-Russell-Osuntokun or "eltoo" construction. I'd argue that this is "nSequence done right". I'll write more about this later, because this post is long enough.
Lessons learned?
submitted by almkglor to Bitcoin [link] [comments]

I am the BearWhale: UASF Now!

A signed version of this message can be found here https://pastebin.com/Lp5Djs5R
Hello. I am the BearWhale. After a series of bad experiences with the banking system, I invested most of my life savings into bitcoin when the price was fairly low, around $8. For years I was a HODLer. I was holding when Trendon Shavers ripped everyone off. I was holding when the price was over a thousand, and I held after MtGox imploded. I believe strongly in Bitcoin’s decentralized promise of displacing immoral national currencies.
The price kept drifting downwards until finally at a little over $300 I had enough. I sold off everything, based on an accumulation of information I gathered mostly from social media such as bitcointalk.org and reddit:
At this point I should state that I am a highly technical person. I understand all of the math behind the bitcoin whitepaper and the software that powers it. Although, I am not a security expert nor am I a cypherpunk - only a little experience in the type of adversarial thinking necessary to be a competent steward of the technology. I don’t regret selling, as I made an enormous profit. The decision was a rational one based on available information. However, in 2017 I went all-in on bitcoin again and here’s why:
None of the supposed facts which motivated my decision to sell were correct. It was all a carefully crafted and funded disinformation campaign launched by Roger Ver and his cronies, perhaps Jihan Wu, to discourage improvements to the bitcoin protocol to achieve financial gain at the expense of the community.
Once I recognized the moves to discredit the core developers for what it was, a covertly operated smear campaign fought on social media, funded by enormous enrichment from bitcoin, carried out with sock puppets and appeals to emotion, I looked at bitcoin and the greater community again with a more critical eye and I came to the following conclusions:
Although I am of course an adult fully responsible for my decisions, I want to make it clear that Roger Ver’s agenda was successful at convincing me that bitcoin had a “governance crisis” and was at risk of being overtaken by altcoins.
My reason for this open letter s simple: I want the community to know that I fully support the core developers. I am strongly in favor of UASF as a mechanism for liminating the centralizing effect of miner control illusions. I support SegWit as a sensible technology for moving Bitcoin forward. I reject a block-size increase hard fork at the present time. I reject a phony “compromise.” And I especially resent and reject a consortium of suits coming to an “agreement” on what source-code base will be named “bitcoin” without that code base being thoroughly vetted over a suitable long time-frame by industry professionals. Those industry professionals include Gregory Maxwell and most of the people who participate regularly on the bitcoin developers mailing list and contribute pull requests to the bitcoin-core repository.
tl;dr; I am the BearWhale: I sold Bitcoin for the wrong reasons, and now I am all-in and long bitcoin again.
submitted by the_bearwhale to Bitcoin [link] [comments]

The posted address with a transfers totaling 788,000 BTC does NOT belong to MT.Gox, but to BitStamp!

The posted address with a transfers totaling 788,000 BTC does NOT belong to MT.Gox, but to BitStamp! submitted by TwinWinNerD to Bitcoin [link] [comments]

Reports of MtGox being hacked ARE REAL (Fixed)

submitted by kiuytfvbnmkj to Bitcoin [link] [comments]

My protest at MtGox Offices - 5 to 7th February 2014, Tokyo, Japan.

Day 1 – Wednesday 5 February
After repeated and failed attempts to withdraw my BTC from MtGox, I decided to jump on a plane and pay them a visit in Tokyo.
After a 16 hr. flight from Australia I went straight to their offices, arriving at around 4pm. The receptionist in the lobby told me there was no one available to meet me and I should arrange an appointment.
I refused to leave and after about 15 mins or so, the receptionist handed me the telephone to speak with a member of MtGox support. The support person referred me to their website. After a ‘lively’ conversation I told him I wasn’t gong anywhere, I didn’t travel 16 hrs to read a website I could have read at home. I would wait for Mark Karpeles to come down.
Same thing happened 15 mins later, another call, more non-sense about technical issues, and a suggestion the authorities might have to be called. I told him great, I could lodge an official complaint against MtGox while they were here.
After some hours had passed, the building cleared out and the receptionists left for the night. I was alone in the lobby. Then at approximately 8 pm, I was suddenly greeted by Gonzague Gay-Bouchery, Manager Business Development, and Mark Karpeles right hand man.
I recognized him from some news articles. I thought great, and straight away put some burning questions to him:
Q1. What is causing the withdrawal delays?
• Well, because Gox is the best known of all the exchanges, we have been under the regulatory spotlight.
• This has created problems with government agencies, and also with our banking partners.
• There are also some ongoing investigations, which we cannot talk about.
Q.2 Sure, and this would explain the FIAT delays, but what about the BTC delays; you can’t blame that on anyone else.
• The BTC withdrawal issue is a technical one, and one that has previously affected the MtGox system, our engineers are working hard to resolve the problem.
• As of now, some BTC withdrawals were going through
• For those transactions that remain broken for a week, the balance of BTC will be returned to a customers MtGox account.
Q3. A great way to buy time for a liquidity problem?
• No, it’s a technical issue.
Q4. So why are so many of the input addresses feeding into transactions in the queue coming up empty?
• This is a complex technical issue to which neither of us know the answer
Q5. Try to explain it to me.
• Its technical
Q6. There are over 40,000 BTC in the withdrawal queue, isn’t that the electronic equivalent of a bank run?
• The 40,000 figure is not correct, and the goxreport isn’t accurate.
Q.7 But I actually obtained this data from Delerium’s website who is a gox employee / contractor / associate.
• I will have to look into that.
Q8. Why doesn’t Gox prove they are solvent by transferring a large quantity of BTC between two internal wallets like Mark previously did. Then we can all check it out on the blockchain and be reassured?
• The overwhelming majority of BTC are held in cold storage. Logistically and legally in would be difficult to replicate the transfer “trick” Mark previously employed at Gox to prove their solvency.
Q9. Try me, how hard is it, what exactly is involved?
• Obviously I can’t go into too much detail for security reasons, but it would involve physically obtaining them from 6 or more locations.
Q10. Well, why don’t u do it, isn’t this a critical situation?
• It’s not that straight foreword.
Q11. You do realize no-one believes the technical excuses for the delay in BTC?
• Mt Gox has the coins, it is a technical issue and we need people to be patient.
Q12. What is you view on the poll recently published by Coindesk on Mt Gox?
• Coindesk have a vendetta against MtGox.
Q13. But they one of the most trusted sources of news in the Bitcoin community.
• Some people have it out for Mt Gox.
Q14. How do you explain the vastly different prices that appear on Gox compared with other exchanges? It recently went to 25%.
• Some traders were responsible for the manufacturing the differential in an attempt to financially benefit from arbitrage.
Q15. But people exploiting the arbitrage opportunity would actually reduce the price differential, not widen it.
[I can’t recall receiving a response to this particular point]
Q16. Is MtGox manipulating the price by directly purchasing Bitcoins on their own exchange?
• No, MtGox is not permitted to do this.
[coincidently, almost immediately after this meeting the price on MtGox tanked]
Q17. People have a lot of money tied up in your exchange, and they don’t believe your excuses. All the evidence suggests something more serious going on at gox. You are playing with people’s lives here.
• All the coins are safe; this is merely a technical issue.
When I left the office that night, I wanted to believe that everything was indeed fine, and these were indeed some temporary technical glitches, but this view was somewhat influenced by the fact I still have BTC on their exchange. All the evidence appears to suggest something more serious.
For the record, I gave Gonzague an advance copy of this transcript and offered him the opportunity to have any of his answers amended if he felt I misrepresented him in any way. A member of his support team replied by stating he did not have any comment on my version of the conversation.
Day 2 – Thursday 6 February 2014
I arrived at MtGox early, approximately 8am, and stood outside with a sign reading “MtGox, where has my money gone”. I got some curious looks, and a lot of questions from passersby about my protest.
Then at approximately 9.20 am, Mark Karpeles himself came along carrying a large, and very fancy coffee in his hand that could have passed as a dessert. I immediately confronted him and told him we needed a chat. So he stopped to hear me out.
I told him he was playing with people’s lives, and some people stood to lose their entire savings. Like Gonzague told me the night before, he mentioned technical issues, and that he would look into my case.
Then 20mins later at around 9.40am Gonzague arrived. “Good news” he said, we have sorted out your account, go and check it online. After I got Wi-Fi connection back the hotel I discovered my failed BTC withdrawal transactions had been cancelled and all my BTC were put back in the one place in the world I didn’t want them: The MtGox website. Back to joining the queue of 40,000 other BTCs.
I think this was some sort of ironic joke. I quickly tried to withdraw them again; but surprise, surprise, stuck again.
By late evening, the majority of the other workers in the MtGox building had heard of my protest and were bringing me out sandwiches and beer, and inviting me to lunch. As it turns out, Japan is probably one of the better countries in the world to protest. Everyone is so friendly; I can see why the Goxies choose to set up shop here.
As the evening drew on, it looked like I would have do a late one to catch Mark again on the way out. However, at around 7.30pm, I was approached by a law professor from a local university who has written widely on bitcoin legal issues. He was on his way to a bitcoin “meet-up” and asked me to come along to tell my story to the other bitcoin enthusiasts. I was reluctant to leave the protest but was interested in what other Tokyo resident’s thought of MtGox.
When I arrived, everyone was very interested in hearing my story. There was a general consensus amongst the participants that MtGox was finished as an exchange. They acknowledged that MtGox had played an important role in propelling Bitcoin to what it is today, but its decline and ultimate closure was inevitable.
However, there was some divergent views on the reason for this, most people, including myself are of the view that bad business decisions and incompetence were primarily to blame, while others held the view that government restriction, and secret investigations were hampering MtGox’s ability to function efficiently. Who knows what the truth is, maybe it is a bit of both.
At the end of the day 2, there was a very worrying development, the data feed for the goxreport, and delerium’s MtGox transaction failure website were cut. Perhaps a final act of MtGox’s desperation to hide the truth.
Day 3 – Friday 7 February
I started my protest a little later today in the knowledge that most of the Goxies don’t start work until after 9am. Then there was an unexpected twist; another person showed up looking for Mark. He was an emissary of an early adopter and well known member of the bitcoin community, and was there to collect an eye watering amount of money.
My emotions were mixed on seeing this person; on one hand I was glad to see another protester to fight the good cause. On the other hand, my heart sank in the knowledge that if Mark isn’t paying off his old friends in the bitcoin community then what chance do small fry like me have?
As the emissary and I chatted, Mark Karpeles arrived, and we both confronted him, the conversation went on for some time and most of it conducted in French which I had trouble understanding. However I did mange to record the whole thing on video.
The episode only came to a halt when Gonzague appeared in the lobby and rescued Mark. Very soon after this point, MtGox released a statement announcing that all BTC withdrawals were suspended.
In conclusion, I think i just witnessed MtGox die today. I didn’t get my bitcoin, but glad I came and tried.
submitted by CoinSearcher to Bitcoin [link] [comments]

It was Willy the Bot all the time

After long digging I finally found a workable scenario explaining virtually everything: missing coins and fiat and even so called Willy the Bot.
lnovy> Yes... stay tuned... I have a clue :) gammer> lnovy any news ? lnovy> yes... almost... I'm missing just one single piece now gammer> if you're pulling a prank on us these couple of days... it so not cool :D lnovy> They way the theft worked was usign the paybutton api lnovy> there is an obvious cross-site request forgery bug in it lnovy> attacker create a one-shot button, setting a price in USD and putting in a bitcoin address lnovy> then he made a victim with mtgox account "click" this pay button lnovy> which caused market buy order for that amount to be filled (known as satoshi's thrust, or willy the bot) and after filling coins were instantly send to target address gammer> lnovy: you know this for a fact? lnovy> when you combine this with some other scamming/carding technique and faked AML documents, mtgox would lose bitcoins and fiat deposit would be charged back lnovy> I'm sure of it up to the second part (when you combine...) lnovy> I can prove it lnovy> well... not prove it... but I have no other possible explanation gammer> how you get the victim to click your "custom" button? lnovy> check the source of this page http://webcache.googleusercontent.com/search?q=cache:bnsz3it6l9YJ:https://payment.mtgox.com/21b2e5c5-79d5-4192-bd6e-9e08975cc3ac+&cd=59&hl=en&ct=clnk&gl=cz&client=firefox-a lnovy> no protection against csrf gammer> We lack data. These are all great (impressive) guesses, but far from a smoking barrel. lnovy> notice that when you google 21b2e5c5-79d5-4192-bd6e-9e08975cc3ac lnovy> You already paid that transaction in the past! We have a transaction from your account on the 2013-08-08 13:20:12 lnovy> When you lookup "2013-08-08 13:20:12" in withdrawals db lnovy> ae04aae7-d6dc-4f34-a2df-0930480786e6,e887c417-1fbe-4988-a76d-515b6a528e8b,"2013-08-08 13:20:12",withdraw,-26.92114483 lnovy> this user did two withdrawals only, no deposits lnovy> ae04aae7-d6dc-4f34-a2df-0930480786e6,ce7a32a0-1be7-4c0c-b06c-75aa77f5c311,"2013-08-08 13:05:45",withdraw,-27.18101624 lnovy> this is the second one lnovy> his balance is lnovy> | ae04aae7-d6dc-4f34-a2df-0930480786e6 | 83d24ca9-0f6e-4061-ad75-f4698c9ad58a | BTC | 56783893 | 0 | 7 | virtual | NULL | NULL | N | 2013-08-08 13:20:12 | gammer> hmm, maybe there is some smoke there. lnovy> | 673c4e76-a8e1-424a-af72-f994054236f4 | 83d24ca9-0f6e-4061-ad75-f4698c9ad58a | USD | 7952770 | 0 | 4 | virtual | NULL | NULL | N | 2013-08-08 13:04:28 | lnovy> notice that no more moving of BTC was done after withdrawal at 2013-08-08 13:20:12 lnovy> ../trades/2013-08_coinlab.csv:1375967016444075,"2013-08-08 13:03:36",592438,83d24ca9-0f6e-4061-ad75-f4698c9ad58a,ec0919d81d73ab12dc7375677723fea9,NJP,buy,USD,54,5507.94438,97.114,534897.778,0,97.114,0,0.1296,1330.073,US,NJ lnovy> ../trades/2013-08_coinlab.csv:1375967068401809,"2013-08-08 13:04:28",592438,83d24ca9-0f6e-4061-ad75-f4698c9ad58a,ec0919d81d73ab12dc7375677723fea9,NJP,buy,USD,1,101.97792,97.114,9903.47,0,97.114,0,0.0024,24.631,US,NJ lnovy> he did only this two trades... lnovy> notice that all of his limit value on wallets is null, but dissable limit is false lnovy> last piece: https://blockchain.info/address/1La4eXNXYLF41cnkADh2pKi8LGN7ePSFde lnovy> this address leads to mixnet :) lnovy> so... is the barrel smoking now? gammer> Looks convincing gammer> Any way to tell how much flowed through that exploit? lnovy> well... my query is still running... But I bet, that everything that was considered to be "will the bot" will be linked to this method lnovy> can I leave your nicknames in when I paste this on reddit? 
submitted by lnovy to Bitcoin [link] [comments]

Just so people understand the difference between Mt Gox and Bitstamp...

  1. Mt gox had problems compounding other problems. We all have read about the malleability issue but without the problem on top of that they would not have gotten scammed of coins. That problem as noted in the words of Mark Karpeles is that:
"With bitcoin 0.8.0 (released 19 feb 2013) a breaking change has been included that would prevent transactions to be accepted if their signature did not include the right number of zeroes in front of the signature values (in an effort to reduce risks of transaction malleability). We did not notice this change but a few of the transactions we were sending would become invalid because of this."
  1. There was a THIRD problem on top of this problem. When a transaction failed because of their failure to remove leading 0's... they would automatically refund customers and effectively allow a double spend to customers who rebroadcast the transactions with the right amount of 0's and therefore changing the hash of the transaction (transaction ID).
  2. And the last remaining problem besides all of these others is that they blame the bitcoin devs and the protocol when they should have just been checking the bitcoin ledger to see if funds had actually been removed. They did not apologize, made statements to try to deflect blame and I think removed the last amount of credibility they had.
Bitstamp was most likely prone to the malleability issue which would make their database become out of sync but there is no evidence of a bunch of failed transactions or automatic refunds OR a blame shift. THey instead say "hey we will fix the problem on our end" instead of saying "in order for this to be fixed the protocol has to be changed"
submitted by specialenmity to Bitcoin [link] [comments]

The Ver Effect.

I have watched and listened to a number of interviews featuring Roger Ver, the most recent one with John Carvalho. Two things are obvious:
One, Roger Ver is not concerned with the technical aspects of Bitcoin, he is emotionally involved with the concept of spreading Bitcoin across the world. He states it's for philanthropic reasons; I surmise to bring financial stability to nations where people are being exploited by their local economy (eg. Argentina, Sudan, Iran, Ghana, etc..) via gross inflation, or those affected by foreign sanctions. This is where the real meat & potatoes are. Roger Ver does not care about nor understand the technical aspect, and therefore cannot truly appreciate the future of Bitcoin that he is trying to sell today for a quick gain tomorrow. Metaphorically, Roger Ver would rather burn up on re-entry into the atmosphere than keep this thing in orbit. More on that later.
Two: Roger Ver really loves Roger Ver, and he loves the community that he has built. You can hear it in his voice when he talks about all his financial/business successes in life. He wants to cement his legacy in life and he has decided it will be Bitcoin. Since he doesn't have technical capability, he's going to leverage his political, social, and financial means to make it happen, at all costs even if that means ruining others' lives in the process. It is obvious he is lying because of his inability to sway from the scripted agenda that he is pushing, and the clear lack of latitude in any of his discussions. He is desperately running from every misstep in his life, from his felony conviction from selling explosives on E-bay, to declaring MtGox solvent, and all the other lies he seems to propagate.
I am afraid, not for Bitcoin or the future of cryptocurrency, but for all of those who choose to follow him. Roger loves Roger, and he is a man of his principles, most recently the principle of the name B-Cash versus Bitcoin Cash. The thing about people who live by their principles, they die by their principles.
So back to the metaphor. When humans want to put an object in space, it takes an insane amount of planning, theory, mathematics, coding, testing, mathematics and eventually one day, launch. If you get it right, that thing will orbit the earth for a long long time. John F. Kennedy didn't know how to build a rocket, but he understood why it was important, and why it was worth the money and life that it would take to make landing on the moon happen. More importantly, he knew he had a team of experts who could actually do the work to make it happen.
Roger is not John F. Kennedy. Roger is like the head of Mars-One. These folks made headlines by taking applications to identify astronauts who will travel to Mars; but they have absolutely no means to actually make any of it happen. I was sitting next to Buzz Aldrin while these people spoke a couple years ago, and it was a truly surreal and bizarre combination of quality scripted presentation and complete lack of substance. They don't have any money, or experts, but they have a million dollar marketing budget, a great presentation, and a really sweet website. That doesn't keep them from dissapointing thousands of people who think they are actually applying to become the first people to colonize Mars.
So, what is my conclusion. Roger doesn't care about the theory, math, coding, planning or testing that is involved with making Bitcoin happen. He is more concerned with cementing his name in history, trying to overshadow all the missteps of his past. He doesn't care that his rocket isn't going to make it into orbit. Even though everyone is showing him the truth, he's going to strap on his space suit, fuel his rocket, light that baby, and make it into some really screwed up highly elliptical orbit. For a good period Roger Ver will be a hero, the first man to deliver decentralized, fast, cheap cryptocurrency to the wold in a short timeline, forever cementing his legacy. However, eventually the lack of engineering and planning means gravity is going to take its course, and his little ship will come screaming back to the earth in a giant fiery streak across the sky. Meanwhile all of those back on earth can only watch and mourn the loss of all their investments, while they watch a tiny capsule containing a smugly grinning narcissist who represents everything they believed in turn into dust.
I believe in the the current Bitcoin development team because they got us into space. I trust that in a reasonable amount of time, Bitcoin will go to the moon, and then maybe beyond. I trust this because they have a vision that stands the test of time and doesn't simply compromise time for quality. Apollo 1 killed 3 men because they compromised quality for timeliness. One of the leaders of the Apollo program (Gene Kranz, the guy with the home-made vest in Apollo 13 movie) said "We were too 'gung-ho' about the schedule and we blocked out all of the problems we saw each day in our work. Every element of the program was in trouble and so were we."
I don't want to compromise the future of this project in the interest of novel timeliness. We only get one chance at this guys, let's make it count.
submitted by bitcoin___throwaway to Bitcoin [link] [comments]

Ethereum still has a bright future. Let's learn from this experience.

I've been involved in cryptocurrencies for many years as a miner, investor, etc and have seen many turbulent times (all of the worst). The multiple large thefts of bitcoin, the MtGox crash, forks, etc. In every case, lessons were learned by each the miners, service providers and general user community. While events like TheDAO exploit are painful ones, there are important lessons to be learned. Newcomers may have a tendency to panic and dump their coins, but the cooler heads usually prevail and come out on top. In fact, even profit off of those who panic sell, knowing the price drops are not rational but rather emotional.
We watched Ethereum drop from a $2 billion market cap to a $1 billion market cap over a flaw in something which had nothing to do with flaws in Ethereum itself. All of this because of some unproven code that people gambled $100 million on. Sure, I want TheDAO to work just as much as the next guy, but let's accept what has happened and not repeat that mistake again.
I realize there are good arguments on both sides of TheDAO / fork debate, but let's make sure we learn from this and grow. Failure is ok, that's how humanity advances. But with failure, pay attention to the lessons: * Don't gamble more than you are willing to lose. If you don't understand the technology (intimately) then you're simply gambling on faith (in devs, in advisors, in technology, etc). Accept it or not, but don't complain if you get burned knowing that you did not have full understanding going in. * Don't get caught up in hype and illusions of getting rich quick. * Don't panic on negative news. Consider the possible ramifications of the event and then decide if you should hold, buy or sell. Sometimes it's counter-intuitive and the opposite action is actually your best move. Ask yourself both why and why not before acting. Weigh both sides.
Ethereum wasn't the first cryptocurrency and likely won't be the last. This experience was a good thing in many ways. Better it happened now than later when it's more mature with a bigger audience. Imagine the news headlines if this happened in Bitcoin. We are still in the pioneer phase of Ethereum; the early adopters and risk takers.
In my mind, Ethereum is heavily undervalued at the moment. A $3 million leak (?) caused a $1 billion dollar market cap drop, largely due to panic. If anything, Ethereum is amazing simply for it's fast transaction times alone.
So stay confident as the technology is still sound. Whatever the developers decide to do (fork or not) we will look back and grow from this experience into a more mature platform. I am as excited about Ethereum as I was about bitcoin 6 years ago. Hopefully I am not alone.
submitted by TwinTurboMike to ethereum [link] [comments]

"By this time next week I expect the TX-Malleability issue to be correctly implemented by all major exchanges" - Andreas

submitted by bubbasparse to Bitcoin [link] [comments]

Time to jump ship?

Looks like the dognzb paypal got shut down, so should I consider this site compromised? In the past most sites that lost the donations ended up shutting down. Is it still safe to use dognzb or should I just use other indexers?
submitted by dogpaypal to usenet [link] [comments]

Trying to get 40,000 BTC out of the MtGOX exchange... and failing.

Day 1 – Wednesday 5 February
After repeated and failed attempts to withdraw my BTC from MtGox, I decided to jump on a plane and pay them a visit in Tokyo.
After a 16 hr. flight from Australia I went straight to their offices, arriving at around 4pm. The receptionist in the lobby told me there was no one available to meet me and I should arrange an appointment.
I refused to leave and after about 15 mins or so, the receptionist handed me the telephone to speak with a member of MtGox support. The support person referred me to their website. After a ‘lively’ conversation I told him I wasn’t gong anywhere, I didn’t travel 16 hrs to read a website I could have read at home. I would wait for Mark Karpeles to come down.
Same thing happened 15 mins later, another call, more non-sense about technical issues, and a suggestion the authorities might have to be called. I told him great, I could lodge an official complaint against MtGox while they were here.
After some hours had passed, the building cleared out and the receptionists left for the night. I was alone in the lobby. Then at approximately 8 pm, I was suddenly greeted by Gonzague Gay-Bouchery, Manager Business Development, and Mark Karpeles right hand man.
I recognized him from some news articles. I thought great, and straight away put some burning questions to him:
Q1. What is causing the withdrawal delays?
• Well, because Gox is the best known of all the exchanges, we have been under the regulatory spotlight.
• This has created problems with government agencies, and also with our banking partners.
• There are also some ongoing investigations, which we cannot talk about.
Q.2 Sure, and this would explain the FIAT delays, but what about the BTC delays; you can’t blame that on anyone else.
• The BTC withdrawal issue is a technical one, and one that has previously affected the MtGox system, our engineers are working hard to resolve the problem.
• As of now, some BTC withdrawals were going through
• For those transactions that remain broken for a week, the balance of BTC will be returned to a customers MtGox account.
Q3. A great way to buy time for a liquidity problem?
• No, it’s a technical issue.
Q4. So why are so many of the input addresses feeding into transactions in the queue coming up empty?
• This is a complex technical issue to which neither of us know the answer
Q5. Try to explain it to me.
• Its technical
Q6. There are over 40,000 BTC in the withdrawal queue, isn’t that the electronic equivalent of a bank run?
• The 40,000 figure is not correct, and the goxreport isn’t accurate.
Q.7 But I actually obtained this data from Delerium’s website who is a gox employee / contractor / associate.
• I will have to look into that.
Q8. Why doesn’t Gox prove they are solvent by transferring a large quantity of BTC between two internal wallets like Mark previously did. Then we can all check it out on the blockchain and be reassured?
• The overwhelming majority of BTC are held in cold storage. Logistically and legally in would be difficult to replicate the transfer “trick” Mark previously employed at Gox to prove their solvency.
Q9. Try me, how hard is it, what exactly is involved?
• Obviously I can’t go into too much detail for security reasons, but it would involve physically obtaining them from 6 or more locations.
Q10. Well, why don’t u do it, isn’t this a critical situation?
• It’s not that straight foreword.
Q11. You do realize no-one believes the technical excuses for the delay in BTC?
• Mt Gox has the coins, it is a technical issue and we need people to be patient.
Q12. What is you view on the poll recently published by Coindesk on Mt Gox?
• Coindesk have a vendetta against MtGox.
Q13. But they one of the most trusted sources of news in the Bitcoin community.
• Some people have it out for Mt Gox.
Q14. How do you explain the vastly different prices that appear on Gox compared with other exchanges? It recently went to 25%.
• Some traders were responsible for the manufacturing the differential in an attempt to financially benefit from arbitrage.
Q15. But people exploiting the arbitrage opportunity would actually reduce the price differential, not widen it.
[I can’t recall receiving a response to this particular point]
Q16. Is MtGox manipulating the price by directly purchasing Bitcoins on their own exchange?
• No, MtGox is not permitted to do this.
[coincidently, almost immediately after this meeting the price on MtGox tanked]
Q17. People have a lot of money tied up in your exchange, and they don’t believe your excuses. All the evidence suggests something more serious going on at gox. You are playing with people’s lives here.
• All the coins are safe; this is merely a technical issue.
When I left the office that night, I wanted to believe that everything was indeed fine, and these were indeed some temporary technical glitches, but this view was somewhat influenced by the fact I still have BTC on their exchange. All the evidence appears to suggest something more serious.
For the record, I gave Gonzague an advance copy of this transcript and offered him the opportunity to have any of his answers amended if he felt I misrepresented him in any way. A member of his support team replied by stating he did not have any comment on my version of the conversation.
Day 2 – Thursday 6 February 2014
I arrived at MtGox early, approximately 8am, and stood outside with a sign reading “MtGox, where has my money gone”. I got some curious looks, and a lot of questions from passersby about my protest.
Then at approximately 9.20 am, Mark Karpeles himself came along carrying a large, and very fancy coffee in his hand that could have passed as a dessert. I immediately confronted him and told him we needed a chat. So he stopped to hear me out.
I told him he was playing with people’s lives, and some people stood to lose their entire savings. Like Gonzague told me the night before, he mentioned technical issues, and that he would look into my case.
Then 20mins later at around 9.40am Gonzague arrived. “Good news” he said, we have sorted out your account, go and check it online. After I got Wi-Fi connection back the hotel I discovered my failed BTC withdrawal transactions had been cancelled and all my BTC were put back in the one place in the world I didn’t want them: The MtGox website. Back to joining the queue of 40,000 other BTCs.
I think this was some sort of ironic joke. I quickly tried to withdraw them again; but surprise, surprise, stuck again.
By late evening, the majority of the other workers in the MtGox building had heard of my protest and were bringing me out sandwiches and beer, and inviting me to lunch. As it turns out, Japan is probably one of the better countries in the world to protest. Everyone is so friendly; I can see why the Goxies choose to set up shop here.
As the evening drew on, it looked like I would have do a late one to catch Mark again on the way out. However, at around 7.30pm, I was approached by a law professor from a local university who has written widely on bitcoin legal issues. He was on his way to a bitcoin “meet-up” and asked me to come along to tell my story to the other bitcoin enthusiasts. I was reluctant to leave the protest but was interested in what other Tokyo resident’s thought of MtGox.
When I arrived, everyone was very interested in hearing my story. There was a general consensus amongst the participants that MtGox was finished as an exchange. They acknowledged that MtGox had played an important role in propelling Bitcoin to what it is today, but its decline and ultimate closure was inevitable.
However, there was some divergent views on the reason for this, most people, including myself are of the view that bad business decisions and incompetence were primarily to blame, while others held the view that government restriction, and secret investigations were hampering MtGox’s ability to function efficiently. Who knows what the truth is, maybe it is a bit of both.
At the end of the day 2, there was a very worrying development, the data feed for the goxreport, and delerium’s MtGox transaction failure website were cut. Perhaps a final act of MtGox’s desperation to hide the truth.
Day 3 – Friday 7 February
I started my protest a little later today in the knowledge that most of the Goxies don’t start work until after 9am. Then there was an unexpected twist; another person showed up looking for Mark. He was an emissary of an early adopter and well known member of the bitcoin community, and was there to collect an eye watering amount of money.
My emotions were mixed on seeing this person; on one hand I was glad to see another protester to fight the good cause. On the other hand, my heart sank in the knowledge that if Mark isn’t paying off his old friends in the bitcoin community then what chance do small fry like me have?
As the emissary and I chatted, Mark Karpeles arrived, and we both confronted him, the conversation went on for some time and most of it conducted in French which I had trouble understanding. However I did mange to record the whole thing on video.
The episode only came to a halt when Gonzague appeared in the lobby and rescued Mark. Very soon after this point, MtGox released a statement announcing that all BTC withdrawals were suspended.
In conclusion, I think i just witnessed MtGox die today. I didn’t get my bitcoin, but glad I came and tried.
submitted by kkodaxeroo to Bitcoin [link] [comments]

It's happening again.. lot's of 0,1 sell/rebuys at Mt.Gox

It's happening again.. lot's of 0,1 sell/rebuys at Mt.Gox submitted by dexX7 to Bitcoin [link] [comments]

I took a very long nap, now I'm confused as to what happened. Can anyone "TL;DR" please?

Can someone briefly get me up to date with what is going on?
submitted by anthonykantara to Bitcoin [link] [comments]

Why I think MtGox is insolvent

I can't see anyone doing large buy orders on MtGox. They are turning down free money if they actually have the BTC in their accounts. The fact that their trading well below market rate as well is damaging their reputation further (I know it's already shot to pieces), if they exercised arbitrage their prices would start approaching other exchanges. This would give MtGox users and the BTC community much more confidence in MtGox that they are not insolvent if the price matched the rest of the markets more closely.
I can only think of a few reasons why they wouldn't exploit arbitrage:
Alternatively:
I think it will come out soon that MtGox is insolvent, this could cause a short term drop in the market price which would be an excellent opportunity to buy (and if it doesn't I wont buy). It's an emotional market so I think it's likey it will drop.
Feel free to criticise my logic, I'm happy to be wrong
submitted by ThomasGullen to Bitcoin [link] [comments]

r/bitcoin recap - March 2017

Hi Bitcoiners!
I’m back with the third monthly Bitcoin news recap.
For those unfamiliar, each day I pick out the most popularelevant/interesting stories in bitcoin and save them. At the end of the month I release them in one batch, to give you a quick (but not necessarily the best) overview of what happened in bitcoin over the past month.
Now archived on Bitcoinsnippets.com
As promised, I launched a website as an archive, where I post the version with links to the original posts and discussions so this post doesn't get auto-moderated. Special thanks goes out to Bitttburger for thinking of the name Bitcoin Snippets.
I went back in time and made an overview for December 2016 too. I’ll probably make recaps of 1-2 previous months for each month I progress, so that I eventually end up with everything in a few years.
Starting from this month, I’m going to cut back on including memes, there’s too many and they overtake the interesting news.
A recap of March 2017 in bitcoin
Version with links on Bitcoinsnippets.com
Thanks to everyone who contributed to Bitcoin in a positive way this month!
submitted by SamWouters to Bitcoin [link] [comments]

Is dogecoin network affected also by this design issue?

Is dogecoin network affected also by this design issue? submitted by alexwbc to dogecoin [link] [comments]

Bitcoin's Volatility Is Decreasing

In the past, a Bitcoin "crash" could happen from something as simple as an exchange having a bit of lag or an underground marketplace being shutdown. These crashes were much more severe too, with Bitcoin losing up to as much as 90% of it's value from one small issue alone.
This past week, Bitcoin seems to have been hit by just about everything, with little good news. Pretty much every type of issue that Bitcoin faces came up in the past couple weeks.
First, rumors of Russia banning Bitcoin spread, causing a lot of fear. I'm not exactly sure what the state of this is now, but I know it caused a lot of concern.
Next, Mtgox halts Bitcoin withdrawals, and makes the transaction malleability bug sound like the end of Bitcoin. This mild exploit caused enormous fear and the press made it sound like the Bitcoin protocol was hacked. Other exchanges and services turned out to be effected too, and it created further problems with the network. Fixes are in the works.
Third, The new silk road was either hacked or the operator ran away with the coins. What exactly happened is controversial and I'd rather not take a stance on this, but what we do know is that someone ran off with lots of Bitcoins, and the illegal marketplace is in ruin.
So in the past 2 weeks, we've had:
-Exchange issues
-Technical problems and fear
-Major underground marketplace's Bitcoins being hacked/stolen.
-Government interference
Yet with all of these problems coming at once, Bitcoin's value dropped less than 20%($800->$650). In the past just one of these problems occurring could have caused a 50% or larger crash, yet all of them together had a much less powerful effect.
Bitcoin will become even less volatile once more people start to use it, and as more people are willing to buy during a crash. If people stop panic selling as much and instead use crashes for cheap coins, the price instability thins out.
We'll likely still have a bubble whenever Bitcoin's next growth spike occurs, and large fluctuations in value, but it shouldn't be nearly as severe as it has been in the past unless a massive bug occurs that destroys the network as a whole. Bitcoin is certainly Volatile now, but it should become better with time.
submitted by skilliard4 to Bitcoin [link] [comments]

Timeline of past Large-Scale Cryptocurrency Hacks/Exploits for Some Perspective

I've been seeing a lot of misinformation and unrealistic expectations regarding the timeframe that the Bitgrail incident should be resolved, and that the responsibility should rest on Zack or any of the other developers. For those that are new to the crypto community, I compiled some timelines of notable crypto incidents. Take note that in all of these incidents, the developers of the core protocol were not at fault. In only one situation was a hard fork initiated, with there still being lasting effects to this day.
I opted to not include the Bitgrail timeline, as it is still in motion and all of the facts aren't very clear at this point. Enjoy!

(2011-2017) Mt. Gox Hack

744k BTC stolen
Source 1

(2016-2017) Bitfinex Hack

120k BTC stolen
Source 1 Source 2
  • 2016 Jun
    • Bitfinix starts using only hot wallets for liquidity purposes. This was done due to the perceived security of their Bitgo multi-sig wallets. System was set up in a way that negated the added security of this approach
    • Hacker starts making withdraws from wallets, with Bitfinex "unknowingly" signing off on these withdraws
    • Bitfinex announces that customers will lose 36% of their BTC holdings, with the losses being split against all accounts
    • Bitfinex proportionally distributes tradeable BFX tokens (@$1 each) to customers based on the amount they lost
  • 2017 Apr
    • Bitfinex forces all BFX tokens to be redeemed for $1 each

(2016 Jun) DAO Attack

$60m in ETH stolen
Source 1 Source 2
  • 2016 Jun
    • A smart contract based community development fund is exploited by a hacker, by using a recursive function to repeatedly withdraw funds before the withdraws are registered. 15% of all ethereum is stolen by the hacker.
    • Community agrees on soft fork, but due to concerns of DDOS attacks a hard fork is planned
  • 2016 Jul
    • Hard fork is initiated. Due to the hacked funds being locked for 28 days due to the smart contract's intended behavior, the fork had to happen before the funds were released.
    • Users that were invested in the DAO were reimbursed their tokens
    • Two chains of Ethereum now exist (Ethereum, and Ethereum Classic), both of which still exist.

(2017 - N/A) Parity Wallet Bug

$150m in ETH Frozen
Source Entertaining Recap
  • 2017 Nov
    • A user trying to learn Solidity runs simple commands against the Parity wallet smart contract, accidentally freezing the funds forever. This was due to their multi-sig contract never being initialized due to poor development practices.
    • Community is split over whether a second Ethereum hard fork should occur to to recoup the lost funds
    • No hard fork is initiated

(2017 - N/A) NiceHash Hack

$80m in BTC stolen
Source 1 Source 2
  • 2017 Dec
    • Employee's computer is compromised by hacker, stealing over 4,700 BTC
  • 2018 Feb
    • NiceHash announces that it will reimburse 10% of funds lost from the hack, "[committing] to periodically repay the remaining amount to all users in the coming months" until fully repayed
submitted by LesterCovax to nanocurrency [link] [comments]

The MtGox Debacle Explained

Currently, there's too much Fear Uncertainty and Doubt.
TL;DR version:
1) The withdrawal problems at MtGox are technical. 2) It is likely that a hacker exploit has taken place. 3) Any damage is likely to be limited. 4) Other exchanges need a heads up and could also be vulnerable. 5) MtGox is going through all erroneous transactions and will update all balances. This is the reason why BTC withdrawals are frozen. 6) Countermeasures need to be taken (for all exchanges)

BTC Withdrawal Problems

A couple of weeks ago (around January 26-28) I noticed that things at MtGox were not the way it supposed to be. Normally, withdrawing BTC is an instant process. This time my withdrawals went stuck. MtGox provides an API so that transactions that didn't get through were available for public scrutiny: https://data.mtgox.com/api/0/bitcoin_tx.php. I took my stuck transactions which were available in raw format and try to rebroadcast them manually. (MtGox no longer publishes the raw format; they are now redacted for a very good reason.) To my surprise it complained that some of the transaction inputs were already spent. Furthermore, this happened to many of my friends as well. I investigated their transactions as well and tried to rebroadcast them manually, but without luck due to complaints of double spending. My immediate (now wrong) conclusion was that MtGox F-d up big time and couldn't handle a simple concurrency problem. If several people are withdrawing BTC at the same time it is important to ensure that this is counted as an atomic operation so that coins from the wallet pool are not double spent. It turns out that it was much more interesting than I've first anticipated. Another (wrong) conspiracy theory of mine that MtGox did this intentionally to cover up the fact that they were running low on BTC as they use "fractional reserve bitcoin".

Exchanges and Custom Wallet Software

Most exchanges have completely custom bitcoin software. Either they are heavily modified source code of the official client, or everything is written from scratch. To my best knowledge MtGox has written their client completely from scratch. Some people critize them for that, but the standard client is not scalable to an exchange with a million of customers. You must modify the original source so at least the wallet part is going through a more suitable database, and also the built-in security only works for a single customer. The cons with writing your own custom bitcoin client are of course that you would from time to time become out of sync with the official client. It turns out that this is very problematic.

Erroneous Transactions and Fatal Consequences

Suppose there's something that is inconsistent with MtGox client software with the rest of the bitcoin network. What would be the outcome of that? MtGox would broadcast the transaction to the bitcoin network and miners would reject it, so the transaction becomes stuck. After a couple of days, MtGox gives up because it can't get the transaction published in the blockchain so it returns the balance to the customer. This turns out to be VERY dangerous. BTC should not be returned to a customer without proper investigation. You may ask why? A hacker can exploit the erroneous transactions broadcasted by MtGox by modifying them manually (so they become consistent with the official bitcoin software) and then rebroadcast them manually hehim-self. If this happens, then the stuck transaction (at MtGox) gets actually through and at the same time the balance is returned to the customer's account. Therefore, the customer has doubled hehis BTC withdrawal attempt. If you repeat this process a couple of times then you can empty MtGox BTC vault without having to hack into their computers. So what about all those erroneous transactions with "double spending", surely this has nothing to do with the erroneous transactions mentioned recently? At the time the hacker broadcasts the modified (correct) transaction based on MtGox erroneous one, the transaction gets through, but MtGox still thinks the coins are still unspent. After all, it is only MtGox that has the private keys, so it is impossible (in general) that someone else can spend them. Therefore, MtGox still thinks those coins are unspent and trying to reuse them as fresh coins for other transactions. This explains why we had so many transactions that tried to double spend coins.

What is MtGox Doing Now?

First, the hackers that tried to modify the erroneous transactions and rebroadcast them manually are likely identified (MtGox surely knows the name of every customer). Their accounts will likely to be frozen. Second, MtGox has an accounting mess to clean up. There are many transactions registered as unsuccessful at MtGox that need to be checked whether they actually went through or not. Then MtGox needs to update all the BTC balances. This will likely take a couple of days and this is the main reason why all BTC withdrawals are blocked at this time. Once this is done MtGox will open for BTC withdrawals again.

Lessons Learned and Countermeasures

What happened at MtGox can happen at other exchanges as well. So how do we prevent these disasters from happening again in future? I have some proposals, 1) Try to stay close to the official bitcoin client and merge in new changes as soon as possible. Stay updated. 2) Bitcoin Foundation could setup some public servers that always run the latest official version of the bitcoin client. Exchanges should then be able to verify that the transaction is legitimate to the latest bitcoin client before broadcasting them. 3) At an exchange, when a transaction becomes stuck for whatever reason, always check if some other transaction with the same inputs and outputs has already been accepted by the network before returning the customers' balance.
submitted by datavetaren to BitcoinMarkets [link] [comments]

Who Will EXPLOIT The Looming BITCOIN CRASH as MT. GOX ... The Irrational Crypto Market / Tether: The New Mt. Gox? / Tim Ferriss Endorses Brave Browser Bitcoin Generator Miner 100 Working NO Scam Bitcoin: The Future of the Virtual Currency, Cyberattacks and Security (2014) Bitcoin Transaction Malleability Theory in Practice

MtGox Cold Wallet Monitor This script monitor's MtGox Exchange's Cold Wallet Movements and alerts if there is any Bitcoin or Bitcoin Cash moved from those addresses. Basically this script keeps track of all MtGox Exchange's cold wallet addresses. It is believed that MtGox directors have the access this addresses and they are constantly moving ... The first, and for a long time largest, Bitcoin exchange was MtGox. Founded. in 2010 it was a first stop for many early adopters. With the creation of other. exchanges its monopoly slowly faded ... Mtgox Bitcoin - Bitcoin Facebook Scam Mtgox Bitcoin Kraken Bitcoin Exchange Washington State Bitcoin Close The victim of a massive hack, Mt. Gox lost about 740,000 bitcoins (6% of all bitcoin in existence at the time), valued at the equivalent of €460 million at the time and over $3 billion at October 2017 prices. An additional $27 million was missing from the company’s bank accounts. Although 200,000 bitcoins were eventually recovered, the remaining 650,000 have never been recovered. This post ... Sicherheit mtgox – bitcoin.de. Nehmen wir an, bei mtgox habe kein Diebstahl von außen – eine uns allen doch nur schwer vorstellbare Konstellation bei immerhin 750000 btc’s – die alles vernichtende Schlußfigur gespielt, sondern ein Diebstahl durch interne Personen. Solche internen Personen können sein: der Chef bzw. Geschäftsführer, Techniker, Programmierer, Sicherheitsüberwacher ...

[index] [8664] [48694] [2099] [24275] [33146] [12117] [50875] [42958] [9976] [35090]

Who Will EXPLOIT The Looming BITCOIN CRASH as MT. GOX ...

Silk Road, MTGox, and potentially many more trading websites claim to be prone to "Transaction Malleability." We will shed some light and show in practice how to exploit this vulnerability. Who Will EXPLOIT The Looming BITCOIN CRASH as MT. GOX Stops All Withdrawals A temporary halt on withdrawals from the bitcoin exchange Mt. Gox on Friday and s... #bitcoin #ethereum #cryptocurrency #blockchain #crypto #economics #investing #trading #futurism #cryptonews #btc #eth #eos #litecoin #technology. Category People & Blogs; Show more Show less ... bitcoin exploit hack bitcoin faucet hack 2015 bitcoin flapper hack bitcoin free hack v7.4 bitcoin free hack v7.4 free download bitcoin free hack v7.4.rar bitcoin generator hack online bitcoin ... In 2010, an exploit in an early bitcoin client was found that allowed large numbers of bitcoins to be created.[75] The artificially created bitcoins were removed when another chain overtook the ...

#