11 Feb '14

Mt Gox Throws Bitcoin Under The Bus To Save It’s Own Incompetent Ass

In what some may describe as a showdown between one of the largest and oldest Bitcoin exchanges, Mt Gox, and the entire Bitcoin community has come to a head this week when the ailing exchange announced triumphantly that it had discovered a flaw in the Bitcoin software that effects every other exchange, wallet and altcoin based on Bitcoin.

The announcement, issued after Mt Gox had suspended Bitcoin withdrawls over the weekend, sent shockwaves throughout the Bitcoin universe.

Mt Gox claimed, in a rather duplicitous manner,

The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community.

Essentially, they are claiming they can’t allow customers to withdraw Bitcoin until a well-known ‘bug’ in the protocol is resolved.

What Mt Gox fail to convey is that every other competent Bitcoin exchange and wallet service ALREADY work around the quirk of ‘Transaction Malleability‘. Any service that relies on transaction IDs alone to confirm whether a transaction has gone through are doing so at their own risk.

A risk that Mt Gox clearly, admittedly, took themselves.

Now they’re blaming Bitcoin.

The response to the announcement was swift and brutal. I’m not talking about the price of Bitcoin. The brutality was directed squarely at the Mt Gox business and it’s top executives.

Greg Maxwell, Bitcoin core developer said,

"The Gox press release seems a little spun to me. They portray characteristics of the Bitcoin system well known since at least 2011 as something new. Correctly-written wallet software can cope with the consequences."
Share This Quote:

Meaning, Mt Gox’s software is not correctly written (by them!).

"MtGox is at fault for not implementing in a way that copes with behaviors in the Bitcoin protocol which have been known since at least 2011." - Greg Maxwell
Share This Quote:

Rannasha, a BitcoinTalk member summarized the situation:

The flaw isn’t so much in Bitcoin as it is in exchange-systems. Many exchanges use the tx-id to uniquely identify transactions, but as it turns out, an attacker can change the tx-id without changing the actual transaction, rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn’t.

The exchange will then check their db, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins.

A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the set of (amount, address, timestamp) instead. If a user complains about not receiving their withdrawal, support can look it up using these 3 variables. It takes a little bit more work from support, but it prevents this attack from succeeding.

While it’d be nice if the tx-id isn’t malleable, blaming this problem on a flaw in the protocol is quite a stretch.

Bitcoin Community Responds To Mt Gox’s Blameshifting With Seething Hatred

Many Bitcoiners fear the mainstream media will simply pick up the most juicy story that Bitcoin is broken in some way. Mt Gox has done an enormous disservice to Bitcoin as a whole, for their own selfish purposes.

Mt Gox has attempted to save it’s own reputation (what’s left of it, at least) by throwing Bitcoin under the bus.

What can Bitcoiners be expected to do other than view Mt Gox with serious scorn and disgust?

CoinDesk Removes Mt. Gox from Bitcoin Price Index

Many other services have followed suit to remove Mt Gox as a reference price.

Gavin Andresen, Bitcoin lead developer weighed in with a blog post on the Bitcoin Foundation website.

The issues that Mt. Gox has been experiencing are due to an unfortunate interaction between Mt. Gox’s implementation of their highly customized wallet software, their customer support procedures, and their unpreparedness for transaction malleability.

Others in the Bitcoin community are calling for Mark Karpeles, CEO of Mt Gox and Board Member of the Bitcoin Foundation to either resign from both positions or be voted off the Foundation’s board.

As a Board Member, Karpeles should be working to cast Bitcoin in a positive light; not cast it under the bus.

The tribe has spoken. Mt Gox, pack up your things. It’s time to go.