A lot of excuses were offered from Mtgox, none of which makes sense. Simon Evans, a bitcoin enthusiast in Sydney Australia, explains why ‘malleability’ had nothing to do with the epic failure of Mtgox.
Bitcoin is in the news again! I suspect bitcoin is fairly mainstream financial news by now, and no longer just a niche. Along with the farcical financial situations going on around the world, I suspect many are taking an interest in bitcoin if just for preserving savings (see Erika’s prior post on the inflation rate and currency controls in Venezuela).
The latest scare has come from one of the largest exchanges imploding: mtgox.com.
“I assume you refer to the malleability issue. We sincerely apologize for this incident; however, please understand that we are NOT the developers of Bitcoin. We are very surprised that anyone could fault MtGox instead of the bitcoin software
- MtGox CEO Mark Karpeles”
I want to attempt to arrest the fears over bitcoin being propagated by Mtgox, especially the ridiculous antics of the CEO, Mark Karpeles. One of his claims is a ‘bug’ in bitcoin called ‘transaction malleability’ caused the loss of all their bitcoins...hilarious.
Let’s understand the issue and how it is unrelated. Bitcoin malleability is a property of the bitcoin protocol, existing since its creation in 2009, unchanged to date, and will likely to be always there.
If it was a problem, bitcoin would obviously be already dead and buried, and all other exchanges and businesses would currently have the same problem, but of course they don’t. It is impossible for malleability to be any reason for Mtgox’s insolvency, just as it is impossible to do anything harmful with this property.
Double Spending
It is not much different to a ‘double spending’ on the bitcoin network, so lets go through that first. Actually solving the double spending problem in a peer-to-peer network is a primary innovation in bitcoin. Anyone can play around with double spending on the network. You can try to break it, and lots of people try, because it means that you could use your coins to buy two different things!
Just submit 2 purchases at exactly the same time, one in China and one in France (very easy to do on the internet). A naive business would just accept my purchases. Success, i have just used the same bitcoin to purchase two things!
Actually I can make a 1000 copies and spend the same bitcoin a 1000 times! Just send a 1000 transactions around the network.
So why doesn’t this work?
Just sending a transaction around is not a ‘confirmed transaction’, the confirmation process is essentially what fixes this issue. Every 10 minutes, through a confirmation process, transactions are bundled up and ‘confirmed’, and the bundle can only ever have 1 of my transactions using the same bitcoin.
So business do not just blindly accept transactions going around (which could be copies of real ones), they only accept it once it has been confirmed.
On to Malleability
A play on this same scenario is called a malleability. You can actually do the same thing, instead of making an exact copy, just change the transaction slightly. I make 10 copies of my transaction, but slightly modify each one. This is a trick used to fool a naive business.
A naive business that doesn’t wait for a confirmation can be on lookout for transactions that are exactly the same. But this way, since the transactions are slightly modified, they look different. Again, very naive, because you could easily look in and see the same coins are being spent.
Here is how a stupid company can be duped. John withdraws some bitcoin from Mtgox, and Mtgox sends a transaction. John can then quickly copy the transaction, slightly modified, in the hope that it will be confirmed instead of the original. If it does, John can pretend that the original transaction did not go through, and demand a resend!
Of course Mtgox can easily see that the funds did go through by looking the balances, but they don’t. Mtgox gets confused, and decides to send the coins again to John...so Mtgox has just been duped into sending the coins twice!
Malleability and Mtgox
So nobody can steal coins from Mtgox, or any person, and nobody can fudge numbers, create coins or anything like that. It is just a trick duping silly businesses to send coins twice. It is impossible for this issue to cause Mtgox to lose coins.
First, a customer account has so many coins, even if gox was stupid and send someone coins twice, they could not send more than what that user had, so it would not affect other users’ coins.
Secondly, sending coins twice would be obvious immediately because the bitcoin balance would reflect that. Third, Mtgox claimed that they had coins in cold storage (offline), so it is impossible that these coins could be accessed or send out once, let alone twice.
"What does it even mean? A cold wallet that can be accessed remotely is not a cold wallet. It sounds like a script from a comedy show. I refuse to believe that people can have this level of incompetence."
-redditor gox
And all this could be prevented if Mtgox either checks the actual balances or confirmations (or both, as you would expect them to).
Bitcoin in the real world
Malleability and double spending are part of bitcoin (being peer-to-peer), and the whole point of bitcoin is to handle this. It is what allows us for the first time in history to transact without any bank or intermediary.
Everyone dealing in bitcoin knows the confirmation process and why it is there, along with bitcoin balances. The system is foolproof…. obviously Mtgox also understands this, being in the business for 4 years, the largest exchange for much of that time, and the CEO was even on the board of the Bitcoin Foundation! So we can exclude the idea that they did not understand this or were tricked by all their users!
The exchange over the last 6 months was clearly a fraud, as it is impossible for transaction malleability to cause lost coins from peoples’ accounts. The trading site was proved completely fake in the end, the balance of bitcoins that Mtgox shown to you on the screen were non existent. The hilarious thing is that by pretending it was a malleability problem (being duped into raiding peoples accounts to pay off others multiple times), they acknowledged they were a ponzi scheme (account holders are raided to pay off early investors with more money than they put in).
Obviously when people found out, the price of the bitcoins went to zero, proving the bitcoins were non existent / stolen. It was essentially a ponzi scheme, where early traders were paid back by proceeds from later traders to gain trust, then as the coins were stolen, all the late traders were left with nothing.
In Conclusion
We dont need any regulations or regulatory bodies as a result of this. Obviously the Madoff and banking crises proved that these things make the problem bigger and worse, as all these ponzi schemes and bank failures were intensely regulated by the SEC which obviously and predictability were just paid off to participate and cover up.
We should all be very distrustful of the Bitcoin Foundation itself, as a direct participant in this scheme. The Bitcoin Foundation was directly paid off by Mtgox, which also installed the Mtgox CEO on the foundation board. It ignored, hid, and pretended there was no problem for at least 6 months, only firing Mark Karpeles once all the funds had been stolen and Mtgox site went completely offline. Bitcoin is peer to peer, and people need to know there is no head, and be very wary of groups claiming they are important.
All participants at Mtgox should just go to jail based on the good old rule that thou should not steal that has been around a while.
No comments:
Post a Comment