The title is not accurate. Mt.Gox could have lost at most 386 BTC to transaction malleability. From the report's conclusion: " As such, barely 386 bitcoins
could have been stolen using malleability attacks from MtGox or from other
businesses."
In other words, the set of "successful" transaction malleability attacks totalled a sum of 386 BTC among which some may or may not have been targeted at Mt.Gox (impossible to know without knowing Mt.Gox addresses).
Nevermind, I'm mistaken. After reading the paper more carefully, it's saying only 384 coins were involved in successful malleability attacks before Feb 7th (when Mt. Gox stopped withdraws). But between the 7th and the 13th (when Silk Road announced they'd lost their coins), the number of coins involved in malleability attacks increased to almost 300,000 BTC: http://i.imgur.com/H8YVLXO.png
As such, it's entirely possible that SR lost 4,400 coins due to malleability.
While very interesting, the scope of this study is limited by the fact that their data collection only goes back to January 2013, so anything that happened before that was not considered. I don't want to defend Gox, but it is conceivable that they lost significant amounts of BTC prior to this via TM and were just doing business with a deficit of BTC.
> I don't want to defend Gox, but it is conceivable that they lost significant amounts of BTC prior to this via TM and were just doing business with a deficit of BTC
Sure, but it's unlikely given the rate of ~1btc/day and the fact that it wasn't resolved until well after 2013.
Has anyone tried analyzing the actual blockchain for likely malleated (malled?) transactions? Depending on which form of malleability was exploited (see: https://gist.github.com/sipa/8907691) it should be fairly easy to separate "normal" transactions generated by "normal" clients and intentionally malleated transactions.
Yes it would be possible to detect "malleated" transactions with high confidence for certain classes of malleability[0]. I'm not aware of anyone having done such analysis yet.
[0] The types of transactions that are less likely to catch false positives would probably be those that have "superfluous scriptSig operations". For other classes of malleability, it would be more difficult to tell whether a given transaction was the result of a malleability attack or if it was just a transaction produced by an alternative client.
The verb malleate (shape with a hammer), related to the adjective malleable (able to be shaped as with a hammer), has the past tense malleated (as grandparent comment properly intuits).
FYI, GCIDE lists "malleate" citing 1913 webster as a transitive verb:
Malleate \Mal"le*ate\, v. t. [imp. & p. p. {Malleated}; p. pr. & vb. n. {Malleating}.] [L. malleatus hammered, fr. malleus a hammer. See {Mall}, v. t.] To hammer; to beat into a plate or leaf. [1913 Webster]
A transaction is not "malleable" in the hammer-hitting sense. It is only "malleable" in the abstract sense (of pliable). It makes more (common usage) sense to "exploit the transactions malleability" (pliability) than to say the transaction was "malleated" (ie, hit by a hammer). That's all I was trying to point out.
"Malleability" is the property of transactions that aspects of their serialization format can be changed without invalidating them. Actually changing transactions is called "mutation", the past tense of which is "mutated".
Doesn't "malleable" literally mean something like "shapeable with a hammer," from the Latin malleus, "hammer"? Maybe the verb form should be "hammered."
There's "malleate", which really truly does go with "malleable". But it has only the original literal meaning of "beat into shape with a hammer" and not the generalized meaning implicit in "malleable".
It's certainly extrapolation to go back beyond Jan 2013 but I don't think it's unreasonable extrapolation, since it's a strong trend. Let's hope some enterprising individual may volunteer transaction records from years past for continued analysis.
The thing is that GOX may have experienced a major theft via TM prior to 2013, fixed the bug and operated with a BTC deficit. In this case, extrapolation is useless.
Just because there exist other possibilities doesn't make what appears to be the mostly likely extrapolation useless. What evidence suggests such a major malleability theft did occur?
How easy/difficult would it be to assemble and analyze the full set of transactions going back to mt gox's start, assuming we know what we're looking for and can just sift through looking for those, as the researchers did?
It may be inconvenient to keep as much of your holdings in cold storage as possible, but it's much more convenient than assuming the third party service you're using is secure/not a bad actor.
I don't know much about this, but is it possible that Mt Gox simply stole the bitcoin themselves and blamed it on hackers? I imagine the coin is supposed to be cryptographically protected, but I don't know where users stored their keys. Bitcoin is so new that we all seem to have bought the malleability loss claim, but it could have been a red herring.
Disclaimer: That is all speculation, I know nothing about this.
Before the 'loss', their bank tried to cancel all contracts. It's more likely that Gox' accounts were frozen along with the deposit boxes (cold storage), due to an investigation. Maybe Gox is under a gag order. So they tried to find an explaination that would not violate that gag order.
Ah, interesting. Well I look forward to seeing how it pans out. I feel for the people who lost coin. Hopefully we have learned how better to handle cryptocurrency in the future, even if it's learning how little to trust others with it. I'm rooting for decentralized electronic currency, so I hope the lessons learned make it stronger!
Well, people should treat market places as what they are and not as banks or deposits. It's always the lazies who get bitten. Move coins to your own secure wallet, back it up and be suspicious about everything (your and other's hardware and software, market places). Unfortunately, there is no easy way and never will be. Everything comes with trade-offs. Just pick those with the least risk.
I like to see open devices that are built just for managing coins. Bitcoins on your smartphone? Forget it! Maybe, if all the bis players stick their heads together, they can build something, that is certifiable and has nothing more than required on-board, so that it is easier to be kept secure.
Interesting. Never heard of this. Does this print on thermal or normal paper? The website states that "Piper doesn't need ink refills". Thermal paper would be problematic.
I don't know why people are saying that Mt. Gox may be under a gag order. They're based in Japan, so an American gag order seems like it's not applicable. And while the US did seize some millions of theirs from US banks, their bitcoin cold storage wallets were probably based in Japan, not the US, so there's no way the US could seize them. And even if they did seize them, there's no evidence at all suggesting that they could compel Mt. Gox to remain silent about it.
Mt. Gox absolutely could have stolen the bitcoin themselves. It's still one of the more likely scenarios.
I don't think it's likely at all. It would have been discovered by now if that were true. If you want to get away with stealing $400 million you certainly don't do something that invites the maximum amount of scrutiny, as they did in closing Mt. Gox in such a haphazard, clearly minute-to-minute manner. If their aim was to steal $400 mil and get away with it they would have shut down the Mt. Gox operation in a much more graceful, deliberate, and mysterious way.
Plus Karpeles does not strike me as a criminal mastermind. Maybe that's why he's a mastermind?
Why would they store their cold storage wallets within the reach of the US government, especially after they seized assets previously?
Occam's Razor seems to apply here. In absence of evidence, the simplest explanation is more likely to be the correct one. The simplest explanation is still that Karpeles tried to steal the coins, rather than a government stepping in and stealing them.
This seems equivalent to hypothesizing that "their wallets may have been lost due to their harddrives crashing." Sure, it's possible. But it's easy to come up with dozens of possible theories.
What evidence do you have that the US government has done that against Japanese companies in the past?
(Mt. Gox may have had a US division, but they were a Japanese company, not a US company.)
EDIT: Also, if the US had seized most of the coins, why would they suddenly have a change of heart and allow Mt. Gox to release 200,000 BTC?
Unfortunately, Mt. Gox's accounting appears to be nonexistent. For example, they recently revealed that they found 200,000 of the missing bitcoin. I could be wrong, but I don't think anyone analyzing the blockchain had a clue that those particular 200,000 bitcoin were still under Mt. Gox control, let alone traced where any other bitcoin went.
I think you're wrong, reddit was tracking those coins and said Gox still controlled them over a week before he announced he'd found them. However I think you're right about accounting being non-existent.
Really? Hmm, do you have any links I could look at? I thought they'd found some other large quantity of coins, but not the ones that have remained inactive since 2011 (the ones Mt. Gox said they recently found).
Indeed, I remember similar threads. But the 200,000 BTC that Mt. Gox found has remained inactive and unmoved since 2011. I can't find any Reddit thread that discovered those inactive coins before Mt. Gox did.
Certainly the accounting and reconciliation was non-existent. However it looks like if some effort was put into looking through of MtGox's records, you might be able to figure out what is going on. I don't trust Mark Karpeles to do that.
Even in a best-case scenario, you'll be lucky to get anything at all. Even assuming there is a successful lawsuit, and after all of the assets have been divided up, and after the lawyers have taken their fees, in 10 years maybe you'll end up with $20. Maybe.
If you file against MtGox (class-action or otherwise) right now, you could be listed as a creditor in their bankruptcy, and would benefit greatly from said liquidation.
Not all jurisdictions allow filing against a bankrupt entity, and considering that Japanese law is heavily influenced by German law, I doubt it's possible in Japan. I can't find any easily accessible English language literature on it, though.
Occam's Razor here is that Karpeles stole the money himself. There is a _very_ rich tradition of Bitcoin service operators absconding with customer funds and blaiming "hackers". Inputs.io, Sheep Marketplace, MyBitcoin, Bitcoin Savings & Trust, and that's just off the top of my head. Most of these services were run by sketchy people who had been into Bitcoin from the earliest days when its only use was buying drugs and gambling on Satoshi Dice.
There's a clear financial incentive to abscond with customer funds, and the obfuscated and irreversible nature of Bitcoin makes stealing BTC the perfect crime. Mark clearly had the opportunity, motivation, and means to steal. This would also be fully consistent with Bitcoin history.
In my view, 90%+ chance Mark stole everything himself. Incompetence or legitimately was stolen from? 8% chance at best. Gag orders? I'll put it at 1%. It just didn't happen.
What would have been the point? There's nothing he can buy with $400m in stolen bitcoins that he couldn't have bought with his couple million dollars in legitimate money. A mansion? A plane? 100 cars? How would he get away with it?
It seems much much more likely he lost the coins due to incompetence, panicked, and tried to recover them by running a fractional reserve. Then transaction malleability happened, too many people tried to withdraw, and the jig was up.
No evidence of this, fraudsters routinely go quite after being caught; this isn't unusual behavior. There's simply no cause for speculating a gag order.
It's ludicrous to think it'd still be in effect long after the fall of the Silk Road, or that he'd obey such an order living in Japan where the order has no legal effect on him.
In other words, the set of "successful" transaction malleability attacks totalled a sum of 386 BTC among which some may or may not have been targeted at Mt.Gox (impossible to know without knowing Mt.Gox addresses).