Hacker News new | past | comments | ask | show | jobs | submit login
Bitcoin Exchanges Under ‘Massive and Concerted Attack’ (coindesk.com)
291 points by qwerty69 on Feb 11, 2014 | hide | past | favorite | 211 comments

I've not bought in to Bitcoin yet. It just seems like a massive, world-wide scam to me. I'm not saying that it is a scam, I'm just saying that Bitcoin is something that I don't really understand, and so I don't entirely trust it.

That said, this event is extremely encouraging. Not only is the security and the viability of the currency being tested. But more importantly, the communication and cooperation between the major players in the Bitcoin ecosystem is being tested. And so far, the community is kicking ass.

To me that signals that perhaps Bitcoin really is a viable currency for the long term, and that it may really be a great way to think about money and value exchange.

It's easy to get confused by BitCoin's technicals; it's the difference between reading an article on Wikipedia, and examining that article's source code (or the various web protocols that deliver it to you).

At its core, BitCoin is unbelievably simple: a ledger of account, no different than an Excel file, distributed across millions of computers, kept honest through offering rewards for protecting the ledger's integrity. There's really no such thing as a BitCoin, just a row in that ledger that says "1.23456", and only the holder(s) of the key for that row can send a portion of that number to a different row. Like with any form of money, any value derived from that ledger is purely a product of collective belief.

BitCoin is roughly at the place where Mosaic was in the early 90s. The real story isn't about BTC becoming the new world currency; it's a technological and sociological prototype of a new type of distributed application which has only barely begun to be explored.

Unfortunately in that respect Bitcoin is a bit of a one-trick pony. It relies on the honesty of a plurality of the network hash-strength.

Systems which use the bitcoin mechanic need a lot of adoption before they become trustworthy.

In theory, applications can be built on top of the existing BitCoin blockchain, which is now well-guarded by many vested interests; some projects like MasterCoin [1] and Colored Coins [2] are attempting to do just this.

But ultimately, you are correct: bootstrapping a new blockchain-based service requires assembling a community with enough hashing power to fend off 51% attackers. Time will tell how the experiment will pan out, but even if most projects fail, my gut is that at least a few will succeed in the long run.

[1] http://www.mastercoin.org/

[2] http://coloredcoins.org/

Don't forget Counterparty [3]

[3] https://counterparty.co/

> In theory, applications can be built on top of the existing BitCoin blockchain, which is now well-guarded by many vested interests

"Presumed to be well-guarded by many vested interests". Of course, if you don't know who controls how much of the network, you don't know that its guarded by anything, or what the vested interests with influence over the security of the blockchain are actually interested in.

Does anybody know how on earth Bitcoin is supposed to scale in X years, when everyone needs to have every transaction ever made stored on their computer?

It's an implementation detail. Currently the reference wallet stores all transactions, but future versions will be able to prune old blocks and rely on more recent "reference blocks" as their starting point.

That's interesting, thanks.

Not only that, but the bitcoins themselves need solid liquidity before becoming a feasible currency. That's impossible with the impending cap.

Right now, bitcoins are treated like digital gold. People hoard them and treat them like investment assets.

And for the same reason the world's major currencies unlinked from gold, bitcoins also exhibits recessionary behavior. (bad news for a currency)

Another narrative goes as follows: The world's major governments unlinked their currencies from gold because it proved inconvenient for their regressive redistribution activities - cronyism, military-industrial complex, propping up the banking system, etc (not saying it's a conspiracy, just a natural consequence of authoritarianism). Note that the US unlinked in 1970 and the last year that the GINI coefficient improved was 1973. FDR temporarily unlinked in 1933 and we had the great depression [1].

This narrative is consistent with 1000s of years of history, e.g. Diocletian cutting his gold dinars with silver [2] (and enforcing its fiat trade value), many many examples in small european fiefdoms prior to the dark ages, and again at the end of the renaissance.

At the end of all of these periods, the survivor was gold, because it kept its value and inflation proved to be unsustainable and extremely destabilizing to the society by propping up incompetent economic and political 'winners'.

[1]https://www.youtube.com/watch?v=JUvm9UgJBtg [2]https://en.wikipedia.org/wiki/Diocletian#Currency_and_inflat...

> Note that the US unlinked in 1970 and the last year that the GINI coefficient improved was 1973. FDR temporarily unlinked in 1933 and we had the great depression [1].

The U.S. domestic economy unlinked in 1933, permanently. Only international trade continued to use gold-backed currency, and it is that aspect which was finally eliminated in 1973.

Likewise you have mixed up your cause/effect for the Great Depression, which started 4 years before 1933. On the contrary, the very election of FDR in 1932 was due to the economic crisis, and the unlinking of gold reserves was in response to the depression, not the cause of it.

One funny thing is that many people who are otherwise economically intelligent get so confused with gold. Holding currency to a gold standard by some fixed price would be called "price control" in any other context, and we already know price controls to be bad policy. By unlinking currency from gold we can well and truly "let the market efficiently decide".

The biggest irony for me with regard to Bitcoin is that it proves the fiat concept. Bitcoin is literally worth nothing more than what people think it's worth; there's no physical thing of intrinsic worth underlying it after all. But this is of course more or less exactly the claim for fiat currency.

> The U.S. domestic economy unlinked in 1933, permanently. Only international trade continued to use gold-backed currency, and it is that aspect which was finally eliminated in 1973.

If the iternational market for dollars is still linked, in spite of domestic unlinkage, there is still some level of grounding, because of the possibility of commodity arbitrage (both directly and indirectly). Certainly there was inflation during that era, and the dollar slipped so far that it led to Nixon's actions... But for the most part the standard of living was able to keep up, largely thanks to technological and infrastructural improvements. Moreover, you couldn't soak the bankers/financial sector quite as easily because of the international connection to gold (and international currency arbitrage is more important to bankers and finance than your average domestic schmoe).

> Likewise you have mixed up your cause/effect for the Great Depression

Sorry, I should have said, I believe if we hadn't unlinked it we would have only had a shorter, not-so-great depression (emphasis on great, not on depression). Obviously, I'm aware that the unlinking came after the stock market crash of 29.

> Holding currency to a gold standard by some fixed price would be called "price control" in any other context, and we already know price controls to be bad policy.

No, price controls are setting the price relative to a standard that's backed up by guns (guns = "control", as in, if you don't do what I say I can shoot you, or point a gun at you and take you to jail). Dollars are already backed up by guns, so the notion of 'price controlling' dollars makes no sense. If anything, you want to back dollars by gold to keep the people with guns honest.

The dollar is already an 'amarket' entity by virtue of its backing by the state. A better example of 'letting the market decide' in the context of 'valuing currency' would be letting the interest rate float, without manipulation, which is also something we most certainly don't do.

>The biggest irony for me with regard to Bitcoin is that it proves the fiat concept.

There are goldbugs who insist that Bitcoin is silly because it's not tied to anything with 'intrinsic value'. That's one interpretation of the fiat concept. But I (and many others) interpret fiat to mean 'by a higher power' (by analogy to fiat lux) except in the general case of state currencies, the higher power being the authority of the state.

Indeed a gold-backed dollar is still a fiat currency, albeit a more responsible one.

> No, price controls are setting the price relative to a standard that's backed up by guns (guns = "control", as in, if you don't do what I say I can shoot you, or point a gun at you and take you to jail). Dollars are already backed up by guns, so the notion of 'price controlling' dollars makes no sense.

On the contrary, with a fixed-ratio gold standard currency it is still the state who said that a dollar was by definition equivalent with, say, 1/35th of an ounce of gold (as it was just before the U.S. finally abandoned the standard for good). But the only reason the government would give you $35/troy ounce was because of the men with the guns, and the government could change their minds.

In fact, the U.S. did arbitrarily change their mind several times throughout their history about "what gold was worth". This didn't change the market value of gold of course, but this didn't stop the politicians from abusing fiscal policy for their own interests.

The interesting thing is more that there was a market value of gold which was different from the "official" government price of gold, which should illustrate by itself the issue.

Rather there was never anything special about gold except that people thought it was special. The U.S. started off on a gold and silver standard after all, which led to problems fairly soon after since the difference between gold and silver value that Congress decreed was not always the difference the markets created.

While I'll agree it's possible to have gold-backed fiat currency (like the Civil War-era greenbacks), there's no reason why it's "more responsible". It's still just as susceptible to government intervention and it unnecessarily conflates non-orthogonal concepts for the sake of... what?

Gold was only valuable because people thought it was valuable. If you went to a desert island you could form an economy on water bottles. Prisoners actually did form economies on cigarettes, and when cigarettes were banned the currency shifted to cans of mackerel.

As far as I'm concerned gold-backed dollars make as much sense as dollars backed by sardine cans. At least true fiat currencies (and Bitcoin) finally gave up the middle-man and acknowledge that their currencies are worth what people think they're worth. It may be too spooky, but it's the truth.

Not entirely true. Gold is a good choice because it's chemical properties make it fungible, durable, and easily verified (using low tech touchstones). These properties reflect themselves in bitcoin. As for why it's more responsible to have a commodity backed currency, it's because the exchange rate is set by statute and any legislator that messes with it is potentially accountable to the downstream effects.

> FDR temporarily unlinked in 1933 and we had the great depression

I always like pre hoc ergo propter hoc arguments.

The gold standard is also inconvenient for progressive policies: it removes the floating of currency exchange rates, which tends to act as an automatic stabilizer. See the Eurozone to see how this played out over the last few years, since the Euro has the same technical effect on the member countries. If a country like Spain had had its own currency with a floating exchange rate, that currency would have automatically devalued against other European currencies, which would have acted as a big boost to the Spanish economy via increased exports. Instead, Spain got atrociously high unemployment.

The gold standard is just inconvenient, period. It restricts the policy space for governments. This can be a good thing, but in democracies - where the government mostly does act in the interest of the population[0] - I would say that it mostly ends up being a bad thing.

> FDR temporarily unlinked in 1933 and we had the great depression

Yes, both of these things happened. The important thing is the order in which they happened: The great depression happened first. Abandoning the gold standard was a somewhat late and indirect reaction to that. In fact, countries recovered roughly in the order in which they abolished the gold standard (see e.g. [1] for references).

Edit to add: As to the history of coin debasement, I genuinely wonder whether historians have got their causality right. There appears to be a self-reinforcing belief that historically, coin debasement always caused inflation. At a superficial glance, that story seems to fit the data, hence the self-reinforcement. However, there are some episodes in the Roman empire where it seems plausible that causality could have run in the other direction: Inflation came first, and the coins ended up being debased to match the reality of how much (or how little) they were still worth.

I know that gold bugs must deny the mere possibility of such a "reverse causality" on quasi-religious grounds, but a sober look at the data leaves quite a lot of room for this. Some of the inflation values use price data that is almost a century apart, and a 5x increase in price over a century is actually relatively modest inflation on a year-over-year basis, if you take the exponential nature of inflation into account. This level of inflation could easily arise endogenously, say out of modest wage-price pressure effects. Changing the coins to adjust to a new reality after a century is then merely reasonable administration.

This is not to say that the story of "bad emperor flooded the market with coins to fund wars" never happened. It's just to say that perhaps history was sometimes more complicated than what fits into a bug's brain.

[0] Yes, yes, come at me with your cynicism; and indeed modern democracies are imperfect. But compare today to the middle ages without prejudice, and you'll see what I mean.

[1] http://www.nber.org/chapters/c11482.pdf‎

I'm unconvinced that deflation is a problem. The buyer's incentive to hoard is mathematically equal to the seller's incentive to acquire; as with all pricing, buyer and seller would eventually meet in the middle.

The greatest significant bit for spending is stability/volatility. If BTC accumulated value at a steady 3% per year, many would still spend it (especially if vendors offered a 5% pay-with-BTC discount). The problem is that no one knows if BTC's value a year from now will be 10%, or 1000%.

Crypto-currency will either find a stable equilibrium over the coming years/decades, or it won't.

Deflation is, in effect, valuing labor and productivity done in the past, relative to the future; inflation is, valuing labor and productivity done in the future relative to the past.

Deflation is fundamentally less dangerous than inflation, because there is less counterparty risk. Technology is supposed to be the "rising tide that lifts all boats", perhaps not surprisingly, technological goods decrease in price in spite of inflation. But by inflating we rob society of the value created by technology and distribute it to bankers and government contractors. It's really sad, and a large reason why the rich get richer and the poor get poorer.

I agree - I think that cryptocurrency will be an international standard in the future, just not in the way it is implemented with Bitcoins.

>> "Not only that, but the bitcoins themselves need solid liquidity before becoming a feasible currency. That's impossible with the impending cap."

How does that make you feel about dogecoin's decision to allow 5% inflation per year? It's currently the third largest crypto currency (behind Bitcoin and Litecoin) and I think most highly traded coin. Does the inflation make it more viable in the longterm as a currency people will actually use and not just hoard as an investment?

In the not too distant future, I think we are going to have a cryptocurrency that is widely used internationally.

Bitcoin is not headed in that direction, but that doesn't mean someone else can't solve the liquidity problem. Forced inflation may not be it though.

> impending cap

Seems like every American is going to have trouble with this, since they are not taught how to use decimals and powers of ten. The rest of the world will do just fine using mBTC and uBTC.

This is the first time I've actually even begun to understand how Bitcoin works. Thanks!

If you would like to read a more detailed, just as simple, but much longer explanation of bitcoin I recommend this:


>That said, this event is extremely encouraging. Not only is the security and the viability of the currency being tested. But more importantly, the communication and cooperation between the major players in the Bitcoin ecosystem is being tested. And so far, the community is kicking ass.

If this was two major banks and they said they had to stop withdrawals for 1-3 days to fix a software bug that's been exposed through a concerted attack, one they already knew about and could have prevented, I don't think you would be saying the same thing ...

Ultimately this might prove a footnote in the Bitcoin story, or it might be the harbinger of more trouble, who knows. But I do think it takes quite a bit of spin to think of this as somehow being encouraging or a net positive. I think if this had maybe stopped at Mt. Gox, an exchange that was universally considered a bad player, you could think of it has good overall (ignoring the fact many people would have still been screwed over). But it seems clear it's gone beyond them.

If this was two major banks

You can stop right there, as Bitcoin is nowhere near the place where it is equivalent in any way, shape, or form to "two major banks". If it was, your critique would be valid. Since, instead, it's more like a bank startup, these kinds of disruptions are expected and encouraging, because it allows third-parties to see how difficulties are resolved, and how robust Bitcoin is or is becoming.

P.s. I have never owned, mined, or otherwise installed or used any software related to Bitcoins. I have no horse in this race whatsoever.

What I'm waiting for is the large scale real world scams to start. Look in the back of the Sunday Newspaper Color supplement and the ads for Genuine Si1ver Coins Minted at some exotic locale (sold as collectables) and replace with "Genuine BitCoins with individual serial numbers". Sold for $CURRENT_RATE and including the hash of some lost wallet, or random gibberish.

The scammer will be able to sell the same "bitcoin" over and over if they want, or set up a fake "Validate your bitcoin here" site.

The type of people that buy from the back of magazines are probably the type that would hang on to this "investment" for their grandchildren... while the scammer is long gone.

I wouldn't say it's a scam. I'd say it's the cryptocurrency equivalent of Lycos. I'm sure the cryptocurrency equivalent of Google is coming someday.

> I'm just saying that Bitcoin is something that I don't really understand, and so I don't entirely trust it.

Then read the paper! :) it's not complicated and it's pretty short.

btw do you understand how the banking system works?

I second this, the original paper is quiet clear and short : https://bitcoin.org/bitcoin.pdf

That is horrible financial advice.

And horrible gardening advice as well.

No kidding. I guess I missed the part where advice was given.

So evidently educating yourself is horrible financial advice. Who knew?

I guess your comment is horrible financial advice too then.

It is a non issue, honestly. This issue was known about as early as 2011. You can only modify non-essential pieces of the transaction, but it does change the overall transaction hash.

These poorly coded exchanges were looking for an exact hash match to pop up on the block chain, instead of looking for the deposit/address.

The actual security of the system is not really impacted at all, and the core Bitcoin clients cope fine with this. The exchanges may have put themselves at risk, but that is on them.

> You can only modify non-essential pieces of the transaction, but it does change the overall transaction hash.

That's the thing I don't get. If one is going to allow non-essential changes, shouldn't one _not_ include those data in the hash? Alternatively, should one simply not allow changes, period?

I've not read the Bitcoin paper, just summaries (been too busy, and it's outside my area); perhaps there's a good reason for it.

The important bits are signed with an ownership signature, and the whole transaction is hashed to be added to the block chain. As long as you don't trust the transaction hash (which isn't designed to be secure) you won't have an issue.

I think you are mostly correct. That is why some people call it an "issue", while others refer to it as a "vulnerability". I personally don't think it is a real vulnerability, more like a quirk.

It is not poorly coded exchanges that are causing the issue. It's actually an issue with the reference bitcoin client and those that use the same behaviour: http://www.reddit.com/r/Bitcoin/comments/1xm49o/due_to_activ...

Spending unconfirmed outputs in the presence of malleable transactions is unsafe. The reference client allows spending unconfirmed change outputs as they used to be considered safe. But if the original transactions is modified then the chain of unconfirmed transactions becomes double spent and the reference client gets confused about balances.

It's interesting to watch actually, submit a transaction to the network at the moment and there's a rogue node that will mess with the padding of the signatures and rebroadcast it faster than the original. It confuses the reference client into duplicate display, which is what Gox is relying on for the failed/success display. That they're winning races over the normal related transactions isn't that unnatural as the transaction processing stuff has a 100ms sleep() in the middle of it.

Also worth noting is the fact that the Bitcoin Price Index has been massively resilient to all the bad "news" thats been pouring in this month. It has been consistently hovering around the 670-700 mark.

I can't find the article now, but there have been several good articles explaining the lack of gravity on bitcoin in general.

Basically, the price goes up quickly when new people are attracted to bitcoin and rush to buy. When the price dips however, because so much is bought for long term speculation, the price doesn't really dip much, as no one is incentivised to sell and hold out for when it gets better.

At some point the nerve of those holding out may crack, but if you read silly saurus2's post, its quite clear that many will hold out indefinitely on the belief or hope it will one day recover. So in this manner the bubble can deflate slowly. (If you call 10% in a day slow).

There are no settlement dates or ways to easily move money out (especially now) so a crash is prevented.

If a crash happens it'll probably happen before people realise it, but suddenly there just won't be anyone wanting to buy coins anymore.

But even that might not happen as people already invested into bitcoin use how wealthy they feel to buy bitcoins from each other. That can cycle for a long time before people realise there isn't new money in bitcoin.

If you had bought coins at 800-1000, why would you sell now? No one likes to cement a loss.

Those with the most reason to sell right now are the early adopters, but it's not actually clear how many of those coins are actually reachable.

The psychology part of this argument seems the same as with any commodity, not just Bitcoin.

Maybe Bitcoin would be different if you could put money in but not take it out. But it's actually the reverse now -- it's harder to get Bitcoin out. So wouldn't that tend to increase the selling pressure?

And if you don't want to sell to a sketchy exchange, you can sell to SecondMarket[0] and get a wire transfer to your bank account the same day.


Also worth noting: you can't buy bitcoins on margin. So no margin calls to suddenly detonate the market.

Hang on. Isn't that just a matter of someone setting up a market and contracts for it? What you mean is that no one has setup bitcoins margins market yet right? Or am I misunderstanding something fundamental about BTC that prevents margins?

You can trade contracts for difference (CFDs) on Bitcoin with 1:10 leverage, including shorting them, at places like Plus500

Great way of taking the risk created with the volatility of Bitcoin and multiplying up the risk massively so you can lose money even faster...

How are those contracts validated and enforced on sites like that? The SEC used to watch naked shorts relatively closely before 2008 and it's been banned since then; but how is that arranged in practice with a currency whose primary selling point is its anonymity?

I know I'm risk averse, but even still this seems like the basest insanity to me.

Transaction irreversability makes it a lot riskier, combined with the lack of support from the legal system. If you lend bitcoins to someone, and they run off with them, how do you recover your loss?

Conversely, unlike stocks, you don't need a broker, so there's nobody who would take on that dealer role.

Nobody has setup a "buy bitcoin on margin" service yet, and the first person to do so will lose a fortune to nonpayment of margin calls.

Hang on I almost read that as meaning bitcoin has less financial capability as fiat currency, which we all know is patently false because the premise of bitcoin is centered around an increased flexibility compared with fiat currency.

You're quite wrong -- BTC is strictly less flexible than fiat. I have my own opinions, but this is inarguable and is presented as an advantage of Bitcoin, for example Bitcoin cannot be created arbitrarily by a government, Bitcoin transactions cannot be reversed, untraceable transactions cannot occur in Bitcoin, et cetera. All of these are clear restrictions upon existing currency systems.

Some possible ways that it might be interpreted to be more flexible are scripting, n-of-m transactions, and so on.

The reversibility of bitcoin is no different from passing around physical dollar bills. If you want to reverse a transaction involving actual cast, you must convince the other person to give it back, or physically wrest possession of the currency from them.

Reversibility shows up when you do transactions in a bank or other third party that can reverse the transaction on its own accord. There's no theoretical reason why this can't happen with bitcoin instead - you give your BTC to a hypothetical, highly regulated bank or broker or whatever, and then the transaction is exactly as reversible as any electronic transaction using dollars. The confusion sets in when you compare Bitcoin transactions with electronic transactions using fiat currency, when they're closer in many ways to physical cash transactions in nature.

> when they're closer in many ways to physical cash transactions in nature.

I very much agree with you. This is also the right way to think about BTC exchanges -- an unregulated website that you ship cash to.

There are some subtleties around the specific nonphysical transaction mechanism of BTC that differentiate it from a cash transaction, which are sort of difficult to quantify currently because the technical and legal aspects have not been fully explored... as a hard example, imagine a BTC wallet coupled with a memorizable private key (or an effective substitute). This is essentially a cash store that cannot be confiscated, and which can be communicated verbally, i.e. within a protected (attorney-client) setting. There are some interesting implications there.

You can protect against the risk by only providing the service between wallets held and controlled by you on your own exchange.

There also are brokers providing indirect Bitcoin shorting with 1:10 leverage in the form of CFD's (contracts for difference). Of course they could opt to always or sometimes not actually trade the coins - to their clients it makes no difference, as no actual coins can be moved in/out of the accounts.

You can margin buy/sell on bitfinex.com

You can p2p lend and borrow btc here: https://www.bitbond.net/

This sounds like a general analysis of most bubbles in history - nothing very specific to BTC.

Well I have bitcoin and I'm in no hurry to sell. I bought them at the tip of the previous bubble when they were £150 and was kinda disappointed when it dropped.

Was hoping to have a large amount in bitcoin so i can buy online services relatively anonymously.

Since then I more then recovered my loss even at the price it has now.

> If a crash happens it'll probably happen before people realise it, but suddenly there just won't be anyone wanting to buy coins anymore.

Not sure how true this is. Bitcoin has been going through a few major crashes in the past 3 years, yet the demand was still strong after it went down.

I dont think the person you replied to meant a crash, but rather an implosion. i.e. a massive failure in the bitcoin protocol that renders it useless. This is the only way in which no one will want to buy coins. In that situation your best bet is sending your coins to an exchange and selling them into the listed buy orders which have not been removed because the person who listed them is either asleep or unaware of the news.

However this is incredibly unlikely, bitcoin went though a fork last year that caused some problems but was quickly rectified, this current maleability issue is also being worked on to get a resolution. These sort of network wide problems are problems with the fundamentals of bitcoin and should, by right, affect the price of bitcoin much more than say government regulations in China or India, that they dont is because most holders of bitcoin understand that these problems can be resolved with some dev time and BTC has some great and comitted devs working on it.

Namecoin (NMC) had a similar issue where it meant that web addresses linked to NMC were not secure, that caused a crahs but no where near going to zero and that is a coin with minimal developer support.

Sounds like the reason they gave for why houses always goes up.

You should know bitbugs don't like history.

Nobody likes history in the broad sense. Most people only like history that confirms their existing positions.

Wow this makes a lot of sense. I personally believe that this is yet again another one of BTC's large dips that will eventually recover onto it's upwards path.

But then if people panic and see how hard it is to get back into fiat from BTC won't they just go into relatively stable altcoins instead? For example DOGE is skyrocketing as we speak and it's USD price was totally unaffected by BTC's recent plummet. http://coinmarketcap.com/

If by "stable" you mean "they are so small that no one will even bother attacking them"...


5th largest cryptocurrency with more transations/day than every other one put together isn't exactly small...

More like 4th, given that Ripples can't be mined, is controlled by a single entity, most of the existing coins are not freely circulating, and the transaction volume is consistently so tiny that it looks very much like the price is intentionally manipulated to make the coin look desirable.

More like 3rd. In the 8 hours since vidarh posted this, Dogecoin surpassed the Peercoin market cap. The 24h trading volume of Dogecoin is also nearly 6x that of Peercoin right now.

Really that means nothing though. Neither Peercoin or Dogecoin have merchant or payment processor support. No one is interested in taking dogecoin in payment for goods and services, right now it is just a toy coin that people can use to learn about cryptocurrencies cheaply and that is pretty much what it will always be. If dogecoin had a maleability issue it does not have the dev support to resolve it in a reasonable time frame, a fork like there was in BTC last year would have a similar result. There are lost of transactions because you can send 10 or 100 or 1000 coins to anyone and you still have sent less than a few bucks. Lots of transactions does not equal a big currency it equals a lot of transactions. And in this situation these transactions count for very little economic activity.

Is doge inmmune to this multiple hash malleability feature?

EDIT: "If" -> "Is".

No coin is immune to this.

What, you thought other coins had their own code? Nope, they are all just a copy/paste of Bitcoin's code.

Specifically Dogecoin was "coded" (copy/pasted) in a Friday night, according to it's founder. So I don't know what you were expecting.

Just curiosity. I thought they copied the code from Litecoin and I was not sure if in any of the intermediate steps someone decided to fix this.

It will be interesting to see how each developer set and community handle this problem (and the future problems).

Disclaimer: I don’t own BTC or DOGE (or LTC or any other virtual currency).

There isn't really any development team comparable to that of Bitcoin in a different coin. Things that get fixed in Bitcoin are not fixed in other coins. But if another coin happens to fix something, it will be fixed in Bitcoin too.

Typically a copycoin will only have the same fixes as Bitcoin depending on when they decided to copy it. But then they will invariably lag behind.

It is quite short sighted to think that all digital currencies are "forked" from bitcoin: see http://www.openudc.org/ for instance:

"The OpenUDC softwares are designed to manage a free money system as described by the TRM (Théorie Relative de la Monnaie), that means a money system where no human has privileges in front of money creation either in time or in space."

The concept is therefore quite different from BTC which clearly gives some people a huge privilege in front of money creation in time

Wasn't it 800 at the start of the month?

You know that it was up above 800 before this started on last Friday, right?

Given all of the historic volatility, a drop from 800 to 600 must not feel abnormal to bitcoin investors. It could have been much, much worse, I guess?

By my rough back-of-the-envelope calculation, something like $50 million dollars changed hands on Monday based on unsubstantiated fear, uncertainty, doubt, and outright lies. Volatility is one thing, market manipulation is another.

I wish I didn't buy at $900 and at least would've sold soon after, otherwise I'd buy some now. These events where some pretty major bug is found in Bitcoin are great opportunities to buy Bitcoin at a "low price" (as low as you can get in that moment in Bitcoin's history). I'm not worried about the bugs themselves because I know they will be fixed.

part of the reason is that bit coin does not depend on any banks

if you have 100 btc in an offline wallet, you will still have it tomorrow, despite whatever bugs/attacks hit the exchanges.

imagine if your bank was hacked, many people would literally be removed of their money.

With cryptocoins, you have the advantages of keeping dollars under your mattress while still bring able to spend them anywhere that accepts them.

In what way is that different from fiat money? You can keep fiat money in your mattress and spend it anywhere that accepts them. If you have $100 in a mattress (offline) then you would still have it tomorrow. The problem is that the moneys value may change tomorrow, especially if we are talking about bitcoin.

You can't secure cash under your mattress with a password, for one thing. That makes cash (and paper wallets) venerable to physical attack, even by vermin: http://metro.co.uk/2007/03/27/mouse-eats-cash-machine-makes-...

There is no problem with value changing tomorrow as this is a potential problem with any new payment methodologies. Adoption does not appear magically overnight. The US Dollar is velocity stable due to its wide spread use and being propped up by the equivalent of a bunch of duct tape and bailing wire.

I've seen more people get jacked of all their cryptocurrency holdings than any significant amount of fiat on their person, due to targeted viruses and backdoored systems. I've also seen numerous occasions where someone sent money to the wrong address and that was it, the money was forever sent into the void.

There was a guy on reddit who had all of his DOGE and BTC lifted right off his computer. He was using strong, auto-generated passwords stored in a password manager, so he was not even typing in passwords that a keylogger could intercept. Presumably the attacker had a backdoor into his system, watched him work, and just transferred out the funds when he wasn't at his desk. Poof - all gone, with more or less proper security measures in place and no clear sign of an intruder other than the missing money. Several other people reported similar events in that thread.

These are still major problems for mass adoption of crypto, completely setting aside the massive cases of fraudulent pools, online wallets, exchanges, etc., etc. There are many subtle problems that are difficult to diagnose and cure that come with a technological solution like bitcoin, that paper money simply does not have.

A true story- My grand-uncle, who had lived through the Great Depression, never trusted banks. So he buried a considerable amount of cash in the forest behind his house in mason jars (seriously!).

When he died, my grand-aunt, who always thought he was being silly, went out in the woods and retrieved all the jars.

The cash had rotted and deteriorated to the point that it was unspendable.

However, she was able to work with the US Treasury to sort through the remains and identify the bills and replace them with new currency.

There's not really a bitcoin lesson here, just some family lore that seemed relevant. :-)

this is why we buy gold and silver.

Isn't the commission too expensive?

No. You can usually buy physical at spot + 1 or 2% max. In the UK, coins like Sovereigns or Britannias are capital gains tax free, so you typically pay a bit more for them, like 4 or 5% above spot. But then you won't have the headache of remembering what you bought them for when you sell them (aside from the pleasure of saving CGT-free).

Worth it for long term storage like that.

These days spending old banknotes is problematic, even if they're in perfect condition.

Some people love gold, some people hate it, but everyone agrees it's the only thing that really has zero counterparty risk.

I wouldn't say zero! Also, moving forward things like planetary resources could challenge the stability of gold, but it's still pretty good and fairly liquid. For me, it proved more liquid than bitcoin; Exchanging bitcoin took 3 days coinbase + ACH; I liquidated a gold piece in an afternoon, could have gotten cash, but mailed a check into my bank and had the funds in 2 days (still faster than bitcoin, even with the USPS in the way)

let's say the trade commission was a horrifying 50%, and in the best case scenario for the other direction the treasury exchanged those bills exactly one for one. Would you rather have $1000 or gold from 50 years ago valued at $500 from 50 years ago? Even if you think gold is in a bubble, and, say worth $200/oz instead of $1600/oz, you would have far more than 5 oz worth from 500 1963 dollars.

If someone is going to physically break into your house and access your money what's to stop them from physically assaulting you until you give them the password? Or just taking the computer that stores the "offline" wallet?

Unless someone has some kind of insider information, no burglar is going to assume that you have a stash of bitcoins.

Until now!

There are these things called safes...

Are you going to put the safe under your mattress? Or do you think a secure encrypted and password protected wallet stored on a tiny USB drive or SD card might be more secure?

You're right, all solid savings plans must fit comfortably beneath a mattress. Reminds me of the old saying "If I can't lie down and sleep on top of it comfortably, it's not an investment"

Embed it in the floor, since you ask.

Not that I think this is the ne plus ultra of security, but since having a digital wallet doesn't obviate the existence of valuable physical documents (eg passports, title deeds) you might still want to use a safe to protect against fire, burglary, and so on.

One distinct benefit of a physical store is that removal or tampering are more obvious.

If you burn your cash there's zero risk of it being stolen. But what matters is that you have access to it in the future, and I'm a lot more confident of that with a safe than with a complicated piece of electronics that can only be used by connecting it to an even more complicated piece of electronics.

I've had a significant number of USB drives, (and SD drives) get corrupted and simply stop working. This seems to happen with heavy use, but it also happens just sitting in a drawer untouched - for quite a bit of time. I'm not trust these suckers as the sole repository of things as valuable as my pictures, much less cash.

USB drives have the advantage of small. There's literally a hundred places I could hide one in my house. Hell, I could hide 20 fake ones haphazardly and one legit one really well.

The chances of everyone doing this and being comfortable with it is pretty low though. We need brain storage medium.

I'm not sure that's an apples-to-apples comparison.

In both cases, there is one physical good which, when stolen, deprives you off the money. With cash, it's the physical notes. With Bitcoin, it's the private keys in the wallet (or private key to unlock the wallet's private keys). Making backups of the keys can protect against accidental data loss, but not against theft, as it increases attack surface (i.e. number of locations where the same money can be stolen from).

There is still an advantage here favoring Bitcoin, though: if the key is stolen and you know this, you still have a chance to preserve the wallet's holdings: just generate new keys (addresses) and broadcast a transaction of all the wallet's money to those addresses. If you can get the message to the network's nodes faster than the attacker, the money will be "signed away" before they can use it, and such attempts will be rejected as double-spends.

There is no corresponding feature for physical cash.

You need to physically be somewhere to spend cash, with BTC, you don't need a presence.

While you could construct a procedure to spend cash remotely without one powerful intermediate, this property is just built into to *coins, and it is simply how they work.

A huge difference is fractional banking, which deserves a good read. http://en.wikipedia.org/wiki/Fractional_reserve_banking

I'd argue that fractional reserve banking is still better than having a "currency" that is backed by absolutely nothing and may lose up to 90% of its value on a moment's notice.

> imagine if your bank was hacked, many people would literally be removed of their money.

Are you sure about that? For the most part those transactions would simply be reversed. Bitcoin exchanges seem a lot more exposed to computer security breaches to me.

> With cryptocoins, you have the advantages of keeping dollars under your mattress while still bring able to spend them anywhere that accepts them.

Paper currency is a bearer instrument. It can be used for offline payments. Cryptocoin can't be. Both parties need to be connected to the rest of the coin network so the transfer can confirmed by other nodes.

Not to say that cryptocoins have no under-the-matress advantages. They are a lot easier to hide than cash and you can make backup copies of them, which obviously can't be done with cash.

You need to be connected to send them but not receive them.

You certainly need to be connected to confirm that you have received them!

No you don't, blockchain.info would tell you.

Is that really true? Could a botnet not conceivably make transactions out of your wallet? Doesn't the distributed ledger have tentacles reaching under your mattress?

A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity).


The purpose of the blockchain is to establish an ordered sequence of transactions.

Sure, but no-one calculates digital signatures in their head. Your bitcoins are worthless without computer systems, and those computer systems are the subject of attack by thieves.

Sure, but this attack is not about that.

This is a DDOS attack on the integrity on the distributed database, which is very bad, but not able to spend Bitcoin that isn't yours.


I guess it would be possible.

No, even if you successfully achieve a 51% attack, you can't spend coins from arbitrary wallets.

Well, you could control the blockchain, wouldn't that include spending coins from any wallet?

You don't "control" the blockchain in the strict sense. To generate a transaction from one address to another, you must know the private key corresponding to the sender's address. Without that, the transaction is invalid, and no sane node will accept block containing such transaction.

When you have 51% of mining power, you can do a lot of nasty things(like stopping confirming transaction at all), but not spend someone else's bitcoins.

No. Transactions have to be signed by a private key matching the from address.

The double spend attack works by convincing the other party that the transaction has completed (so they release whatever escrow is in place) and then replacing the blockchain.

(But a botnet infection could watch for wallets on a computer and cause the coins in the wallet to be spent)

No. The wallets are protected with public/private key cryptography. Controlling the block-chain simply lets you control whose transactions get processed, and hence potentially allow someone to attempt to double spend their money. You could also prevent other people from spending their money entirely.

No, a botnet can't ever achieve 51%. One modern ASIC rig is equivalent to a few thousand average CPU+GPU computers that make up a botnet.

What about a botnet of modern ASIC rigs?

How would you get one?

ASIC owners are paranoid about their earnings. They would notice they are getting less than they usually do the next day after the infection.

There's also a story here about responsible disclosure.

People are making the case (and I tend to agree) that Gox should have contacted the other exchanges in private to discuss this problem before going public with it.

There's a very good chance this widespread attack is a direct result of Gox's announcement.

So first gox is criticised for blaming an old bug and now they are criticised for irresponsible disclosure. Funny old world.

What needed responsible disclosure was the fact that Gox was clueless.

It contains multitudes.


It seems the general consensus believes it was MtGox's fault that they didn't handle the protocol correctly. The only way to spin this on MtGox is to blame their protocol problems on BitCoin itself.

Right, the main argument for that was 'look, no other exchange is having problems!'. Then someone actually started using the bug against other exchanges, and suddenly other exchanges are having problems. But that's mtgox's fault too!

The attack started prior to the disclosure.

No, someone intentionally or accidentally used gox's poor handling of mutant transactions to extract double-payment from their customer support team. Gox blamed the bitcoin protocol for their own stupidity. Then after the press release, someone started a massive DoS attack against the bitcoin network. What happened to gox over the last couple of months is totally different from what what is going on right now.

No, you are wrong, sir. There are many who are recording all Bitcoin network traffic, myself included. I can see that Gox had all their outbound transactions slightly changed and rebroadcast. After that went public, being now outed and in the open, having nothing to gain from stealth the attacker moved to attacking everyone they could.

I actually removed the 100ms sleep.

I believe the change was made in release 0.8.6

Not exactly. The buggy wallet software, used by these exchanges, identifies transactions by their hash. Even if one of the duplicates is confirmed, the buggy wallet still thinks the other is a new transaction, because it has a different hash.

The fix is checking all inputs/outputs rather than relying on the transaction hash.

MtGox is the only one using the TXID hash to track unconfirmed transactions. The problem with the other wallets is that if you try and spend a change address from a rewritten transaction before it is confirmed then that transaction involving the change is then invalid.

Edit: Here is a good explanation of what this latest problem is which is different than the problem MtGox is struggling with http://www.reddit.com/r/Bitcoin/comments/1xm49o/due_to_activ...

You're right, I altered my response to remove the incorrect bit.

I don't understand how there can be any faith in the system if this is possible.

Seems like someone is definitely trying to cause panic by trying to do "btc withdrawal dos" on exchanges maybe in the hopes of driving the price of bitcoin down.

Day one: Slander the biggest exchange and hang your neck out calming the entrenched. "They are amateurs. This is that exchange's problem. $1000 is but days away."

Day two: Uhh... "Stay calm. This is just the expression of that non-issue looking like an issue. We know what we're doing."

Bitcoin has, generally, intrinsic crash protection right now. The price can't plummet if you can't find trading partners. Nobody really knows the price. The dotcom crash was from lofty to zero. As the price eats through panic sell thresholds, pants are shat. At least with commodities, people can point to the ones that went to 0 and stayed there. Since it hasn't happened with bitcoin, people can still sing the "it always bounces back" tune.

I've kicked the dead horse of stability. I've hinted at liquidity issues, but this is a grave lack of liquidity. The only thing left is any belief that there is value. If that starts to deteriorate due to the other issues, poof

Then put your money where your mouth is. There are bitcoin derivative markets that let you short it. Hell, PM me and I'll personally bet against you on a 6 mo time horizon.

If I had a position, I couldn't be considered objective.

Not to mention... the primary exchanges seem to produce that sort of clunky, bug-riddled system that undermines my confidence. A derivatives exchange? So, what the come-latelies are working on? They ain't even no Satoshi.

In another thread, there's a comment that kinda explains what is happening exactly, in a nice analogy https://news.ycombinator.com/item?id=7219266

Is the real goal of these attacks perhaps to drive down the price temporarily, so that the attackers can purchase at a discount, and then sell shortly afterwards when the price goes back up?

Quite possible a side benefit for the attackers.

If financial gain is a side benefit. What do you think the primary benefit is?

Enjoyment. Some people just like to watch the world burn.

That's a very quotable statement, and it is indeed true -- some people are intelligent and sociopathic enough that they care about their own amusement more than anything else.

But sadism is very rare, in reality. Most robbers don't give the rubies they steal to the village children. Most galloping animals with four hooves are horses, not zebras.

If you're on the plains of the Serengeti however ...

> But sadism is very rare, in reality.

But the power of the internet can magnify the effect of a single sadist to the point that it affects a million people (up to the limited extent that such opportunities exist).

Haha. Brilliant. Maybe one day we'll see kids in 3rd world countries playing with bitcoins the size of tangerines.

Information gathering. Prelude to potential attacks against the exchanges that could result in actual losses.

Just my thoughts

Bitcoin threatens a lot of people.

the lulz

Is it possible to short Bitcoins? I guess that would be the more lucrative option (exclusive knowledge etc...)

Yes, there are multiple exchanges that permit shorting, and have for a long time.

As much as I don't condone this kind of abuse, that's exactly what I'm preparing for. If BTC drops below $500, I'm buying more.

If BTC drops, below 500 or less, why exactly 500? Why not wait for 400?

I'm new to this but maybe we need to make it easier to move money from wallet to wallet, from wallet to "hard" currencies and back, etc. Right now it's practically impossible to get verified on an exchange, get money out, paying anywhere with it, etc. You are lucky if you have a bitcoin ATM where the rate is probably not that good but at least you can get some coins without sending your passport to an unknown exchange half across the world.

Without Bitcoin reaching in the real world faster, I'm not sure what strategy to employ to give it any value in the long run, making it more volatile too...

Though I profited strangely last Saturday when ponzi.io screwed up and gave me a ~96x payback, Ponzi/Casino/etc schemes which may in a way help market BTC through ensuing media frenzy, are still mostly detrimental while they are the majority of the currency's activity.

So, maybe we need to simplify software and make them all more compatible, through exported private-keys, etc. Why do I have to pay a fee by paying myself to move my money from my computer to my cell phone, for example...

How can any store expect to be paid in Bitcoin? Does he have to wait 6 verifications before letting the client go? Should we pay when we arrive and trust the store for the change? Maybe then we can have an Escrow service, 3 key involved, to vouch for those short term transaction but then aren't we back to the banking problem?

Is anyone working on a wallet that is compatible with import/export and that grandma can use? :)

Mycelium (Android wallet) lets you import and export private keys. I wouldn't know if it's grandma compatible (mine doesn't even use computers), but seems fairly simple to me if you understand the basic concepts.

To build something easier, you'd probably need to "hide" Bitcoin and just present a balance and a simple way of associating "contacts" (with enclosed addresses).

You can still instantly verify a transaction as valid, which works for the retail store. You don't have to wait for 6 verifications, the money will arrive in your wallet once you have a copy of the verified transaction and you send that to the network. It might have a different transaction id or more 0000's prepended to the number, but you will get the money.

> maybe we need to make it easier to move money from wallet to wallet, from wallet to "hard" currencies and back

Thank you Captian Obvious!

Well if it's that obvious it probably means that people who could easily simplify the process are too busy playing casino instead? :)

Nobody said it was easy (other than you just now).

Didn't coindesk just report yesterday that the 'transaction malleability problem' that MtGox was worried about was already known and a non-issue?

It turns out that "non-issue" might have been a slight exaggeration. I can understand where the Bitcoin developers are coming from. I mean no one likes to admit there's a bug in their code. Just read through Microsoft support archives. How many times will you find that some bizarre, head-scratching, counter-intuitive behavior of some API or other is "by design"? Does that mean they won't eventually (quietly) patch it? Of course not.

The bitcoin developers "admitted" long ago that that behaviour is not quite optimal, and they are actually working on fixing it, albeit not quietly, because that would risk breaking bitcoin, as would doing so fast.

It's a non-issue in so far as it does not prevent bitcoin from working as it should if you do implement things as the original client does it, it's only an issue because it's something you might easily get wrong when implementing a new client (which apparently happened to some other developers), and it would have been avoidable - but changing the behaviour now has to be done very carefully, coordinating with all implementors of bitcoin clients, in order to make sure the fix does not cause a blockchain split, so that is what is happening.

> It's a non-issue in so far as it does not prevent bitcoin from working as it should if you do implement things as the original client does it

This is not correct. The original client gets one edge case wrong and it is this that is causing the issue with most of the exchanges that use it: http://www.reddit.com/r/Bitcoin/comments/1xm49o/due_to_activ...

Yes, but the bitcoind reference client fails safely: the child transactions are orphaned and no funds are lost. It's behavior alone is not exploitable.

Unfortunately it does not fail completely safely. The change transaction seems to still be available for coin selection and causes sends to fail. The getbalance command shows an incorrect balance due to counting the change address twice - once in the double spend and once in the accepted. The accounts system also has balances messed up which some merchant sites rely on.

It is not "lose money" exploitable (unless combined with social engineering) but is definitely "lose time, lose effort" exploitable.

This report is simply noting that there is a persistent attack attempting to cause problems in exchanges (like Bitstamp and MtGox) that are using transaction IDs as verification of a transaction.

Their backend software is probably able to deal with it, but not a massive DDOS brute force attack to try to find holes in the exchanges. This is an information gather exercise by some organized hackers.

Funny: everyone said "oh, gox is stupid, no one else is affected"... one and a half days later, all those are proven wrong.

Not to be an excuse for the consistent problems with MtGox, but everyone who is affected by the current DDoS attacks should just shut the f..k up.

Didnt this same thing happen in April 2013? Somehow a DDOS attack drove the price from $250 to $75. Then it went back up. My guess is the same thing happens here. Two years ago people used to bitch when the price dipping below $15. Here it is at $650. A week is not complete unless someone claims to be witnessing the demise of bitcoin.

That was lag. Although this issue is lag-related, it cannot be mitigated with DDOS protection.

This will make them only stronger. Bitcoin is not going anywhere.

Hmm, I see. Makes me wonder where bitcoin would be trading were its history not riddled with political/legal/fraudulent/technical/reputation snafus.

It wouldn't be trading at all, because it is paving new ground. If it wasn't, it would have no reason to exist, because a predecessor coin would exist and it would be unlikely that btc would have enough differing features to justify the risk transitioning to it.

The drama isn't because of bitcoin, it is because it is the first cryptocoin breaching new markets consistently. So as it treads new ground there will always be resistance.

To the mooooooon!

I think a lot of people are viewing this as a bad thing, hence the BTC price sliding. If BTC is going to become a global currency then exchanges and banks better be prepared for this kind of stuff. After fixing this issue, I doubt many companies will make the same mistake in the future.

Better to get these bugs out of the way now than in two years when market cap is much greater.

Marks another interesting step toward maturity of the concepts of crypto currency. It is interesting to watch this in the context of other technologies (like air travel) which went from novelty to everyday thing, albeit through a series of 'events' which at times seemed likely to doom the idea.

The reason why exchanges and other software are having trouble with malleable transactions is not due to bad software using transaction ids. It's an edge case with the reference bitcoin client. See: http://www.reddit.com/r/Bitcoin/comments/1xm49o/due_to_activ...

Basically the reference client allows an edge case where it allows spending an unconfirmed output if that output was generated by the wallet itself as change. This can form a chain of unconfirmed transactions. When the malleable bot modifies the original one they all become invalid. The reference client does not handle this case well, it gets balances wrong, and clogs the wallet up.

It's unfortunate that Mt Gox got a lot of heat for calling out the issue from the foundation and core developers saying that malleability was known and wasn't a bit issue. in fact it is an issue due to this edge case in the reference client.

The most fascinating thing about this whole process is watching the btc community try to keep it moving. As someone who doesn't know anything about digital currencies, this seems like one of the first major tests of an philosophy of unregulation.

Setting up a rogue node that messes with all transactions is the best way of hurrying a proper fix to the protocol that will also be deployed ASAP and accepted by everyone!

Given the asymmetry in the difficulty market participants have with selling (and withdrawal in fiat, in a timely manner) or shorting bitcoin, as compared to the effort involved in buying bitcoin, any news is bullish news. This should hold generally and is not specific to publicity about the attack.

Assuming equal reach for would-be-sellers and would-be-buyers, more buyers are capable of expressing their opinion in the market than are sellers.

Is this why I saw a bunch of super small incoming transactions to my coinbase wallets that then promptly disappeared?

I have no proof what so ever, this is just a conjecture: there are powerful government and private entities who profit from manipulating the current monetary system. I have to ask: is it unreasonable that state actors would try to crash Bitcoin out of self interest?

is it unreasonable that state actors would try to crash Bitcoin out of self interest?

Is it unreasonable? No. Is there any evidence to suggest it? No.

There was an article going around just the other day alleging that GCHQ were DDOSing the QuakeNet and Freenet IRC systems. Not the same, but a similar kind of thing.

One issue with this is do we even have any evidence somebody can reliably short Bitcoin at the level a government would want to? It seems hard to believe a government could do more damage to Bitcoin than just declaring that it's banned in their country, anybody using it gets {significant penalty in their country}.

Governments don't have to short it. Pulling money from digital currencies back into government controlled ones seems like benefit enough.

So the claim is they'd be doing something like these attacks? I just struggle to believe that's the most effective way for them to deal with the problem, when the US Government coming out with "Bitcoin is illegal due to {plausible sounding terrorism story}, possession is a felony" would utterly tank it overnight.

No, I don't think they have to, I'm just saying they could benefit. All a govt really has to do is outlaw it like Russia just did recently I believe.

I can think of a few entities who have an interest in its failure.

What was the intent of including something like transaction malleability in the Sotahsi client?

It's a bug. Signatures have multiple equivalent forms, and the clients don't require that representations are canonical.

>The first form of malleability is in the signatures themselves. Each signature has exactly one DER-encoded ASN.1 octet representation, but openssl does not enforce this, and as long as a signature isn't horribly malformed, it will be accepted. In addition for every ECDSA signature (r,s), the signature (r, -s (mod N)) is a valid signature of the same message.


I don't think it should be called a bug. Peter Todd (well-known Bitcoin developer), said[1]:

> [...]I'm a bit hesitant to bake in assumptions about malleability when we have no solid idea if ECC signatures are or are not malleable on a fundemental level; if "whack-a-mole" anti-malleability is all we've got it could be ugly if a break is found.

I understand this to mean, there may be unknown ways to transform signatures, like the s sign flip you quoted. In that case there would be no way to know which representation is "canonical." Thus, malleability is either a fundamental, fatal flaw in Bitcoin, or just something Bitcoin developers need to work around.

Now, it seems even the reference implementation isn't perfect about malleability, and perhaps people could have been better about making the issue known. So there is work to be done, but it is not a "bug" that can be "fixed", at least not without upgrading the entire network, and/or risking it popping up in the future when someone applies more ECDSA signature mutation tricks. The real solution, if you want to safely fingerprint transactions, is to make your own transaction hash that is immune to malleability, like [2].

[1] http://sourceforge.net/mailarchive/message.php?msg_id=319546...

[2] https://github.com/sipa/bitcoin/commit/e7853a91cf646a6a47011...

It seems like the whole bitcoin community is immature.

By definition, yes.

Someone should pen the next James Bond story around Digital currency manipulation. What a fascinating world.

That's probably the easiest way to make a James Bond story that feels out-of-touch now and out-of-date tomorrow.

Haha. Not necessarily, the general public is becoming aware of btc as you can now pay regular companies with it. also you could tie it into typical James Bond fare such as funding for terrorist organizations etc.

> That's probably the easiest way to make a James Bond story that feels out-of-touch now and out-of-date tomorrow.

I think it would be the first JB movie that has a chance of not being out-of-date tomorrow.

Massive attack requires massive resources.

Maybe foreign government? Heck, domestic government?

Massive attack requires massive resources.

Not, in general, true. You could rent thousands of botted-up consumer-grade PCs located in the United States to run your custom bitcoin client for hundreds of dollars. This particular attack doesn't require any detailed computation -- all you have to do is observe a transaction broadcast from Legitimate Node N1, perform nanoseconds of computation on it, and broadcast the resulting transaction from your Conspiring Nodes N2...N1000 faster than N1 does. Assuming you do, your altered transaction will be the one adopted by the consensus, not the original one.

The technical complexity of this attack is substantially below several levels of e.g. the Stripe CTF event, which were designed to be implemented by intermediate programmers in a few hours of play.

concerted massive attack: http://www.youtube.com/watch?v=iKxnCGziUVA

Funny if it was Mount Gox trying to prove a point.


is btcchina affected?

One of the Best Services... Fiver also accepts bitcons... For more read here: http://blog.fiverr.com/fiverr-now-accepting-bitcoins/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact