14 DAY TRIAL // A while back, before the world’s most popular Bitcoin transaction market Mt. Gox filed for bankruptcy, the company blocked withdrawals and eventually entire transactions accusing a “transaction malleability” built within the Bitcoin protocol.
If the fact that the company eventually crumbled after losing hundreds of thousands of its customers coins wasn’t enough of a clue that the claims might be fake, two researchers from ETH Zurick claim that the entire story is completely made up.
“A user could request a withdrawal from Mt Gox to a Bitcoin address. The exchange would then create a corresponding transaction and publish it to the Bitcoin network. Due to the way MtGox tracked confirmation of these transactions it could be tricked, exploiting transaction malleability, into believing the transaction to have failed even though it was later confirmed by the network. MtGox would then credit the amount back to the user’s account,” the Bitcoin marketplace said at the time, explaining the issues it was facing.
The researchers took the time to analyze transactions happening over an entire year. In January 2013, they created specialized Bitcoin nodes to trace and dump all transactions and blocks from the Bitcoin network, including all double spending attacks forwarded to any peers that the nodes connected to.
In this manner, over 35,000 transaction conflicts were discovered, along with over 29,000 confirmed attacks covering over 300,000 Bitcoins.
“Out of the 28,595 malleability attacks that used an OP_PUSHDATA2 instead of the default OP_0 only 5,670 were successful, i.e., 19.46% of modified transactions were later confirmed. Considering the value in malleable transactions the success rate is comparable with 21.36%. This reduces the total profit of the successful attacks from 302,700 to 64,564,” the report reads.
By the time Mt. Gox halted withdrawals and blocked all malleability attacks on transactions, there weren’t enough attacks to account for the lost 750,000 Bitcoins.
This means that the company’s excuse that all these coins, plus another 100,000 the company owned, were lost due to this particular bug built within the Bitcoin protocol is bogus. While over 64,000 coins were indeed lost in this way, the rest are unaccounted for.
This makes the concerns that employees had that the company was in fact using customers’ coins to cover loses that much more credible. It was reported last month that employees had gone to Karpeles in 2012 and confronted him about the issue, although they did not receive any clear answer on the matter from the young CEO.