Crusty
Lifer
- Sep 30, 2001
- 12,684
- 2
- 81
Mt. Gox did not store their customers bitcoins on the blockchain. They maintained internal accounting software, or at least claimed to have.
Just one of the many reasons they were a shitty company.
Mt. Gox did not store their customers bitcoins on the blockchain. They maintained internal accounting software, or at least claimed to have.
Just one of the many reasons they were a shitty company.
You know what's nice about dealing in a currency backed by the weight of a multitrillon dollar economy, ie the USD? They create things like the FBI and the secret service, as well as any other apparatus at the disposal of the US government to defend the integrity of it. When someone steals a bunch bitcoins, why is that any different than someone stealing an island in second life, or a bunch of dragon armor in WOW? Should the FBI suddenly care about stolen bitcoins because a few idiots were stupid enough to pretend it was money?
l0cke
Diamond Member
- Dec 12, 2005
- 3,790
- 0
- 0
I'm not an expert on it, but from what I've heard the advantage to using an ASIC isn't very big compared to a GPU.
http://en.wikipedia.org/wiki/Scrypt#Proof-of-work_in_cyptocurrency_operations
Ns1
No Lifer
- Jun 17, 2001
- 55,420
- 1,600
- 126
BoberFett
Lifer
- Oct 9, 1999
- 37,562
- 9
- 81
Traditional fiat currencies are corrupt in their own ways, with rules that favor the well connected. (Maybe the Fed should step in and buy Bitcoins
) But governments enjoy the privilege of police powers that these non-government currencies will never have.
halik
Lifer
- Oct 10, 2000
- 25,696
- 1
- 81
DING. Thank you for being the voice of reason in this sea of Ron Paul tinhattery.
BudAshes
Lifer
- Jul 20, 2003
- 14,011
- 3,398
- 146
It's not money, but it's still a very valuable commodity that was stolen. It's exactly the same premise as a commodities brokerage disappearing overnight and running off with all the pork bellies.
master_shake_
Diamond Member
- May 22, 2012
- 6,425
- 292
- 121
as a favour to miners, im willing to give everyone who lost all their funny money, 10 cents on the dollar for any amd cards they would like to part with
surfsatwerk
Lifer
- Mar 6, 2008
- 10,110
- 5
- 81
This is a very interesting problem, and the answer is quite complicated. This is what I have been able to gather from public sources, held together with various deductions and educated guesses.
1. Mt Gox is an exchange. You can deposit or withdraw legal currency and trade for BTC or vice versa.
2. There is by necessity a pool of BTC and legal tender held at Mt Gox in place of client funds. In the case of BTC, a customer would pay BTC from their wallet to Mt Gox's wallet address, and the opposite would happen for withdrawal.
3. While BTC payments are public via the blockchain, the exchange of legal tender for BTC is not a blockchain transaction and therefore not public and only logged internally in Mt Gox's database (although summary information - e.g. trade price and volume - is published).
4. The deposit of BTC into Mt Gox and withdrawral out are part of the blockchain and are publicly logged.
5. Mt Gox wrote custom "wallet" software to handle the BTC transactions on the blockchain. It had a serious bug, in that the payment instructions it generated were malformed.
6. The malformed transactions would be accepted by early versions of the official bitcoin client, and the transactions would work correctly. However, the hash of the transaction data (often used as a "unique ID") would be different in a malformed transaction compared to a correctly formed one.
7. The bitcoin developers realised that this would be a problem, and pushed out an update that would automatically reject malformed transactions, even if otherwise correct and signed. They also sent out an alert to developers telling them that the transaction hash must NOT be used for tracking the progress of transactions (because if two copies of the same transaction, one well formed, one malformed had different hashes, and you only look for one hash, then you may think the transaction had failed, when it had in fact, completed).
8. Mt Gox failed to implement this when the update was pushed out in Jan 2013. As a result, BTC withdrawals from MtGox would fail. MtGox internal developers were unable to identify the problem.
9. 3rd parties unknown (possibly hackers, possibly frustrated customers of Gox trying to withdraw BTC, possibly benevolent 3rd party bitcoin proponents) set up "workaround" servers. These would pick up the malformed transactions from Mt Gox when they were broadcast, and they would reformat them into the correct format required by the blockchain and then rebroadcast them. The blockchain would ignore the malformed broadcasts, but accept the reformmated broadcasts.
10. Not only had Mt Gox not noticed the bitcoin protocol update, but they had also not heeded the warning of the bitcoin devs to be certain that they are not using transaction hashes for checking transaction progress.
11. The Mt Gox wallet software used the transaction hashes as the ONLY method of reconciling transactions. The blockchain was never rescanned to check that coins were in their expected places, and the coins were never traced as part of transaction validation. (This contrasts with the reference source code, which reconciles transactions by tracing the coins as they progress through the blockchain).
12. Over the next 12 months, confusion reigned at Mt Gox and they had no idea why sometimes customers would complain about not receiving transactions, and that they could not find the transaction hashes in the blockchain.
13. To Mt Gox's wallet software the transaction might appear to have failed (because the hash would never appear in the blockchain due to the transaciton being malformed). The same would be true for Mt Gox support, who would search for the transaction hash on blockchain.info and not find it. As a result, support would reissue the transaction without any further checks (e.g. checking the receiving address on blockchain.info for receipt of coins, or checking the MtGox wallet address for withdrawal of coins)
14. There appears to have been mass exploitation of this lack of checks. Some customers are believed to have noticed that they received their withdrawals, but that the transaction was showing as failed on Mt Gox, and that they had the "wrong" transaction hash listed. Some customers may then have gone and received double or triple payouts from support by claiming that the coins never arrived.
15. It appears that there was no auditing of this over the 12 month period when all withdrawals would have been subject to this bug (and possible several years previously, as the hash "malleability" bug was first noted in 2011, and the developers started warning software devs about it)
16. Mt Gox held a limited size "hot" wallet for day-to-day BTC use. The vast bulk of their BTC were held in a stack of "cold" wallets that would hold their long-term customer deposits in an offline/nearline format.
17. On Feb 7 2014, Mt Gox were finding that no more BTC withdrawrals could be made. From what i can tell, this is because their "hot" wallet was empty. The status of the "cold" wallets is unknown, but they are rumored to be depleted also.
18. It is presumed that they had either an automated system or a manual process with no checking for transferring BTC from "cold" to "hot". This appears never to have been audited or subjected to checking.
19. New MtGox customers would have had to supply scans of passport/photo ID/proof of address/residency. However, it is possible that old customer accounts might not have needed this, especially if they never tried to deposit or withdraw legal tender (i.e. only move BTC in and out for speculation purposes).
20. While it should be possible to trace customers that have received multi-payouts, this depends on support having kept adequate records. Given the vast number of transactions in and out of Mt Gox, it may not be possible to correlate transactions to find duplicates, especially if a different BTC address was specified for the 2nd or 3rd attempt.
21. Even if customers could be traced, there is still the issue of trying to get the BTC back. This may not be practical as the legal costs would be substantial, and probability of success may be limited.
22. In summary, the coins have probably been paid out incorrectly to a number of customers, some by luck, but probably most by deception. However, this depended on seriously buggy software at Mt Gox, despite specific warnings from the bitcoin devs that it needed fixing, total lack of auditing of their customer deposit holdings, and lack of investigation into apparent technical failures and unusually frequent calls to support for "missing" withdrawals.
23. Given that it is very likely that internal controls were very, very lax - it is also a possibility that insiders may have exploited some of the bugs, e.g. support staff may have twigged that there was a potential exploit, and they may have been able to set up accounts under false names or where the legal paperwork had been "lost".
Last edited:
ImpulsE69
Lifer
- Jan 8, 2010
- 14,946
- 1,077
- 126
And again we will say....anonymous virtual currency with no real backing. What could possibly go wrong?
If you think this would stop at Mt Gox, you'd be sorely mistaken. Those exchanges aren't into it out of the goodness of their hearts. Even if it wasn't them, being the biggest will make you a target. You don't think others will try similar things to other exchanges?
If you think this would stop at Mt Gox, you'd be sorely mistaken. Those exchanges aren't into it out of the goodness of their hearts. Even if it wasn't them, being the biggest will make you a target. You don't think others will try similar things to other exchanges?
Last edited:
Rakehellion
Lifer
- Jan 15, 2013
- 12,181
- 35
- 91
Rakehellion
Lifer
- Jan 15, 2013
- 12,181
- 35
- 91
I'm not sure if this is 100% accurate, but thank you for the amazing summary! Very interesting. I have long watched bitcoins but never put any money into it, and this makes me really glad I didn't
IAteYourMother
Lifer
- Nov 3, 2004
- 10,491
- 22
- 81
Crusty
Lifer
- Sep 30, 2001
- 12,684
- 2
- 81
I'm not sure if this is 100% accurate, but thank you for the amazing summary! Very interesting. I have long watched bitcoins but never put any money into it, and this makes me really glad I didn't
It's accurate from what information is public as far as I can tell.
Ns1
No Lifer
- Jun 17, 2001
- 55,420
- 1,600
- 126
I wonder how many of these are true
http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_story_thread_how_much_did_you_lose/
http://www.reddit.com/r/Bitcoin/comments/1yv26o/gox_horror_story_thread_how_much_did_you_lose/
Last edited:
FallenHero
Diamond Member
- Jan 2, 2006
- 5,659
- 0
- 0
dr150
Diamond Member
- Sep 18, 2003
- 6,570
- 24
- 81
Guy on the right....down $300k...
http://www.theverge.com/2014/2/19/5425220/protest-at-mt-gox-bitcoin-exchange-in-tokyo
http://www.theverge.com/2014/2/19/5425220/protest-at-mt-gox-bitcoin-exchange-in-tokyo
When was this dated? Plus, a lot of the volume on MtGox in the past weeks were meaningless. People tried to capitalize on the collapse and since their money was in, they tried to play around with it.Oh and
regardless, it is a big deal that this happened. A HUGE deal. Yeah bad apples need to be weeded out, but this is like game of thrones style weeding.
Essentially most people who knew what they were doing (which is very few people here), who actually matters in terms of Bitcoin, already got their money out of MtGox long time ago.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter