Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Mt.Gox technical autopsy
by
Stammer
on 27/02/2014, 06:14:45 UTC
Quote from: kjj on February 27, 2014, 03:09:45 AM
Quote from: Loozik on February 26, 2014, 06:12:32 PM
Quote from: Stammer on February 26, 2014, 05:52:37 AM
After browsing the threads about Mt.Gox and the malleability issue here are a couple of questions.

Q1. Is there any way to ascertain that the Mt.Gox bankrupcy was indeed induced by transaction malleability?

Let's say person X (attacker) withdrew e.g. BTC 666.696969 from Gox (or any other exchange). The same person X needed to claim exactly the same amount (BTC 666.696969) from Gox a week or two weeks later, right?

What could be done is to run a query on blockchain data to identify such transaction pairs, initiated from addresses that once had a fairly high value of ''total received'' (indicating they were exchange address) and sent the same amount (BTC 666.696969) twice within a certain period of time.

If someone identifies such pairs, then we might at least get the idea of the maximum possible malleability threshold that went on the Bitcoin network.

This assumes that they were replacing transactions, not balances.  This assumption may not be valid.

I would like to read more about this. AFAIU transaction malleability is still an open wound in the Bitcoin protocol. Understanding its implications is important.

I found this thread , Maged's post  about the Mt.Gox mess in particular, quite instructive.

By the way, Maged writes:

Quote from: Maged on February 18, 2014, 12:19:47 AM
...
Quote from: pythonscript on February 17, 2014, 09:55:25 PM
This means that it's not possible for both transactions to be in the blockchain, so people/organizations affected by this won't have to go through the blockchain to find people who double-withdrew, right?
Yes. Only one can ultimately exist in the blockchain.