Search content
Sort by
Showing 9 of 9 results by Stammer
Re: Calling Gavin Andresen and others, possibility of restoring MtGox's coins.
...
Many people have withdrawn their money since last June. The red flag was there for months. People staying there were either playing with fire, lazy, or simply ignorant.
Although that might be a good idea to regulate bitcoin exchange, that is irrelevant to the bitcoin as a currency or protocol. You don't need an exchange to spend or receive bitcoin.
Many people have withdrawn their money since last June. The red flag was there for months. People staying there were either playing with fire, lazy, or simply ignorant.
Although that might be a good idea to regulate bitcoin exchange, that is irrelevant to the bitcoin as a currency or protocol. You don't need an exchange to spend or receive bitcoin.
Many people believed in bitcoin and got badly burnt. If you are suggesting that only sophisticated investors should use bitcoin, so be it.
Anyways, regulation can be enforced only by governments and in ways that they see fit. If regulation comes into the bitcoin world, I expect it to be intrusive and impose rules on the way bitcoin works. NB When I refer to the bitcoin model I don't mean just the intellectual and technical marvels of the bitcoin protocol, but to the way bitcoin plays out in the practice of people's lives, which IMO is what matters.
Re: Calling Gavin Andresen and others, possibility of restoring MtGox's coins.
Bitcoin is supposed to work without the need for a trusted third party. If that were true, we wouldn't be here discussing MK's evil deeds.
Bitcoin works fine without a trusted third party.Bitcoin users who refrained from trusting any third parties lost exactly zero bitcoins.
Bitcoin promises to let your "be your own bank". If you decide to be your own daytrader then you're on your own.
I agree. However it's a fact that an inordinately large number of people chose to entrust their bitcoins to an unreliable third party such as Mt.Gox. The resulting disaster and those that may follow along the same lines can be tackled either
a) by pointing out , not without reason, that this is a non-issue, since in the bitcoin world it's every man for himself. That's fine , but it may scare off the naive adopter, i.e. the vast majority of people, compromising bitcoin's success.
or
b) by introducing regulation for exchanges, i.e. turning them into banks, transforming the current bitcoin model into something quite different.
Re: Calling Gavin Andresen and others, possibility of restoring MtGox's coins.
If the current Bitcoin model allows a guy like MK to wreak such havoc, then there's something wrong in the current Bitcoin model.
If the current fiat currency model allows you to destroy money by burning banknotes, then there's something wrong in the current fiat currency model.
Haha. Very funny.
"With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party. What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party."
Bitcoin is supposed to work without the need for a trusted third party. If that were true, we wouldn't be here discussing MK's evil deeds.
Surmising a brief sum up.
a) Only one transaction gets registered in the blockchain -> no blockchain-based autopsy is possible.
b) There have been some interesting contributions discussing the Gox software. I wonder whether it is available and can be inspected. Perhaps it would be reasonable to require exchanges to make their software available to public scrutiny. If a chunk of the Bitcoin ecosystem is a black hole it's hardly surprising that it swallows money.
a) Only one transaction gets registered in the blockchain -> no blockchain-based autopsy is possible.
b) There have been some interesting contributions discussing the Gox software. I wonder whether it is available and can be inspected. Perhaps it would be reasonable to require exchanges to make their software available to public scrutiny. If a chunk of the Bitcoin ecosystem is a black hole it's hardly surprising that it swallows money.
Compare
That would mean that valid transactions do not appear on blockchain - I consider this rubbish.
I agree with this.
One needs to pair those two transactions (find them in the blockchain). ...
and
My understanding is that indeed only one transaction gets registered in the blockchain, but there seem to be different takes on this issue.
You couldn't do that, because only one of the transactions would actually be in the block chain.
That would mean that valid transactions do not appear on blockchain - I consider this rubbish.
Both transactions would be in the blockchain - the initial withdrawal and then the re-withdrawl request several weeks later which mtgox would have allowed.
I agree with this.
One needs to pair those two transactions (find them in the blockchain). ...
and
...
This means that it's not possible for both transactions to be in the blockchain, so people/organizations affected by this won't have to go through the blockchain to find people who double-withdrew, right?
Yes. Only one can ultimately exist in the blockchain.My understanding is that indeed only one transaction gets registered in the blockchain, but there seem to be different takes on this issue.
After browsing the threads about Mt.Gox and the malleability issue here are a couple of questions.
Q1. Is there any way to ascertain that the Mt.Gox bankrupcy was indeed induced by transaction malleability?
Q1. Is there any way to ascertain that the Mt.Gox bankrupcy was indeed induced by transaction malleability?
Let's say person X (attacker) withdrew e.g. BTC 666.696969 from Gox (or any other exchange). The same person X needed to claim exactly the same amount (BTC 666.696969) from Gox a week or two weeks later, right?
What could be done is to run a query on blockchain data to identify such transaction pairs, initiated from addresses that once had a fairly high value of ''total received'' (indicating they were exchange address) and sent the same amount (BTC 666.696969) twice within a certain period of time.
If someone identifies such pairs, then we might at least get the idea of the maximum possible malleability threshold that went on the Bitcoin network.
This assumes that they were replacing transactions, not balances. This assumption may not be valid.
I would like to read more about this. AFAIU transaction malleability is still an open wound in the Bitcoin protocol. Understanding its implications is important.
I found this thread , Maged's post about the Mt.Gox mess in particular, quite instructive.
By the way, Maged writes:
...
This means that it's not possible for both transactions to be in the blockchain, so people/organizations affected by this won't have to go through the blockchain to find people who double-withdrew, right?
Yes. Only one can ultimately exist in the blockchain.Quote
How do you answer rhetorical questions?..
I doubt my questions are rhetorical. Let me sketch some tentative answers, although I would obviously prefer to hear something from outside my head
A:Q1+Q2. That largely depends on Mt.Gox. If they release all the data they hold, including all their code and records, we may get an idea of what happened, which techniques were used and how transaction malleability was used in the heist.
I personally believe that insider support must have played a role, but I am less sanguine about wilful involvement of top management. Anyways, IMO there are lessons to be learnt here, both at the technical and at the management level.
A:Q3. Probably not, although some amount fraud may be tolerable. In the current ecosystem, as far as I understand, major exchanges are trust repositories. if trust repositories are necessary, then they should be fully accountable entities. But perhaps trust repositories are not necessary and the Bitcoin ecosystem should move away from them.
After browsing the threads about Mt.Gox and the malleability issue here are a couple of questions.
Q1. Is there any way to ascertain that the Mt.Gox bankrupcy was indeed induced by transaction malleability?
I understand that the malleability issue is real. Indeed it has been real and known for more than two years. I still fail to understand how it could be realistically harnessed to heist hundreds of thousands of bitcoins.
Q2. Are we sure that the whole thing wasn't orchestrated with the complicity of Mt.Gox management? Can we ever be sure?
Q3. Consider a Bitcoin maketplace model where major exchanges mysteriously go bankrupt and handwave their alleged losses to some technical issue, previously regarded as minor. Is such a model viable in the long tem?
Q1. Is there any way to ascertain that the Mt.Gox bankrupcy was indeed induced by transaction malleability?
I understand that the malleability issue is real. Indeed it has been real and known for more than two years. I still fail to understand how it could be realistically harnessed to heist hundreds of thousands of bitcoins.
Q2. Are we sure that the whole thing wasn't orchestrated with the complicity of Mt.Gox management? Can we ever be sure?
Q3. Consider a Bitcoin maketplace model where major exchanges mysteriously go bankrupt and handwave their alleged losses to some technical issue, previously regarded as minor. Is such a model viable in the long tem?