'Malleability' attacks not to blame for Mt. Gox's missing bitcoins, study says

A study by Swiss researchers concludes that transaction malleability attacks could not have accounted for Mt. Gox's missing millions

By Tim Hornyak, IDG News Service |  On-demand Software

Fewer than 400 bitcoins could have been stolen from the Mt. Gox Bitcoin exchange using so-called transaction malleability attacks, according to A Swiss study, far less than the hundreds of thousands of bitcoins the company reported.

The findings cast doubt on the failed exchange's explanation of how it lost nearly half a billion dollars' worth of the digital currency when it applied for bankruptcy protection in Tokyo on Feb. 28.

The study was written by Christian Decker and Roger Wattenhofer of the Distributed Computing Group at the Swiss Federal Institute of Technology Zurich (ETH). It was uploaded to the academic prepress site ArXiv.org and has not been published by a peer-reviewed journal.

"In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts," the authors, who have authored several papers on Bitcoin and distributed systems, write.

"In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox."

The study looks into the plausibility of the claim that transaction malleability brought down Mt. Gox. The Tokyo-based exchange had said that a bug in the Bitcoin software could be used to fraudulently alter the records of how bitcoins change hands.

When Mt. Gox collapsed with liabilities of ¥6.5 billion (US$63.6 million), it said that it had lost about 850,000 bitcoins, which would have been worth some $474 million. It cited exploitation of a bug in the Bitcoin system, saying it believed "that there is a high probability that these bitcoins were stolen as a result of an abuse of this bug."

Before trading stopped at the exchange on Feb. 25, Mt. Gox had blamed the transaction malleability issue when it suspended withdrawals of bitcoin to outside addresses.

In their study, the ETH researchers describe how they created specialized nodes that could trace, from January 2013, all transactions on the Bitcoin network including double-spending attacks, of which malleability attacks are described as a variant.

They found that only 302,700 bitcoins were involved in malleability attacks.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness