Bitcoin protocol feature that led to delays in Mtgox pinouts and general commotion
MtGox made a statement that due to the “problem” in the Bitcoin protocol, they had delays with the withdrawal of BTC and therefore they had to stop all payments until the cause was resolved. www.mtgox.com/press_release_20140210.html
If you need a quick answer - there is no error in Bitcoin itself. You can go to Bitstamp / Coinbase / btc-e and buy more BTC with a huge discount before the course returns to $ 800 - $ 900 ...
Long answer:
')
Unconfirmed Bitcoin transactions have always been malleable, meaning that you can change a transaction that is “in limbo” (not in the blockchain) and you do not violate your signatures. However, it is impossible to change any important data, such as source operations, amounts, order of inputs and outputs, as well as any other metadata. What you can do is add some fictitious data that does not change the essence of the transaction, but changes its content.
What does this mean? You can send an ABC123 transaction, and someone can see it on the network and quietly change it, as a result of which its appearance will be ABC124. If he is lucky, then ABC124 will be included first, and the original ABC123 will never be included (to prevent double-hang). There are no problems for the recipient of the transaction - he will still receive all his money to the address to which he requested the withdrawal. But if he watches the transaction through the blockchain specifically, then ABC123, he will never find it there.
MtGox explains how they were deceived:
one). The user makes a request to withdraw some BTC from MtGox to his / her address.
2). MtGox accepts some of its own “unspent outputs” and creates a transaction that sends funds to the user's address.
3). MtGox remembers the hash of this transaction and looks at whether it appeared in the blockchain.
four). A user (attacker) or someone else sees the unconfirmed MtGox transaction in a p2p network and creates a transaction consisting of the same data as the original one, as a result of which he does not need to sign its elements (i.e., he does not change the amounts, inputs or exits), but adds insignificant data to it (extra bytes for example), as a result, the hash of this transaction is different from the original, but it remains valid for the network (note of the translator).
five). A new, modified transaction is included in the blockchain. MtGox has sent money, but still does not know about it. Having requested a withdrawal, by that time he had already received funds for the wallet and was already seeing them.
6). Then the user (the attacker) goes to support MtGox and complains that the money has not been received. Or, MtGox itself sees that the funds are not being received for too long, and can automatically, repeatedly, send another transaction that sends some other “unspent TX outputs” to the same address (repeats the sending). Anyway, it creates a lot of confusion for MtGox and initially can even lead to sending the same bag many times.
Is this a problem for Bitcoin itself, which allows such changes in transactions? Yes, probably so. But it is not entirely clear how this can be prevented at all.
MtGox stumbled upon this problem because they did not know about this Bitcoin property.
MtGox could solve the problem as follows: instead of using the blockchain to monitor the hash of a particular transaction, you should look if the address X (specified by the user) received the sum N (specified by the user) with the outputs Y, Z and W (used by MtGox) . This would ensure that even if the transaction is changed, they will surely see it and find out whether the user received money intended for him or not.
PS The material is posted with the permission of the author oleganza , which is rare here and now speaks on Reddit .
If you need a quick answer - there is no error in Bitcoin itself. You can go to Bitstamp / Coinbase / btc-e and buy more BTC with a huge discount before the course returns to $ 800 - $ 900 ...
Long answer:
')
Unconfirmed Bitcoin transactions have always been malleable, meaning that you can change a transaction that is “in limbo” (not in the blockchain) and you do not violate your signatures. However, it is impossible to change any important data, such as source operations, amounts, order of inputs and outputs, as well as any other metadata. What you can do is add some fictitious data that does not change the essence of the transaction, but changes its content.
What does this mean? You can send an ABC123 transaction, and someone can see it on the network and quietly change it, as a result of which its appearance will be ABC124. If he is lucky, then ABC124 will be included first, and the original ABC123 will never be included (to prevent double-hang). There are no problems for the recipient of the transaction - he will still receive all his money to the address to which he requested the withdrawal. But if he watches the transaction through the blockchain specifically, then ABC123, he will never find it there.
MtGox explains how they were deceived:
one). The user makes a request to withdraw some BTC from MtGox to his / her address.
2). MtGox accepts some of its own “unspent outputs” and creates a transaction that sends funds to the user's address.
3). MtGox remembers the hash of this transaction and looks at whether it appeared in the blockchain.
four). A user (attacker) or someone else sees the unconfirmed MtGox transaction in a p2p network and creates a transaction consisting of the same data as the original one, as a result of which he does not need to sign its elements (i.e., he does not change the amounts, inputs or exits), but adds insignificant data to it (extra bytes for example), as a result, the hash of this transaction is different from the original, but it remains valid for the network (note of the translator).
five). A new, modified transaction is included in the blockchain. MtGox has sent money, but still does not know about it. Having requested a withdrawal, by that time he had already received funds for the wallet and was already seeing them.
6). Then the user (the attacker) goes to support MtGox and complains that the money has not been received. Or, MtGox itself sees that the funds are not being received for too long, and can automatically, repeatedly, send another transaction that sends some other “unspent TX outputs” to the same address (repeats the sending). Anyway, it creates a lot of confusion for MtGox and initially can even lead to sending the same bag many times.
Is this a problem for Bitcoin itself, which allows such changes in transactions? Yes, probably so. But it is not entirely clear how this can be prevented at all.
MtGox stumbled upon this problem because they did not know about this Bitcoin property.
MtGox could solve the problem as follows: instead of using the blockchain to monitor the hash of a particular transaction, you should look if the address X (specified by the user) received the sum N (specified by the user) with the outputs Y, Z and W (used by MtGox) . This would ensure that even if the transaction is changed, they will surely see it and find out whether the user received money intended for him or not.
PS The material is posted with the permission of the author oleganza , which is rare here and now speaks on Reddit .
Source: https://habr.com/ru/post/212117/
All Articles