Welcome to the Counterparties email. The sign-up page is here, it’s just a matter of checking a box if you’re already registered on the Reuters website. Send suggestions, story tips and complaints to Counterparties.Reuters@gmail.com.
Mt Gox is filing for bankruptcy. CEO Mark Karpeles says that the nearly $500 million in bitcoin held by the company are gone. The four-year-old Mt Gox, which was the oldest and largest bitcoin exchange, has $63.7 million in liabilities, $37.6 million in assets and 127,000 creditors, Reuters reports.
The problem appears to be in part because of something called transaction malleability attacks. Those attacks work like this: each bitcoin transaction has a unique, individual -- and theoretically impossible to fake -- ID code. The problem is that the user digital signature (the part of the transaction code that shows which user the transaction came from) was vulnerable. That signature could be altered and still potentially accepted. As a result, the same transaction could be sent into the system multiple times: once as a valid transaction from a valid user, and other times as an invalid transaction that looked like a valid transaction.
An exchange could sort through a small number mutant transactions, but not the huge number generated in a “coordinated attack”. A transaction malleability attack uses this flaw to create massive settlement issues for the exchange. As the exchange tries to sort through the transactions to determine which are valid, it slows to an unusable crawl. Motherboard’s Patrick McGuire points out that the malleability problem was a known issue as far back at 2011, but Mt Gox didn’t address it.
In the first weeks of February, Mt Gox was one of many bitcoin exchanges targeted by exactly this sort of attack. The other exchanges seem to have found a coding fix, but Mt Gox didn’t. The exchange’s lax accounting amplified the problems caused by the transaction malleability attack, according to a former employee: