How Mt Gox died
Welcome to the Counterparties email. The sign-up page is here, it’s just a matter of checking a box if you’re already registered on the Reuters website. Send suggestions, story tips and complaints to Counterparties.Reuters@gmail.com.
Mt Gox is filing for bankruptcy. CEO Mark Karpeles says that the nearly $500 million in bitcoin held by the company are gone. The four-year-old Mt Gox, which was the oldest and largest bitcoin exchange, has $63.7 million in liabilities, $37.6 million in assets and 127,000 creditors, Reuters reports.
The problem appears to be in part because of something called transaction malleability attacks. Those attacks work like this: each bitcoin transaction has a unique, individual — and theoretically impossible to fake — ID code. The problem is that the user digital signature (the part of the transaction code that shows which user the transaction came from) was vulnerable. That signature could be altered and still potentially accepted. As a result, the same transaction could be sent into the system multiple times: once as a valid transaction from a valid user, and other times as an invalid transaction that looked like a valid transaction.
An exchange could sort through a small number mutant transactions, but not the huge number generated in a “coordinated attack”. A transaction malleability attack uses this flaw to create massive settlement issues for the exchange. As the exchange tries to sort through the transactions to determine which are valid, it slows to an unusable crawl. Motherboard’s Patrick McGuire points out that the malleability problem was a known issue as far back at 2011, but Mt Gox didn’t address it.
In the first weeks of February, Mt Gox was one of many bitcoin exchanges targeted by exactly this sort of attack. The other exchanges seem to have found a coding fix, but Mt Gox didn’t. The exchange’s lax accounting amplified the problems caused by the transaction malleability attack, according to a former employee:
Mt Gox kept 90% of their bitcoins in cold storage—in paper wallets and USB keys. They rented safety-deposit boxes in banks and when they needed to refill the transaction accounts, they took the bitcoins out of storage, and deposited them into the system. Well, there was no reconciliation in the accounting sense between the cold storage and the transactions done. As long as money was coming in at a steady pace, no one realized that actually they had been losing huge amounts of bitcoin. And when they did—all hell broke loose.
Bitcoin diehards aren’t too concerned: “Mt Gox really is just another calamity before the win,” writes The Wire’s Allie Jones.
Mt Gox may have been the biggest bitcoin exchange, but it wasn’t necessarily the best. Slate’s Kadhim Shubber thinks that Mt Gox’s failure was an inevitable consequence of its early emergence: “As new and better-run exchanges sprung up, Mt Gox increasingly became a burden, a holdover from bitcoin’s teenage years. Today’s bitcoin businesses are graduating and heading for serious jobs on Wall Street. Mt Gox was still doing keg stands at frat parties.”
Bitcoin, says The Atlantic’s Heather Timmons, now seems to be on a long, halting journey towards regulation. It’s just not entirely clear by whom or how. — Ben Walsh
On to today’s links: