Bitcoin Buzz

Bitcoin developers slam claims of security flaw

PUBLISHED : Tuesday, 11 February, 2014, 2:43pm
UPDATED : Tuesday, 11 February, 2014, 4:31pm

Bitcoin core developers Gavin Andresen and Jeff Garzik hit back at the embattled Mt Gox team after the Japanese company claimed a security flaw in the digital currency’s network was responsible for its trading troubles.

Andresen and Garzik said it was a cynical attempt to shift blame to developers and Bitcoin itself. They said the Tokyo-based exchange’s indefinite withdrawal suspension was triggered by a technical fault not just isolated to them.

Mt Gox had suffered from an “unfortunate interaction” between their wallet software, customer support, lack of a back-up plan for transaction malleability, the Bitcoin Foundation said.

The news saw Bitcoin prices collapse more than 20 per cent on Monday.

Chief scientist Andresen explained the flaw was “a small window” where transaction ID’s can be “renamed” before being confirmed in public ledger – to prove authentic transactions – and they were issues exchanges cannot correct overnight.

“Any company dealing with Bitcoin transactions and [having] coded their own wallet software should responsibly prepare for this possibility and include in their software a way to validate transaction ID’s,” said Andresen. “Otherwise, it can result in Bitcoin loss and headache for everyone involved.”

Andresen added the core development team had worked to limit malleability, but that the Foundation was still working towards a “responsible solution” to eliminating the problem.

Garzik said Bitcoin was not broken. “Let’s not over-react about a technical issue in one custom implementation.”

Meanwhile, executives from Hong Kong’s top Bitcoin trading platform also accused Mt Gox of being “a little misleading” by diverting attention away from a flaw in their operational process.

The issue of transaction malleability is well known, according to Asia Nexgen’s technology chief Hugh Madden. “It simply refers to the ability for a sophisticated hacker to switch an identifying label of a transaction.”

Madden said a “minor” hole in the network could be used to fool exchanges into sending bitcoin twice to a recipient.

“This is not a bug in the protocol - rather it would appear to be a flaw in Mt Gox operational processes,” the chief technology officer insisted.

Asia Nexgen said it had “adequate” security protocols in place and regularly reviewed them.

Overnight, Bitcoin prices lived up to the volatility of nascent digital currencies, plunging on the Mt Gox announcement – as markets moved some US$200 during intraday trading – before buyers stepped in to snap up cheap coins.

However, the rebound will be of little satisfaction to one mystery buyer who sold its Bitcoin holding for just US$102.

The Japanese exchange alleges that a fault within the heart of the Bitcoin network opens up all exchanges to fraud that “affects all transactions where Bitcoins are being sent to a third party” – and it is a known issue within the developers’ community.

Described by the company as “transaction malleability”, the technical flaw left the exchange unable to handle or service regular Bitcoin withdrawal requests.

“As a result we took the necessary action of suspending Bitcoin withdrawals until this technical issue has been resolved,” the company said in a statement yesterday.

Mt Gox claimed on Monday it identified suspicious trades which precipitated the temporary suspension on Friday. Cash withdrawals are unaffected at this point.

Confidence in the company collapsed as customers rush to sell. More than 90 per cent of transactions on Mt Gox in recent days have been on the sell side.

The latest weighted price of a Bitcoin is US$705.76 (HKS$5,475) at 1.08pm on Tuesday. The price per coin slid as low as HK$4,154 during intraday trading on Monday. (Source: Coindesk)