Exchanges  •  Mt. Gox  •  News

Study: Mt. Gox May Have Lost Just 386 BTC Due to Transaction Malleability

(@pete_rizzo_) | Published on March 27, 2014 at 14:55 BST

A new report by researchers at ETH Zurich University in Switzerland has concluded that the now-bankrupt Japan-based bitcoin exchange Mt. Gox may have lost only 386 bitcoins ($203,000) due to issues stemming from transaction malleability.

The finding provides new evidence that Mt. Gox's continued claims that issues with the Bitcoin protocol were the primary reason for its insolvency are perhaps misleading or untrue.

Released on 26th March, the report was authored by Christian Decker and Professor Roger Wattenhofer, both of the university's Distributed Computing Group (DCG).

Overall, the authors found that only 302,000 bitcoins could have ever been involved in malleability-related attacks, and that of this figure, only 1,811 were likely to be part of attacks that could have prevented Mt. Gox users from making withdrawals.

Concluded the report:

"Even if all of these attacks were targeted against Mt. Gox, Mt. Gox needs to explain the whereabouts of 849,600 bitcoin."

The news comes roughly one week after Mt. Gox confirmed that it had discovered 200,000 bitcoins in an old-format wallet in early March, a claim lawyers representing former Mt. Gox customers say they are currently working to investigate.

Conducting measurements

The researchers provided a detailed overview in their 13-page report of the steps they took to reach this conclusion, first noting how they identified potential double spending attacks and the limitations they faced in doing so.

To trace and dump all transactions from the Bitcoin network, the researchers created specialized nodes, allowing them to detect any double-spending attacks observed by peer nodes. The first, and most prominent limitation, for example, was that the researchers were only able to extend their research as far back as January 2013.

Explained the report:

"The following observations therefore do not consider attacks that may have happened before our collection started."

The limitation is significant as evidence suggests that Mt. Gox lost its bitcoins over a period stemming multiple years. The researches estimate their nodes were connected to 992 peers, or approximately 20% of reachable nodes.

The next task was identifying double-spend attacks.

While double spending attacks could be determined by associating transactions with the outputs they claim, researchers chose to remove signature script from the transactions, and looked instead at the unique keys produced by the malleability attacks.

Read the report: "The unique key is then used to group transactions together into conflict sets."

Notable findings

The report indicates that approximately 29,139 conflict sets were identified over the course of the research and later confirmed by the block chain. More than 6,000 transactions were labeled as invalid due to incorrect signatures or because they were part of further double spending.

Researchers then detailed how they were able to reach the 302,700 BTC estimate.

"The conflict set value is defined as the number of bitcoins transferred by any one transaction in the conflict set. The outputs of the transactions in a conflict set are identical, since any change to them would require a new signature.

In particular, the value of outputs may not be changed. Each transaction in a conflict set therefore transfers an identical amount of bitcoins. Summing the value of all conflict sets results in a total of 302,700 bitcoins that were involved in malleability attacks."

The most prominent type of malleability occurred when attackers replaced a single byte OP_0 with OP_PUSHDATA2, resulting in signature script that was 4 bytes longer. Roughly 28,500 of the 29,139 confirmed attacks had this type of modification.

The effectiveness of malleability attacks

The report also took a look at whether the transaction malleability attacks launched against the exchange were successful, meaning that they resulted in a modified transaction later confirmed.

Overall, the report estimates that of the 28,595 malleability attacks it detected, only 19.46%, or 5,670, were confirmed. It estimated that the total profit from successful attacks was 64,564 BTC (roughly $33.7m at press time).

However, the researchers noted that this conclusion was based on the assumption that conflict sets were the results of attacks directed at Mt. Gox. In order to find this correlation, the researchers set out to verify the claim by finding the transactions used for the attacks.

"The above mentioned total amount of 302,700 bitcoins involved in malleability attacks already disproves the existence of such a large-scale attack. However, it could well be that malleability attacks contributed considerably in the declared losses."

Mt. Gox's role in encouraging attacks

The report further analyzed the timeline of the attacks, using as a basis three periods in the exchange's lifecycle.

  • Period 1, which stretched from January 2013 to February 2014, was the period before Mt. Gox halted withdrawals
  • Period 2 included 8th to 9th February, when withdrawals stopped but no attack details were public
  • Period 3, lasting from 10th to 28th February, included the time after Mt. Gox had blamed issues with the Bitcoin protocol for its substantial loss of customer funds.

During Period 1, the report found 421 conflict sets, equating to roughly 1,800 BTC. During Period 2, the number of conflict sets spiked to 1,062, affecting 5,470 BTC, with the number of attacks increasing from 0.15 per hour to 132 per hour.

The report, therefore, concluded that Mt. Gox's announcements relating to the attack dramatically increased the frequency of attacks. Attack activity was also high on 10th and 11th February, when the researchers detected 25,732 individual attacks, totaling 286,000 bitcoins.

"The strong correlation between the press releases and the ensuing attacks attempting to exploit the same weakness is a strong indicator that the attacks were indeed triggered by the press releases."

Though, the report notes that Mt. Gox had disabled withdrawals at this time, and as such, the attacks could not have been aimed at the exchange.

Report reception

At press time, discussion of the paper was limited to Bitcoin Talk forum, where the bitcoin community mostly greeted the research as a validation of previous assumptions.

Still, there were some critics who pointed to the limited period of study, the limited reach of the information the study collected and the inability of researchers to observe how Mt. Gox may have modified transactions.

For more details, download the full report here.

 Zurich image via Shutterstock

Bitcoin protocolClass ActionExchangeMt. Goxtransaction malleability

Load Comments