The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
[Bitcoins] The Fainting Goat of Money
SmallLady
Registered User regular
Registered User regular
Looks like the price is falling dramatically after the MT.Gox and SilkRoad2 theft.
While Ulbricht awaited trial on charges including murder-for-hire and narcotics trafficking the Silk Road was relaunched. Yet the site's future was put into doubt again on Thursday when an administrator who identified himself as “Defcon” explained on the site's forums what had happened.
“I am sweating as I write this...I must utter words all too familiar to this scarred community: We have been hacked,” he wrote. “Our initial investigations indicate that a vendor exploited a recently discovered vulnerability in the bitcoin protocol known as 'transaction malleability' to repeatedly withdraw coins from our system until it was completely empty.”
Defcon did not disclose the exact number of bitcoin that was stolen yet Nicholas Weaver, a researcher at the International Computer Science Institute, told Forbes that approximately 4,400 coins were taken, equaling about $2.6 million.
“Stop at nothing to bring this person to your own definition of justice,” he wrote.
r/bitcoin is skeptical of this however.
The transaction malleability issue in bitcoin isn’t something that makes new transactions just generate on their own. It means that if you’re able to modify a tx hash and broadcast it out, you can claim that the transaction never happened, if the sender’s client hasn’t been configured properly to keep track of modified transactions.
The only way to then generate a 2nd transaction to make up for the first one, is to manually report the renamed tx as lost to the sender, who then has to go and manually send out a new one. In reality, malleability is not actually an issue with bitcoin, it is an issue with the operators responsible for sending transactions.
There is no possible way they would have manually pushed out so many malleable payments that their balance went to zero. What they’re claiming here is that the attacker was able to do it on their own, without having the operators manually process 2nd payments.
There are a few options here, none of which add up to what the SR2 operators are claiming:
- A hacker got the bitcoin, but it was an old school private key or database break-in, not anything to do with malleability
- The SR2 system was specifically designed to somehow automatically re-send transactions for which it could later not find the original tx hash
- The operators of SR2 see the malleability issue as a cover for their theft
1: The SR2 operators seem pretty confident that it was not a regular prvky/db theft so why not take them at their word?
2: This is tantamount to a malicious implementation anyway, so if it were programmed like this, which would be beyond stupid, it should equate to the operators being guilty of the theft themselves anyway
3: The only reasonable conclusion
Their talk of honesty and integrity was and is a ruse. This operator should never be trusted again for anything.
Anyone else have an alternative explanation? If they're innocent, they have some explaining to do.
"we're just doing what smalllady told us to do" - @Heels
SmallLady on
+10
This discussion has been closed.
Posts
The r/bitcoin post explains nicely why this doesn't make any sense, but the bolded bit deserves a bit of extra attention. This wiki page explaining what transaction malleability is has existed since January 2013. The issue itself has been known since at least May 2011. The only reason that it was even a problem for MtGox is because the people running that exchange are apparently completely incompetent. Both MtGox and the SilkRoad2 guy have described transaction malleability as a recently discovered vulnerability in the bitcoin protocol. Either they are ignorant about the protocol their businesses are built on or they think that their customer base is, and I'm not sure which alternative is funnier.
Looking at r/Bitcoin, it seems like at this point most people there understand what transaction malleability is (and isn't), which is a shame. When the MtGox statement about it was first released, seeing the true believers flip out about this fatal flaw in their magical internet money was pretty hilarious. Why are you this confident in something you don't even understand?
I couldn't help but laugh at the unintentional irony.
Old PA forum lookalike style for the new forums | My ko-fi donation thing.
I'd go with "recently discovered colossal design flaw", personally.
To be fair, people there seem to be getting the joke.
At least when people bought a tulip bulb, they still had an actual tulip bulb.
They may have paid slightly too much for it, but at least it was an actual thing they actually had.
The thing I don't get is why - at this point - anyone is entrusting their bitcoins to a 3rd party beyond what is absolutely necessary to complete a transaction. Isn't one of the big benefits to the bitcoin that you can store the entire wallet locally and without substantial risk that someone is going to walk with your coins? Sure, the market might crash and they become a bunch of worthless data you have on your HDD / backed up to a USB drive, but the only way someone can easily steal them is physically walking off with them.
Of course drug dealers and other criminals are going to rip you off. Especially when they can do it entirely anonymously with little to no chance - by design - that you could ever track them down. Honestly, for as often as we hear these stories, the big surprise is that we don't hear them more.
I assume to Bitcoiners this means shoot and kill the fucker.
Nah, force him to watch Atlas Shrugged and every other hilariously bad libertarian movie that's name escapes my reco- oh right all of them.
I mean, there's theoretically a recorded transaction history of each coin, right? So how do you extract any value from your ill-gotten coins once you 'have' them?
that's why we call it the struggle, you're supposed to sweat
If the ownership is in dispute, the vendor you bought from now has a vested interest in not acknowledging the illegitimacy of your stolen bitcoins, since they're now his stolen bitcoins.
Also the transaction history only lists the wallets, correct? So if you steal the wallet nobody can prove it was "theirs?"
There is no such thing as a "coin" like there is a dollar bill with a specific serial number. Bitcoins are just a number at an address.
Address A: 25.0
Address B: 50.34
Address C: 0.00001
If I steal from Address A and put it in B, all you see is that Address A transfers the decimal 25.0 to Address B, and the new totals are
Address A: 0
Address B: 75.34
Address C: 0.00001
If I then take 25 out of Address B and move it to C.... is that the bitcoins I stole from A or the original ones in B? You can't tell because bitcoins are completely fungible. In a sense, you can trace transfers from address to address, but if you put the coins through a tumbler (something that does hundreds or thousands of random transactions between addresses before returning the same amount to you minus a processing fee) to launder them it's functionally impossible to tell where they came from at that point. Of course, you would have to find a tumbler you trust to not just steal your coins, but theoretically it's completely possible to spend your illicit coins.
That, of course, is assuming that the person you transfer them to next even gives a shit where they came from.
What is a Bitcoin Tumbler?
You can easily anonymise your ill-gotten gains before transferring them into gift cards or real currency.
To be fair to MtGox. It's a stupid design:
"Here's a number called the Transaction ID number that you can set, that works unlike everywhere else in the financial world in that it can't be trusted to stay the same, So it's completely useless. Instead you should watch for your transaction in the blockchain by looking for transfers of the same amount coming from the same wallet and use that as confirmation.
But be sure to check those too, otherwise nasty hackers that spend the same amount twice from the same wallet in the same block will screw everything up."
That's just a mean trap for programmers, and it shouldn't be there.
also, Bitstamp has the same problem, as they have suspended bitcoin withdrawals until they fix this.
It is definitely a dumb design. Anything that resembles a unique ID that someone might use for reference should be part of the damn transaction hash. That's like one of the top reasons to do a hash of the transaction in the first place... to make sure no one alters key data!
This is simple obfuscation, not anonymization.
They want you to believe the latter, but it is simply not true.
That or a bitcoiner torturing this poor fool after he burns the printed wallet out of spite.
What if cookie clicker was doge themed?
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
If I understand it correctly, the funds stolen from Silk Road were all just held in escrow. Just like Paypal or eBay holds onto your money for a few hours or days after a transaction to verify that the promised goods are being delivered, Silk Road seems to also hold onto bitcoins for a brief period while a sale is occurring. Those escrow coins are what was stolen, and it's hard to envision a successful auction site that doesn't have something like an escrow system -- especially when you're trying to facilitate illegal transactions.
Right now, computers mine problems in order for their owners to get bitcoins.
Couldn't you replace the mining with some kind of manual labor, like digging a ditch, and when people have dug enough of a ditch to satisfy some overseer, they are given some kind of cryptocoin?
Why again is it necessary to have the computers mining if they're not solving anything useful?
Well there are these pesky labor laws out there. I don't think it's legal to pay people for actual work with anything other than real money.
It isn't.
It's just a barrier that appeals to tech obsessed libertarians.
Bitcoins aren't virtual money it's virtual gooooollllllddddd
Bring your friends! They might need a bigger shovel, however.
Fill dirt! The commodity that keeps on giving.
Because actually doing something useful can be traced. The entire point of bitcoins is to be anonymous. Also, Bitcoin is a get rich quick scheme, where people are convinced that all they have to do is spend money on equipment and magically the equipment pays for itself (Big Red has actually found a scheme to make this work, but he does this by taking advantage of arbitrage of other currencies, and has openly admitted that he wouldn't make any money if he tried mining bitcoin directly). Doing something actually useful would make it seem like actual work.
Except the block chain is currency capable of processing only 7 transactions per second.
If you took out all the worthless equations, the entire bitcoin economy could probably be managed on a single iPhone.
So by the transitive property, all of Bitcoin can be destroyed with a machete.
I've heard someone mention in the previous thread that it was some kind of self-imposed cap, but that's so stupid I have a hard time believing that even bitcoiners would do it. Why self-impose a significant barrier to legitimacy?
Every transaction in BTC is verified by everyone who uses BTC. This is the blockchain. That means that for every transaction a ping gets sent around the world, a whole bunch of automated 'OK's come back.
Now that system is pretty vulnerable to confusion if a ton of transactions happened very quickly. So by design it is limit.
Since there is no Bitcoin council, central bank, government etcet it seems impossible to change.
If the computations were useful, every computation that didn't result in a buttcoin would mean they'd be working for free, and that's something libertarians are vehemently opposed to.