Mt.Gox, the world's oldest Bitcoin exchange, caused a massive drop in the price of Bitcoin after it suspended its transactions on Friday to correct a flaw in the transaction process that could enable fraud.
Since the announcement, some have questioned whether Mt.Gox actually needed to address the problem, and if it did, whether it needed to shut down transactions on its network in order to do so.
In an updated announcement of the service suspension released today, Mt.Gox identified "transaction malleability" as the bug that has enabled fraud on its network. The company claimed that it had "detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks," which "confirmed the presence of transactions which need to be examined more closely." The announcement also conveniently offered both a "technical" and "non-technical" explanation of the problem. This part, from the "technical explanation," explains the risk:
[A]n individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.
Clearly, it's a threat. However, it's not a new threat to anyone in the Bitcoin community. As many have pointed out, Bitcoin developers have been aware of transaction malleability since about 2011, and have even created a Wiki page for the bug.
In an interview with CyptoCoinsNews.com, Bitcoin core developer Greg Maxwell says that although Mt.Gox appears to be taking a proactive measure against the threat posed by transaction malleability, it shouldn't need to cause such massive disruption do so.
"These characteristics are annoying but don’t inhibit basic operation. They are slowly being fixed – but fixing them completely will likely take years as they require changing all wallet software. Correctly-written wallet software can cope with the consequences, and I cannot understand why they would gate their withdraws on external changes."
Maxwell added that given the Bitcoin community's awareness of the threat, he's surprised that Mt.Gox is suddenly lending it so much attention.
"The challenge for me in offering something here is that this isn’t news to me – for years – and it’s never been a particularly large concern. This wouldn’t make the top ten list of dangers in the Bitcoin technology."
Many Bitcoin enthusiasts have taken to Reddit to declare Mt.Gox's "death" as a result of the announcement. One Reddit user claims to have traveled from Australia to Tokyo to confront Mt.Gox executives in-person and protest the exchange's suspension. Blockchain has issued a statement declaring that "Blockchain wallet users are unaffected by this known implementation issue." The bold emphasis is actually reproduced from the statement.
Mt.Gox issued its updated statement today, but has yet to address the negative response to its technical explanation.
But the question remains - was Mt.Gox justified in its move last week? Looking forward, will it survive this, the latest of many embarrassing issues for the service?