Hackers have launched a “massive and concerted attack” that led some of the largest bitcoin exchanges on the Internet to halt all bitcoin withdrawals.
At the root of the problem is transaction malleability, a fault in the bitcoin code that allows a nefarious third party to manipulate bitcoin transactions for profit. Mt Gox, one of the largest bitcoin exchanges in the world, blamed transaction malleability for its decision to halt bitcoin withdrawals on Friday. Bitstamp followed suit on Tuesday.
Andreas Antonopoulos, the chief security officer of Blockchain.info, said hackers are using a DDoS, or Distributed Denial-of-Service, attack to spread the transaction malleability loophole to multiple transactions all over the bitcoin network. The result is that the internal accounting systems of bitcoin exchanges are getting out of sync with the bitcoin network.
“So as transactions are being created, malformed/parallel transactions are also being created so as to create a fog of confusion over the entire network, which then affects almost every single implementation out there,” Antonopoulos told CoinDesk.
Antonopoulos said that funds have not been lost and that transaction malleability does not affect withdrawals because bitcoin exchanges do not process them automatically. Exchanges like Bitstamp are simply re-working their accounting systems and shutting down withdrawals to avoid any confusion or errors.
“Bitstamp’s exchange software is extremely cautious concerning Bitcoin transactions,” Bitstamp said in a statement. “Currently it has suspended processing Bitcoin withdrawals due to inconsistent results reported by our bitcoin wallet, caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking. As such, Bitcoin withdrawal processing will be suspended temporarily until a software fix is issued [sic].”
Antonopoulos, Bitstamp and other members of the bitcoin community remained confident that the DDoS attack will be stopped and that exchanges will return to normal operations by the end of the week.
Mt Gox has been particularly damaged by the attack, which has not indicated when it plans to restart bitcoin withdrawals. After an official statement blaming the bitcoin protocol was panned by the Internet, CoinDesk removed Mt Gox from its Bitcoin Price Index.