MtGox, one of the first fully functional bitcoin exchanges, is blaming the bitcoin source code for the temporary stoppage of withdrawal power on its site. The protocol for the currency has an inherent problem, according to the bitcoin exchanger. “The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party,” MtGox said in a statement released on Monday. But that isn’t the case, according to the Bitcoin Foundation, a coalition of bitcoin businesses intent on propagating the virtual currency. In a case that seems to be a prophet blaming the gods for their sins, MtGox seems to be looking for a way to shuck the negative press and responsibility.
“The issues that MtGox has been experiencing are due to an unfortunate interaction between MtGox’s implementation of their highly customized wallet software, their customer support procedures, and their unpreparedness for transaction malleability, a technical detail that allows changes to the way transactions are identified,” Gavin Andresen, chief scientist at the Bitcoin Foundation who is also a bitcoin core developer, said.
Transaction malleability has been around for a while; it was first identified in the bitcoin code in 2011. This fault in the code, according to the bitcoin exchange, is why they were forced to suspend all withdrawal transactions since late last week. “MtGox has detected unusual activity on its bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely,” MtGox stated.
In simple terms, here’s how transaction malleability works. If party one sends money to party two, the transaction is recorded on a public ledger for all to see. This ledger is called the blockchain and is viewable here (be forewarned: it looks like a bunch of gibberish if you don’t know what you are looking for). Each transaction has a specific identification number. However, that transaction ID (TXID) can be manipulated by a third party. If done correctly and quickly, party three can change the TXID before it is confirmed to the blockchain.
When the new TXID is confirmed, party two receives its payment in bitcoin. And here’s where it gets tricky, they have the old TXID that appears on the exchanger's own transaction log. So party two can tell the exchanger that they never received their bitcoin and give the old TXID as a reference. The exchanger searches the public blockchain and doesn’t find the old TXID, confirming that the funds were never sent. Then they resend the bitcoin with the old TXID, which then confirms it to the blockchain. Now party two has been given double funding for the single transaction.
Much like a retail store finds theft-related discrepancies when performing inventory reviews, MtGox found potential cases of transaction malleability in its own logs. So, to halt any further fraud, it ceased withdrawal capabilities from its site and blamed the bitcoin code for the fraud. But the people responsible for the code are taking offense.
“Oh there is a ‘problem’ in the bitcoin protocol, known since at least 2011," Greg Maxwell, another bitcoin core developer, said in an interview with Cryptocoinsnews.com. "But for normal applications, not involving unconfirmed transactions, it shouldn’t cause any severe problems because wallets can handle it locally."
Maxwell added that the problem in the code exists but can be thwarted by the software bitcoin wallets and exchangers use. “Correctly written wallet software can cope with the consequences,” he said.
Both Maxwell and Andresen have stated that the transaction malleability bug needs to go. “The bitcoin core development team has worked to limit transaction malleability,” Andresen says. “There is broad agreement in the community that this needs to be eliminated. Finding the best and most responsible solution will take time.”
MtGox is also taking time finding a solution to its problem. “MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers,” stated the exchange. Whether the fault lies with the code, like MtGox has suggested, or if it is overcome through properly coded wallet software is still up for debate. For now, withdrawals on MtGox are still halted and the price of the virtual currency is down across the board.