The morning of Friday, Feb. 7, the prominent Japanese bitcoin exchange Mt. Gox announced that, due to technical problems, it would be putting bitcoin withdrawals on hold. Customers would still be able to cash their bitcoins in for other currencies, or trade on the market. But getting bitcoins out of Mt. Gox would be impossible.
The price of a bitcoin tumbled over the weekend at the news, from roughly $850 to closer to $675.
This morning Mt. Gox published an update on its site, stating the hold on bitcoin withdrawals was prompted by a bug in the software on which bitcoin operates:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur…This defect, known as “transaction malleability” makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash.
So what does that mean?
To understand transaction malleability, we need to quickly cover some bitcoin basics. (You can read a more in-depth bitcoin explainer here).
First, bitcoin transactions: When one person, call her Alice, transfers bitcoins to someone else, Bob, it does not involve withdrawing money from a bitcoin account. Instead, what Alice is doing is taking a transfer of bitcoins that she received from somebody else at some point in the past and signing that transfer over to Bob.
When she does, a transaction record is created, containing the following: a reference to the previous transaction (the one in which Alice received the money she is now conveying to Bob), a private digital signature that Alice uses to prove that the bitcoins in the previous transaction were in fact given to her, the amount she is transferring to Bob, and a digital address (sort of like an email address) where Bob will receive the money.
That transaction record is sent out to the network of bitcoin miners, who then check it. If the transaction is legit, it is added to the growing pulic ledger of every bitcoin transaction ever, known as the block chain. Alice has successfully transferred those bitcoins to Bob.
So far, so good.
Now, for Bob to use these bitcoins — the ones he just received from Alice — he has to have a way of referencing that transaction, of pointing to it in the block chain. The bitcoin protocol makes this easy by creating a unique ID for every single bitcoin transaction. That unique ID is generated by running the contents of the transaction record through what’s called a hash function.
The hash function takes the transaction record, does some sophisticated math, and spits out a string of 64 characters, something like this:
That output string varies wildly with small changes to the input transaction record, which is one of the reasons why it can serve so effectively as a unique identifier. If you look at a transacation on any website that allows you to explore the block chain, you will always find the hash of the transaction sitting there as a handy reference:
Now, we can answer the question of what transaction malleability is.
When a transaction record is sent out to the network of bitcoin miners, it’s possible for a hacker to tweak it enough to change the hash, but not enough to make the transfer invalid. One of the ways the hacker can do this is by slightly modifying the digital signature in a way that it is still recognized as the right signature, but, again, results in a completely different hash:
So why is this a problem? We are, afterall, talking about legitimate transactions that are still coming from the right place and going to the right place. The only thing that is changing midstream is the unique ID used to reference that transaction. Doesn’t seem like that big of a deal.
But it complicates things for Mt. Gox, at least in theory. When somebody who trades on the exchange wants to take bitcoins out of the system, Mt. Gox has to transfer those bitcoins to her from its own bitcoin wallet. When it does, it makes a note of the transaction by recording the hash. That way, if something goes awry, it has a handy list of references it can use to track down its transactions.
The potential hitch is that, if the hash is changed before it gets entered into the block chain, then the hash that Mt. Gox recorded for a transaction and its actual unique ID in the public ledger won’t match up.
This makes Mt. Gox vulnerable, at least in theory. A Mt. Gox customer could potentially withdraw bitcoins, have the hash changed, and then claim that she never actually received the bitcoins withdrawn. When Mt. Gox checks its records, it won’t find the hash that it recorded for the transaction anywhere in the block chain. The result could be that Mt. Gox ends up paying the customer more than once.
Mt. Gox did not discover the issue of transaction malleability. It was first identified at least three years ago, and has been discussed by bitcoin software developers in online forums. According to the bitcoin wiki, developers are working on changing the bitcoin software, so that only one version of a digital signature is valid, thus making transactions much less malleable.
Mt. Gox mentions in its press release that it is “working with the bitcoin core development team and others to mitigate this issue.”
One of the core developers, Greg Maxwell, has stated that it’s possible for Mt. Gox to resolve the problem with transaction malleability by changing its own internal systems of accounting—that a fundamental change to the bitcoin software isn’t absolutely necessary.
“This isn’t news to me—for years—and it’s never been a particularly large concern. This wouldn’t make the top ten list of dangers in the bitcoin technology,” said Maxwell.