The MtGox Bitcoin Exchange is crashing and no one can withdraw. Prices, once above $1000, are now hovering just above $100, with 80% of the value gone in just 3 weeks. Some unlucky Bitlords are outside the MtGox office in Tokyo demanding their internet funny money. Suddenly MtGox announced they were moving offices. Too bad that appears to be a virtual office, a fancy PO Box with a secretary and a conference room. Are they that afraid of the two protesters? Or maybe they’re about to liquidate their assets, and flee the country with a metaphorical truckload of Bitcoins?
MtGox was founded in 2009 as a trading card exchange site, was rebranded in 2010 as a Bitcoin Exchange and is the oldest exchange still around. Bitcoin is a cryptocurrency which uses a network of computers to create and verify a public ledger updated by brute-forcing math problems with a bunch of other “miners” to win transaction fees and Bitcoins. Meanwhile, Lolbertari
Bitcoin has become a lesson on the last 5,000 years of economics on fast forward. It’s just reached the 1800’s with random bank runs, as there is no deposit guarantee.
So MtGox has no one to blame but themselves. This latest crash was caused by MtGox falling for Bitcoin’s “transaction malleability” bug, the subsequent halt to all withdrawals, and a sudden office move. This bug allows a hacker to make multiple withdrawals, quietly bleeding MtGox dry. People are panic-selling their Bitcoins on MtGox, driving the price to the ground. As they can’t withdraw, some are selling their accounts to speculators who might be able to withdraw the Bitcoins, if MtGox survives.
This is serious because MtGox accounts for a fifth of all Bitcoin trading volume. Their instability has caused a cascade on the other exchanges, who have dropped under the $600 price floor and silenced the dozen soundbites an hour on Bloomberg and CNBC about Bitcoin. Or maybe it’s because I smashed the TV.
MtGox fell into the “transaction malleability” trap by using a feature that creates a transaction hash or ID without realizing that one transaction can actually have several unique and valid hashes. Super-awesome hackers, using “transaction malleability,” reorder the details of the transaction to generate a different, equally valid transaction hash, and try to get it confirmed in the public ledger first. When they do, they call up MtGox and say that they never got their Bitcoins. MtGox looks up the transaction ID they generated, doesn’t see it confirmed, and then they send you Bitcoins again.
MtGox has been slowly robbed of their Bitcoins with an exploit that has an easy workaround. Other exchanges don’t rely on this transaction ID, they actually check the public ledger for the details of the transaction. They have been sending two cheques per withdrawal, without actually checking their account to see how much is disappearing. The Bitcoins deposited by traders could conceivably be all gone.
(Images: Clark Moody, @SynthOrange)