The Bitcoin community is in limbo after two big exchanges halted withdrawals due to a technical feature within the Bitcoin protocol that allowed fraudsters to manipulate transaction IDs.
"Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions," says Gavin Andresen, chief scientist at the Bitcoin Foundation trade group, in a blog post.
Transaction malleability within the digital currency's protocol has been known and well-documented since 2011. The feature allows for parts of a transaction ID (also called a hash) to be changed within the roughly 10-minute window before that transaction is confirmed by the Bitcoin miners who maintain the record of all transactions.
This malleability could allow users to trick exchanges into sending funds twice, with both transactions confirmed by miners. If the exchange that was tricked has been properly identifying its customers, it could look back and catch the fraudster.
Mt. Gox, one of the world's largest Bitcoin exchanges, suspended withdrawals on Feb. 10, issuing a press release blaming a "bug in the Bitcoin protocol" referencing transaction malleability.
BitStamp, a popular exchange based in Slovenia, suspended withdrawals and deposits on Feb. 11, according to its press release. And another exchange, BTC-e, took to Twitter to tell users of an interruption of service caused by "technical maintenance" on a server.
Bitcoin's core developers (early adopters who help update the digital currency's protocol) issued a statement via the Bitcoin Foundation countering Mt. Gox's explanation, and other Bitcoiners quickly and snarkily added their support to the developers' position.
The #bitcoin protocol and network are just fine today. Let's not over-react about a technical issue in one custom implementation.
Jeff Garzik (@jgarzik) February 10, 2014
AndreasMAntonopoulos (@aantonop) February 11, 2014
Bitcoin was developed as a secure and low-cost alternative to conventional electronic payment methods, such as credit cards and automated clearinghouse payments. Bitcoin payments are pseudo-anonymous but are recorded publicly in a ledger called the blockchain. The payments are irreversible and near-instantaneous.
Transaction malleability is especially important to an exchange like Mt. Gox, which handles transactions through its own custom software built on top of Bitcoin's reference client. Businesses with proprietary wallets "should include in their software a way to validate transaction IDs," Andresen says.
But it seems the finger-pointing started too soon on both ends, with more blame being fired by each party every day.
The Bitcoin Foundation has now published an update to its blog post, explaining that denial of service attacks are taking advantage of the malleability issue. The incident highlights certain bugs in the Bitcoin reference wallet client itself.
The attack tricked some exchanges' custom Bitcoin software, which then raised alerts about what appeared to be cloned transactions.
"The transactions on the network are being cloned and mutated and then republished," says Jeff Garzik, a core developer who works with BitPay, a Bitcoin merchant services provider. "Suddenly a transaction has two unique identifiers and the transaction having this is confusing some third party and wallet software."
The attackers have not been identified, and the Bitcoin Foundation's members are working to muzzle the attack.
"Whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming," Andresen says.
The bugs with the reference wallet client are two-fold, says Garzik. One bug causes a transaction to stall without confirmation and another bug in the internal accounting systeman optional pluginshows inaccurate account balances, he says.
While the Bitcoin protocol wasn't squeaky clean, it does look like the exchanges that have suspended operations could have been managing transactions more efficiently to account for known malleability issues.
Kraken, a digital currency exchange run by Payward Ltd., is unfazed by the issue and running business as usual. Coinsetter, an exchange that is still in beta testing, was also unaffected.
At Kraken "we don't rely on transaction ID for our accounting," says Jesse Powell, CEO of Payward.
"I don't know what's being recommended as best practices but not relying on transaction IDs, marking your coins spent and trusting your internal records before you trust the blockchain are probably all good practice," Powell says.
Instead of managing transactions based on IDs, exchanges should be looking at the Bitcoin transaction's output, which shows the payment's destination, Garzik says.
Garzik now seems more sympathetic to exchange and wallet services' plight. "Was this a failure of education?" he says. "Could we have done more on that front in documenting the system?"
Core developers are currently helping third parties correct their own custom software to mitigate the damage. In the process, the developers hope to create a long-term design that captures the benefits of transaction malleability and excludes the bad aspects, Garzik says.
According to the Bitcoin Foundation's initial blog post, "The Bitcoin core development team has worked to limit transaction malleability. There is broad agreement in the community that this needs to be eliminated."
But Garzik says Bitcoin's core protocol will remain nearly unchanged because there are benefits to transaction malleability.
"It permits things like crowdfunding," he says.
For example, a user could create a transaction (composed of inputs and outputs) with an input of one bitcoin and an output of 1,000 bitcoins. This transaction would not be validated by miners since the input and output doesnt match, but the original creator could share that transaction for others to attach bitcoins to it, Garzik says.
"This requires that you permit certain bits of the transaction to be changed," he says.
Once 1,000 bitcoins are attached to that transaction, the original creator could combine the attachments and republish the transaction on the blockchain. Because the input and output would then match, miners would validate the transaction, says Garzik.
In light of the difficulties affecting popular exchanges, the price per bitcoin has dropped significantly. Prior to the denial of service attack, each bitcoin was worth over $800. On Mt. Gox, the price is now fluctuating between $500 and $600. On BitStamp, the price per Bitcoin has stayed steadily above $600.
"Bitcoin is a startup currency, it's still experimental and it's still a risky endeavor," says Garzik. "We're hoping to fix [the issues] as soon as possible but that big beta label remains in place."