Posts tagged "MtGOX"

MtGox is a sinking ship

Earlier today MtGox put out a press release regarding their issues surrounding halting all withdrawals. Friendly SA Forums goon Begby breaks it down for us here:

Basically when you send bitcoins to someone, there are several inputs in the transaction. Like the destination address, the amount, etc. Based on those inputs you get a transaction ID which is a hash of those inputs. If you want to see if something was confirmed on the blockchain, you can look up that transaction ID.

However, there is an attack you can do. You can actually change the order of the inputs and have the transaction still go through and end up with a different transaction ID.

Here is how the attack works:

1. Hey, MT Gox, I want to withdraw 4 butts to this address.

2. Mt Gox sends you those 4 butts and gets a transaction ID, broadcasts the transaction to get confirmed (basically yells to the internet, hey you stupid miners confirm this)

3. You, the totally awesome hacker, also broadcast the transaction with the inputs in a different order and yell to the internet louder. This results in a different transaction ID if it gets confirmed first.

4. If you yell loud enough, the blockchain confirms your set of inputs. So the transaction went through, but not under the transaction ID that Mt. Gox was expecting.

5. Call up Mt Gox and complain that you didn’t get your butts

6. Mt. Gox looks in their DB for the transaction ID they have on record, tries to look it up in the blockchain and can’t find it so they think it wasn’t confirmed. They then send you the butts again.

This is a well known issue with the bitcoin protocol and other exchanges workaround this by looking up the inputs in the blockchain instead of relying on the transaction ID, and only using the transaction ID after the transaction has been reliably confirmed. Mt. Gox is saying that this is a problem with bitcoin to cover their ass. I am not sure if its even bug. Its more of “don’t assume a transaction ID is legit until the transaction has actually been confirmed”.

So basically Mt. Gox has been getting ass raped by this known exploit for who knows how long, and has resent god knows how many butts. So their internal ledger is completely and totally fucked and they are going to have to go through every transaction they have ever done, look it up in the blockchain by inputs instead of transaction ID, and try to pick up the pieces. This is like finding out that you have accidentally been writing two checks for all your bills and then only realize this when your account goes negative.

TLDR; Mt. Gox got robbed using a well known exploit with an easy workaround that is so well known is not even a top ten issue for the devs. When successful this exploit will cause gox to double send butts to someone on a withdrawal. Who knows how much they double sent, they probably don’t even know.

Edit: Bonus, one of the devs said he had warned Mt. Gox of this several times over the past few years.

It's in someone else's wallet, that's where

It’s in someone else’s wallet, that’s where

11 comments - What do you think?
Posted by killhamster - February 10, 2014 at 10:06 am

Categories: Buttcoin, Captains of Industry, Featured   Tags: , , , , , , , , ,

Is MtGOX manipulating the Bitcoin market?

For those not in the know, the Magic: the Gathering Online eXchange (MtGOX for short, emptygox to some) is the largest and most popular bitcoin “exchange,” a service that matches fools wishing to buy bitcoins with those who are just a bit wiser and are trying to get out. It’s somewhat similar to real stock exchanges, except it focuses on only one thing, does a terrible job trading, and was originally intended to exchange virtual Magic: the Gathering cards. MtGOX theoretically matches buyers and sellers, then takes a fee for each transaction, then apparently throws that away instead of spending it on maintenance, infrastructure, or administration. The site is notoriously laggy, has been hacked, DDoSed (if its admins are to be believed,) and appears at most times to be held together by twine.

mtgoxmagiccard

Despite all of this, MtGOX has prevailed and is widely used to buy and sell what amounts to Chuck E. Cheese tokens. Recently, the price has risen meteorically and is skirting USD 200 (let’s face it, nobody cares about other currencies) at the moment, though it’s oscillating wildly enough to produce a tone. MtGOX has been the primary arbiter of this “value” throughout the entire wild ride, but some things are starting to seem more and more suspicious. The lag in transaction times on MtGOX is infamous now, so much so that the official bitcoin IRC channel has a bot command that posts the lag in seconds and the distance traveled from the sun (measured in Astronomical Units) during that time. Typically during large selloffs and other market scares, the lag reaches ten to fifteen minutes, during which time light from the sun reaches Earth or beyond. The big-boy stock exchanges spend fortunes to optimize their connections to shave milliseconds off of their transaction times while MtGOX is running on hamster wheel power. The lag is normally manageable, but during panic selloffs, it kicks in quickly, acting as a brake and halting any potential crashes, easing off when buying appears to be in vogue again. This isn’t nearly as great an issue when people are in a buying frenzy, despite what bitcoiners would have you believe. The lag is blamed on numerous things including high volume trading (this is possible,) a poorly coded backend (this is absolutely true,) and DDoS attacks (this is bunk.) Some also wonder if it’s not intentionally instated, acting as an emergency brake to keep the price up, keeping people trading and keeping MtGOX in business. During the last price drop, the site was actually taken offline, halting the crash (and any potential purchases) entirely.

GoxLag

While the lag is the most glaring and obvious issue, there are other, less noticeable problems that pop up repeatedly. Selling and buying follows an odd pattern of large sales, after which the price drops (or plummets, as is often the case,) and then numerous (sometimes dozens or more) small purchases appear, each incrementally increasing the price until it’s recovered a bit. This isn’t to say MtGOX is doing this though, as it could be easily explained by high-frequency trading (at least as high a frequency as five to ten minutes of delay allows) bots kicking in at certain price points to push the “value” up and avoid losses. The sudden flurry of activity from such an event could also explain the lag and accusations of DDoS.

Further complicating the lag, trading problems, and general unusability is the expected incompetence of a bitcoiner-run “business” and its infrastructure. MtGOX claims to rake in several tens of thousands of dollars in profits per day, but apparently has invested none of this into more capable hardware or more efficient code. Seeing as it has the dominant market share over all the other bitcoin exchanges, it has no incentive to improve. Their profits are based primarily on trade volume, so the more they let through (especially when people are buying in and driving the price up,) the more they make. Seeing as their fees are percentage-based, it makes perfect sense for them to prop up the price, maximizing profits.

Another odd thing that’s been noticed time and time again are the fake buy and sell walls. These used to be much more common and obvious, especially during flash crashes, as they’d vanish immediately upon being reached, but are seen less frequently now that the lag more effectively controls crashes.

r630i

Lastly, but hopefully the least likely, the MtGOX admins could be directly manipulating the prices, pushing them further and further up during periods of wild speculation, once more in order to maximize profits based on per-transaction fees. There is no evidence of this in particular, but with no one reputable auditing their practices and no proper regulation, this can’t be entirely ruled out. Until MtGOX either somehow fails catastrophically, runs off with bitcoins, or proves otherwise, it’s best to hold them under suspicion of butt market fuckery and manipulation.

Note: During the writing of this article, MtGOX pulled the plug yet again to stop a small crash. Someone sold 5,000 coins and the price dropped by $10 USD instantaneously.

22 comments - What do you think?
Posted by killhamster - April 8, 2013 at 3:15 pm

Categories: Buttcoin   Tags: , , , ,

How a central authority attempted (and failed) to regulate Bitcoin

Back during the largest of the Bitcoin bubbles, and even to this day, the largest Bitcoin “exchange” is the Magic the Gathering Online Exchange (MtGOX,) a website where the vast majority of USD to Bitcoin transfers takes place and the largest Bitcoin “authority,” so to speak. To many, MtGOX was the hub for Bitcoin activity. It may still be. I’m not going to visit a website called the Magic the Gathering Online Exchange to find out.

As the price of Bitcoins was falling like a rock dropped from a burning zeppelin, MtGOX enacted various “walls” in an attempt to halt the precipitous fall in the “value” of Bitcions. These, of course, did not work, but it’s hilarious how those who screech to the heavens and back about removing central authorities from currency and babble on about fiat this and fiat that allowed and probably encouraged this occurrence. Let’s take a closer look at how the Magic the Gathering Online Exchange admins attempted to rig Bitcoin prices to save their investment:

Imagine, for a moment, that you’re terribly foolhardy and have spent real money on ten thousand Bitcoins. You take a moment to meander over to MtGOX to play Internet Day Trader with your fake money and find the following outstanding buy orders:

  • 100btc @ $15.50
  • 50btc @ $15.65
  • 30btc @ $15.52
  • 30000btc @ $14.95

What this means is that you could sell your play money to other suckers for around $14.95. The first 180 Bitcoins would, of course, sell at the higher prices, but the vast majority will go for the lowest listed price. Someone out there believes for some misguided reason that Bitcoins are worth $14.95 and is willing to pay that for a lot of them.

Now let’s imagine that 30000 Bitcoin wall is no longer there:

  • 100btc @ $15.50
  • 50btc @ $15.65
  • 30btc @ $15.52

You can sell your first 180 Bitcoins immediately for the prices above, but then you’re still stuck with 9,820 of the damned things that you no longer want because you’ve come to your senses and realized this was all a terrible idea and you want out. You’re stuck with them until someone else comes along and places an order to buy some, and if they’re smart (and some of them actually are, they’re busy scamming the rest of the Bitcoiners,) they will split their buy order into small batches, each with an increasingly lower price, screwing you out of whatever value everyone agrees your hashes and bits and whatnot have.

This happens in the real stock markets too, but the amount of large companies involved ensures that only the little day trading guy gets screwed while the market itself doesn’t melt down. Large standing buy orders help to stabilize prices and without them one would see the hilarious roller coaster prices that Bitcoin is prone to having.

Now that we know all this, we can look at MtGOX when Bitcoin prices were tanking and see that in our above example, you wouldn’t have actually been able to sell at $14.95, because the 30,000 Bitcoin order was a fake wall and the moment the orders at $15.52 were fulfilled, the orders at $14.95 would disappear and quickly be replaced by another at a lower price. This happened numerous times and at any given time MtGOX’s market depth would show ten to fifty thousand Bitcoins’ worth of orders within one dollar of the current price. As the price plummeted, say by $3 within an hour, we would see that only Bitcoins in the volume of one to five thousand had been traded during that period of time, which would indicate that the large order had been pulled and replaced with another order for tens of thousands of Bitcoins just below the current price.

This happened over forty times during Bitcoin’s freefall from $20 to $5. The invisible hand of the free market at work!

Special thanks to SA forum goons Shifty Pony and I Greyhound for explaining all this garbage so I could paraphrase it here.

19 comments - What do you think?
Posted by killhamster - January 21, 2013 at 10:25 am

Categories: Buttcoin   Tags: , , , ,