Published academic report concludes that a total of only 386 bitcoin have ever been lost to transaction malleability - most of them from MtGox. So what *really* happen at Silk Road 2?

A pair of researchers went through 12 months worth of bitcoin network traffic and analyzed the number of malformed transactions that had been accepted into the blockchain. They concluded that in the period analyzed, a total of only 386 bitcoin were stolen using the malleability attack.

Their report is specific to MtGox, but it also has implications for Silk Road 2 and their attack, since the administrators there blamed transaction malleability for all the funds being stolen.

Here is an extract from the report:

The transaction malleability problem is real and should be considered when implementing Bitcoin clients.

However, while MtGox claimed to have lost 850,000 bitcoins due to malleability attacks, we merely observed a total of 302,000 bitcoins ever being involved in malleability attacks. Of these, only 1,811 bitcoins were in attacks before MtGox stopped users from withdrawing bitcoins. Even more, 78.64% of these attacks were ineffective. As such, barely 386 bitcoins could have been stolen using malleability attacks from MtGox or from other businesses. Even if all of these attacks were targeted against MtGox, MtGox needs to explain the whereabouts of 849,600 bitcoins. Here is a link to a PDF of the full report:

Here is the key quote:

"barely 386 bitcoins could have been stolen using malleability attacks from MtGox or from other businesses."

Here is a link to where the report is published:

http://arxiv.org/abs/1403.6676

Extract:

In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. This allows an attacker to mount a malleability attack in which it intercepts, modifies, and rebroadcasts a transaction, causing the transaction issuer to believe that the original transaction was not confirmed. In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts. In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox.

A full copy of the report (warning: clearnet, PDF (don't use the Adobe reader)):

http://arxiv.org/pdf/1403.6676v1.pdf

So what does this mean for Silk Road 2? It means they lied, and there is now undeniable proof. What else is it going to take for vendors and users to abandon that site and no longer go back to it?


Comments


[17 Points] iluvthefbi:

The 386 and 1811 figures only apply to the period before the Mt. Gox press release. If you check the study, there was a massive spike in transaction malleability attacks after the press release and around the time Silk Road claimed to be hacked:

"After the second press release, in period 3, there is a sudden spike in activity. Between February 10 and 11 we identified 25,752 individual attacks totalling 286,076 bitcoins, two orders of magnitude larger than all attacks from period 1 combined."

The Silk Road hack was announced on February 13, so if anything this adds credence to their story.


[4 Points] obsidianchao:

Fuck Silk Road, what the fuck did MtGox do? 850K BTC are gone and they haven't explained it, what the hell?


[2 Points] STEZN:

Didn't gox find like a third of the coins?


[2 Points] None:

http://www.reddit.com/r/SilkRoad/comments/1ygydz/cnn_bitcoin_system_not_to_be_blame_in_silkroad/


[1 Points] mwthink:

Wait wait, what? Last I heard (Yesterday) people were proving that Mt.Gox wasn't affected at all by transaction malleability over on /r/bitcoin


[1 Points] None:

[deleted]


[1 Points] o--0:

I wont use SR2 until my "Pending" funds from them actually appear as "Available". Even then I would probably withdraw it and waste it on satoshi dice lol


[2 Points] pinkprincess1:

What really happened at silk road 2 is that they stole the money. Is anyone even doubting this any more?

Ok bring on the downvotes....

EDIT: spelling


[-4 Points] roshanhasfallen:

People can say what they want, but right now SR is still the best place to buy drugs on the net