Bitcoin Hit by DDoS Transaction Malleability

Mt. Gox points the finger at the Bitcoin Foundation and vice versa as attacks mount and value declines.

The war of words about what's wrong with Bitcoin is rising to new heights this week as questions about potential issues with the Bitcoin protocol and security take center stage.

On Feb. 7, Bitcoin exchange site Mt. Gox reported that it was experiencing delays and would be restricting all withdrawals. On Feb. 10, Mt. Gox blamed the delays on a Bitcoin protocol related issue known as transaction malleability.

"A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur," Mt. Gox stated. "Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent."

Gavin Andresen, chief scientist at the Bitcoin Foundation, responded to Mt. Gox's accusation over transaction malleability on Feb. 10, noting that it's an issue that has been known since 2011. Andresen added that the Bitcoin protocol development team has been working on a way to limit transaction malleability risks. That said, Andresen sees the Mt. Gox issues as not being the fault of the Bitcoin protocol itself.

"The issues that Mt. Gox has been experiencing are due to an unfortunate interaction between Mt. Gox's implementation of their highly customized wallet software, their customer support procedures, and their unpreparedness for transaction malleability, a technical detail that allows changes to the way transactions are identified," Andresen wrote.

On Feb. 11, however, Andresen's tone changed somewhat. Mt. Gox is no longer the only Bitcoin exchange experiencing delays related to transaction malleability. Bitstamp, another Bitcoin exchange, began suspending withdrawals on Feb. 11 in response to transaction malleability based attacks.

"This is a denial-of-service attack made possible by some misunderstandings in Bitcoin wallet implementations," Bitstamp noted in a statement. "These misunderstandings have simple solutions that are being implemented as we speak, and we're confident everything will be back to normal shortly."

The Bitcoin Foundation's Andresen noted in a blog post that there are now people taking advantage of the transaction malleability issue.

"This is exposing bugs in both the reference implementation and some exchange's software," Andresen said." This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming."

The concerns over withdrawals have led to a decline in the value of Bitcoin as denominated in U.S. dollars. As of 11 a.m. ET on Feb. 12, Mt. Gox listed the average value of a Bitcoin at $548. Mt. Gox on Feb. 7 had been listing Bitcoin trading at an average of $732 per Bitcoin.

Although the current transaction malleability issue is a concern that is having an impact on the value of Bitcoin, actual user Bitcoins are not being lost as a result of the issue.

"It's important to note that DoS attacks do not affect people's bitcoin wallets or funds," Andresen said. "Users of the reference implementation who are bitten by this bug may see their bitcoins 'tied up' in unconfirmed transactions; we need to update the software to fix that bug, so when they upgrade, those coins are returned to the wallet and are available to spend again."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.