[nwh]

It's interesting to watch actually, submit a transaction to the network at the moment and there's a rogue node that will mess with the padding of the signatures and rebroadcast it faster than the original. It confuses the reference client into duplicate display, which is what Gox is relying on for the failed/success display. That they're winning races over the normal related transactions isn't that unnatural as the transaction processing stuff has a 100ms sleep() in the middle of it.

[waterlesscloud]

There's also a story here about responsible disclosure.

People are making the case (and I tend to agree) that Gox should have contacted the other exchanges in private to discuss this problem before going public with it.

There's a very good chance this widespread attack is a direct result of Gox's announcement.

[glomph]

So first gox is criticised for blaming an old bug and now they are criticised for irresponsible disclosure. Funny old world.

[kzrdude]

What needed responsible disclosure was the fact that Gox was clueless.

[maxerickson]

It contains multitudes.

[o_nate]

A+

[watty]

It seems the general consensus believes it was MtGox's fault that they didn't handle the protocol correctly. The only way to spin this on MtGox is to blame their protocol problems on BitCoin itself.

[Anderkent]

Right, the main argument for that was 'look, no other exchange is having problems!'. Then someone actually started using the bug against other exchanges, and suddenly other exchanges are having problems. But that's mtgox's fault too!

[shachar]

The attack started prior to the disclosure.

[maaku]

No, someone intentionally or accidentally used gox's poor handling of mutant transactions to extract double-payment from their customer support team. Gox blamed the bitcoin protocol for their own stupidity. Then after the press release, someone started a massive DoS attack against the bitcoin network. What happened to gox over the last couple of months is totally different from what what is going on right now.

[shachar]

No, you are wrong, sir. There are many who are recording all Bitcoin network traffic, myself included. I can see that Gox had all their outbound transactions slightly changed and rebroadcast. After that went public, being now outed and in the open, having nothing to gain from stealth the attacker moved to attacking everyone they could.

[ayanb]

Also worth noting is the fact that the Bitcoin Price Index has been massively resilient to all the bad "news" thats been pouring in this month. It has been consistently hovering around the 670-700 mark.

[eterm]

I can't find the article now, but there have been several good articles explaining the lack of gravity on bitcoin in general.

Basically, the price goes up quickly when new people are attracted to bitcoin and rush to buy. When the price dips however, because so much is bought for long term speculation, the price doesn't really dip much, as no one is incentivised to sell and hold out for when it gets better.

At some point the nerve of those holding out may crack, but if you read silly saurus2's post, its quite clear that many will hold out indefinitely on the belief or hope it will one day recover. So in this manner the bubble can deflate slowly. (If you call 10% in a day slow).

There are no settlement dates or ways to easily move money out (especially now) so a crash is prevented.

If a crash happens it'll probably happen before people realise it, but suddenly there just won't be anyone wanting to buy coins anymore.

But even that might not happen as people already invested into bitcoin use how wealthy they feel to buy bitcoins from each other. That can cycle for a long time before people realise there isn't new money in bitcoin.

If you had bought coins at 800-1000, why would you sell now? No one likes to cement a loss.

Those with the most reason to sell right now are the early adopters, but it's not actually clear how many of those coins are actually reachable.

[panarky]

The psychology part of this argument seems the same as with any commodity, not just Bitcoin.

Maybe Bitcoin would be different if you could put money in but not take it out. But it's actually the reverse now -- it's harder to get Bitcoin out. So wouldn't that tend to increase the selling pressure?

And if you don't want to sell to a sketchy exchange, you can sell to SecondMarket[0] and get a wire transfer to your bank account the same day.

https://www.secondmarket.com/education/sell-bitcoin-secondma...

[pjc50]

Also worth noting: you can't buy bitcoins on margin. So no margin calls to suddenly detonate the market.

[hangonhn]

Hang on. Isn't that just a matter of someone setting up a market and contracts for it? What you mean is that no one has setup bitcoins margins market yet right? Or am I misunderstanding something fundamental about BTC that prevents margins?

[vidarh]

You can trade contracts for difference (CFDs) on Bitcoin with 1:10 leverage, including shorting them, at places like Plus500

Great way of taking the risk created with the volatility of Bitcoin and multiplying up the risk massively so you can lose money even faster...

[roel_v]

How are those contracts validated and enforced on sites like that? The SEC used to watch naked shorts relatively closely before 2008 and it's been banned since then; but how is that arranged in practice with a currency whose primary selling point is its anonymity?

[jfb]

I know I'm risk averse, but even still this seems like the basest insanity to me.

[pjc50]

Transaction irreversability makes it a lot riskier, combined with the lack of support from the legal system. If you lend bitcoins to someone, and they run off with them, how do you recover your loss?

Conversely, unlike stocks, you don't need a broker, so there's nobody who would take on that dealer role.

Nobody has setup a "buy bitcoin on margin" service yet, and the first person to do so will lose a fortune to nonpayment of margin calls.

[vidarh]

You can protect against the risk by only providing the service between wallets held and controlled by you on your own exchange.

There also are brokers providing indirect Bitcoin shorting with 1:10 leverage in the form of CFD's (contracts for difference). Of course they could opt to always or sometimes not actually trade the coins - to their clients it makes no difference, as no actual coins can be moved in/out of the accounts.

[Sheepshow]

Hang on I almost read that as meaning bitcoin has less financial capability as fiat currency, which we all know is patently false because the premise of bitcoin is centered around an increased flexibility compared with fiat currency.

[ph0rque]

You can margin buy/sell on bitfinex.com

[febeling]

You can p2p lend and borrow btc here: https://www.bitbond.net/

[praptak]

This sounds like a general analysis of most bubbles in history - nothing very specific to BTC.

[Fuxy]

Well I have bitcoin and I'm in no hurry to sell. I bought them at the tip of the previous bubble when they were £150 and was kinda disappointed when it dropped.

Was hoping to have a large amount in bitcoin so i can buy online services relatively anonymously.

Since then I more then recovered my loss even at the price it has now.

[ekianjo]

> If a crash happens it'll probably happen before people realise it, but suddenly there just won't be anyone wanting to buy coins anymore.

Not sure how true this is. Bitcoin has been going through a few major crashes in the past 3 years, yet the demand was still strong after it went down.

[celticninja]

I dont think the person you replied to meant a crash, but rather an implosion. i.e. a massive failure in the bitcoin protocol that renders it useless. This is the only way in which no one will want to buy coins. In that situation your best bet is sending your coins to an exchange and selling them into the listed buy orders which have not been removed because the person who listed them is either asleep or unaware of the news.

However this is incredibly unlikely, bitcoin went though a fork last year that caused some problems but was quickly rectified, this current maleability issue is also being worked on to get a resolution. These sort of network wide problems are problems with the fundamentals of bitcoin and should, by right, affect the price of bitcoin much more than say government regulations in China or India, that they dont is because most holders of bitcoin understand that these problems can be resolved with some dev time and BTC has some great and comitted devs working on it.

Namecoin (NMC) had a similar issue where it meant that web addresses linked to NMC were not secure, that caused a crahs but no where near going to zero and that is a coin with minimal developer support.

[johnny635]

Sounds like the reason they gave for why houses always goes up.

[interstitial]

You should know bitbugs don't like history.

[MartinCron]

Nobody likes history in the broad sense. Most people only like history that confirms their existing positions.

[thisiswrong]

Wow this makes a lot of sense. I personally believe that this is yet again another one of BTC's large dips that will eventually recover onto it's upwards path.

But then if people panic and see how hard it is to get back into fiat from BTC won't they just go into relatively stable altcoins instead? For example DOGE is skyrocketing as we speak and it's USD price was totally unaffected by BTC's recent plummet. http://coinmarketcap.com/

[jafaku]

If by "stable" you mean "they are so small that no one will even bother attacking them"...

http://imgur.com/0kcORBm

[steveklabnik]

5th largest cryptocurrency with more transations/day than every other one put together isn't exactly small...

[vidarh]

More like 4th, given that Ripples can't be mined, is controlled by a single entity, most of the existing coins are not freely circulating, and the transaction volume is consistently so tiny that it looks very much like the price is intentionally manipulated to make the coin look desirable.

[gus_massa]

Is doge inmmune to this multiple hash malleability feature?

EDIT: "If" -> "Is".

[jafaku]

No coin is immune to this.

What, you thought other coins had their own code? Nope, they are all just a copy/paste of Bitcoin's code.

Specifically Dogecoin was "coded" (copy/pasted) in a Friday night, according to it's founder. So I don't know what you were expecting.

[gus_massa]

Just curiosity. I thought they copied the code from Litecoin and I was not sure if in any of the intermediate steps someone decided to fix this.

It will be interesting to see how each developer set and community handle this problem (and the future problems).

Disclaimer: I don’t own BTC or DOGE (or LTC or any other virtual currency).

[glomph]

Wasn't it 800 at the start of the month?

[deweerdt]

http://bitcoincharts.com/charts/bitstampUSD#rg60ztgSzm1g10zm...

[maaku]

You know that it was up above 800 before this started on last Friday, right?

[MartinCron]

Given all of the historic volatility, a drop from 800 to 600 must not feel abnormal to bitcoin investors. It could have been much, much worse, I guess?

[maaku]

By my rough back-of-the-envelope calculation, something like $50 million dollars changed hands on Monday based on unsubstantiated fear, uncertainty, doubt, and outright lies. Volatility is one thing, market manipulation is another.

[higherpurpose]

I wish I didn't buy at $900 and at least would've sold soon after, otherwise I'd buy some now. These events where some pretty major bug is found in Bitcoin are great opportunities to buy Bitcoin at a "low price" (as low as you can get in that moment in Bitcoin's history). I'm not worried about the bugs themselves because I know they will be fixed.

[hayksaakian]

part of the reason is that bit coin does not depend on any banks

if you have 100 btc in an offline wallet, you will still have it tomorrow, despite whatever bugs/attacks hit the exchanges.

imagine if your bank was hacked, many people would literally be removed of their money.

With cryptocoins, you have the advantages of keeping dollars under your mattress while still bring able to spend them anywhere that accepts them.

[mrkickling]

In what way is that different from fiat money? You can keep fiat money in your mattress and spend it anywhere that accepts them. If you have $100 in a mattress (offline) then you would still have it tomorrow. The problem is that the moneys value may change tomorrow, especially if we are talking about bitcoin.

[kordless]

You can't secure cash under your mattress with a password, for one thing. That makes cash (and paper wallets) venerable to physical attack, even by vermin: http://metro.co.uk/2007/03/27/mouse-eats-cash-machine-makes-...

There is no problem with value changing tomorrow as this is a potential problem with any new payment methodologies. Adoption does not appear magically overnight. The US Dollar is velocity stable due to its wide spread use and being propped up by the equivalent of a bunch of duct tape and bailing wire.

[flatline]

I've seen more people get jacked of all their cryptocurrency holdings than any significant amount of fiat on their person, due to targeted viruses and backdoored systems. I've also seen numerous occasions where someone sent money to the wrong address and that was it, the money was forever sent into the void.

There was a guy on reddit who had all of his DOGE and BTC lifted right off his computer. He was using strong, auto-generated passwords stored in a password manager, so he was not even typing in passwords that a keylogger could intercept. Presumably the attacker had a backdoor into his system, watched him work, and just transferred out the funds when he wasn't at his desk. Poof - all gone, with more or less proper security measures in place and no clear sign of an intruder other than the missing money. Several other people reported similar events in that thread.

These are still major problems for mass adoption of crypto, completely setting aside the massive cases of fraudulent pools, online wallets, exchanges, etc., etc. There are many subtle problems that are difficult to diagnose and cure that come with a technological solution like bitcoin, that paper money simply does not have.

[waterlesscloud]

A true story- My grand-uncle, who had lived through the Great Depression, never trusted banks. So he buried a considerable amount of cash in the forest behind his house in mason jars (seriously!).

When he died, my grand-aunt, who always thought he was being silly, went out in the woods and retrieved all the jars.

The cash had rotted and deteriorated to the point that it was unspendable.

However, she was able to work with the US Treasury to sort through the remains and identify the bills and replace them with new currency.

There's not really a bitcoin lesson here, just some family lore that seemed relevant. :-)

[dnautics]

this is why we buy gold and silver.

[watty]

If someone is going to physically break into your house and access your money what's to stop them from physically assaulting you until you give them the password? Or just taking the computer that stores the "offline" wallet?

[branchan]

Unless someone has some kind of insider information, no burglar is going to assume that you have a stash of bitcoins.

[anigbrowl]

There are these things called safes...

[branchan]

Are you going to put the safe under your mattress? Or do you think a secure encrypted and password protected wallet stored on a tiny USB drive or SD card might be more secure?

[SilasX]

I'm not sure that's an apples-to-apples comparison.

In both cases, there is one physical good which, when stolen, deprives you off the money. With cash, it's the physical notes. With Bitcoin, it's the private keys in the wallet (or private key to unlock the wallet's private keys). Making backups of the keys can protect against accidental data loss, but not against theft, as it increases attack surface (i.e. number of locations where the same money can be stolen from).

There is still an advantage here favoring Bitcoin, though: if the key is stolen and you know this, you still have a chance to preserve the wallet's holdings: just generate new keys (addresses) and broadcast a transaction of all the wallet's money to those addresses. If you can get the message to the network's nodes faster than the attacker, the money will be "signed away" before they can use it, and such attempts will be rejected as double-spends.

There is no corresponding feature for physical cash.

[hayksaakian]

You need to physically be somewhere to spend cash, with BTC, you don't need a presence.

While you could construct a procedure to spend cash remotely without one powerful intermediate, this property is just built into to *coins, and it is simply how they work.

[smrtinsert]

A huge difference is fractional banking, which deserves a good read. http://en.wikipedia.org/wiki/Fractional_reserve_banking

[this_user]

I'd argue that fractional reserve banking is still better than having a "currency" that is backed by absolutely nothing and may lose up to 90% of its value on a moment's notice.

[Canada]

> imagine if your bank was hacked, many people would literally be removed of their money.

Are you sure about that? For the most part those transactions would simply be reversed. Bitcoin exchanges seem a lot more exposed to computer security breaches to me.

> With cryptocoins, you have the advantages of keeping dollars under your mattress while still bring able to spend them anywhere that accepts them.

Paper currency is a bearer instrument. It can be used for offline payments. Cryptocoin can't be. Both parties need to be connected to the rest of the coin network so the transfer can confirmed by other nodes.

Not to say that cryptocoins have no under-the-matress advantages. They are a lot easier to hide than cash and you can make backup copies of them, which obviously can't be done with cash.

[base698]

You need to be connected to send them but not receive them.

[Canada]

You certainly need to be connected to confirm that you have received them!

[base698]

No you don't, blockchain.info would tell you.

[akkartik]

Is that really true? Could a botnet not conceivably make transactions out of your wallet? Doesn't the distributed ledger have tentacles reaching under your mattress?

[VMG]

A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity).

http://en.wikipedia.org/wiki/Digital_signature

The purpose of the blockchain is to establish an ordered sequence of transactions.

[lmm]

Sure, but no-one calculates digital signatures in their head. Your bitcoins are worthless without computer systems, and those computer systems are the subject of attack by thieves.

[VMG]

Sure, but this attack is not about that.

This is a DDOS attack on the integrity on the distributed database, which is very bad, but not able to spend Bitcoin that isn't yours.

[mrkickling]

http://learncryptography.com/51-attack/

I guess it would be possible.

[SomeoneWeird]

No, even if you successfully achieve a 51% attack, you can't spend coins from arbitrary wallets.

[mrkickling]

Well, you could control the blockchain, wouldn't that include spending coins from any wallet?

[ye]

No, a botnet can't ever achieve 51%. One modern ASIC rig is equivalent to a few thousand average CPU+GPU computers that make up a botnet.

[jonknee]

What about a botnet of modern ASIC rigs?

[pstrateman]

I actually removed the 100ms sleep.

I believe the change was made in release 0.8.6

[pstrateman]

Forgot the link...

https://github.com/bitcoin/bitcoin/pull/3180

[sktrdie]

Not exactly. The buggy wallet software, used by these exchanges, identifies transactions by their hash. Even if one of the duplicates is confirmed, the buggy wallet still thinks the other is a new transaction, because it has a different hash.

The fix is checking all inputs/outputs rather than relying on the transaction hash.

[pmorici]

MtGox is the only one using the TXID hash to track unconfirmed transactions. The problem with the other wallets is that if you try and spend a change address from a rewritten transaction before it is confirmed then that transaction involving the change is then invalid.

Edit: Here is a good explanation of what this latest problem is which is different than the problem MtGox is struggling with http://www.reddit.com/r/Bitcoin/comments/1xm49o/due_to_activ...

[nwh]

You're right, I altered my response to remove the incorrect bit.

[smrtinsert]

I don't understand how there can be any faith in the system if this is possible.

[anton000]

Seems like someone is definitely trying to cause panic by trying to do "btc withdrawal dos" on exchanges maybe in the hopes of driving the price of bitcoin down.