Hacker News new | ask | show | jobs
by lvs 4493 days ago
Another point is that evidence of significant tx-mal can't be found on the block chain prior to Feb 9 [1]. Now, it's possible that the search wasn't thorough enough, but I find that unlikely. Any reissued transactions must have occurred within a very short period -- a couple of weeks in February -- that could have been attributed to malleability.

[1] http://www.righto.com/2014/02/the-bitcoin-malleability-attac...
1 comments
gojomo 4493 days ago
That's only looking at one kind of malleability. Notably, I've been told that MtGox for years issued its own transactions in a non-standard format... so one potential 'attack' would be to mutate those to canonical form and race them into the blockchain. There'd be no evidence of such an attack in the blockchain: only someone who'd been long-archiving losing, non-canonical transactions from multiple places in the network would have a way to estimate the frequency/magnitude of such activity.
link
lvs 4493 days ago
That sounds a bit speculative. If someone has a link that shows one of these "non-canonical transactions," that might lend some credence to the idea. Furthermore, if Gox was always issuing weird transaction formats, then looking for addresses that show a statistic prevalence of these would be trivial. Showing that the attack took place would simply require showing addresses that occasionally issued a proper tx, but statistically favored outgoing transactions of the type you describe. That is, there will be evidence in the blockchain if the type of transaction you describe is very specific to gox.
link
gojomo 4493 days ago
Their history of oddly-composed transactions could help identify more of their likely addresses, if noone else did the same thing, but that would still be of limited use in funds-tracing depending on whether such addresses were ever reused.

That they've long been issuing valid but unusual signatures was mentioned among other places at: http://www.reddit.com/r/Bitcoin/comments/1x93tf/some_irc_cha...

I'm not sure if this was just a tiny sliver of their transactions, or a large proportion... but it complicates easy analysis of what the malleability losses could be.

link