|
It'd be most accurate to say you rigorously described a kind of mining-cartel attack that had been discussed years earlier, but I know I won't convince you of that, because you only count published academic papers, and the earlier discussions of the same attack all happened in less-formal bitcoin forums. Regarding MtGox scenarios: Reliable evidence on what MtGox truly did is scarce, but people have widely speculated that at times they auto-reissued payouts, and without the protective measure of reusing the same inputs. It would be in character – see other examples of their recklessness below. So while I share your doubt that malleability could have resulted in significant losses, there is a theory for that, which doesn't require extensive social engineering/human-in-the-loop processes. And, if it had been happening for years, only outsiders with a giant archive of long-ago race-losing transactions (that never reached blocks) would be able to estimate the magnitude of the losses. (I don't know any public source for such an archive.) Similarly, at times Karpeles mentioned that the cold storage was a "paper-based RAID" in 3 parts, or some other scheme in 6 places. As the 'key man' in an enterprise that suddenly found itself atop $100MM+ in easily-transferable assets, his feared threats may have included kidnapping/extortion to force disclosure of the keys. Thus his cold storage scheme may have involved putting necessary key-shares totally outside his easy control, even via people and safety-deposit boxes in other countries. Any "key-loss" scenario should consider the chance law-enforcement-actions or other calamities, far from the MtGox offices or Japanese accounts, have made essential parts of the cold-storage keys unrecoverable, for now and perhaps permanently. There's a forum thread from years ago where people mention 2600+ bitcoins MtGox lost from their own bad-transaction-issuing code (https://bitcointalk.org/index.php?topic=50206.0;all). Karpeles wrote his own SSH server in PHP. Over the years MtGox suffered SQL injection & cross-site scripting attacks. In the June 2011 'flash crash', the entire user database with weakly-hashed passwords was lost (supposedly via an auditor compromise), allowing outsiders to carry off some unknown number of artificially-cheap bitcoin – but MtGox made customers 'whole' via a database rollback. MtGox later that year made the customers of competing exchange Bitomat whole, at a cost of 17,000 BTC or more, after that exchange lost its keys. So when speaking of MtGox, we're already in Alice-in-Wonderland territory, with both custom (and often unwisely eccentric) implementation choices, and overconfident grand gestures. It's hard to rule anything out, based on ideas from elsewhere about plausible engineering or business practices. |
I never heard of that one, although I know Mark Karpeles is the author of a few tools in PHP. I met him around 2003 when he developed, hosted and managed a Ragnarok Online (not so) private server (fRO) on Linux (hence his surname, MagicalTux). The whole time he paid the hosting himself. Contrary to more known servers such as eAthena, this server had a unique feature is that it was written in PHP and developed mostly by himself. The server was stable, allowed for quick iteration and took the load quite fine. The whole time he paid the hosting himself. He also wrote an inetd daemon in PHP. Another PHP game project that never took of was 'Inochi', but I can't remember what it was about. He started a few other projects such as a homegrown OS and a VoIP system/company.
Still I can't tell much about the quality of his code since I never read it, and all traces of his code have vanished, and that's been more than 10 years ago. What I can remember though is that he was smart and friendly, but very sloppy at communicating.
For a side story, fRO grew sufficiently big that it caught attention of Gravity and Mark received a cease and desist letter, which he obeyed short of facing a trial. He rebuilt the server soon after though, authorising only a select few members (of which I was one) resulting in something more like a permanent, albeit remote, LAN party, and finally abandoned the project, stepping down and transitioning the management to the player community. The community stayed strong enough even without access to the server that Gravity offered an exit in a form of an officially sanctioned, monthly-paid server. That server was eventually integrated into the official Gravity managed euRO.