Mark Karpeles is out of jail and goes straight to trolling people

MagicalTux · 9時間前

I am afraid at this point of time I cannot provide any relevant details. I have no time line of how things will be moving in the future either.

MagicalTux · 10時間前

Actually because back in 2009, domain tibane.com was taken. Doubling the N didn't seem an issue, and the domain was available, so things proceeded that way.

MagicalTux · 1年前

Does now.

MagicalTux · 1年前

Added.

MagicalTux · 1年前

Exploiting the bug to perform an attack is actually perfectly possible for any mining pool with enough hashing power, and as of Feb 2014 we saw reports of this attack being actually used against other targets.

The fact this kind of attack is possible is an issue in itself. Transaction hashes are commonly used for tracking transactions, and it should not be possible for a third party to alter someone's transaction. This problem could affect anyone.

MagicalTux · 1年前

Just to confirm, your analysis was based on transactions seen on the network, but then becoming invalid because an exact same transaction (same in/out, signature modified) was found in a later block?

The problem is that at the time we implemented MtGox's transaction system (bitcoin 0.3), there was no requirement on signatures - and we used Bitcoin 0.3's implementation (crypto++, see https://github.com/MagicalTux/btclib - was also adding padding for values that could be interpreted as negative as per bitcoin sourcecode). Bitcoin around 0.6 or 0.8 started to refuse relaying transactions which had an invalid signature (either because of padding added by bitcoind 0.3, or because the signature was not in the expected range which bitcoin started enforcing) but those are still valid in blocks (because the signature is valid).

Which means an attacker could simply take the pending_tx list from MtGox, find his transaction there, modify it and broadcast it. The network would only see his tx, and once mined by someone (anyone) MtGox would find our own tx to have invalid inputs and will attempt to fix it.

The network would never see MtGox's initial transaction (since it doesn't get relayed) and I'm afraid you wouldn't either, unless you specifically monitored our pending_tx list.

MagicalTux · 1年前

I believe creditors can access the elements we provided through the court. The point was not to get an exact figure on transaction malleability, but rather to prove that the specific document was wrong (someone submitted to the court), so we just had to show transaction malleability affecting more than 350 BTC (a quick search led us to find a 1000 BTC event if I remember this correctly).

Also, as of Feb 10, 2014, we only knew of transaction malleability through someone showing this could actually be exploited (publicly). We disabled bitcoin withdrawals, started searching for a solution (reached normalized txid), and at the same time re-checked all cold wallets. By the end of Feb. we found out that it was unlikely we had enough BTC (we did find some later, however) so we contacted the court and proceeded with civil rehabilitation from there.

I still believe normalized txid should be a thing, as it's the only way to keep track of whatever you sign and push on the network. There are efforts to make transactions immutable, but there is no guarantee there won't be a way to overcome that in the future.

MagicalTux · 1年前

We prove the document "proving" transaction malleability only affected 350BTC to be wrong.

Still, we only mentioned transaction malleability as a potential factor, never ever said it was the only MO.

MagicalTux · 1年前

I believe you need signed (original) paper delivered.

Note that a bankruptcy trustee accepting documents arrived days after the deadline is not unheard of. This is however a decision to be taken by the trustee with approval of the court.

MagicalTux · 1年前

Source for Kraken buying servers: https://www.mtgox.com/img/pdf/20141126_document.pdf page 10 of pdf (page 2 of English text, I.3).

For Bitcoins, we used a cold wallet process setup back in 2011 with the help of several experts (as expert as you could be when Bitcoin was only a couple years old) which involved buying a PC at a retail store directly (not online), destroying it once done, and various other things (exact documentation was passed to the trustee). Among other things it was suggested to avoid keeping a list of bitcoin addresses for the cold wallet once charged to limit risks of contents being known, and also other risks (I don't remember who brought that up, but because a PC without a hardware random generator has limited entropy, generating hundreds of keys could in theory have some risk - I guess this should be somewhere on bitcointalk.org but I can't check right now since it's down).

Also back in 2011, Bitcoin had a much lower value, and the costs of implementing daily reconciliation were not something we could afford (in terms of man power, process, etc). As Bitcoin gained value so did legal pressure and we dealt with this as much as we could.

Today, you could use multisig cold wallets with hardware encryption appliances in multiple zones. This bring the cost up to a few million USD a year, but that's probably the only way to make a secure wallet today.

MagicalTux · 1年前

Fixed, thanks for reporting this.

MagicalTux · 1年前

Unfortunately that part is mistaken, and I can prove it (my schedule from that period was full of meetings morning to evening, not only my staff can confirm it, but the people I met too.)

Anyway I contacted the author about this a few days ago.

MagicalTux · 1年前

Actually they did acquire MtGox's servers and pledged to help a bit. They are not refunding customers however as far as I know, and there are a lot of other issues with this article (I emailed the author about this, but haven't received any response yet).

MagicalTux · 1年前

I am not sure how this would be squeezing smaller miners out. There are two things I can think of: producing big blocks requires more memory/bandwidth (smaller miners can elect not to if they want, there is no penalty for producing small blocks) and receiving big blocks require more bandwidth (there were talks about this on how to allow block propagation to work with the block header alone - or at least not the whole block with all txs bodies - and as such be much faster).

Was there anything else?

MagicalTux · 1年前

Actually miners are free to block spam and make smaller blocks. Even if a part of the miners do so, it'll prevent from the max block size from increasing. Using a system similar to how the difficulty work (capped variations) could be interesting too.

MagicalTux · 1年前

wat?

MagicalTux · 1年前

I don't have anything remaining, however it is likely the trustees in charge of the different bankruptcies will file claims for what is due. That's however not under my control anymore.

MagicalTux · 1年前

Yes you hear it right, I do not plan on personally filing any claim on bitcoins held with MtGox.

MagicalTux · 1年前

Your account number was likely used when you deposited on MtGox, if you indeed deposited fiat. There are chances you will be able to find it on your deposit receipt from your bank/okpay/dwolla/etc. Account numbers starts with a M, ends with a X and contains a checksum that would - I guess - allow the trustee to confirm the input.

MagicalTux · 1年前

Actually you might have more chances of this happening going through the trustee's English phone line (if enough people ask for the same thing) or Kraken support.

MagicalTux · 1年前

Unfortunately I don't know that much. If you're a Kraken customer you can maybe try their "creditor claim and payout support with live chat and email", which might be able to give you a better answer.

MagicalTux · 1年前

Under Japanese law, creditors can consult all the claims made by other creditors, and can oppose those claims for a variety of reasons. If your claim is opposed you usually have to hire a lawyer.

MagicalTux · 1年前

I'm afraid doing so would require approval from the trustee and the court, as it would be equivalent to an official communication from MtGox. I'll try asking today how they want to proceed.

MagicalTux · 1年前

All claims should be treated the same in the end. It'll be easier for the trustee to process your claim if your account is verified, but except for the extra time and effort on the verification part, there shouldn't be any other difference.

MagicalTux · 1年前

The only figures I can give today are those that anyone can find through official documents:

Description	Amount
Wells Fargo Account 7657841313	US$2,109,214.09
Wells Fargo Account 6836757515	US$8,200.87
Dwolla 812-649-1010	US$2,915,507.40
Total	US$5,032,922.36

There is at least one other executed warrant for which we have no information (except for the fact it was executed by "someone from the secret services").

MagicalTux

トロフィーケース

本日のreddit gold目標額達成率