Mt. Gox has issued a statement in an effort to address concerns raised by users after it suspended bitcoin withdrawals late last week. The exchange insists it is working hard to address a technical issue that has made it impossible for users to make transfers.

The company also points out that currency withdrawals and transfers to any Mt. Gox address are not affected by the issue.

Mt. Gox stressed that the problem is not limited to its exchange – it affects all transactions where bitcoins are sent to a third party. Once the problem was identified, Mt. Gox chose to suspend bitcoin withdrawals until it can be resolved.

Geeky and non-geeky explanation

Mt. Gox offered two explanations for laymen and tech-savvy users. In essence, Mt. Gox says it identified a bug in the Bitcoin software that makes it possible for someone to use the network to alter transaction details, making it seem like bitcoins had not been sent to a bitcoin wallet, when in fact they had.

“Since the transaction appears as if it has not proceeded correctly, the bitcoins may be re-sent. Mt. Gox is working with the Bitcoin core development team and others to mitigate this issue,” Mt. Gox said.

The technical explanation is a lot more detailed.

It points out that bitcoin transactions are subject to a design flaw that has been largely ingored, although it was known to “at least a part” of the Bitcoin core development community. The defect is known as “transaction malleability” and it allows third parties to alter the hash of a fresh transaction without invalidating the signature. Mt. Gox explains:

“Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.”

The “sendtoaddress” API returns a transaction hash as a way to track the insertion of the transaction into the block chain. Since most wallet and exchange services keep a record of this in order to respond to users who make inquiries about their transactions, they could assume that the transaction was not sent – as it would not appear in the block chain with the original hash. For the time being, there is no way of efficiently recognizing alternative transactions.

“This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction’s hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.”

Working on a fix

Mt. Gox believes the problem can be addressed by using a different hash for transaction tracking purposes. The network would continue to employ the current hash for the purpose of including the transaction in each block’s Merkle Tree, while the new hash would be used to track transactions and it could be computed and indexed by hashing the exact signed string via SHA 256, the same way transactions are hashed.

“This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions,” Mt. Gox said. “We have discussed this solution with the Bitcoin core developers and will allow bitcoin withdrawals again once it has been approved and standardized.”

In the meantime Mt. Gox is urging exchanges and wallet services, as well as any other service that sends bitcoins directly to third parties, to be “extremely careful” with anyone claiming their transaction did not go through. The issue also affects altcoins using the same transaction scheme as Bitcoin.

The exchange says it will try to resume withdrawals as soon as possible:

“Mt. Gox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.”

Mt. Gox also noted that more information on the status of the issue will be released as soon as it is available – but for now users will not be able to make bitcoin withdrawals. The fix can’t come soon enough, as the problems have caused a selling frenzy in some circles.

Price fall

Since the announcement was published, the price of bitcoin has witnessed a steep decline. The CoinDesk Bitcoin Price Index shows a sharp fall from $681 at 10:00 (GMT) to $572 at the time of writing.

The last time the price dropped to this level was on December 19th, shortly after China’s central bank met with third-party payment companies and banned them from doing business with bitcoin exchanges.

This news caused bitcoiners across the globe to panic sell their collections of the digital currency, but the price drop didn’t last for long – it increased to $770 by the end of the year.

Responses

Responses to the Mt. Gox statement have been largely negative. Oleg Andreev, a software developer and bitcoin enthusiast, said on Twitter:

@bitcoin_bolsa @bodskibod it’s a bug in their handling of payments, not in Bitcoin. — Oleg Andreev (@oleganza) February 10, 2014

Liad Shababo, founder of Shoply.com, was also pretty annoyed at Mt. Gox’s statement:

@oleganza they spin it like its a fault in the protocol rather than a fault in their understanding. dirty of them. — Liad Shababo (@L1AD) February 10, 2014

Redditors also panned Mt. Gox’s explanation. One of the top comments on the post noted that the transaction malleability issue had been known for at least a year. One commenter, nomailing, posted:

It has nothing to do with the protocol. It’s just incompetence of the [Mt. Gox] developers. It’s their fault to rely on transaction hashes although transaction malleability is nothing new.

BTC-e got in touch with CoinDesk and had this to say:

“There is not a problem with the Bitcoin’s protocol. Unconfirmed transactions were always malleable in the Bitcoin network. We wonder why Mt. Gox wasn’t already aware about this having worked for several years with the protocol. We kindly advise Mt. Gox to hire more professional technical staff.”

What do you think of Mt. Gox’s statement? Let us know in the comments below.