from Hacker News

Why Mt. Gox is full of shit

by klrr on 2/10/14, 2:44 PM with 134 comments

by nwh on 2/10/14, 3:30 PM
There's no acceptable middle ground really. Practically every Bitcoin service is full of incompetence of varying degrees. Coinbase for example uses MongoDB for their accounting and apparently was hacked (and the funds returned) as an effect of that. Every other service has issues with the founders (BTC-e is run by who?) or their security record (inputs.io had a cold wallet?) in some way.
You can't trust much in this particular corner of the internet.
by kens on 2/10/14, 4:06 PM
I don't think anyone has pointed out that MtGox said "We have discussed this solution [additional hash in the protocol] with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized." [1] A Bitcoin protocol change like that is not going to happen for a long, long time, if ever so do the math on MtGox's statement and when they will allow withdrawls.
The Bitcoin team did push out a change in 8 hours once for a critical signed/unsigned bug that threatened the whole system [3], but this problem looks to me like NOTABUG/WONTFIX. The transaction malleability is an annoyance, not a real bug. Basically the support team just needs to spend an extra 5 seconds checking a transaction instead of blindly issuing refunds.
My recent article [2] goes into the Bitcoin protocol in great detail if you want to know more about transaction signing, which should help explain technically what is going on with malleability.
[1] https://www.mtgox.com/press_release_20140210.html
[2] http://righto.com/bc
[3] https://bitcointalk.org/index.php?topic=822.0
by lispsil on 2/10/14, 3:51 PM
Of course Gox is full of shit, anybody see his php ssh implementation? Karpales is a guy who rolls his own crypto everyday and has no idea it's completely flawed, and when you point out the flaws he doesn't believe you and uses it anyways.
He's a cancer and nobody should be using MtGox. You're supposed to trade coins in IRC decentralized using the web of trust, or localbitcoins in person. Exchanges should only be used if you have a business bank account and are on first name basis with the guy who runs Bitstamp or Cavirtex on IRC otherwise you get delays and holds for identity verification, limits, other problems like your bank freezing your account when they notice wires going to Slovenia too often.
*Edit Gavin just posted a response on the bitcoin foundation blog, confirming Gox is indeed full of shit.
by steven2012 on 2/10/14, 3:55 PM
Anyone who uses Mt. Gox is a fool, especially after the first few security issues. Hearing about further issues in terms of security, etc is sort of like hearing the wailings of a person whose spouse is cheating on them... for the 5th or 6th time. At some point, the victim only has themselves to blame.
by sillysaurus2 on 2/10/14, 3:30 PM
One interesting aspect of this whole ordeal is the fact that, thus far, exchanges' prices have depended on each other. That is, a huge sell order on Bitstamp will more or less immediately affect the price on BTC-E, MtGox, etc. (The exception seems to be Coinbase, which seems to use some kind of exponential weighted averaging, but even Coinbase will get dragged down if the price drop is dramatic enough.)
If people lose all confidence in Gox, but still retain faith in other exchanges, then that means we're going to witness MtGox's price drop while the other exchanges' prices rise. However, this becomes an economic opportunity for anyone who wants to do arbitrage between exchanges. Therefore it seems like the prices won't ever diverge too much.
The conclusion, it seems, is that no matter how bad one exchange is, it will simply drag the overall price of Bitcoin down across all exchanges rather than suffer punishment as an individual company. The fact that arbitrage is doable seems to give MtGox some insulation from consumer outrage.
This poses a question: Is it true that as long as an exchange keeps functioning, then it's "here to stay" no matter how badly they behave? Is there any way that an exchange could go out of business from nothing more than consumers losing faith that one exchange?
by pistle on 2/10/14, 7:55 PM
The candlestick charts are not telling a pretty story about trust right now. Bitbugs keep the faith and talk about buying with blood in the streets since it always bounces back, but every flash crash comes with a worse story.
The headline is "Largest Bitcoin Exchange Doesn't Understand Bitcoin"
What hope do retailers and any but the very-technical have in managing the risk implicit in digital currencies?
Not to mention, seeing supporting forum posts where people are discussing the parts of fractions of coin being sent around... do people really think 8-10 digits past the decimal can hope to be manageable for consumers? It's bad enough to deal with Yen conversions.
Please tip your server .00343874938239487 bitcoin. When 15% of the value can evaporate while business is happening... when do you bill the customer for lunch? When they order?
by kordless on 2/10/14, 3:53 PM
News flash: people don't like to admit they are wrong. They will find ways to rationalize their actions to fit a model where their fears of being wrong are temporarily alleviated. Unfortunately most people don't realize it's more work in the end to deny being wrong than just coming clean.
We've been through this several times with Mt. Gox. It's time for everyone to STOP using them and start using something else for trading. Continuing to use them and making rationalizations that things will 'get better' will only result in a global case of cognitive dissonance.
They are threatening an ecosystem that is important and which has a large potential value. In my opinion, they need to be removed from that ecosystem.
by zapnap on 2/10/14, 4:24 PM
Not wholly surprised here. As a side note, I wish it was easier to move coins out of mtgox. They require "verification" to even transfer coins to another BTC address at this point, which means sending them proof of identity and proof of address. I'm not against identifying myself but given their absolutely abysmal security record and repeated demonstrations of incompetence, I'm loathe to send them anything even remotely sensitive. which leaves me in a bad position where I'm stuck with coins I can't even access...
Ugh. Local wallets, people. Local wallets.
by jasonlingx on 2/10/14, 3:34 PM
Let this be a warning to everybody with bitcoin in wallets they do no absolutely control, for example, Coinbase - you can and almost certainly will lose them at a moment's notice, sooner or later.
I feel really sorry for those with funds tied up with MtGox. It was only recently where I used MtGox to store most of my bitcoin and I am lucky to have decided to move them all to paper wallets.
This demonstrates one of the biggest issues holding back widespread adoption of bitcoin, the ability of the layperson to securely hold large amounts of bitcoin.
by x0054 on 2/10/14, 7:34 PM
Mt. Gox is indeed full of shit. As I understand the issue, due to their bitcoin implementation, there is a possibility that someone would send bitcoins from their Mt. Gox. account to a wallet, than alter the signature of the transaction, and than claim that the transaction did not go through and contact support to request the funds to be resent.
Here are 2 easy solutions to this problem which do not require anything to be done by the bitcoin community, and could be exacted by Mt. Gox today:
1. Allow all transactions to go through as before, but state clearly that if your transaction does not go through after being submitted, it will take a long time to clear the transaction, because it will have to be checked by hand. Assuming that 90% of people are not planning to scam Mt. Gox, 90% of people would be able to get their money. The remaining 10% would have to wait a bit longer while Mt. Gox checks transactions by hand.
2. Alternatively, write a system were a user can request to withdraw bitcoins. The Mt. Gox server first generates a new wallet, than transfers the BTC to that wallet, than send the user the public and private keys for that wallet. Assuming that the user (for good reason) does not trust Mt. Gox, they than can simply transfer the BTC from a temporary wallet to a permanent one.
by rainmaking on 2/10/14, 3:36 PM
My experience exactly. I was just buying a hundred bucks worth of coins, and I had to suffer through inexplicable delays, error messages that were obvious lies, the list goes on and on. Incompetence is one thing ("sorry about the hassle, but look aren't we cheap!") but trying to obfuscate the real reason of problems is just a huge red flag.
I'm in Europe, and I like Kraken very much. blockchain.info recommended them.
by ewams on 2/10/14, 3:18 PM
FTA: "The time to stop using Mt. Gox has been long overdue. Move your business to a more serious exchange, one that is willing to admit their failures, should they occur. One that has the best interests of the entire Bitcoin ecosystem in mind, rather than their own bottom line."
by kirk21 on 2/10/14, 7:58 PM
Trying to find an European alternative. Suggestions next to https://localbitcoins.com or http://www.coinnext.com/ ?
by oleganza on 2/10/14, 3:33 PM
Today's price fluctuation only proves that people do not really understand how Bitcoin works. Many keep all their coins on the exchange because they got used to the traditional banking. MtGox says "it's a fault in the protocol" and people sell off in panic. Thankfully, over time we have more exchanges, more different implementations, more and better educational resources to learn about real risks of Bitcoin. Meanwhile, smart people pick up cheap coins while they can.
by o_nate on 2/10/14, 3:50 PM
This article seems rather biased and brings in lots of past problems at Mt. Gox rather than focusing on the current issue - perhaps because a more detailed explanation of the current issue would reveal that this problem goes beyond Mt. Gox. There is a disturbing tendency among some Bitcoin partisans to instantly dismiss any issue that comes up as being well-known and well-understood, even if "well-known" means that it was posted somewhere on a message board read by few.
by ck2 on 2/10/14, 4:14 PM
the official Bitcoin daemon (bitcoind) does not rely on a transaction ID to determine if a transaction succeeded
Sooo how does it do it? How does it determine a unique transaction id?
by angryasian on 2/10/14, 4:23 PM
>Their implementation, against all advice, does rely on the transaction ID, which makes this attack possible.
I think a lot of the comments here and especially the article detracts from the discussion. The article seems to go on a rant of all the other mistakes mt gox make rather than addressing the issue.
What is the recommended solution by bitcoin implementers to verify a transaction succeeded, with transaction malleability existing ?
by rsync on 2/10/14, 4:22 PM
Why do these services exist at all ?
Cannot the bit coin protocol be used by end users with full features without a third party "wallet" service ?
Are these services purely for people that don't understand files and encryption utilities ?
I do not use bitcoin, but if I did, I assume I would just protect and back up those computer files like many other extremely valuable computer files I have.
What am I missing here ?
by jere on 2/10/14, 8:03 PM
Not mentioned in this post is that during that hack where hashed passwords were released, Mt. Gox was using md5. What jokers.
by paterpol on 2/14/14, 4:11 PM
Hacked bitcoin exchange patforms, its not the point the structure, there cs or a bug in the bitcoin system.The big players have to coopered to avoid the unlimited use from the fed of fiat money to buy bitcoins and attac the big .platforms on using a extreme blow off
by spoiledtechie on 2/10/14, 3:30 PM
I wonder which side is actually telling the truth...
by victorlin on 2/10/14, 3:59 PM
the justin bieber of bitcoin exchange
by sscalia on 2/10/14, 4:13 PM
In case anyone needs a reminder:
Magic The Gathering Online Exchange.
Chase Manhattan, they are not.