david wong

Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

Bitcoin Exchanges Under ‘Massive and Concerted Attack’

posted February 2014

The transaction malleability problem which troubled Mtgox a few days ago has also made Bitstamp shutdown.

Apparently a large scale attack using this problem is going on on multiple exchanges.

Antonopoulos, who is the chief security officer of Blockchain.info, said a DDoS attack is taking Bitcoin’s transaction malleability problem and applying it to many transactions in the network, simultaneously.

The article on coindesk here

It's interesting to watch actually, submit a transaction to the network at the moment and there's a rogue node that will mess with the padding of the signatures and rebroadcast it faster than the original. It confuses the reference client into duplicate display, which is what Gox is relying on for the failed/success display. That they're winning races over the normal related transactions isn't that unnatural as the transaction processing stuff has a 100ms sleep() in the middle of it.

From the discussion over at HN

PS : apparemment l'erreur a été corrigé il y a un an sur le client bitcoin officiel ici

Well done! You've reached the end of my post. Now you can leave me a comment :)