As several exchanges announced they would temporarily halt all Bitcoin withdrawals this Tuesday (11), the cryptocurrency universe found out that a “massive and concerted attack” had been launched by a bot system and was affecting these companies.
The information was revealed yesterday by Andreas Antonopoulos, Blockchain.info’s chief security officer. He said a DDoS attack is using Bitcoin’s transaction malleability feature and applying it at the same time to several transactions in the network, Coindesk reported.
Antonopoulos states that ”so as transactions are being created, malformed/parallel transactions are also being created so as to create a fog of confusion over the entire network, which then affects almost every single implementation out there”.
In the meantime, exchanges like the popular Bitstamp joined Mt. Gox and suspended all BTC withdrawals.
Still, it is a different situation. “Mt. Gox was relying on an incorrect implementation, it appears other exchanges were also relying on incorrect implementations. (…) Their [Gox's] attempt to blame the Bitcoin software was grossly irresponsible. In the end it will further discredit Gox and reveal their management incompetence”, Antonopoulos told CoinSpectator.
In Bitstamp’s case, the exchange announced its “software is extremely cautious concerning Bitcoin transactions. Currently it has suspended processing Bitcoin withdrawals due to inconsistent results reported by our bitcoind wallet, caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking. As such, Bitcoin withdrawal and deposit processing will be suspended temporarily until a software fix is issued”, reads a statement published online by the company.
No funds have been lost and no funds are at risk.
This is a denial-of-service attack made possible by some misunderstandings in Bitcoin wallet implementations. These misunderstandings have simple solutions that are being implemented as we speak, and we’re confident everything will be back to normal shortly.
Withdrawals which failed on the 10th and 11th of February will be canceled and the amounts added back to the customer account balances.
Also, BTC-e announced possible delays on transaction crediting. On the other side, the digital asset trading platform Kraken assured it wasn’t halting any Bitcoin-related operations due to previous “planning”.
Throughout this Tuesday (11), Antonopoulos kept updating his Twitter profile with news regarding the attack. After guaranteeing that ”the Bitcoin community has multiple independent actors looking at the security of the network and collaborating as necessary”, he added that “the impact of the attack will be nullified on faulty implementations. Malleability will exist, but not affect it”.
He believes that, “by this time next week, all exchanges will be much more resilient to these phantom Txs and the DoS attack“, making cryptocurrency and all related transactions safer.
Transaction malleability, a Bitcoin feature documented since 2011, might sometimes carry consequences, like in Mt Gox’s case. According to Blockchain.info’s chief security officer, “this is not happening to other exchanges because they’re not stupid enough to issue withdrawals without checking them out first“. And although numerous exchanges are now halting their operations to strengthen their software, ”it’s important to note no funds have been lost”.
The rise of this topic recalls some of Satoshi Nakamoto’s last words: “As Gavin and I have said clearly before, the software is not at all resistant to DoS attack. This is one improvement, but there are still more ways to attack than I can count”.
However, once again, Bitcoin’s death was announced way too soon. Despite the previous price drop from$900 to less than $600, the digital currency is showing how resilient it can be when faced with such an attack. The value even recovered during the last hours and is now around $660.