As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By “bitcoin withdrawal” we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.
The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.
Addressing Transaction Malleability
MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as “transaction malleability” makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.
The bitcoin api “sendtoaddress” broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction’s insertion in the blockchain.
Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn’t appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.
This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction’s hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.
We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block’s Merkle Tree, the new hash’s purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).
This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.
We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.
In the meantime, exchanges and wallet services – and any service sending coins directly to third parties – should be extremely careful with anyone claiming their transaction did not go through.
Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.
To put things in perspective, it’s important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.
MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.
More information on the status of this issue will be released as soon as possible.
We thank you for taking the time to read this, and especially for your patience.
As there is a lot of speculation regarding MtGox and its future, I would like to use this opportunity to reassure everyone that I am still in Japan, and working very hard with the support of different parties to find a solution to our recent issues.
Furthermore I would like to kindly ask that people refrain from asking questions to our staff: they have been instructed not to give any response or information. Please visit this page for further announcements and updates.
Dear MtGox Customers,
In light of recent news reports and the potential repercussions on MtGox’s operations and the market, a decision was taken to close all transactions for the time being in order to protect the site and our users. We will be closely monitoring the situation and will react accordingly.
MtGox Co., Ltd.
ANNOUNCEMENT REGARDING AN APPLICATION FOR COMMENCEMENT OF A PROCEDURE OF CIVIL REHABILITATION
MtGox Co., Ltd. made today an application for commencement of a procedure of civil rehabilitation (minji saisei) at the Tokyo District Court. This application was accepted on the same day. Further, MtGox Co., Ltd is under several orders issued by the Court : a preservative order prohibiting it from paying its debts, transferring its assets or establishing security over its assets, an order establishing a comprehensive prohibition of forced attachment of its assets by its creditors and a supervisory order ordering supervision by a supervisory committee. In consequence, MtGox hereby informs you as follows.
We first express our most sincere regrets and apologies for this situation and for causing so much inconvenience to all our users and other interested parties. We will fully respect the above orders and maintain our assets with all the necessary care.
Financial situation, reasons and timeline leading to this application
(1) As of now, the liabilities of MtGox Co., Ltd exceed its assets and its financial situation is as follows:
Total amount of assets
Total amount of current liabilities
(2) The increase of current liabilities may be linked to a loss of bitcoins and customer funds. These are now investigated by an expert and all efforts are made to discover the truth. This application was prompted by the following troubles:At the start of February 2014, illegal access through the abuse of a bug in the bitcoin system resulted in an increase in incomplete bitcoin transfer transactions and we discovered that there was a possibility that bitcoins had been illicitly moved through the abuse of this bug.
As a result of our internal investigation, we found that a large amount of bitcoins had disappeared. Although the complete extent is not yet known, we found that approximately 750,000 bitcoins deposited by users and approximately 100,000 bitcoins belonging to us had disappeared.
We believe that there is a high probability that these bitcoins were stolen as a result of an abuse of this bug and we have asked an expert to look at the possibility of a criminal complaint and undertake proper procedures.
On the same day (24th), we found out large discrepancies between the amount of cash held in financial institutions and the amount deposited from our users. The amounts are still under investigation and may vary but they approximate JPY 2.8 billion.
We are investigating the causes of these problems. Since there are probably a variety of causes including hacking by third parties, we need to investigate a huge amount of transaction reports in order to establish the truth. As of this date, we cannot confirm the exact amount of missing deposit funds and the total amount of bitcoins which disappeared.
Once we discovered that bitcoins had disappeared and the discrepancies between cash funds and deposit balances, we judged that it would be difficult to continue our activities normally and we therefore closed our site at noon on the 25th (Japan time).
(3) Regarding the filing of a complaint or damages report, an expert has been mandated and investigations have started. We will make all efforts to ensure that crimes are punished and damages recovered.
Further we will fully cooperate with inquiries from authorities and investigations related to this matter, in Japan or overseas.In order to increase repayments to our creditors, it is necessary to explore the possibility of having MtGox Co., Ltd. continue its business. This is why the civil rehabilitation procedure has been chosen, Rebuilding MtGox Co., Ltd under the supervision of the court in a legally organized procedure while giving proper explanations will not be for the sole benefit of the company but for that of the whole bitcoin community.
All efforts will now be made to restore the business and recover damages to repay debts to creditors. We hope for the understanding and cooperation of all.
(6) Case no. 2014 (sai) 12Civil rehabilitation commencement application
A call center has been established to respond to all inquiries. The call center is planned to start on March 3, 2014. All inquiries to MtGox Co., Ltd. should be made to the following telephone number:
Telephone number +81 3-4588-3921 (in Japanese)
Telephone number +81 3-4588-3922 (in English)
Working hours Monday to Friday 10am to 5pm (Japan time)Please refrain from contacting the office of the supervisor/investigator.