Mt Gox chief executive Mark Karpeles – whom some internet forum commenters have angrily criticized after the exchange blamed a flaw in Bitcoin software for a potentially serious security issue – has been in contact with Forbes with a response to the criticisms.
In an interview by email, Karpeles defends Mt Gox’s systems. The company created its own Bitcoin implementation in order to process growing transaction volumes, he says, and has attempted to keep pace with all changes initiated by the Bitcoin Foundation. He suggests the flaw ought to have been solved by the Bitcoin Foundation before, as it has been known since 2011. [The Foundation has not responded for further information on the issue at the time of writing.]
Karpeles, who is also a board member of the Bitcoin Foundation, expresses regret that the Mt Gox announcement upset “a lot of people”, but says it may have helped people recognize and tackle the issues as all parties attempt to move forward with a fully working system.
FORBES: Was Mt Gox’s coding to blame, and are other exchanges having the same problem?
Mark Karpeles: First, you need to understand that the Bitcoin implementation we use in MtGox was created back in 2011. The bitcoin client is not meant to handle the kind of load MtGox has and was having more and more troubles, lagging and crashing. We created our own implementation to solve those issues and to offer a better flexibility to our customers.
Over time Bitcoin changed and started implementing changes that would require people using previous versions of the software to upgrade. While we followed most of those update[s] we were more and more busy and couldn’t keep up with all the changes.
With bitcoin 0.8.0 (released 19 feb 2013) a breaking change has been included that would prevent transactions to be accepted if their signature did not include the right number of zeroes in front of the signature values (in an effort to reduce risks of transaction malleability). We did not notice this change but a few of the transactions we were sending would become invalid because of this.
Due to this fact we started being more transparent on the transactions we sent, and provide a publicly available list of pending transactions. Nobody was however able to tell us what went wrong at that time. Since only a few transactions were affected anyway we didn’t give it much attention (recently we were able to look more into this and fix this issue).
This meant however that some of our invalid transactions were listed publicly, making it rather easy for someone with bad intention to alter these, hence the reason why many people claim there was an issue in our code. Now, transaction malleability does not affect only us, and while it might be more difficult to affect exchanges using regular bitcoin[s], it remains rather trivial.
Is there anything the Bitcoin Foundation can do to help solve this problem?
The Bitcoin Foundation has hired Bitcoin Developers for the purpose of promoting Bitcoin use. I guess the most puzzling part is why this issue hasn’t be[en] solved since 2011.
What constructive steps are both the Bitcoin Foundation and Mt Gox taking together to resolve the issues, and to have everything working at its best or the future?
We have proposed a solution that would allow people sending bitcoins to track sent coins no matter what happens in terms of malleability (a solution that can be applied quickly and without breaking anything), and the Bitcoin developers are preparing ways to prevent modified transactions from being relayed by the network (which will take a lot of time and may break some bitcoin custom clients).
There is obviously no perfect solution in this world, however this is how things are as of today.
Note that our announce[ment], while unfortunately upsetting a lot of people, allowed other exchanges to be much more cautious when faced with failing transactions, and most likely helped a lot of people understanding and dealing with the problem.
Interested in this story? Follow me (at the top) for more breaking news and in-depth analysis, affecting technology professionals, CIOs and business decision makers. Please do share your thoughts on the topic below.