Bitcoin Exchanges Under ‘Massive and Concerted Attack’

Bitstamp-withdrawal-issues
11 February 2014

A “massive and concerted attack” has been launched by a bot system on numerous bitcoin exchanges, Andreas Antonopoulos has revealed.

This has lead to popular exchange Bitstamp putting a temporary halt on all bitcoin withdrawals, and BTC-e announcing possible delays on transaction crediting.

Antonopoulos, who is the chief security officer of Blockchain.info, said a DDoS attack is taking Bitcoin’s transaction malleability problem and applying it to many transactions in the network, simultaneously.

“So as transactions are being created, malformed/parallel transactions are also being created so as to create a fog of confusion over the entire network, which then affects almost every single implementation out there,” he added.

Antonopoulos went on to say that Blockchain.info’s implementation is not affected, but some exchanges have been affected – their internal accounting systems are gradually going out of sync with the network.

He emphasised that this isn’t affecting withdrawals, because most exchanges are not processing them automatically.

Mt. Gox is the exchange that has suffered the most over the past few days, due to a number of factors, said Antonopoulos. One problem is that it was using a custom client (not the core Bitcoin software), on top of that there is the DDoS attack, plus it was using an automated system to approve withdrawals.

“This is not happening to other exchanges because they’re not stupid enough to issue withdrawals without checking them out first,” he explained.

Antonopoulos said we will see a few exchanges suspend withdrawals temporarily while they re-work their accounting systems to ensure they are not confused by the attack.

“It’s important to note no funds have been lost. Withdrawals have been halted to prevent funds from being lost or to prevent the balances from going out of sync,” he stressed.

Industry action

An industry-wide coordinated response has been put into action, with exchanges and core developers collaborating actively to attack the problem from multiple angles.

Various other groups within the ecosystem, including the big mining pools, are working to stop the issue from propagating across the network.

Any exchanges that are affected are working on fixing their internal systems so they correct the account balances and can resume withdrawals as soon as possible.

“I would expect to see withdrawals flowing again within 24 and 72 hours, and in the meantime, any withdrawals that were cancelled will reappear in customer account balances,” Antonopoulos explained.

Bitcoin developer Jeff Garzik said the core bitcoin block chain consensus mechanism and payment system are continuing to work as before, and are not directly impacted by transaction malleability.

He added: “Web wallets and other services that build services on top of bitcoin are reporting problems similar to MtGox, and are taking safety measures to ensure no fund loss, during this network disruption.

“Yesterday’s statement must be revised:  we will likely issue an update fixing two edge cases exposed by this attack.”

Bitstamp has issued a statement explaining that it has temporarily halted BTC withdrawals. It begins:

Bitstamp’s exchange software is extremely cautious concerning Bitcoin transactions. Currently it has suspended processing Bitcoin withdrawals due to inconsistent results reported by our bitcoind wallet, caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking. As such, Bitcoin withdrawal processing will be suspended temporarily until a software fix is issued.

The statement goes on to reveal that no funds have been lost, nor are any at risk.

BTC-e later issued a comment via Twitter, elaborating on its service interruption.

 

Don’t panic

Antonopoulos was keen to stress that, although this is a serious attack, it doesn’t spell the end of bitcoin. He believes the DDoS attack will be “thwarted” and exchanges will be running as usual by Friday.

“I expect things will go back to normal and the honey badger of money can continue showing its resilience,” he said.

“The death of bitcoin has been prematurely announced so many times already that the obvious conclusion is that bitcoin is far more resilient than its critics would like to think. I am confident that in a few days, those who predicted the death of bitcoin will once again be proven wrong,” Antonopoulos concluded.