Bitcoin is fine. Coders are careless.

Bitcoin is fine. Coders are careless.

A bitcoin transaction has source(s),amount(s),recipient(s) Transactions are signed so that the quantities above cannot be changed without detection. But, something called the transaction ID can be changed depending on if you add or subtract irrelevant junk to or from the transaction, while keeping source(s),amount(s), recipient(s) unchanged.

Why do this ? Because coders carelessly relied on transaction ID to identify the transaction instead of keeping track of the important stuff. And as usual the hole is being exploited.

Transactions are recorded in a consensus public ledger takes on the order of 1000 seconds for the consensus to crystallize.

Consider:

Alice has an account with Bob the bitcoin banker
Alice wants to pay Evil Eve 1 bitcoin
Alice asks Bob to move 1 bitcoin from her account to Eve's account
Bob creates a transaction, signs and sends into the public ledger

Evil Eve, lurking in the undergrowth, sees the transaction as well, and pounces like a leopard. She injects a slightly changed transaction with the same source(s),amount(s), recipient(s) with a different transaction ID. And if she is fast enough and does it a million times, then some of the time her transactions will be confirmed in the public ledger rather than Bob's, altho sources,amounts recipients will be unchanged.

Why do this ? Because Bob had been too cheap. He skimped on salaries, paid peanuts, got monkeys. And they coded up sumpn that just looked to transaction IDs in the public ledger to confirm that a transaction had in fact taken place. Instead of looking to source,amount,recipient.

So Bob doesnt see the transaction ID he thinks that the transaction hasn't gone thru... while infact, it has since the public ledger now has a very similar transaction with the correct source, amount recipient. Eve got her bitcoin, Alice is debited one bitcoin. Eve calls Bob, and says you never gave me my bitcoin. Bob agrees and creates another transaction which Eve disrupts again. Und so Weiter.

In the Mt. Gox case, Alice and Bob were the same. I dunno about Silk Road.

Safer mail

Endpoint security

Back to Index