Even if this scenario is correct, and the private keys have been lost, there's no law of physics that says the coins can never be recovered.
The set of legal transactions on the blockchain is determined entirely by what the majority of miners will accept. So far that has always meant executing and verifying the transaction's script, but a currently-illegal script could be declared valid by persuading enough miners to treat it as an exception. In particular, suppose MtGox can produce an audit trail showing that a particular set of addresses corresponds to their inaccessible cold wallet, and nobody else challenges their claim by signing a message from one of those addresses. Then they could petition miners to grant an exception and have the coins transferred to a new address by fiat. (ha!)
It would certainly be an unprecedented intervention by the core Bitcoin community. But if it would restore public confidence in the protocol and economy, then it would be in enough people's interest that I think there's a slim chance it could be made to happen.
EDIT: it's not quite that simple; see the discussion below.
> The set of legal transactions on the blockchain is determined entirely by what the majority of miners will accept.
That is incorrect.
The majority of miners only decide on the order of valid transactions, not whether the transactions themselves are valid or not. Every Bitcoin client itself checks the validity of the transaction.
If 51% of miners use the "Bitcoin-Bailout" client and the rest of the network does not, the network is forked and the remaining 49% continue with the classic Bitcoin client and protocol.
An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:
- Reverse transactions that he sends while he's in control. This has the potential to double-spend transactions that previously had already been seen in the block chain.
- Prevent some or all transactions from gaining any confirmations
- Prevent some or all other miners from mining any valid blocks
The attacker can't:
- Reverse other people's transactions
- Prevent transactions from being sent at all (they'll show as 0/unconfirmed)
Good observation; I was trying to figure out how to state my proposal as concisely as possible, and glossed over that detail. See my other comment: https://news.ycombinator.com/item?id=7310959
Still, I think it is a reasonable proposal. Not something that can be done quickly, but reputable companies could bail out Gox, then try to convince everyone to accept the new version of the client which would allow Gox coins recovery.
There is a real moral hazard here. People have been told to stay away from MtGox for months, but still chose not to listen and kept large sums on the exchange.
If the community chose to bail out MtGox users, that raises questions whether somebody knew that a bailout is going to happen and has profited from staying on MtGox, whether the Bitcoin balances stored in the MtGox database are accurate, and so on. Many customers there bought Bitcoin for 20% of the price on the regular exchange -- they knew that they were gambling.
What if the next exchange has problems, and people won't leave because they expect to be bailed out again?
It's a can of worms, and I'd rather that it stay closed.
The best thing for Bitcoin is if people learn from MtGox, lower their trust for exchanges, and start demanding proof of funds.
Yes, this is a reasonable concern, I agree. One could argue that a buyer actually planned the bailout to capitalize on Gox users, who, obviously, are going to pay some percentage of their balances for the whole operation. However, Gox customers don't really have any other choice, so they'd take the deal.
One can suggest that this kind of tactic will never be again used in the future, since all exchanges would be audited and customers would be more cautious.
I can almost guarantee you that if such a bailout happens that it will likely encourage such behavior in the future. Rewarding a behavior encourages that behavior, whether it is good or bad.
In the future all exchanges could be audited and customers more cautious, but if something catastrophic happened then there would be those demanding another bailout because a precedent had already been set. Even those protections mentioned would likely stagnate over time.
This does interest me about Bitcoin - who controls the default client? If you can persuade the majority to adopt a new version, you can change the rules by which the currency operates. If it is more widely used, this would become a real issue, because individually users do not have much power over the direction of it.
Everybody can start using their own fork of the currency, but it's in your interest to use the same version as everybody else. You basically have to convince both miners and major stakeholders that a change to the code is good, otherwise you risk a network split, the valuation crashes and your investment is gone
That's a very interesting proposal. Just as the miners have an incentive to protect the integrity of the blockchain, they also have an incentive to bolster public confidence, and a "community bailout" via 51% consensus could do that.
On the other hand, it would uncomfortably remind people of the power that belongs to the miners (and particularly, the mining pools). It would open up the possibility of attepting to build political coalitions and proactively voting on blockchain policies (which might be inevitable anyway). It would also create a deep moral hazard, incentivizing future risky behavior from big actor, who then seek "bailouts", just like the conventional banking system that crypto-anarchs are trying so badly to differentiate from.
I wouldn't expect the community to do such a thing, but at the end of the day, the miners decide.
I'd argue it's not the miners with the power - it's the people selling goods. A seller has to decide whether to accept a payment, and the seller's choice of blockchain (for verification) is what matters - even if only a few miners mine that chain.
Even if 99% of miners are on one of the chains, if sellers does not accept payment through that chain then bitcoin on it are worthless.
I agree public sentiment is valuable. I've said for some time that marketing in the new economy will be everything. Funnels are collapsing - losing their sales layer.
However, I'd argue it's the electric power going into the system that is mostly driving this. Compute must become more efficient, otherwise it dies.
Perhaps you are reading a different article than was posted, but nothing in "http://www.scribd.com/doc/209535200/Business-Plan-MtGox-2014... mentions "private keys being lost", nor does it discuss anything regarding an "inaccessible cold wallet" - did the article change between when you read it and I did 30 minutes later?
Yes, the article has changed, unless I'm going crazy. Previously the link pointed to a different blog post (not on Tumblr) which speculated that MtGox had used custom code to generate private keys for their cold wallet, failed to test it thoroughly, and then discovered that a bug had caused the private key to not match the public address. I was speculating under that assumption.
"It would certainly be an unprecedented intervention by the core Bitcoin community. But if it would restore public confidence in the protocol and economy, then it would be in enough people's interest that I think there's a slim chance it could be made to happen."
This would do even more harm than good. The entire thesis of Bitcoin is that the rules have been set, they will never change, and they can never be circumvented. We can't just say "Just kidding, let's make this one exception" without destroying confidence in the sanctity of the blockchain.
However, it would be really interesting to see what would happen if Gox created an actual GoxCoin fork of Bitcoin and distributed it to their customers who lost bitcoins, one GoxCoin for every bitcoin lost.
GoxCoin would certainly be worth far less than Bitcoin, but consider Litecoin’s market cap is 5% of Bitcoin's, compared to GoxCoins representing the 6% of all bitcoins lost by Gox.
Oh, you can certainly use your 49% to publish a block or two, or even twelve in a row -- good for you, probability sometimes works like that -- but eventually I will have more blocks mined privately than the rest of the network does publicly, at which point I publish them (with my choice of confirmed transactions) and all your work, the transactions which you chose to confirm, and your mined coins just go down the memory hole.
The mined coins, sure, but you can include the transactions that were omitted in the revealed fork in the blocks after that. That's why the document states An attacker that controls more than 50% of the network's computing power can, _for the time that he is in control_
I'm not saying that when this would happen it would be a good day for Bitcoin by the way.
I don't understand. I think "for the time that he is in control" means "as long as he has > 50% hashing power". No need for 100%. As long as he has > 50% he can eventually overtake any fork that includes a new transaction.
In theory, given enough time (a very long time), someone able to maintain 50.0000001% of hashing power could eventually rewrite the entire blockchain after the genesis block.
If you have a 51% forever you can refuse to chain the blocks that contain the unwanted transaction. Every time it's added to a block you just fork the chain, and as you have the 51% hashing power your fork will eventually win.
The time to crush the other fork depends on how much hashing power you have. With 60% you will generate 60 more blocks in a day that the other fork, in average. With a 51% you will generate 6 more blocks per day. With a 50.1% you will generate only 1/2 extra block per day, so you need a few days to win.
That may be impossible - it depends how far back the problem goes: If someone stole some money three weeks ago and spent it, then any transaction descending from that original bad transaction would have to be invalidated too. This could conceivably be a large fraction of all bitcoin transactions since then because of the way bitcoins get 'mixed'.
In other words, most likely we would have to reset everything to the way it was before any of the bad transactions, and they might have started years ago (my impression is it was a small but long-term drain). This would be insupportable to anyone who has sold any goods since then.
Also, you don't need to persuade the miners, so much as the sellers (of goods): The miners will mine whichever blockchain on which bitcoins have value, and bitcoins have value only because people accept payment using them. In other words, your main challenge is to convince anyone selling goods in bitoin to update to the new client - the very people who would likely get screwed by reversing transactions.
It all really depends on whether or not the funds were siphoned out of Mt.Gox, or if they are still there in a (currently) inaccessible cold-storage wallet.
If they were siphoned out -- especially over a long timeline -- I agree with you completely. The cascade effect of a rollback would be fatal (not to mention the precedent set would be...interesting, even if the Bitcoin ecosystem survived).
On the other hand, if the coins never were spent, and are just sitting there because the private keys have been lost, it's more straight-forward to fix for the protocol. It certainly won't be easy, and would require a major rethinking on how to attack the problem.
Also, while people affected who have coins tied up in a "lost" wallet are interested in having those coins released, I'm sure that there are more than a few people who want the opposite. Having a known condition where ~6% of the existing coins have been removed, most likely permanently, from the monetary supply means that their proportion of current holdings would go up (and, in turn, would see a corresponding rise in market value).
Yeah, there'd almost certainly be opposition. A few years ago I wrote a data recovery tool for Bitcoin private keys, and even that was enough for some Bitcoin users to start complaining to me about how people who couldn't look after their wallets deserved to lose their coins.
This is a terrible idea. The rules are the rules, and that's what makes bitcoin bitcoin and not some bank to be bailed out when things get screwed up.
This would do far more to hurt bitcoin in the long run, because now no one could trust that the rules will be followed.
I'm sorry to all the people who lost money at Mt. Gox. I have a friend who lost $800,000 (sold in January, cash never made it out), so don't think I'm just heartless. But the rules are the rules, and everyone should have known to stay away from Mt. Gox. They didn't because they were greedy for that higher price.
Pardon my ignorance, but if those exceptions are possible then doesn't that make Bitcoin just another manipulatable fiat currency? As it matures, influence will pool into groups large enough to execute exceptions after their own interests.
That's always been the case; however, it is only manipulable via consensus, rather than by a centralized command structure (one CPU, one vote). There is already a great deal of the concern about the centralization of mining pools; two or three of the largest pools could currently collaborate and hijack the block-chain (although theoretically, it's not in their best interest to do so).
Currently, if you control 51% of the network hashing power, then you can force the longest branch of the blockchain to contain anything you want. However, another client's view of the blockchain will reflect the longest legal branch that it sees, by its own definition of legality. Any miners that don't consider it to be legal will start their own fork. (This is exactly what happened, briefly, with the LevelDB fiasco some time ago.)
I think you'd have to do this in two stages. First, create a version of the client that accepts a particular exceptional transaction if it appears in the blockchain. Wait for a supermajority of clients to switch to the new version; once the fraction gets high enough, everyone else will be forced to upgrade too, or risk being on the losing side of a schism. Then it would be safe for miners to actually execute the transaction.
You'd still have to convince most users and stakeholders of Bitcoin (merchants, exchanges, etc) to update to the new version in order to avoid a Blockchain fork, where both sides of the fork are likely to lose and the currency is destroyed.
As the owner of 51% hashing power, you can try to convince the network to update by holding it hostage and threatening a DOS attack by mining without verifying transactions, but I don't think that would be economical either.
My understanding of bitcoin could be wrong here, but I'm pretty sure that would be physically impossible. I think you would need the private key to make the transaction, and only then would >51% of the miners be able to accept the transaction.
The entire point of the Bitcoin protocol, and the beauty of the system, is that there's no one authority that enforces legality of a transaction. Transactions are not accepted because they're legal; they're legal because they're accepted.
Any miner is free to accept any transactions they want. It's just that, without the consensus of the rest of the network, mining blocks that everyone else considers invalid is a waste of CPU cycles.
I thought these coins weren't lost to the bitcoin ether and in a wallet that is inacessable. I thought they were defrauded by people running duplicate transactions out. And somehow the cold wallet was being drained into the hot wallet. Which should have run out of coins well before theist 750k bitcoins.
That's the "official" (via the leak) story, however a few things to note:
- Pretty much everyone agrees there's no way even with their incompetence that Mt Gox could have had all those stolen via malleability (although likely some were).
- MK said the coins are "technically speaking [...] not 'lost' just yet, just temporarily unavailable". This implies Gox owns them but can't access them.
That you are proposing is that MtGox is Too Big To Fail. Everyone else has to take a loss. This is exactly what is wrong with the current banking system and is one of the reasons Bitcoin was invented.
"it would restore public confidence in the protocol and economy" was the same line the government used to spend trillions to bail out the bankers. No Thanks!!
Where do we stop once this kind of arrangement is reached? Do the miners then (or the created group) agree to recover all lost coins? This is very dangerous proposal. Bitcoin's real power is that people can trust each other anonymously. This collusion will not be good. OTOH, I be more in favor of finding solution to 51% problem somehow.
The idea is not to recreate the coins. The idea is to allow MtGox to make a transaction from a wallet that supposedly they have lost the private key to, this is a wallet that has hundreds of thousands of BTC in it so not many people could be claiming ownership. The way security work with BTC is that to make a transaction you must have your private key sign the transaction to prove you are the owner of the wallet. If the transaction is not correctly signed it is rejected as a fraudulent transaction. The idea is to let MtGox make a fraudulent transaction from a wallet they have lost access to. They would convince 51% of the miners to accept the unsigned or incorrectly signed transaction as being legit and the transfer would go through. There is no duping of coins as the original wallet that is inaccessible would be drained of coins.
I understand that, but it's a chicken and egg problem. How can MtGox prove they own the wallet they're trying to make a fraudulent transaction from if they don't hold the associated private key?
If they can produce logs of every single transaction they've ever done, including moving coins to the cold wallet, then anyone who wants to could examine the blockchain and match up transaction times and addresses with MtGox's claims. If they tried to claim ownership of someone else's wallet, that person could easily disprove their claim by signing an address with the corresponding private key.
No matter how thorough the audit, it wouldn't be enough to convince every last user of the system. But it only has to convince enough people that the few remaining holdouts are forced to either follow suit or create a fork.
"In particular, suppose MtGox"... ahm hold that thought. Now imagine that MtGox are out to destroy Bitcoin becaude they dont give a shit about it and the whole point of MtGox was to steal. Theyve succeeded and they arent giving back any money. No they arent going to lift a finger for the community or bitcoin.
Now step out of your bitcoin is awesome bubble and realize money is not only trust but also power and force to coerce some kind of fairness against these greedy assholes like mtgox who destroy for everyone else.
This doesn't say what did happen (theft? lost key?) or why it happened now (feds? out of money?); it just says what didn't happen (collusion). We still don't know where the 750k bitcoins are.
Two interesting theories, the second being my favorite (but both agreeing there's no way 750k bitcoins could have been stolen):
The second link is actually a pretty great speculation. My only objection is that it is rather improbable to lose all 788k BTC. How dumb you should be to keep all the coins in a single stash? Or to keep keys to different stashes in one place? I'm willing to believe Gox lost some, but all? Oh man, Mark's gonna be a nominee for the Darwin award of the century then.
If you have some stupid custom software that's making bad private keys you would never notice until you go to use them (or test them). Even more plausibly, they mention in 2011 to be using a custom system like Shamir's Secret Sharing, maybe they suddenly realized that their shared secrets are all bad?
Not saying that's what happened, but it's not an unreasonable thought. It's more reasonable than losing 750,000BTC to an issue that could have been picked up by even the most basic accounting.
The second scenario (lost access to 2nd tier of cold storage) seems the most likely. It is also compatible with Mark's statement that the coins are "technically speaking [...] not 'lost' just yet, just temporarily unavailable". [1]
It looks to me like a more likely reading is "I believe I have not lost my coins, although Gox does not have them, because Gox will make customers whole using future profits."
That would seem more plausible also because in that case the coins were not stolen, but simply lost. I would think that someone should have found the blockchain trail of the 750k BTC by now, if they were indeed stolen. It anyway took only few hours after the raid that people figured out the address[1] where FBI had deposited the coins seized from Silk Road.
This is Mt. Gox getting thrown to the wolves. I think there is a constant undercurrent of fear, and rightly so, in the bitcoin community that regulation will mean the end of bitcoin. Also, for those who are speculating heavily on BTC, anything that undermines confidence is a direct threat to their holdings. So here we have a potential massive fraud (or fear-compounded incompetence) and publicity discussing fundamental security flaws with the BTC system. A double threat. It's a perfect rationaly-self-interested reaction to try to distance ones self from threats as quickly and thoroughly as possible, but I can't bring myself to think of this as anywhere near altruistic or civic minded.
"Sources also tell me that multiple investors who were approached restricted their own employees from buying or selling bitcoin themselves as soon as they realized the extent of the damage at Mt. Gox."
I wonder how many employees felt all that "restricted," given that it would be very hard to enforce such a dictate.
The interesting thing is that MtGox failing should have zero impact on the USD value of the Bitcoin, particularly if those Bitcoins were stolen and still in circulation.
Indeed, if the hypothesis in http://letstalkbitcoin.com/somethings-not-right-at-gox/#.Uw7... is true, that the Coins were actually LOST from the Cold-wallet because of a EC bug, or other error - then it's possible that losing 740K coins will drive up the value of the remaining coins.
... engaging in an arbitrage scheme that leveraged the depressed
Mt. Gox price to reap gains on other exchanges. This was allegedly
happening well before the exchange’s breaking point ...
Step 1: Drive the Gox price into the basement
Step 2: Buy devalued Gox-BTC using the fiat you have left
Step 3: Sell those coins on other exchanges at full price
This would only work if the coins were still there. If the Gox coins are stolen/lost, then what are you buying? A worhtless claim to coins that don't actually exist, and that you can't sell.
Who would deposit bitcoin in an exchange where the average price is a fifth of what is was in other exchanges? Fiat deposits wouldn't matter for this plan.
So now, the only way in which someone would buy Gox is if the crisis strategy posted earlier is not very accurate. That is, if coins are NOT lost, but indeed are inaccessible for some reason and there is a chance of recovering them.
No one would ever touch Gox if they had to return 770k BTC while the public actually knows those coins were lost. And now you also have authorities involved... If they could keep it secret - then maybe a buyer would be optimistic enough he could convince customers everything is going to be fine. But not now. Unfortunately for Mark, he's going to be in a lot of trouble now if all this is true. I lost all my savings with Gox, but one thing I'm certain - I wouldn't want to be in his shoes now.
I'm curious if any sane investor would be interested in acquiring Gox and promising to pay, say, 20% of its debts.
In that case, a large percentage of customers may simply sue and the investor will be in a real bad position. So, if the 700K BTC figure is correct, this scenario is basically impossible as you can't buy that much BTC for reasonable price, right?
Much better for potential investors would be to just wait for Gox bankruptcy and pick up the pieces. I'm not familiar with bankruptcy law, just theorizing.
IANA banktupcy L, but this seems like what can happen in bankruptcy, with the blessing and protection of a judge. You don't assume massive risk just on our own, you get a court to approve your takeover and attempt to make debtors partially whole.
The way I read the situation is that while Mandalah prepared the documents, MtGox deliberately called meetings where they showed participants the documents in an effort to get emergency funding/bailout, and then failed to ensure they did not keep a copy. But who knows what really happened.
He's Ryan Selkis, a well-known Bitcoin blogger who leaked the original Mt Gox insolvency documents. This could be wrong, however he has the best track record so far.
His recent tweets have made me question him as well, however he's had a large number of threats over the past 24 hours (for allegedly destroying an impending a buyout of Gox by leaking fraud, which if true would have cost Gox patrons money). I think he's just wrapped up in it, and maybe a bit scared.
The set of legal transactions on the blockchain is determined entirely by what the majority of miners will accept. So far that has always meant executing and verifying the transaction's script, but a currently-illegal script could be declared valid by persuading enough miners to treat it as an exception. In particular, suppose MtGox can produce an audit trail showing that a particular set of addresses corresponds to their inaccessible cold wallet, and nobody else challenges their claim by signing a message from one of those addresses. Then they could petition miners to grant an exception and have the coins transferred to a new address by fiat. (ha!)
It would certainly be an unprecedented intervention by the core Bitcoin community. But if it would restore public confidence in the protocol and economy, then it would be in enough people's interest that I think there's a slim chance it could be made to happen.
EDIT: it's not quite that simple; see the discussion below.