Bitstamp on Tuesday became the second Bitcoin exchange to halt withdrawals in recent days after a denial-of-service attack exploiting a property of the Bitcoin protocol made it difficult to verify transactions and customer balances. But Bitcoin experts say the issue, which also shut down withdrawals at mega-exchange Mt. Gox, can be averted with a few tweaks to how exchanges and wallet services track transactions.
"No funds have been lost and no funds are at risk," Bitstamp emphasized in a statement. "This is a denial-of-service attack made possible by some misunderstandings in Bitcoin wallet implementations. These misunderstandings have simple solutions that are being implemented as we speak, and we're confident everything will be back to normal shortly."
The attack relies on a property of the Bitcoin protocol known as transaction malleability that makes it possible to make slight tweaks to records of Bitcoin being sent from user to user without making the transactions invalid or changing the amount of money sent. The changes do, however, alter the computed hash, or digital fingerprint, that's stored with the transaction record and used as a transaction ID.
"If you've got, say, one Bitcoin that you're spending in your transaction, you can write that as '1 Bitcoin,' you can write that as '01 Bitcoin,' or you can write that as '001 bitcoin,'" says Bitcoin expert Andreas Antonopoulos, who is the chief security officer of Bitcoin wallet company Blockchain.info. "All three of those are valid transactions and will spend that one Bitcoin, [and] they all have different hashes."
Since Bitcoin transaction records propagate through a peer-to-peer network of Bitcoin users, that makes it possible for attackers to make these modifications to transaction records before propagating them through the network. At some point, either the original transaction or the modified one will make it into the shared transaction record called the blockchain. If the modified transaction makes it there first, the parties to the original transaction will look for the original hash in the blockchain but won't find it.
When an exchange or wallet service fails to find the hash, it might believe the transaction didn't go through and, if a confused or malicious customer complains, it might repeat the transaction, actually sending double the amount of Bitcoin intended. Once Mt. Gox revealed it was vulnerable to malleability-based attacks, other exchanges were slammed by attempts to trick them into issuing duplicate withdrawals, Antonopoulos says.
But Antonopoulos says Bitcoin users have known for some time about transaction malleability, which was first reported in 2011, and can ultimately defeat the attacks simply by not relying on the hash as a unique and static identifier until after it's entered into the verified blockchain.
"In a few days they're going to resume withdrawals and the network will be more resilient," Antonopoulos predicts of Bitstamp, adding that Blockchain and some other exchange and wallet services, as listed in our recent Bitcoin investment guide, haven't been affected.
Neither Bitstamp nor Mt. Gox immediately offered a timeline for when customers would be able to withdraw their Bitcoin. Bitstamp said in its statement it was working on a "software fix," and Mt. Gox indicated it was working with Bitcoin developers to standardize an additional, non-malleable hash.