This is the last bitcoin post. Here I’ll try to answer the questions that led me to start writing about it.
What is MtGox? What happened there?
MtGox was a company that maintained bitcoin wallets. The basic idea is that they acted like a bank/broker for bitcoins. If you want to get bitcoins, you can go to someone like MtGox, and give them some money. They create a public/private keypair for you, and use it to create a transaction giving you the bitcoins. When you want to make a purchase, you’d go to your MtGox account, and tell them to transfer the bitcoins, and they use your key to sign the transaction, and then broadcast it to the bitcoin network. It is through processes like this one that you can buy Bitcoin with PayPal.
By using MtGox, you don’t need to have a program that participates in the bitcoin network to do transactions. You don’t need to worry about keeping your keys safe. You don’t need to have software capable of generating and signing transactions. All you need is your web-browser, to log in to MtGox.
Here’s where the problems start: MtGox didn’t start off as a bitcoin bank. In fact, they started off about as far from banking as you can imagine. From the name, you might think that MtGox is named after a mountain. Nope! It’s an acronym, for “Magic: the Gathering Online Exchange”. MtGox started off as a trading card exchange market.
This continues to boggle my mind. I just can’t quite wrap my head around it. A hacked together trading card exchange site decides to start acting as a sort of electronic bank/currency broker. And people trusted them with hundreds of millions of dollars!.
What happened is completely predictable.
You have an online site that manages massive quantities of money. Criminals are going to try to steal from it. Hell, when I was administrating Scientopia, at least once a week, I’d get email from someone with some kind of scam to try to manipulate google ads with fake clickthroughs, offering to split the profit. Scientopia’s revenue was only in the hundred dollar a month range – but it was still enough to attract crooks and scammers. Imagine what happens when it’s not $10 to be made, but $100,000,000?!
Crooks tried to steal money from MtGox. From what we know (there’s still a lot about this that’s still being figured out), they succeeded. They found a weakness in the MtGox implementation of the bitcoin protocol, and they exploited it to steal a massive number of bitcoins.
The ridiculous thing about all of this is, as I said above, it was totally predictable. You should never just hack together cryptosystems. You should never just hack together anything that handles money. When you hack together a crpytosystem that handles money, it’s pretty much a given that money is going to get lost.
If you want to deal with money, you need to be really, really serious about security. That doesn’t just mean making sure you write code. It means having an entire staff of people who’s job it is to make sure that you don’t fuck up. It means having people working full time, trying to break your system – because if they can break it, so can someone else! It means having a strongly adverserial setup, where the people trying to break it really want to break it – they can’t be the same people who want it to not get broken. It means having a different team of people who’s full time job is auditing – constantly watching the system, checking transactions, verifying them, making sure that everything is working correctly, catching any potential problems the moment they start, instead of letting them continue until they become disasters.
MtGox had none of that. It was a hacked together site. To get a sense of the way it was built, just look at the CEO’s blog, where he talks about implementing SSH in PHP. I’m not saying that he used this SSH code in MtGox – but read it, and read the comments, and you’ll get a sense of how poorly he understands security issues.
What does it mean when people say that Bitcoin is deflationary?
When you read the hype around bitcoin, you also see a lot of criticisms from the skeptics. I am one of the skeptics, but I’m trying to be as fair as I can in these posts. One of the criticisms that you constantly see is that Bitcoin is deflationary.
As I mentioned in yesterdays post, the only source of new bitcoins is mining. Each time the ledger gets updated with a new block in the blockchain, the person who generated the solution for that block gets a bounty, in the form of newly created bitcoins. Today, the bounty for a block is 25 bitcoins. But the bitcoin protocol specifies that that bounty will gradually decline and eventually disappear. When that happens, the miners will receive a commision, in the form of a transaction fee for transactions in the new block, but they won’t get new bitcoins. When the system gets to that point, the supply of bitcoins will be fixed: no new bitcoins, ever.
Lots of people think that that’s a good thing. After all, inflation sucks, right? This will be a fixed supply of money, whose value can’t be manipulated by politicians.
The catch is that nothing is ever that simple.
First: the fact that new bitcoins will not be issued means that the total supply of bitcoins will decline. People die without giving their passwords to their heirs. Passwords get lost. People forget about bank accounts. All of those things are more mean that bitcoins fall out of circulation. So not only is the supply of bitcoins going to stop increasing, it’s going to start decreasing. In fact, the bitcoin folks are completely open about this:
Because of the law of supply and demand, when fewer bitcoins are available the ones that are left will be in higher demand, and therefore will have a higher value. So, as Bitcoins are lost, the remaining bitcoins will eventually increase in value to compensate. As the value of a bitcoin increases, the number of bitcoins required to purchase an item decreases. This is a deflationary economic model. As the average transaction size reduces, transactions will probably be denominated in sub-units of a bitcoin such as millibitcoins (“Millies”) or microbitcoins (“Mikes”).
Is it really a problem? Maybe. I don’t know enough about economics to have a strong opinion, but it’s certainly enough to be worrying. The argument runs as follows:
When the supply of money is decreasing, it means that there’s less money available for making purchases – which means that the value of the money needs to increase. A bitcoin will need to be able to purchase more today than it did yesterday. And that is a serious problem.
Economies work best when money is kept moving. In an ideal world, money isn’t an asset at all: it’s just a medium. You want people to make products, sell them to other people, and then use the money that they made. If they take their money and hide it in a mattress, there’s going to be less activity in the economy than if they used it. The whole idea of money is just to make it easier to match up producers and consumers; when money is taken out of the system, it means that there’s potential economic activity that can’t happen, because the money to make it happen has been withdrawn from the system.
This is why most governments try to run their economies so that there is a moderate amount of inflation. Inflation means that if you take your money and hide it in your mattress, its value will slowly decrease. It means that withdrawing your money from the system is a losing proposition! So a bit of inflation acts as a motivation to put your money to work producing something.
Deflation, on the other hand, does the opposite. Suppose that today, I’ve got 10 bitcoins and 100 dollars, and they’re worth the same amount of money. I’m going to go buy some bacon. I can spend $10 buying bacon, and keep $90 and 10 bitcoins; or I can spend 1 bitcoin, and key 9 bitcoins and $100. So overall, I’ve got the equivalent of $190 and some bacon.
Next week, the value of bitcoins has risen to $15/bitcoin. If I spent my dollars to buy bacon, then now I’ve got $150 worth of bitcoins, $90 worth of dollars, and some bacon – my total asserts are equal to $240 and some bacon. If I spent my bitcoin, then I’d have $135 worth of bitcoins, $100 worth of dollars, and some bacon – $235. If I used my bitcoin to buy stuff, I lost $5.
That means that I’m strongly motivated to not use my bitcoins. And that’s not a good thing. That kind of deflation is very harmful to an economy – for example, look at Japan during the 1990s and 2000s, and to some extent still today.
Any chance we can get one more that goes into more of the details of how the scam worked? I’ve heard vague handwavings that it’s some kind of repeated-message attack on (a faulty implementation of?) the protocol, but I don’t really know what went wrong.
There are a lot of details that remain unknown – the MtGox folks are keeping quiet, I assume for legal reasons.
But from what I can get out of a combination of news reports, plus the press release from MtGox before they shut down (https://web.archive.org/web/20140210122955/https://www.mtgox.com/press_release_20140210.html), here’s what I can figure out.
A transaction has a hashcode – that is, its signature in the ledger. It’s possible to grab a transaction immediately after it’s created, but before it’s seen by most of the miners, and create a duplicate version of it with an altered hashcode. So now you’ve got the original transaction, and the altered copy. The altered copy doesn’t change the transaction substantially – it just changes it enough to alter the hashcode.
Now, once that’s done, but before the first transaction can get committed to the ledger by the miners, you issue a transaction cancellation notice of the original transaction.
So now the altered transaction is in the ledger; the original isn’t. The person who issued the original transaction believes that the transaction was cancelled before being committed to the ledger – so they think that they still own their bitcoin.
This should not have worked. The only reason that it did was because MtGox’s code was remarkably sloppy. It didn’t watch for altered versions of its ledger entries; and it only looked in the committed transaction log for transactions by the hashcode it generated for the transaction.
The bitcoin protocol *does not* guarantee that the hashcode will be unchanged – it only guarantees that the transaction details will be unchanged. But MtGox’s code assumed that a transaction had been successfully cancelled if it couldn’t find a transaction *with its hashcode* in the ledger.
So you could have a transfer (JoeShmoeBank, Node543, id84, Joe, 40btc, Mary, H5324). It gets altered to (JoeShmoeBank, Node543, id84, Joe, 40btc, Mark, H65756). THe transaction issuer and the transaction id are unchanged. But the transaction hashcode is different. MtGox would say “Nope, no H5324, transaction was aborted”.
Question: given that the transaction history of bitcoins is on ledgers that are shared by all of the sites out there, how is it that a ‘hard drive lost’ led to the loss of bitcoins? I would think the record of possessions is what it is, independent of any single piece of hardware?
What’s at risk of getting lost isn’t the transactions, it’s the keys!
The record of transactions is still there. But you can only transfer a bitcoin if you have the private key that it was transferred to. If you lose that key, then the bitcoin is effectively lost, because you it can’t be transferred without the key.
Got it. Thanks.
I’m late to commenting on this. Have you seen Ken Shriff’s blog, http://www.righto.com/ ? In the last few posts he goes over the actual details of Bitcoin, starting with the raw protocol (“Bitcoins the Hard Way”), which is actually a limited programming language. (Though deliberately not Turing-complete.) His posts are a great introduction to the details of the systems. Apparently junk data like pictures can be hidden in the blockchain. His last post goes into the actual programming bugs that MtGox made.