Bitcoin software has a bug that allows fraud, Tokyo-based bitcoin exchange Mt. Gox said Monday. The news was followed by a new fall in the value of the digital currency.
Mt. Gox said it will continue its suspension of bitcoin transfers from wallets it holds to external bitcoin addresses, announced Friday, while it works to resolve the problem. Conversions of bitcoins to conventional currencies and bitcoin transfers to other Mt. Gox addresses are not affected.
[ Also on InfoWorld: More than money, bitcoin's real value lies in its algorithms. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]
"A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur," Mt. Gox said in a statement. "Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue."
The flaw, called "transaction malleability," is already known to some of the core Bitcoin software developers, Mt. Gox said. It allows a third party to alter the hash associated with a freshly issued transaction without invalidating its signature, resulting in two similar transactions, only one of which can ultimately be validated and included in the log of Bitcoin transactions called the blockchain.
An attacker with access to sufficient computing power could ensure that the modified transaction is included, and the original rejected. With current Bitcoin applications, it is easy to determine that the original transaction failed, but much less obvious that a modified transaction succeeded, Mt. Gox said.
"This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed," the exchange warned.
Mt. Gox had said its investigation had been triggered by "unusual activity" detected in its Bitcoin wallets. It added that the problem is not limited to the exchange, and affects all transactions in which bitcoins are sent to a third party.
The company did not immediately respond to calls or emails requesting further information..
The digital currency fell as low as $535 late Monday Japan time before recovering to $636.37 at press time, according to CoinDesk, which publishes an average of the prices at several coin exchanges. It had been trading around $850 for much of last week before diving to $750 on Friday.
Mt. Gox had said Friday it was putting withdrawals to external bitcoin addresses on hold due to unspecified problems linked to an uptick in withdrawal requests.
As one the most popular places to buy and sell bitcoins, Mt. Gox has seen its dominance decline over the last year with the rise of competitors including BTC China, Bitstamp, and BTC-e.
Mt. Gox has long experienced banking problems that have caused lengthy delays in the processing of overseas wire transfers.