Want CNET to notify you of price drops and the latest stories?

Bitcoin Foundation, Mt. Gox spar over purported bug

Mt. Gox argues that the software bug expands across Bitcoin exchanges and should be addressed by the Bitcoin Foundation.

Don Reisinger
Former CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
2 min read

Mt. Gox, one of the largest Bitcoin exchanges in the world, claims that it has uncovered a bug that affects all transactions and needs to be addressed outside the scope of its own service. But the Bitcoin Foundation -- the organization that ultimately manages the crypto-currency -- sees things differently.

On Friday, Mt. Gox suspended all Bitcoin withdrawals from its service, citing a glitch in the way the currency handles transactions paid out to digital wallets held by third parties. In a statement on Monday, Mt. Gox said that it believes the Bitcoin Foundation should play a role in fixing the issue, as it would affect all exchanges and payments made to third-party wallets.

The Bitcoin Foundation, however, is crying foul on the comments. The organization argues that the issue is with Mt. Gox's own "highly customized wallet software, their customer support procedures, and their unpreparedness for transaction malleability, a technical detail that allows changes to the way transactions are identified."

To get into the nuts and bolts of transaction malleability would require a thorough dissertation on the ins and outs of Bitcoin and how it all works, but suffice it to say that transaction malleability has become a headache for the currency that allows, for a brief period of time, unique identifiers tied to specific transactions to be modified before they make their way to the "blockchain" and work their way through the transaction process.

"Therefore, any company dealing with Bitcoin transactions and have coded their own wallet software should responsibly prepare for this possibility and include in their software a way to validate transaction IDs," Bitcoin Foundation writes. "Otherwise, it can result in Bitcoin loss and headache for everyone involved."

For its part, Mt. Gox has argued that the issue is new and can effectively allow for Bitcoin theft. However, the Bitcoin Foundation has its fair share of supporters, who have since argued that the issue -- transaction malleability -- has been known about for years and requires that companies like Mt. Gox develop their own safeguard against it.

One such critic, Sven Slootweg, took to his blog to explain in detail how the issue works and why Mt. Gox has it wrong. He argues, like Bitcoin Foundation, that "this is not a vulnerability in the Bitcoin protocol, but an implementation error in Mt. Gox's custom Bitcoin software."

CNET has contacted Mt. Gox for comment. We will update this story when we have more information.