Feeds

MtGox claims to have a fix ready for Bitcoin withdrawal woes

Customers to get access to their funds real soon now, like

Internet Security Threat Report 2014

Bitcoin exchange MtGox says its customers should soon be able to withdraw Bitcoins from their accounts again, although the company is still not sure just how long the process of restoring access will take.

MtGox suspended withdrawals last Monday after claiming it was hampered by a security flaw related to "transaction malleability," a known property of the Bitcoin protocol that critics say MtGox should have addressed years ago.

Over the weekend, MtGox said it was working with Bitcoin wallet provider Blockchain.info to come up with a temporary fix for the malleability issue until a longer-term solution could be found.

"Thanks to our friends at Blockchain.info, MtGox now has a workaround that will use a unique identifier created by Blockchain to show whether transactions have been modified or not," the company wrote on Monday [PDF]. "This will prevent any fraudulent use of the malleability issue and protect the assets of our customers."

But MtGox says the fix still can't be put in place right away. The new code must first be deployed, the Bitcoin blockchain must be reindexed, and MtGox has to implement a new withdrawal queue that it says still needs to be tested.

The company also says it won't reinstate withdrawals all at once – suggesting perhaps that MtGox is trying to avoid a run on its accounts once frustrated customers have access to their funds restored.

"At the beginning we will [resume withdrawals] at a moderated pace and with new daily/monthly limits in place to prevent any problems with the new system and to take into account current market conditions," MtGox said in its statement today.

Meanwhile, other Bitcoin exchanges have similarly been scrambling to shore up their systems, after the publicity of the MtGox affair led to a string of fraudulent transaction attempts and denial-of-service attacks across the Bitcoin community.

MtGox has not said how long the re-implementation and testing of its new withdrawal queue will take, but it has promised to issue an update on its progress no later than Thursday. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.