Somebody did come up with a reasonable scenario of how double spending could have happened:QuoteMy current understanding and inference is that the remaining issues are because while MtGox was producing transactions of the bad form that the network won't relay anymore - some people decided to help out by 'fixing' these transactions like BC.i did for iphone users - making the signatures normal and broadcasting them. Of course, the new transactions - while functionally identical - have different TXIDs.The difference here is that the MtGox wallet software appears to have not handled this case gracefully at all, and apparently simply wouldn't notice transactions that it "didn't make" spending its own coins.As a result the Mtgox wallet believed some coins were available for spending which really had already been spent and it began double spending those inputs. This may have interacted particularly poorly with the earlier workaround I mentioned - trying to always use the oldest available coins - if they did implement that workaround.Worse, some of this may have resulted in users getting paid multiple times and could have been intentionally triggered with that end in mind if someone helpfully fixed some transactions and then noticed they got paid twice. (I think this is unlikely to have caused large losses, before people run off worrying about that, both because of the reuse of the oldest inputs and because of the hot wallet/cold wallet split).There have also been rumours of mtgox buying bitcoins. Consider that there was a months-long backlog for USD withdrawals. You can hypothesize that a lot of people elected to withdraw coins instead, so that the volume of withdrawals that could have been double might be based on some large numbers. Say $30 million in bitcoins from people trying to move to another exchange. Just based on the percentage of failed withdrawals I heard of, from people who had successes and failures over a series of withdrawal attempts. The system might have been automated to keep digging up coins until they found ones that hadn't been spent, until they ran out of bitcoins and had to actually buy some with cash to meet bitcoin withdrawals. And they could have done this with customer funds.I don't know how all this works, but mtgox also had some issue spending immature coins fresh from the miners. If this caused an error with the same symptoms as a double-spent coin, they may have put in a quick fix that sent all failed coins into cold storage, and then pulled the oldest coins out of cold storage, to meet daily withdrawal requests. So already-spent coins could have been automatically transferred into cold storage, creating an empty bank vault. It supposedly takes actual physical time and effort to get these cold-stored coins.Right now, the coins are trading at a discount on mtgox compared to bitstamp. One might theorize, if mtgox was doubling your money, bitcoins would have traded there at a premium during that time. The ponzi-scheme dude could have even been taking advantage of this, depositing bitcoins, and then withdrawing them twice. He may have noticed when you deposited the same coins you withdrew, to double your money again, the mtgox wallet discovered the redundant transaction id's. So he needed fresh bitcoins to double.Also consider that Apple banned the last bitcoin wallet from the app store, around the same time mtgox ran into these troubles. So there could have been large numbers of people downloading this money-doubling app, if it employed the same hack that BC.i used.My guess is the process was automated, and people kept submitting withdrawals when the first one failed. This went on at least until every coin not in cold storage was withdrawn or stolen. It should only take a day for people to steal every coin physically available. Given that it seemed to go on for multiple days, it is possible many coins in cold storage were also stolen. It may be every single coin was stolen.This is some ambitious speculation by me, considering I don't even know how the stuff works. But it fits nicely with mtgox claims 1) bitcoin withdrawals are suspended, and 2) they don't know what is going on or what happened, to the point where they decided to shut down the system and won't have any more information until Monday.I still theorize, with so many programmers and contractors and vendors and communications lines and hackers and spies, that it is impossible for bitcoins to not get stolen once they reach a certain value. Impossible at almost any exchange or other funnel where the data runs like salmon in a river.
Last edited by farmer
on February 8th, 2014, 11:00 pm, edited 1 time in total.