(This post has been updated, as explained below.)
Bitstamp, one of the largest bitcoin exchanges in the world--if not the largest--today became the second major firm to suspend customer withdrawals of bitcoins from their accounts, or “wallets.”
The firm’s action follows a similar freeze last week by Mt. Gox, another major exchange firm. In both cases the firms attributed the suspensions to the need to address a technicality in the bitcoin system known as “transaction malleability.” Neither firm has said when transactions will resume.
In simple terms, transaction malleability could allow someone to spend bitcoins twice, which is tantamount to counterfeiting the virtual currency. That’s an eventuality that bitcoin aficionados always have suggested is impossible in the algorithm-driven bitcoin system, because every transfer ostensibly has to be validated before it’s completed.
Plainly, there’s a way around the validation, though it’s not simple. The Bitcoin Foundation, the informal body that oversees system standards (but has no enforcement capabilities), issued a statement Monday acknowledging that “transaction malleability has been known about since 2011" and that it’s “something that cannot be corrected overnight.” It urges exchange firms to implement their own validation technologies.
Slovenia-based Bitstamp’s announcement said specifically that it was suffering “a denial-of-service attack using transaction malleability to temporarily disrupt balance checking.”
(UPDATE: The Bitcoin Foundation is treating the denial-of-service attacks as akin to malicious mischief, rather than attempts to counterfeit bitcoins or steal users’ funds. In a statement issued late today, the foundation said “whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds.”)
A denial-of-service attack usually means that someone is inundating a system with so much online traffic that the system crashes. Reading between the lines, this sounds as though someone is sending so many bitcoin transfer orders through Bitstamp that it can’t validate the transactions or be sure about how many bitcoins are in its customers’ wallets. So its only option was to shut down bitcoin withdrawals and deposits until it can work its way through the assault.
Transaction malleability is not the only technical flaw in the bitcoin system. What’s important is that, leaving aside what financial issues might exist at Mt. Gox and Bitstamp that might also interfere with customer transactions, the suspensions suggest that bitcoin trading has now become so big that these flaws matter.
At the moment, it’s looking as though they matter enough to place a hard limit on the usefulness of bitcoins. The suspensions may be only growing pains, but if they’re seen to be serious enough, bitcoin growth may end. And if other flaws in the system become equally troublesome obstructions, bitcoins will be over.
As Boston University finance expert Mark T. Williams told us the other day, “the cracks are starting to show.” if these problems aren’t solved quickly and decisively, customers will evaporate. That points to how the supposedly paramount virtue of the bitcoin system may be its biggest shortcoming: no one’s in charge.