What is the story behind MyBitcoin?


The name of MyBitcoin eWallet comes up quite often here and there. What is the story behind it and the attack on it they claimed occurred?


Posted 2012-04-28T19:51:54.400

Reputation: 42 235



They had a minimal confirmation count of a single block. This meant that someone could create a bad transaction and confirm it him/herself, that would trick the MyBitcoin software into thinking the transaction was certain (as it has a confirmation). The attacker then transacted Bitcoins away from the MyBitcoin service. When one or two[1] truly legitimate blocks had been created truth would catch the lie, but the Bitcoins were already out of MyBitcoin's reach.

[1] the longest blockchain is considered the valid one. As long as most generation happens on a legitimate chain that chain will become the longest without fail. That means that someone can fake a single block when he's lucky, but a second block building upon that block would be significantly more difficult, as he's now racing with the legitimate blockchain. Assuming the attacker doesn't manage to outrace the legitimate chain his chain will still be one of the longest if the legitimate chain has only a single extra block.

The minimal confirmations used in bitvau.lt is 3. Some services are using even more. It is effectively a security vs. usability tradeoff. The difference in computing power required for generating 3 blocks in a burst is quite significant and would most likely be noticed. If it is not burst-computed it could be would be quite expensive.

Their stoy? They had this error, it got exploited and they decided to give those that claimed it their coins back. In the end a lot of coins were stolen.


Posted 2012-04-28T19:51:54.400

Reputation: 1 527

Last I heard, victims could apply to get 49% of their bitcoins back, which was the proportion of the site's coins that weren't stolen. – Highly Irregular – 2012-05-02T22:31:10.947