What happened with MtGox on 2011/9/12?

10

3

On that date, some erratic out-of-spread trades appeared on MtGox.

The explanation given says that accounts may have been compromised by the CosbyCoin attack on bitcointalk.org. I do not understand how this can lead to out-of-spread orders being executed.

He says the issue is resolved and proceeds to give us a speech about password security and says that we should keep trading "in confidence".

That does not satisfy me at all.

molecular

Posted 2011-09-14T09:45:02.287

Reputation: 1 764

1The actual quote is: trades can now be conducted in full confidence. "Full"? That seems arrogant, given the history. But I acknowledge that their job is very very hard since there is no such thing as "full security"....nealmcb 2011-09-14T16:06:14.200

1I do acknowledge they have a very hard job. I'm also not complaining about the problem itself, I'm complaining about the lack of explanation as to what exactly happened. I don't like being in the dark.molecular 2011-09-14T16:37:25.370

Answers

8

Some more info by upb from #mtgox:

  • so there IS some underlying bug which was triggered that caused invalid order matching
  • <@MagicalTux> yes, but it requires a large amount of funds to be triggered
  • <@MagicalTux> normal users, unless millionaire, wouldn't trigger it
  • < upb> must be some kind of integer overflow ;-)
  • <@MagicalTux> it happens when an order executes way too many orders at once
  • <@MagicalTux> I'm adding some code to avoid this from happening, but nobody in their right mind would do that

This actually reminded me of about 2-3 Weeks ago when I noticed a bug and reported it on #mtgox.

The bug worked as follows:

  • I had a buy order at, let's say 1 BTC for USD 10.0, last trade was 10.001
  • someone partly filled that order, let's say he filled 0.3 BTC
  • this had the effect of my order being in state "pending" with 0.7 BTC for USD 10.0
  • while my order was pending, a lower order (say at USD 9.99) was filled

I complained and a short while after, MagicalTux said he found the problem and fixed it.

I don't know if this could have anything to do with the current problem, but "it happens when an order executes way too many orders at once" sound kind of like this could be the case.

I also remember someone suggesting this above bug could be exploited to disable a lot of orders in order to "get to" an order that would normally be well out of spread. Maybe someone managed to pull off this exploit. That would also match MagicalTux saying something about 2000 accounts being created. Maybe these accounts were used to "disable" orders by filling a small part of them successively in order to execute an order well out of spread.

molecular

Posted 2011-09-14T09:45:02.287

Reputation: 1 764