An analysis by Swiss researchers of bitcoin transaction data suggests that bankrupt exchange Mt. Gox, which blamed a bug in bitcoin itself for the loss of millions in the virtual currency, could in fact have only lost a tiny fraction of that amount.
The paper (PDF), by Christian Decker and Roger Wattenhofer of ETH Zurich University in Switzerland, describes a close examination of all bitcoin transactions from January of 2013 to February of this year. Their findings are essentially that Mt. Gox's claims that over 850,000 bitcoins — worth hundreds of millions of dollars — were lost to the bug simply can't be true.
They tracked all possible instances where bitcoin's "transaction malleability" bug was apparently in effect. The bug makes it possible for transactions to be fraudulently deleted and reissued, causing bookkeeping havoc and potentially many duplicate transactions. And indeed, there were many thousands of them.
But the data show that only a few hundred occurred while the exchange was actually operating normally. The vast majority occurred after Mt. Gox shut down withdrawals on Feb. 8 — so the attacks couldn't actually target it. In fact, it appears to be the exchange's announcement about the vulnerability that caused the wave of attacks to occur.
What's more, of the hundreds of attacks that did target Mt. Gox while it was operational, less than a quarter appeared to have actually worked. The final tally, by the researcher's reckoning: 386 bitcoins, or about $203,000.
The research must be taken with a grain of salt, since it hasn't been reviewed by other experts in the field, and of course the data set doesn't go back beyond January 2013 — so it's possible that the bulk of the attacks draining Mt. Gox occurred before then. Until a larger set of data is analyzed, it's impossible to say what happened for sure — but at the moment, things don't look good for Mt. Gox.