Author: Doug Huff 2011-06-28 02:48:17
Published on: 2011-06-28T02:48:17+00:00
On June 27, 2011, Doug Huff sent an email to the Full Disclosure mailing list, Mt.Gox and Bitcoin Dev Development groups regarding a bug in mtgox.com's trade matching system. The bug could be exploited by traders to drain their accounts by placing a buy order large enough to empty their account, but low enough under the current trading price that it would not execute immediately. After withdrawing all USD funds, traders could wait for the market to fall enough to meet their order. While there is some luck involved, the new trade matching code suggests that this order will be executed.Huff suggested that the site should be taken down until the issue was resolved or publicly demonstrate how this order would never execute. He also warned that if the bug was only a display bug, it could still be used to influence market conditions. The email contained two attachments, smime.p7s and PGP.sig, which could not be opened without additional information.
Updated on: 2023-05-26T18:43:04.518724+00:00