Comment Re:"some weakness" (Score 1) 465
That was not the error they were dealing with and there is no way for you to spend someone elses bitcoin.
The issue as I understand it, is that someone was forging a transaction ID on an existing deposit or withdraw. Thus tricking the system into transferring the coin a second time. So they had a pool of coins that everything went into and came out of. If I deposit 25btc into the account there system credits my account 25btc. If I withdraw 25btc then it debts my account. All of this keyed to the bitcoin transaction ID. If I forge that transaction ID taking the same 25btc deposit packet and send it again with the forged transaction ID. There system would credit my account a second time, even though the coins were never deposited into the pool. I could then withdraw 50btc, which would come out of the pool of coins because there system thinks I have more btc than what is really there. The only way they would have caught it is if they did a month end and reconciled the numbers in there web system to the number in there btc pool wallet. Which they should have been doing EVERY MONTH!
In simple terms balancing the books is.
You take the account total at start of month.
You take and apply the debts and credits to the total.
You validate that the total you have come up with is the same as the account total
You sign off on the total for the month and close out the month locking it from change.