Current Bitcoin Malleability Attacks ‘A Nuisance’

On Oct 1, a bitcointalk thread titled New transaction malleability attack wave? Another stresstest?, opened up. Users of various different wallets reported strange transactions, that appeared to be doubling up.

Coinkite quickly responded, stating: “Over the last 24-48 hours, we’ve noticed a number of our customer’s transactions modified and rebroadcast with a new transaction number. This attack is being applied to almost all transactions on the network and is not targeted at Coinkite or our users.”

“This is a nuisance only and does not put your funds at risk.”
— – Peter Gray, Coinkite Founder

Transactions are confirmed after the information has been mined into a block. This ensures that the sender has sufficient funds and that they have “digitally” signed for the transaction to take place. Each bitcoin transaction has a unique identifier, called a transaction ID, which is used to track transactions, much like a paper check.

Coinkite expanded further on the situation, stating that waiting for confirmations is the best course of action before moving funds, “because there are in effect two versions of that transaction […] and you can’t predict which will be mined.”

The result of this attack can appear as two transactions in a wallet account. One will confirm, and one won’t. This apparent doubling up can skew the account balance displayed in wallet software, although the actual funds on the blockchain are unaffected.

A reddit also had issues with a  purchase made on Gyft, which showed up as two transactions. BitPay has since solved the situation, and Gyft has acknowledged the payment. According to the post, the invoices were locked into picking up the original transaction ID, and since it had been modified before reaching the block, the invoice could not recognise the payment as being confirmed.

Despite there being no cause for alarm with the current ‘attack’, malleability does create a headache. A possible solution is Bitcoin Improvement Proposal 62, which proposes a change to Bitcoins transaction validity rules, “in order to make malleability of transactions impossible (at least when the sender doesn’t choose to avoid it).”

“As of february 2014, Bitcoin transactions are malleable in multiple ways. This means a (valid) transaction can be modified in-flight, without invalidating it, but without access to the relevant private keys.“
— – Pieter Wuille, BIP 62 Author

Coinkite’s approach has been to continue business as usual, but educate the public to be careful with zero-confirmation transactions. “As of today, all deposits into Coinkite accounts must receive one confirmation before we will use them in a new transaction. We have deployed new code that tracks these modified transactions, and when they get confirmed into blocks, we retroactively adjust our records and continue with the new transaction number in effect.”

“Once you send a transaction, you need to understand that your transaction might actually get into a block under a different hash. Your recipient gets the funds the same, miner fees are the same, and most block explorers do not show enough detail to be able to tell the two transactions apart.”
— – Coinkite

Peter Todd, Decentralized Consensus Consultant and Bitcoin Core Developer, reiterated this message on twitter, “Note this is an attack in the same way that a bunch of scouts setting up a tent on your lawn is an ‘attack’.”

Bitcoin malleability was explained by Ed Felton in 2014. Felton is a Professor of computer science who joined the White House Office of Science and Technology earlier this year. “This could be a problem,” Felton stated, depending on how users react.

“companies should have known to be watching for the non-malleable payment details of a transaction to show up, rather than waiting for the transaction ID to show up. If you’re not doing this, your system is buggy and it’s your own fault. Or so this argument goes.”
— – Felton