Bitcoin Transaction Malleability

One of the most successful cryptocurrency exchanges in the early days of Bitcoin was Mt. Gox. The Tokyo-based exchange at one time handled 70% of all worldwide Bitcoin transactions. Mt. Gox suffered a death blow in 2014 when it was revealed that Bitcoin transaction malleability resulted in the theft of 850,000 Bitcoin held by users of the cryptocurrency exchange.

What exactly is Bitcoin transaction malleability? Simply put it was a security loophole that was successfully exploited by hackers to obtain access to the Bitcoins held in trust by Mt. Gox. The process involves the alteration of hash signatures which makes it impossible to trace Bitcoin transactions.

A Bitcoin Loophole

To understand how transaction malleability works it is necessary to offer a brief explanation of how Bitcoin transactions are handled on the blockchain. The blockchain is the distributed ledger protocol that makes it possible for Bitcoin to be exchanged on a peer-to-peer basis. Bitcoin transactions are documented on the blockchain with a hash. Users also sign their transactions with a private key that is a function of a Bitcoin wallet. The hash becomes a part of the data that is part of the Merkle Tree of each block.

It was discovered that a transaction could be altered before it was hashed and signed. These alterations, when occurring prior to propagation to the network, would make it impossible for senders to track a transaction. This somewhat technical explanation may sound difficult, but imagine being able to withdraw funds from your bank without the bank being able to document that withdrawal. You could repeat the process over and over, receiving money while your balance remained the same. This isn’t exactly how Bitcoin transaction malleability worked, but it’s close.

Another way to think about it would be in terms of a check. A check could be written for a certain amount. Then, someone other than you signs the check. This changes the identifier used by the bank to determine that you wrote the check. A digital signature and a hash serve as identifiers for Bitcoin transactions. On the blockchain these identifiers are all-important. Transactions are “chained” together with identifiers so that verification can occur.

How Bitcoin Transaction Malleability was Used to Rob Mt. Gox

The scam worked like this. The first step was for an attacker to submit a withdrawal request to the exchange. The attackers would then alter the hash of the transaction which was then resubmitted to the network. When Mt. Gox looked for the transaction and could not find it, they would resubmit the funds to the user. The attack could then be repeated over and over. It worked almost all of the time, and the exchange failed to catch it until massive damage was done.

By the time the loophole was discovered, 850,000 Bitcoins were gone. The company was forced into bankruptcy, and legal proceedings are ongoing to the present day. Some individuals have just recently received funds that were stolen from the exchange. Arrests followed, and today the exchange has been effectively crushed by the breach.

The unfortunate side of things is that better checks and balances could have been used to recognize and halt such an attack. The story of Mt. Gox and Bitcoin transaction malleability is a cautionary tale that has prompted developers to implement better security methods in an effort to prevent this type of theft from happening again.

How Segregated Witness Fixes Transaction Malleability

A security protocol upgrade called Segregated Witness, or SegWit for short, was introduced in an effort to fix the problem of Bitcoin transaction malleability. The protocol was developed by Pieter Wiulle and first used with Litecoin in 2017. Later that year, the protocol was also implemented with Bitcoin.

SegWit’s basic function is to separate signature information from a base transaction block. When signatures are now changed, the transaction ID is not affected. This also has implications for the scaling issues that have been faced by Bitcoin since its introduction.

The presence of transaction malleability was considered by many to be a growing pain of Bitcoin’s development. It is possible that other security flaws could be discovered in the future. But because of Bitcoin’s open-source nature, many developers can contribute to fixes that work to insure the integrity of the cryptocurrency. The token still remains a highly secure means of exchange which affords maximum privacy.

*** Here at CryptoSwede you will find information on Crypto Mining the different cryptocurrencies as well as the best cryptocurrency exchanges. You can trade or you can set up trading bots instead and then store the crypto on crypto wallets. Later, spend them using crypto debit cards!***

Leave a comment