Transaction malleability is a loophole in the bitcoin protocol that was most famously used in February 2014 to allegedly withdraw funds from Mt Gox.
The idea behind transaction malleability is that a user who is tracking transactions via their hash would not be able to trace the transaction if the hash was changed.
The risk could have been easily mitigated through simplistic internal checks and balances.
A transaction is in the blockchain is referred to by its hash, and their value is included in the merkle tree for that block. A transaction is also signed by the private key associated with the transaction input. So if the transaction can be altered before being hashed and signed with the signature and then propagated to the network – the sender would not be able to track the transaction as its hash has been altered.
The attackers using transaction malleability against Mt Gox would request a withdrawal. When they received a hash of the transaction from the Company they would alter it by changing the <scriptPubKey> whilst using the <ScriptSig> and re-flooding the network with this new transaction. Mt Gox would then look for their transaction and assume there was an issue and resubmit the funds to the user. The user could then repeat this attack. Their flaw was that if they didn’t manage to propagate their updated transaction quick enough then they would still receive the Bitcoin but wouldn’t receive the extra funds. In this case they just tried again – they hadn’t lost much – just a bit of time.
This meant that Mt Gox’s funds were gradually leached away. However basic accounting checks and reports would have been able to detect this breach or loophole. In fact when summing up the process this was due to a lack of oversight by the management.
- Meet ZENIQ: The Decentralized Blockchain-Powered Ecosystem Sponsored
- GAUGECASH Integrates Chainlink Keepers to Decentralize Automation of Novel Liquidity Pool, GAUGEFIELD
- Ariva Digital’s ‘Arivaman’ Gets Set To Embark On Epic Adventure
- WAGMI Games Partners With Cubix To Launch PvP Tower Defense Play-to-Earn Game
- How 5 Popular Smart Contract Platforms Compare to Nexus
- Is the “Decentralization” in the Blockchain Ecosystem Really Decentralized?
- Astra Protocol, a Compliance Layer for DeFi, Could Help US SEC, Other Regulators with Ensuring Consumer Protection for Crypto Investors
- TabTrader's Native TTT Token Launches on Gate.io
- DecimalChain Believes NFTs Could Be the Response the Market Needs
- TaleCraft: A Medieval-Themed Gaming Metaverse
This website is only provided for your general information and is not intended to be relied upon by you in making any investment decisions. You should always combine multiple sources of information and analysis before making an investment and seek independent expert financial advice.
Where we list or describe different products and services, we try to give you the information you need to help you compare them and choose the right product or service for you. We may also have tips and more information to help you compare providers.
Some providers pay us for advertisements or promotions on our website or in emails we may send you. Any commercial agreement we have in place with a provider does not affect how we describe them or their products and services. Sponsored companies are clearly labelled.