The idea behind transaction malleability is that a user who is tracking transactions via their hash would not be able to trace the transaction if the hash was changed.
The risk could have been easily mitigated through simplistic internal checks and balances.
A transaction is in the blockchain is referred to by its hash, and their value is included in the merkle tree for that block. A transaction is also signed by the private key associated with the transaction input. So if the transaction can be altered before being hashed and signed with the signature and then propagated to the network – the sender would not be able to track the transaction as its hash has been altered.
The attackers using transaction malleability against Mt Gox would request a withdrawal. When they received a hash of the transaction from the Company they would alter it by changing the
This meant that Mt Gox’s funds were gradually leached away. However basic accounting checks and reports would have been able to detect this breach or loophole. In fact when summing up the process this was due to a lack of oversight by the management.