September 22, 2017

Top_Header

How to Identify Transaction Malleability Attacks



How to Identify Transaction Malleability Attacks

Having greatly influenced Mt. Gox in 2014, transaction malleability is a “new-old” issue within the Bitcoin industry. This issue can still create problems for the network, and negatively affect the perception of cryptocurrencies in general.

Also read: How Bitcoin Can Alter Our Psychology


Disclaimer: This article is a guest post from Helga Danova, Communications Officer, CEX.IO. This is not a sponsored story.

As one of the exchanges that have faced several attempts of transaction malleability attacks against the platform, CEX.IO shares its experience of identifying and fighting trans-action.

What is Transaction Malleability?

Transaction malleability is an attack that lets a person change a Bitcoin transaction’s unique ID before confirmation on the Bitcoin network. This change makes it possible for the person to pretend that a transaction didn’t happen. In case of Bitcoin exchanges, it can be used to make a double deposit or double withdrawal.

However, it should not be confused with double spending, as the latter implies spending an amount of crypto coins once, and creating another transaction with the same coins (thus, they can be spent twice).

How to Determine if You Are Under a Transaction Malleability Attack

For example, a hacker requests a Bitcoin withdrawal from his account on an exchange and changes unique ID of the transaction.

Here are two transactions recently happened on CEX.IO. Let’s compare them by using transaction ID scripts on the blockchain:

It is clear that signatures’ encoding have been changed, which led to altering script length, transaction and txid, without affecting transaction data. Although the database of the exchange contains initial txid, it can happen that attacker’s transaction with an altered txid will be confirmed in the blockchain first, while the original transaction will never be confirmed. This will allow a hacker to complain that the transaction is pending and claim compensation. More than one fake transaction can be made based on the original transaction.

How to Fight Off Transaction Malleability Attacks?

  • There is hardly a way to prevent such an attack automatically. However, there are at least two ways to avoid losses:
    required transaction confirmation
  • manual verification of bitcoin withdrawals from exchanges

In general, if an exchange notices suspicious pending transactions, it is already an alarm for something going wrong, and can serve as a signal of transaction malleability attack.

Have you had issues with transaction malleability? Let us know in the comments below!


Image courtesy of CEX.io.



Source

Comments

Related posts

error: Content is protected !!