Transaction malleability problem

Source: Wikipedia, the free encyclopedia.

The transaction malleability problem is a vulnerability in blockchain which can be exploited by altering a cryptographic hash, such as the digital signature used to identify a cryptocurrency transaction.[1][2] Transaction malleability is considered to be one of the largest ongoing threats to blockchain technology,[3] as it can compromise financial transactions such as Bitcoin and other cryptocurrency transactions, and cause other issues in the network.[4]

Discovery

The transaction malleability problem became known to the Bitcoin community in 2011.

In February 2014, Japanese Bitcoin exchange Mt. Gox revealed that they had been targeted by an exploit in Bitcoin protocol called "Transaction Malleability". At the time, Mt. Gox was the world's largest bitcoin exchange, handling approximately 70% of all bitcoin transactions. The company reportedly lost hundreds of millions of dollars worth of Bitcoin due to this bug.[5] After failing to attract enough investors to offset its losses, Mt. Gox suspended withdrawals, and closed its website.[6] The company soon filed for bankruptcy with CEO Mark Karpelès resigning.[7]

Shortly after Mt. Gox's announcement, it was revealed that Silk Road 2.0 had lost $2.7 million worth of Bitcoin due to an unknown hacker who exploited transaction malleability.[8]

A 2014 study published by Christian Decker and Roger Wattenhofer found that no major transaction malleability exploitations had occurred prior to the MT. Gox attack.[9]

Applications and threats

Transaction malleability can be used to alter the unique ID of a monetary transaction before it is confirmed.[10] For example, it is possible for a hacker to fool computer systems into erroneously sending multiple transactions by manipulating the TX ID of a bitcoin transaction.[11]

References

  1. ^ Andrychowicz, Marcin; Dziembowski, Stefan; Malinowski, Daniel; Mazurek, Łukasz (2015). "On the Malleability of Bitcoin Transactions". In Brenner, Michael; Christin, Nicolas; Johnson, Benjamin; Rohloff, Kurt (eds.). Financial Cryptography and Data Security. Lecture Notes in Computer Science. Vol. 8976. Berlin, Heidelberg: Springer. pp. 1–18. doi:10.1007/978-3-662-48051-9_1. ISBN 978-3-662-48051-9.
  2. ^ Rajput, Ubaidullah; Abbas, Fizza; Hussain, Rasheed; Eun, Hasoo; Oh, Heekuck (2015), "A Simple Yet Efficient Approach to Combat Transaction Malleability in Bitcoin", Information Security Applications, Lecture Notes in Computer Science, vol. 8909, Cham: Springer International Publishing, pp. 27–37, doi:10.1007/978-3-319-15087-1_3, ISBN 978-3-319-15086-4, retrieved 2021-07-10
  3. ^ Khan, Kashif Mehboob; Arshad, Junaid; Khan, Muhammad Mubashir (2021-01-01). "Empirical analysis of transaction malleability within blockchain-based e-Voting". Computers & Security. 100: 102081. doi:10.1016/j.cose.2020.102081. ISSN 0167-4048. S2CID 225135528.
  4. ^ "What is Bitcoin Transaction Malleability & How Can It Affect Me?". Paxful Blog | Crypto Guides & Product Updates. 2020-07-27. Retrieved 2021-07-10.
  5. ^ Rajput, Ubaidullah; Abbas, Fizza; Hussain, Rasheed; Eun, Hasoo; Oh, Heekuck (2015). "A Simple Yet Efficient Approach to Combat Transaction Malleability in Bitcoin". In Rhee, Kyung-Hyune; Yi, Jeong Hyun (eds.). Information Security Applications. Lecture Notes in Computer Science. Vol. 8909. Cham: Springer International Publishing. pp. 27–37. doi:10.1007/978-3-319-15087-1_3. ISBN 978-3-319-15087-1.
  6. ^ "How a bug in bitcoin led to MtGox's collapse". the Guardian. 2014-02-27. Retrieved 2021-07-10.
  7. ^ McLannahan, Ben (2014-02-28). "Bitcoin exchange Mt Gox files for bankruptcy protection". Financial Times. Retrieved 2021-07-10.
  8. ^ "Silk Road 2 loses $2.7m in bitcoins in alleged hack". BBC News. 2014-02-14. Retrieved 2021-07-10.
  9. ^ Decker, Christian; Wattenhofer, Roger (2014). "Bitcoin Transaction Malleability and MtGox". In Kutyłowski, Mirosław; Vaidya, Jaideep (eds.). Computer Security - ESORICS 2014. Lecture Notes in Computer Science. Vol. 8713. Cham: Springer International Publishing. pp. 313–326. arXiv:1403.6676. doi:10.1007/978-3-319-11212-1_18. ISBN 978-3-319-11212-1. S2CID 14555943.
  10. ^ "SegWit: not just a solution to transaction malleability problem". Retrieved 2021-07-10.
  11. ^ Garling, Caleb (2014-02-15). "Bitcoin's transaction malleability rattles system". SFGATE. Retrieved 2021-07-10.