transaction malleability problem
The transaction malleability problem is a vulnerability in blockchain which can be exploited by altering a cryptographic hash, such as the digital signature used to identify a cryptocurrency transaction.{{Cite book|last1=Andrychowicz|first1=Marcin|last2=Dziembowski|first2=Stefan|last3=Malinowski|first3=Daniel|last4=Mazurek|first4=Łukasz|title=Financial Cryptography and Data Security |chapter=On the Malleability of Bitcoin Transactions |date=2015|editor-last=Brenner|editor-first=Michael|editor2-last=Christin|editor2-first=Nicolas|editor3-last=Johnson|editor3-first=Benjamin|editor4-last=Rohloff|editor4-first=Kurt|chapter-url=https://link.springer.com/chapter/10.1007/978-3-662-48051-9_1|series=Lecture Notes in Computer Science|volume=8976 |language=en|location=Berlin, Heidelberg|publisher=Springer|pages=1–18|doi=10.1007/978-3-662-48051-9_1|isbn=978-3-662-48051-9}}{{Citation|last1=Rajput|first1=Ubaidullah|title=A Simple Yet Efficient Approach to Combat Transaction Malleability in Bitcoin|date=2015|url=http://dx.doi.org/10.1007/978-3-319-15087-1_3|work=Information Security Applications|pages=27–37|place=Cham|publisher=Springer International Publishing|isbn=978-3-319-15086-4|access-date=2021-07-10|last2=Abbas|first2=Fizza|last3=Hussain|first3=Rasheed|last4=Eun|first4=Hasoo|last5=Oh|first5=Heekuck|series=Lecture Notes in Computer Science |volume=8909 |doi=10.1007/978-3-319-15087-1_3 }} Transaction malleability is considered to be one of the largest ongoing threats to blockchain technology,{{Cite journal|date=2021-01-01|title=Empirical analysis of transaction malleability within blockchain-based e-Voting|url=https://www.sciencedirect.com/science/article/pii/S0167404820303540|journal=Computers & Security|language=en|volume=100|pages=102081|doi=10.1016/j.cose.2020.102081|issn=0167-4048|last1=Khan |first1=Kashif Mehboob |last2=Arshad |first2=Junaid |last3=Khan |first3=Muhammad Mubashir |s2cid=225135528 }} as it can compromise financial transactions such as Bitcoin and other cryptocurrency transactions, and cause other issues in the network.{{Cite web|date=2020-07-27|title=What is Bitcoin Transaction Malleability & How Can It Affect Me?|url=https://paxful.com/blog/bitcoin-transaction-malleability-explained/|access-date=2021-07-10|website=Paxful Blog {{!}} Crypto Guides & Product Updates|language=en}}
Discovery
The transaction malleability problem became known to the Bitcoin community in 2011.
In February 2014, Japanese Bitcoin exchange Mt. Gox revealed that they had been targeted by an exploit in Bitcoin protocol called "Transaction Malleability". At the time, Mt. Gox was the world's largest bitcoin exchange, handling approximately 70% of all bitcoin transactions. The company reportedly lost hundreds of millions of dollars worth of Bitcoin due to this bug.{{Cite book|last1=Rajput|first1=Ubaidullah|last2=Abbas|first2=Fizza|last3=Hussain|first3=Rasheed|last4=Eun|first4=Hasoo|last5=Oh|first5=Heekuck|title=Information Security Applications |chapter=A Simple Yet Efficient Approach to Combat Transaction Malleability in Bitcoin |date=2015|editor-last=Rhee|editor-first=Kyung-Hyune|editor2-last=Yi|editor2-first=Jeong Hyun|chapter-url=https://link.springer.com/chapter/10.1007/978-3-319-15087-1_3|series=Lecture Notes in Computer Science|volume=8909 |language=en|location=Cham|publisher=Springer International Publishing|pages=27–37|doi=10.1007/978-3-319-15087-1_3|isbn=978-3-319-15087-1}} After failing to attract enough investors to offset its losses, Mt. Gox suspended withdrawals, and closed its website.{{Cite web|date=2014-02-27|title=How a bug in bitcoin led to MtGox's collapse|url=http://www.theguardian.com/technology/2014/feb/27/how-does-a-bug-in-bitcoin-lead-to-mtgoxs-collapse|access-date=2021-07-10|website=the Guardian|language=en}} The company soon filed for bankruptcy with CEO Mark Karpelès resigning.{{Cite web |last=McLannahan |first=Ben |date=2014-02-28 |title=Bitcoin exchange Mt Gox files for bankruptcy protection |url=https://www.ft.com/content/6636e0e8-a06e-11e3-a72c-00144feab7de |url-access=subscription |access-date=2021-07-10 |website=Financial Times}}
Shortly after Mt. Gox's announcement, it was revealed that Silk Road 2.0 had lost $2.7 million worth of Bitcoin due to an unknown hacker who exploited transaction malleability.{{Cite news|date=2014-02-14|title=Silk Road 2 loses $2.7m in bitcoins in alleged hack|language=en-GB|work=BBC News|url=https://www.bbc.com/news/technology-26187725|access-date=2021-07-10}}
A 2014 study published by Christian Decker and Roger Wattenhofer found that no major transaction malleability exploitations had occurred prior to the MT. Gox attack.{{Cite book|last1=Decker|first1=Christian|last2=Wattenhofer|first2=Roger|title=Computer Security - ESORICS 2014 |chapter=Bitcoin Transaction Malleability and MtGox |date=2014|editor-last=Kutyłowski|editor-first=Mirosław|editor2-last=Vaidya|editor2-first=Jaideep|chapter-url=https://link.springer.com/chapter/10.1007/978-3-319-11212-1_18|series=Lecture Notes in Computer Science|volume=8713 |language=en|location=Cham|publisher=Springer International Publishing|pages=313–326|doi=10.1007/978-3-319-11212-1_18|isbn=978-3-319-11212-1|arxiv=1403.6676|s2cid=14555943 }}
Applications and threats
Transaction malleability can be used to alter the unique ID of a monetary transaction before it is confirmed.{{Cite web|title=SegWit: not just a solution to transaction malleability problem|url=https://www.numbrs.com/tech/2021/05/03/segwit-not-only-a-solution-to-transaction-malleability-problem/|access-date=2021-07-10|language=en-US}} For example, it is possible for a hacker to fool computer systems into erroneously sending multiple transactions by manipulating the TX ID of a bitcoin transaction.{{Cite web|last=Garling|first=Caleb|date=2014-02-15|title=Bitcoin's transaction malleability rattles system|url=https://www.sfgate.com/tech/article/Bitcoin-s-transaction-malleability-rattles-system-5236912.php|access-date=2021-07-10|website=SFGATE|language=en-US}}
References
{{Reflist}}