Table of Contents
Transaction malleability is a weakness or vulnerability in the Bitcoin protocol that allows an attacker to change the unique ID of a Bitcoin transaction before it is confirmed on the blockchain.
This change in the transaction ID doesn’t alter the transaction amount or destination but modifies the ID itself. As a result, this can cause confusion or difficulties for systems relying on the original transaction ID.
A transaction malleability attack involves altering the transaction ID and can lead to several issues:
- Confusion in tracking transactions: Changing the transaction ID can make it difficult for systems or processes that rely on these IDs to accurately track and verify transactions.
- Repeated spending or double-spending: In some cases, attackers can exploit this vulnerability to attempt double-spending attacks. By altering the transaction ID, they may try to create confusion in the network and spend the same Bitcoin twice.
- Impact on the ecosystem: Such attacks could potentially affect Bitcoin-related services, wallets, and exchanges that depend on transaction IDs to track and confirm transactions.
Bitcoin developers have been working on solutions to address transaction malleability, and improvements have been made over time.
Segregated Witness (SegWit), for example, was a protocol upgrade implemented to mitigate transaction malleability and provide other benefits such as increased transaction capacity and reduced fees.
Is it the same as double spending?
No. Double spending involves spending coins once and then creating a different transaction with those same coins before the first transaction is confirmed.
The trick is then to get the fraudulent transaction confirmed on the Bitcoin network first so that the first transaction didn’t happen. That effectively means that you get to spend them twice.
How does transaction malleability work?
Each transaction must be uniquely identified so that it can be referenced in the blockchain. That transaction ID (TX ID) is produced by taking the information in the transaction and running it through a hash function.
One of the key qualities of a hashing function is that it is impossible to tell what the original information was simply by looking at the hash.
It is also impossible to predict what the hash will be based on the pieces of information that you start with. If any small detail changes in any of those pieces of data, it will change the hash in a completely unpredictable way.
This makes transaction IDs practically impossible to spoof. Each transaction should only have one possible hash.
You can prove that a transaction is valid by simply running all of the pieces of information that made up that transaction through the hashing function to check that you get the same hash.
At least, that’s the idea. But here’s where malleability comes in. The user’s digital signatures used as part of the hash to ‘sign’ the transaction are meant to be in a certain format.
That format wasn’t always properly checked. This meant that a badly-formatted one could be introduced and still accepted. Altering the signature in this way makes it possible to create different hashes for the same transaction.
Addressing the issue
For many years, the Bitcoin community has explored many ways to fix this hole in the system.
At this point in Bitcoin’s lifespan, maybe the best thing to do is nothing. Right now, the only worthwhile benefit of fixing this issue is to solidify zero-confirmation reliability.
It’s more of a theoretical problem than a real one, making these the key takeaways, at least for now:
- Zero-confirmation transactions should not be trusted
- Sometimes, this issue will create slower transactions, but that’s nothing compared to lost funds
- Transaction IDs are not always correct
When it comes to malleating transactions, people have very little to gain, meaning the only reason they would do so is to prove a point—in most cases, for political reasons (which has happened in the past).
It’s a good thing that Bitcoin transaction malleability is an attack that rarely happens. Even if miners were doing it regularly, you’d only be affected if you dealt with a transaction with an unconfirmed parent.
If that were to happen, in most cases, the funds would go back into your wallet since the transaction would be invalidated.