Recent problems at the Mt.Gox bitcoin exchange appear to be the result of an implementation flaw related to a known bitcoin technical issue. The issue is that of “Transaction Malleability”, a problem in certain implementations that allows an attacker to modify a transaction in such a way as to make the same transaction appear under a different transaction ID (Tx Hash), without changing any of the internal information (sender, recipient, value etc). This issue first became known in 2011 and it does not affect correctly implemented bitcoin clients, such as the reference client (bitcoind/bitcoin-qt).
The well-known and documented issue of “Transaction Malleability” makes it dangerous for bitcoin wallets and bitcoin exchanges to rely on the transaction hash as an authoritative proof, or “receipt” for a transaction. Instead, best practices dictate that implementations of bitcoin verify transactions by checking whether their inputs have been spent by any transactions included in a mined block, rather than relying on the presence (or absence) of the transaction hash in the blockchain.
Blockchain.info’s implementation follows best practices in this respect and does not rely on the transaction hash as verification of spent funds. Instead, if multiple conflicting versions of a transaction against spent inputs are seen on the network, both transactions are highlighted whenever they appear as a “double-spend”, until one of the transactions is confirmed, making the second disappear.
In Blockchain’s wallet implementation, each user of our service controls their own private keys and we don’t maintain internal “account balances” making it impossible to corrupt our internal accounting system in the same way that has affected Mt.Gox. Blockchain wallet users are unaffected by this known implementation issue.
Bitcoin users should not rely on the presence or absence of a transaction hash (aka ID) as confirmation of payment. Before re-sending a transaction that appears unsuccessful, they should check the wallet balance to ensure that the transaction was not submitted under a different ID. The definitive proof of success or failure of a transaction is the address balance (unspent outputs) as calculated after several confirmations. In other words, trust your balance as confirmed by the blockchain consensus, not the transaction ID.
Contrary to many news headlines that describe Transaction Malleability as a “bug” affecting bitcoin and other crypto-currencies, it is not. It is an example of the need to implement transaction verification in the industry-standard way rather than with implementation shortcuts that rely on known-unsafe methodologies. Again, Blockchain.info wallet users are unaffected.
Andreas M. Antonopoulos
Chief Security Officer