The prevailing vulnerabilities in the bitcoin network once again took a toll on the users, this time in form of a transaction malleability attack.
According to a series of threads launched on Reddit and BitcoinsTalk, a hacker reportedly launched a “stress-test” on the bitcoin network that ended up creating copies of transactions with different transactions ids. Users complained of seeing two similar transactions in their wallets — one confirmed and other unconfirmed. They also said that their balances were deducted twice due to rebroadcasted spending.
“It’s been only two days with a limited number of people playing this game, but malleability is already causing a significant headache for [our] users,” a representative of UK-based BitBargain stated while confirming the attack. “It messes up the balances reported by bitcoind and makes the daily audit quite hard to perform, not to mention the amount of emails [we] will receive from users asking about deposit and withdrawal problems that [we] will need to reply to and explain the situation.”
However, due to the unconfirmed status of one of the transactions, the actual funds on the chain were never effected, leaving users’ balances unharmed. Experts thereby recommended users to just wait for the confirmations before moving funds.
That still didn’t stop the community from expressing their dissatisfaction with this regularly-occurring phenomenon. They mostly showed concerns towards a lack of urgency towards transaction malleability issues.
“The solution would be to fix the protocol so this deception cannot be orchestrated,” one of them commented. “Whether or not it’s actually serious is beside the point; the perception is what matters most, and this “attack” hurts Bitcoin’s credibility.”
Developers have lately launched a BIP 62 solution to fix malleability issues on bitcoin network. However, the solution, which supports a change in Bitcoin transaction validity rules, seems to have its own issues. As core developer Peter Todd noted, BIP 62 is subjected to dangerous replay attacks, for it is a protocol level fix that robustly removes all sources of malleability.
“The best fix available in the short term is for wallet developers to write better software that handles malleable transactions better; that’s not a protocol level fix,” he added.
The Core Development team hasn’t released any word on the bitcoin network issue yet.