See More

Transaction Malleability: What Is It And Why Is It Still A Problem?

3 mins
Updated by Valdrin Tahiri
Join our Trading Community on Telegram
Confirmed transactions are stored in blocks on the blockchain. Once confirmed, these transactions are extremely difficult to tamper with, hence why most blockchains are considered immutable.
However, while confirmed transactions are practically irreversible, it can be possible to intercept and modify information related to unconfirmed transactions in some cases. The ability to modify input data before it has been confirmed is known as ‘transaction malleability.’ The most common way this occurs is through alteration of the transaction signature, which is responsible for generating the transaction ID. If this signature is altered, the transaction ID will also change, making the previous transaction ID invalid.

TxIDs Can Be Modified, So What?

Transaction malleability can cause serious problems if abused, for example, an attacker could change the unique hash of a Bitcoin (BTC) transaction before it is confirmed. This can be done by changing the digital signature that was used when creating it, without actually invalidating the signature. By modifying the transaction hash of unconfirmed transactions, an attacker could make any associated child transaction invalid, which, under the right conditions, could allow the attacker to claim that the transaction itself is invalid. That being said, while malleability attacks cannot change the amount sent, the recipient or any other critical parameter, it does open up a number of scenarios where it could be possible to defraud. For example, the now-defunct Mt. Gox cryptocurrency exchange was subject to a long-standing malleability attack which saw a number of attackers almost completely drain its accounts by claiming that their withdrawal transactions never occurred at all, leading to Mt. Gox resending the funds, and the attacker getting twice the amount they were due. bitcoin hacker

Malleability Problem Still Relevant?

Although the Bitcoin blockchain has technically fixed the malleability issue through its earlier SegWit upgrade, there are several other blockchains that remain vulnerable to a malleability attack. Perhaps the most prominent of these is the Bitcoin Cash (BCH) blockchain, which diverged from the original Bitcoin protocol after disagreements surrounding the implementation of SegWit as a means to help Bitcoin scale. As part of the solution, SegWit also corrected the transaction malleability issue, by removing the signature from the equation when generating the transaction ID. Instead of going with SegWit (and the included malleability fix), Bitcoin Cash instead opted to support larger block sizes, bumping it from 1Mb, up to its current 32Mb value, and allowing a much larger number of transactions to be handled simultaneously. As it stands, Bitcoin Cash has already fixed third-party malleability, which means external agents cannot alter the transaction hash of a transaction they didn’t create. However, the person who crafted the transaction still has the potential to modify the signature and the transaction hash. Part of the reason this hasn’t been ‘fixed’ is that many believe it doesn’t need fixing. They argue that transaction malleability has a number of benefits, for example, allowing malformed transaction hashes to be corrected, avoiding stuck transactions. By forgoing a malleability fix, Bitcoin Cash has left itself vulnerable to these types of attacks, which means another Mt. Gox style hack is not out of the question. This is very unlikely, however, since the risks associated with transaction malleability are now well known. What is your opinion on transaction malleability? Do you think the risks outweigh the benefits? Let us know your thoughts in the comments below! 
Top crypto platforms in the US | March 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Daniel_userpic_basic.jpg
Daniel Phillips
After obtaining a Masters degree in Regenerative Medicine, Daniel pivoted to the frontier field of blockchain technology, where he began to absorb anything and everything he could on the subject. Daniel has been bullish on Bitcoin since before it was cool, and continues to be so despite any evidence to the contrary. Nowadays, Daniel works in the blockchain space full time, as both a copywriter and blockchain marketer.
READ FULL BIO
Sponsored
Sponsored