Today Bitcoin-exchange MtGox released a press release containing more details on their recent Bitcoin withdrawal issues. In this release they attribute the problem to a flaw in the Bitcoin protocol, the so-called malleability of transactions.
In reality, the flaw isn’t so much in Bitcoin as it is in exchange-systems and their bookkeeping methods. Many exchanges use the transaction-id (the tx-id) to uniquely identify transactions. The tx-id is a hash of part of the transaction content and as it turns out, an attacker can change the tx-id without changing the actual transaction (that is, the senders, recipients and amounts), rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn’t. The exchange will then check their database, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins.
A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the set of (amount, address, timestamp) instead. If a user complains about not receiving their withdrawal, support can look it up using these 3 variables. It takes a little bit more work from support, but it prevents this attack from succeeding.
While it’d be nice if the tx-id isn’t malleable, blaming this problem on a flaw in the protocol is quite a stretch. In fact, it is the custom software that MtGox uses that doesn’t properly account for transaction malleability. The reference-client, Bitcoin-qt and the associated backend, bitcoind, do not exhibit this problem.
Transaction malleability isn’t new. It’s been known for quite some time and most software can deal with it just fine. It is disappointing that MtGox blames the protocol for its own problems and in doing so causes a sharp drop in the Bitcoin-price and negative press for the currency.
For more information, you can read the article on transaction malleability on the Bitcoin wiki, an interview with Bitcoin-developer Greg Maxwell immediately following the MtGox press release or a Bitcointalk post explaining the situation in very basic terms “for a five year old”.