Transaction Malleability Explained
Millions of people are accessing bitcoin nowadays without worrying about security. But there were many blackmarks in bitcoin history many of us don’t know.
Yeah, transaction malleability was the major fallback for bitcoin in the old days. Many crypto analysts believed that it was the limitation curve for bitcoin and it could not scale for large scale applications.
Fortunately, there is an evolution happening in bitcoin protocol too. Without making much mystery, we will see what is transaction malleability in bitcoin, types of malleability, solution that solves the problem and how to secure bitcoin exchange.
What is Transaction malleability problem
Transaction malleability problem is one of the roadblocks in blockchain that existed in older days. For example, the bitcoin transaction data is identified by modifying the cryptographic hash algorithms.
Then the signature is manipulated inside the block and delays the transaction process. Using the transaction data, hackers can send hundreds of duplicate transaction data and divert the system.
It was the biggest problem in bitcoin transactions as it delays the transaction time. Also, it is easily vulnerable to hackers in identifying the signature and getting the private keys.
To solve this issue, bitcoin was upgraded to Segwit implementation. We will see about segwith later in this blog. Now let’s get into the types of transaction malleability.
Types of Transaction malleability
i) Signature malleability
Bitcoin transactions use the ECDSA signature model. Means that it contains a signature format that can be easily interpreted using malfunction. The reason is that Signature did not encode itself in the transaction.
If the hacker can find the transaction and changes the data, it generates a new cryptographic hash. By this trick, hackers can generate an infinite number of transaction IDs and confuse the miners in validation. Like this, signature malleability happens in every transaction before it is confirmed.
ii) Script malleability
As the word describes, it is nothing but scripting the words to execute the transaction. We are already aware that scriptSig is being used to protect the transaction data such as receiver address, time, amount etc.
Here, the scriptsig is manipulated by adding some extra codes. Without knowing which one is the original code, the system approves the transaction resulting in the loss of assets to anonymous persons.
This happened in MT.Gox in 2014 as the company was not aware about the scriptSig modification.
It results in generating different hash id as the transaction data is altered.
Segwit solves Transaction malleability
Segregating the witness from actual transaction blocks is the definition of this protocol.
SegWit is the upgraded protocol that was implemented in bitcoin transaction format on Aug 23, 2017. It eliminates the witness information(signature) from the blockchain nodes and helps in approving the transactions faster.
It was mainly intended to solve the malleability problem in bitcoin transactions and increase the block capacity.
When segwit is in action, the malicious users can’t be able to access the signature details which they may use in modification. Segwit bitcoin was the bigger update in bitcoin transaction format since its invention.
Transaction malleability attack in crypto exchanges
MT. Gox was the first victim for this mealability attack. Mt. Gox was founded in 2010, and was holding 70% of all bitcoin transactions at that time. Hackers intercepted the transaction data that resulted in a different hash & Transaction ID.
Everything like sender address, amount, time, remains the same except receiver’s address. As there occurred a bulk number of transaction IDs, the exchange software system was tricked. It validated the duplicate transactions without knowing it’s coming from an altered hash ID.
Around 850,000 Bitcoins were stolen from the exchange and some of them were claimed as per company report. This results in a loss of 450 million US dollars to the Mt. Gox that leads the company to bankruptcy.
The company shut down its operations in February 2014 after this hefty loss that can’t be recovered.
How to secure the bitcoin exchange
As we discussed, the transaction malleability problem was solved thanks to Segwit. Even though bitcoin exchanges are safeguarding the users funds, attackers may still find loose ends. Find out the best ways you can use to ensure the safety of bitcoin exchanges.
- To avoid the security breaches, exchange operators should employ encrypted cryptocurrency exchange software that’s invisible.
- Keep the user funds protected with Multi-sig wallets so that when losing one key, the user can recover funds from another key.
- Lightning layer adoption is the best way to solve the bitcoin transaction delay. It was implemented in Coinbase, Binance, Kraken, Exodus, Trezor, and Twitter to speed up the transaction time. We at Hivelance apply lightning layer integration in every crypto exchange we develop.
- As an exchange operator, one should deploy cold wallet distribution in their asset management techniques. It allows the exchanges to feel assured of preventing any hacks in future.
Hope you like this article. Share a word.