Monday, December 5, 2022

Were Last Week’s Transaction Malleability Attacks Designed to Push SegWit?

Were Last Week’s Transaction Malleability Attacks Designed to Push SegWit?

In the past week, the Bitcoin network experienced a number of ‘transaction malleability’ issues. The discrepancies caused problems for some service providers, notably Blockchain.

Also read: Concerns Over Chinese Exchanges Partly Led to Bitcoin ETF Rejection

Some pointed to the BitClub Network mining pool as the source for this ‘attack’, though it remains unclear whether the action was intentional or otherwise.

What is Transaction Malleability?

Transaction malleability is a known issue in the Bitcoin Core client software. It permits users to amend transaction ID numbers at any time after the transaction has been sent.

In Bitcoin history, the issue most notably surfaced when Mt. Gox CEO Mark Karpeles pointed to it as the reason BTC funds had disappeared from his company accounts. Changing transaction IDs can potentially cause serious problems for services that use transaction IDs to record where money has entered or departed their system.

The Segregated Witness (SegWit) proposal aims to solve the malleability issue for all future transactions, but adoption is controversial. SegWit breaks Bitcoin transactions into separate data components, allowing more transactions into each 10-minute block while maintaining the current (and also controversial) 1MB block size limit.

Proponents of Bitcoin Unlimited (BU), an alternative Bitcoin client software that rivals dominant Bitcoin Core, are campaigning against SegWit adoption. Bitcoin needs a more scalable and long-term solution to its transaction limit, they claim, preferring BU’s model that allows miners to determine block sizes themselves. SegWit changes Bitcoin transaction structure too radically, they add, potentially causing new problems for wallets.

Are Attacks Meant to Draw Attention to SegWit?

So: If SegWit solves malleability but miners are resisting it, might someone be deliberately launching attacks to prove a point?

Chinese wallet software maker Bither drew attention to the incident with a post on Medium titled “BitClub, why are you doing Malleability Attack now?” Others also pointed the finger:

Some pointed to developer James Hilliard, after suggestions he had performed the malleability attacks as a test on blockchain ‘spam’ data. Hilliard is a Pool/Farm Technician at a company called Bitmain Warranty — which sells and services Bitmain mining equipment but is not affiliated with that company.

We contacted James Hilliard, however he said he didn’t wish to comment publicly at this stage.

Bitcoin developer and Blockstream co-founder Matt Corallo said he didn’t know what the intent behind the malleability attacks was. He told us:

“I can only speculate there, but the harm appears to have only been to expose a bug on (which they fixed…yay for the bitcoin ecosystem being a bit more robust) and annoy some folks who had long chains of transactions (SegWit would have allowed them to do so safely).”

“Historically a bunch of the spam garbage has been long chains of transactions, but I don’t know about txs of late, as I haven’t looked, and I do know there are some legitimate businesses who have been using them more as workarounds as they implement better transaction fee handling. Though luckily some of that’s going away as folks have better transaction fee selection.”

Breaking Up Long-Chain ‘Spam’ Transactions

Bitcoin Core developer Peter Todd said the attacker probably wanted to break up some “long-chain spam transactions” that have been happening lately. Someone, he said, has been transferring 750 BTC every 5 seconds in a very long chain of transactions, pushing up fee estimates in Bitcoin Core and other wallets.

“Breaking that very long chain of transactions stopped the attack,” he added. In any case, it would keep good software writers on their toes:

“It’s a good thing if some miners are malleating transactions, as the current Bitcoin protocol makes that possible, so wallets need to handle that case properly. Good wallets do exactly that, and having it happen once in a while nudges not so good wallets into writing more robust code.”

As for whether the actions were designed to promote SegWit, Todd said people could just as easily argue it’s promoting Flexible Transactions. Mealleating transactions shows we need to fix malleability, he said. And while activating SegWit is an obvious response, it isn’t the only possible solution.

No-one Should Control Bitcoin

Bitcoin Core developer Gregory Maxwell posted a long analysis on Reddit. He criticized Bitcoin Unlimited’s model and saying the attacks proved SegWit is necessary:

“By providing a concrete disproof of the claims that SegWit solves a non-problem this miner has in a sense done us a favor. Point taken, I hope. It also, no doubt, disrupted some of the long-chain spam attackers. But that isn’t much consolation to everyone who knew there were issues already and suffered disruption due to it.”

Maxwell argued the miner who malleated transactions had “in a sense done us a favor”. Around 78% of Bitcoin nodes are now ready to activate SegWit, which he described as a “complete and total fix”.

Neither he nor other developers want to force miners to adopt SegWit, he said. The developers simply created a viable fix and tested it. However Bitcoin should not have controllers setting policy, so it must be the decision of individual miners and node operators to run it.

Activating SegWit will protect only transactions made after SegWit is activated. Legacy transactions — i.e.: those on the blockchain prior to activation — are still susceptible to malleability.

Still, say SegWit proponents, that’s better than nothing at all.

Are transaction malleability attacks disruptive? Is SegWit the answer? Let’s hear your opinions.

Image via Pixabay

27 thoughts on “Were Last Week’s Transaction Malleability Attacks Designed to Push SegWit?

Comments are closed.

Bitsonline Email Newsletter