Bitcoin under 'mutated' transaction DoS attacks, but funds safe

Summary:Attacks on Bitcoin have led two major exchanges to suspend withdrawals, but there's no threat to users' money, according to Bitcoin developers.

Bitcoin developers are working on a fix for an issue that's behind suspended withdrawals at two of the biggest exchanges, but are promising that Bitcoin wallets and funds are safe as long as users don't accept unconfirmed Bitcoin.

According to Bitcoin Foundation, attackers are using "transaction malleability" — apparently a known issue among Bitcoin developers — to undermine the process used to confirm transactions. The attack amounts to a denial of service rather than an attempt to steal funds, according to the foundation.

"Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions," Bitcoin Foundation chief scientist Gavin Andresen wrote on the organisation's blog.

The update from the Bitcoin Foundation followed confusion amongs Bitcoin traders as two of the largest exchanges, Mt Gox and Bitstamp, suspended withdrawals over the issue, which has affected their respective versions of Bitcoin wallets.

In the case of Bitstamp, the DoS has disrupted the ability to check Bitcoin balances and therefore withdrawals have been suspended.

As noted in the Bitcoin wiki entry for 'transaction malleability', it's possible for an attacker on the network to mess with the identifier — or hash — of a transaction, which is used by wallets to confirm a transaction between them. Once confirmed, the hashes form part of the Bitcoin 'blockchain' ledger of historical transactions.

An altered hash doesn't affect the underlying value or the destination of the funds, but until the transaction is confirmed, the funds involved are not safe to accept, as the hashes depend on those of previous transactions and can still be changed up to the point they are confirmed.

In any case, a fix for the problem is on the way, but may take time come through. 

"We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now," Andresen said.

"Users of the reference implementation who are bitten by this bug may see their bitcoins 'tied up' in unconfirmed transactions; we need to update the software to fix that bug, so when they upgrade those coins are returned to the wallet and are available to spend again. Only users who make multiple transactions in a short period of time will be affected." 

More on Bitcoin

Topics: Security, E-Commerce, Emerging Tech

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.