Bitcoin Transaction Malleability and MtGox
This addresses security concerns for Bitcoin users and exchanges, but is incremental as it clarifies the timing of attacks rather than proposing a new solution.
The paper investigated Bitcoin transaction malleability, a vulnerability allowing attackers to modify and rebroadcast transactions, and analyzed network traces to show that widespread attacks did not occur before the MtGox exchange's bankruptcy in 2014.
In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. This allows an attacker to mount a malleability attack in which it intercepts, modifies, and rebroadcasts a transaction, causing the transaction issuer to believe that the original transaction was not confirmed. In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts. In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox.