Coinkite alerts users against ongoing Bitcoin Malleability attack

Coinkite, a leading bitcoin platform, reported that a number of attacks have been identified in which customer’s transactions are being modified and rebroadcast with a new transaction number. This attack is being applied to almost all transactions on the network and is not targeted at Coinkite or its users.

It further explains that the technique adopted by the attackers is not new - it involves a simple numeric tweak to one number (S) in the ECDSA signature, documented as part of BIP62 and is called the “low S” requirement. The attackers are replacing lower S value used by Coinkite with the higher S value.

Coinkite warns, “While this attack is happening, you cannot trust bitcoin transaction numbers as much as you might be used to. Once you send a transaction, you need to understand that your transaction might actually get into a block under a different hash. Your recipient gets the funds the same, miner fees are the same, and most block explorers do not show enough detail to be able to tell the two transactions apart.”

It is not safe to build new transactions on top of the first transaction until it confirms, because there are in effect two versions of that transaction (yours and the high-S version) and it can’t be predicted which will be mined, the report added.

To overcome this, Coinkite has deployed new code that tracks these modified transactions, and when they get confirmed into blocks, it retroactively adjusts its records and continues with the new transaction number in effect. As soon as the long-term solution, BIP62, is ready, Coinkite will encourage all miners to enforce it immediately.