Bitcoin’s coming of age tale has been rocky to say the least. The latest drama surrounding the ever-maturing cryptocurrency has come in the form of denial-of-service attacks targeted especially at Bitcoin exchanges.

Mt. Gox, Bitstamp, and others have shut down their services in response to a wave of phantom transactions that have taken advantage of transaction malleability, a glitch that makes it possible to fake transactions that didn't happen, by creating a phony transaction that is similar, but not identical, to a real one. 

The DOS attacks are taking the form of malformed transactions, which are similar enough to legitimate transactions so that they can fool the exchanges. If Bitcoin exchanges get fooled by too many fake transactions, they fall out of sync with the blockchain, which holds the database for all transactions, and those exchanges subsequently need to recalculate their funds. This causes the Bitcoin exchange to slow down to an extent that it can no longer process users’ transactions. 

“What makes it major is that malformed transactions are being injected at a far greater rate than we've ever seen before," Andreas Antonopoulos, chief security officer of the Bitcoin wallet Blockchain, told Ars Technica. "Whereas before this was a few transactions affecting Mt. Gox, now it's a lot of transactions affecting everyone."

Why Now?

The Bitcoin community has known about transaction malleability since 2011, so most Bitcoin companies, like Blockchain, have designed their software around this vulnerability. But unfortunately, some Bitcoin exchanges rely on unverified transactions, leaving themselves exposed to the bug when they don’t need to be. 

On Monday, Mt. Gox blamed its intermittent service on transaction malleability. 

“Today we are seeing malicious actors trying to flood the Bitcoin network with such malformed transactions in an effort to find other exchanges with similar implementation errors,” Antonopolous wrote at Coin Spectator

Though bad actors have discovered a way to compromise Bitcoin companies, the silver lining here is the integrity of the Bitcoin ledger—the blockchain—remains intact. Bitcoin’s greatest strength is nobody has yet found a way to counterfeit bitcoins because only legitimate coins can be recorded in the blockchain. These DOS attacks may be crippling the Bitcoin economy, but Bitcoin itself will emerge unscathed. 

It’s fortunate that many Bitcoin companies had the foresight to develop their software around transaction malleability, but if Bitcoin wants to be taken seriously, it’ll fix the vulnerability once and for all. 

As Gavin Andresen of the Bitcoin Foundation said, “Finding the best and most responsible solution will take time.” But if Bitcoin wants to speed through its stormy adolescence, the Foundation ought to make transaction malleability priority number one.

Photo by Davide Restivo