For over 72 hours, starting on the 2nd of September 2015, the bitcoin community has had to put up with a malleability attack, which, even though has not risked users’ bitcoins, has been an un-ignorable nuisance and impediment to smooth operations of the Bitcoin protocol.
The attack has been making sending bitcoins appear as if it is done twice or double spend. Fortunately, in the most of the cases, the genuine transactions have ended up being validated. As a result, however, Bitcoin users have been experiencing a delay in transaction confirmations.
It is not a new problem
A malleability attack occurs when a rogue node on the Bitcoin network changes some details of transactions and thus renders their hashes invalid. This is not a new a threat but one that the Bitcoin community has not only been in the knowledge of for a long time but also been experiencing albeit in lower levels than what has just been happening.
As a matter of fact, Bitcoin core developer Pieter Wuille did put forward an improvement proposal (BIP 62) in March 2014 to fix the problem. However, this was not acted upon due to the fear of the unforeseen effect on the Bitcoin protocol.
Pieter Wuille in January 2015 in a post to the Bitcoin developer mailing list did reiterate the need to act. He said, “…. the problem is very real […] and I would prefer to have a fundamental solution for it sooner rather than later.”
Wait for more confirmations
There is no clear word of the way forward from other core developers on how to deal with the problem. However, with this latest attack, it must be in the priority list of many.
While for the most part the regular user does not have much to do in the face of this attack, your first and main defense is to always ensure that your transactions have gone through multiple confirmations before considering them safe. Acting on zero –confirmations should be out of the question.
Might also be interested in reading Developers invite Bitcoin Community to Block Size Consensus Workshops