This August we (Daniel Chechik and Ben Hayak) gave a talk at Blackhat USA 2014 about a known yet mysterious vulnerability in Bitcoin called “Transaction Malleability." In our session we first presented a brief overview of the Bitcoin concept and its structure, then proceeded to explain what we consider the most interesting Transaction Malleability technique. Finally we showed how to use it in practice by using a live demo.
In general, the Transaction Malleability vulnerability is about mutating transactions using their valid content with slight and “harmless” changes while keeping the transaction signature valid, and then relaying the mutated transaction back to the network. In the Bitcoin protocol every transaction is identified by a hash of all the transaction’s content, so by mutating a transaction the modification will result in a different Transaction ID. Such modifications might affect websites or services that rely on the integrity of the transaction only by tracking the transaction ID.