Home / Archive / BitClub Attacks the Bitcoin Network with Transaction Malleability

BitClub Attacks the Bitcoin Network with Transaction Malleability

Last Updated March 4, 2021 4:55 PM
Andrew Quentson
Last Updated March 4, 2021 4:55 PM

BitClub, a small bitcoin mining pool with around 4% of the network’s hardware share, has suddenly decided to attack the bitcoin network by malleating transactions causing confusion, potential theft, and nearly bringing blockchain.info down.

Bither, a bitcoin wallet, publicly stated  that the evidence shows transactions in block 456545, mined by BitClub, are malleability attack transactions. In the next BitClub block, the same malleability attack was undertaken.

Amaury Sechet, software engineer at Facebook and Bitcoin Unlimited developer, told CCN.com:

“It is currently possible for someone to modify a transaction he/she is not the author of in a way that it remains valid, but has a different transaction id. This is what BitClub did: they included modified versions of transactions in the blocks they mined.

Technically, this is a double spend, as you have 2 different transaction spending the same coin. However, this isn’t what is commonly understood as double spend, because these 2 transactions send the coin to the same person.

Because the transaction included in the block has a different id, anything that rely on a transaction id is affected. For instance, if you have a transaction A and a transaction B that spend A’s output in the mempool, changing A’s id will make B invalid. This has more disastrous effects on some layer 2 technologies such as LN.

This isn’t something new or unknown that happens here. BitClub has been supporting SegWit and I think they want to send the message that a malleability fix is required or these problem can occur. I think this is poor style from BitClub. Additionally, this is making a poor case for SegWit because it only solves malleability in specific use cases, not in general, so the attack would remain possible.”

He further explained that “there is no theft from BitClub, but the confusion can definitively lead to theft. Say I pay you with tx B and you check it as valid and accept it. But B spend coin from A and A is maleated by BitClub, then B becomes invalid. Now you don’t have the money you thought you’d have anymore. Because of the backlog, this can happen a long time after our exchange took place.”

BitClub is a private pool with small miners. It’s operator, James Hilliard, aka Lightsword, is a very strong proponent and advocate for segregated witnesses (segwit). Some, therefore, are calling the attack political.

Emin Gün Sirer‏, Cornell professor, asked  “is some miner doing a malleability attack to push for Segwit?” with Washington Sanchez‏, OpenBazzar developer stating “The best part is that after segwit, they can still perform this attack!”

Sire further told CCN.com that “it’s disheartening to see attacks by miners on Bitcoin. Historically, miners have acted as guardians of the ecosystem, and have, with very very rare exceptions, refrained from engaging in activities that benefit themselves at the expense of others. This change portends of worse attacks to come, especially if there is a fork.”

Segwit aims to address transaction malleability to allow for smother operation of layer two technologies such as the Lightning Network. The proposal, however, appears to be rejected by miners, with segwit standing at around 25% network share for many months.

The main reason for this apparent rejection has more to do with Segwit’s transaction capacity increase to only 1.7MB after wide adoption. Most miners who have expressed an opinion now seem to prefer Bitcoin Unlimited which reached 40% of the network’s hashrate share over the past 24 hours at some point yesterday and is nearing around 30% network share over the longer time period of one week.

There are two further proposals, besides segwit, that address transaction malleability. Flexible transactions (FT) by Thomas Zander, Bitcoin Classic developer, is one of them. Zanders publicly stated:

“Flexible Transactions… does solve 100% of all the issues that SegWit solves. And more! Additionally, Flexible Transaction is much safer to use and more future-ready than SegWit. Flexible Transactions has been running on its own testnet for months now and various alt-coins are integrating it.”

Zanders told CCN.com that FT has been merged in Bitcoin Classic, but it needs to be a hardfork. He told CCN.com that there is no activation or threshold for FT as “the block size is more important.”

Bitcoin Unlimited has not merged FT. Instead, Sechet has put forward a Bitcoin Unlimited Improvement Proposal to implement segwit as a hardfork. Asked why shouldn’t BU merge FT instead, Sechet stated:

“This builds upon SegWit and FT… there is very little in BUIP037 that actually come from me. Most of it is just taking the good idea that are in [segwit] and FT and making them work together.”

He further told CCN.com “with FT, every time you want to upgrade, you need a hard fork. With segwit, everything is a soft fork. With this, we have one hardfork, but then we don’t need any new hardfork to upgrade.”

The proposal is in the prototype stage and has to go through a member’s vote. Asked for a timeline, Sachet states that he may have a working prototype by the end of the month, but it will need some time for full deployment.

Once deployed, the Lightning Network can be launched, with the only difference in the blocksize debate returning to just the blocksize as bitcoin unlimited appears to plan a merger of segwit.

Editor’s Note: Article updated with additional comments from Emin Gün Sirer.

Image from Shutterstock.