Bitcoin QT Verifying Blocks

Recent problems at the Mt.Gox bitcoin exchange appear to be the result of an implementation flaw related to a known bitcoin technical issue. The issue is that of “Transaction Malleability”, a problem in certain implementations that allows an attacker to modify a transaction in such a way as to make the same transaction appear under a different transaction ID (Tx Hash), without changing any of the internal information (sender, recipient, value etc). This issue first became known in 2011 and it does not affect correctly implemented bitcoin clients, such as the reference client (bitcoind/bitcoin-qt).

The well-known and documented issue of “Transaction Malleability” makes it dangerous for bitcoin wallets and bitcoin exchanges to rely on the transaction hash as an authoritative proof, or “receipt” for a transaction. Instead, best practices dictate that implementations of bitcoin verify transactions by checking whether their inputs have been spent by any transactions included in a mined block, rather than relying on the presence (or absence) of the transaction hash in the blockchain.

Blockchain.info’s implementation follows best practices in this respect and does not rely on the transaction hash as verification of spent funds. Instead, if multiple conflicting versions of a transaction against spent inputs are seen on the network, both transactions are highlighted whenever they appear as a “double-spend”, until one of the transactions is confirmed, making the second disappear.

In Blockchain’s wallet implementation, each user of our service controls their own private keys and we don’t maintain internal “account balances” making it impossible to corrupt our internal accounting system in the same way that has affected Mt.Gox.