2 SHARES Reddit Facebook Twitter Google

Transaction Malleability Attack And Trezor: What You Need To Know

A hero member of the Bitcoin Forum who goes by amaclin claims to be creating a variation of double spends on the bitcoin network with a transaction malleability attack. He is intercepting transactions and replacing the low S value with the high S value in one of the signatures. This results in a copy of the transaction with a new valid but non-standard signature. You don’t need the private key to do this and some miners will be glad to mine the extra non-standard transaction. What you wind up with is are copies of transactions where one confirms and one does not.

BIP 66 fixed one source of malleability but not all. BIP 62 is needed to address the present attack as it addresses all other known sources including this one. However BIP 62 is not ready to deploy and will require an update to all bitcoin wallets. As with BIP 34 transistion from V1 to V2 blocks miners will have to upgrade and start mining V3 blocks.

Meanwhile amaclin seems to have taken it on himself to urge adoption of BIP 62 through his attack, which is causing some grief for bitcoin users whose wallets are showing double spends. Eventually one of the transactions will win by being mined into a block and the other transaction will gradually be forgotten by the network and (hopefully) disappear from your wallet transaction list. Some wallets are affected more adversely than others.

In particular the myTrezor.com web wallet is severely affected because it is not able to rescan its transactions and ignore the zero confirmation duplicated transactions. Users are reporting they are not able to spend the balance in their wallets.

What Should Trezor Owners Do?

Until Trezor patches their myTrezor.com web wallet to ignore unconfirmed transactions you will need to use a different wallet. Multibit HD is our recommendation because it is the only wallet Trezor supports that offers the ability to rescan transactions.

Once you have Multibit HD installed just connect your Trezor and start Multibit HD and follow on screen prompts. In the dashboard you always have the option under Manage Wallet to Repair Wallet. However remember that Multibit HD does not support hidden wallets with passphrases. If you are already using that function you would have to use Electrum instead. Electrum wallet does not offer a rescan option but is more robust that myTrezor.com at present.

Your other option is to use your Trezor with Mycelium wallet on your Android phone. There is a caveat here as Trezor requires a late model Android phone that has USB Host or OTG ability. If you have Mycelium on your phone already working with Trezor you can see the duplicate transaction under the Transactions tab. Just highlight the unconfirmed transaction and press the Show Details button. When it asks if you want to Cancel or Rebroadcast the transaction, select the Cancel button. You should now be good to go.

How To Determine if Transaction Malleability Attack Is Ongoing

Visit Statoshi – Transactions and check the third chart down as shown here:

You can tell from the transactions rejected on the chart that the attack ended on 10/5 about 10:00 but may have resumed about 16:00. When the attack is in progress it is important to wait for multiple confirmations whenever you send or receive coins before you make another transaction.

Some wallets are affected worse than others when the attack is on. Besides myTrezor.com being unusable at present, blockchain.info should be avoided. If you have a problem with a transaction on blockchain.info you will have to contact support to sort it out.

It is important to note that Trezor has signed transactions LowS since December 2014. SatoshiLabs was able to update myTrezor.com to make it immune to the attack by amaclin within 48 hours. In addition both Electrum and Bitcoin Core 0.11.1 now mandate LowS signatures. Remember as Trezor is a signing hardware wallet it overrides any software it is used with. Even with older versions of Electrum which signed HighS natively, when used with Trezor transactions were transmitted LowS.