And while the transaction malleability issue is well-known and has plagued the Bitcoin network before, to many it is still unclear what it is, why it is a problem, who is causing the attack right now, and what can be done about it.

*According to the claimed attacker (see below), the attack is currently paused at the time of writing, but could and probably will be continued at any time.

What is transaction malleability?

In order to understand the transaction malleability attack, it helps to first understand the basics of how Bitcoin transactions work. In simplified form, each transaction over the Bitcoin network consists of different types of data. This includes transaction inputs (refering to the addresses bitcoin come from), transaction outputs (refering to the addresses bitcoin are sent to), the amount of bitcoin sent, and more. All of this data is cryptographically signed, combined, and scrambled ("hashed") into a unique and smaller piece of data: a hash. This hash is essentially the transaction ID. If a miner confirms the transaction, the transaction ID is included in a block and stored in the blockchain.

The problem that enables transaction malleability, however, is that effectively identical signatures can result in completely different hashes. The specifics of this are deeply cryptographic, and are very hard – if not impossible – to explain in plain English. But as one extremely simplified example to get an idea of the problem, a comparison would be that the numbers "145" and "0145" are effectively the same number in many cases. But when hashed, "145" and "0145" might actually produce completely different results.

In the case of the ongoing transaction malleability attack, the attacker picks transactions from the Bitcoin network, and tweaks signature data. As a result, all sorts of transactions have two completely different transaction IDs circulating on the Bitcoin network. And since a specific transaction can confirm only once, just one of the transaction IDs will be included in a block, while the other will be ignored.