Researchers have rubbished claims that the loss of bitcoins at MtGox was caused by transaction malleability. Christian Decker and Roger Wattenhofer from ETH Zurich examined an year’s worth of transactions on the blockchain. This was done by setting up special Bitcoin nodes that traced all transaction made in the 12 months before MtGox closed down on the 25th of February. Of this 35,000 transaction conflicts were discovered and 29,000 contained a transactions that was confirmed by a block. The most prominent form of malleability attack is the replacement of OP_0 instruction in signature encoding with OP_PUSHDATA2. 28,595 attacks were propagated this way but only 19% (5,670) were successful. Total profit from this attacks would have stood at 64,564 coins. According to the research paper, the Bitcoin network exhibits a strong bias towards the original transaction. Chances of a transaction being confirmed depends on how far it has been distributed into the network.
Between the period of January 2013 and February 2014, the total number of bitcoins owned by MtGox that ever got involved in malleability attacks was 302,000. Only 1,811 of this were in attacks (78.64% of which were ineffective) before users were blocked from withdrawing. According to observations made during the study, MtGox could only have lost BTC 386 to successful attacks. The problem has therefore been established to be with MtGox’s operations. The report by the ETH Zurich researchers can be found at arXiv, here – arXiv:1403.6676v1.