Can somebody explains in a simple sentence (subject + verb + object) what's the problem with this attack, besides that can be a possible duplicate for your transaction that never gets accepted by the Blockchain and gets deleted by the Blockchain after 1 week (estimated time)?
There are two problems:
1. Some wallets get confused should they send a transaction that gets changed by the attack, giving wrong status information to the user.
2. The attacker can increase the size of the memory pool of unconfirmed transactions, which uses extra processing resources, memory resources and network bandwidth, potentially causing sluggish performance of the network and crashing weak nodes.
I will tell more
I have Mycelium 2.5.2. It allows to spend from unconfirmed transactions (without this feature a user could not make a next transaction until a next block in blockchechain will be generated but user should have a right to spend a change al least for example from a previous payment without waiting)
But this attack has a biggest problem as you could think - now i cannot spend my money from HD account already 3 days because this attack affected my Mycelium wallet. How it happens:
I did Tx - A. After soon i did other Tx - B. The B uses inputs from Tx A. Both transactions were unconfirmed. But attacker rebroadcasted a changed new transaction - A'. And this transaction was confirmed! After refreshing in the Mycelium wallet the last one forgot about A and replaced it by A' Tx. But after i had the A', the B transaction which used inputs from my other Txs and from the A! But the A already doesn't exist because it was double-spended for blockchain! And the Tx B looks like normal transaction (not double-spend!) because it has input from A transaction (other hash) - there is original TxID and its Tx was forgotten. Miners and full nodes think that they have the B transaction but didn't get a the A yet (other inputs refere to valid Txs of course). And this transaction hangs in mempool already three days and i cannot use other inputs! As a result of this - i as user cannot use other bitcoins already some days. I tried to archive account in Mycelium, wait 1-2 days and activate account again - and this "zombie" B Tx restored again and holds other outputs of other Tx from spending because the B has them (i see it happens because the Mycelium company has own bitcoin blockchain explorer which remembers this B Tx long time).
I think it problem is not only of the Mycelium wallet software.
While malleability will be in current protocol and the BIP62 doesn't work yet - any atacker will be able to make many shit to other users with wallet software - in this case there will be only one way to use bitcoin: to make one transaction in wallet -> wait until confirmation -> doing next transaction... It is stupid and very not comfortable way of bitcoin using.
What do you think about this?
P.S. I am as an advanced user exported xpriv key in Electrum and after this made new transaction and did double-spend of other inputs which were blocked by B Tx... But should what do not-advanced user? He will think that bitcoin sucks and he lost a money...