Issue as follows - MtGox uses custom Bitcoin software which appears to only track transactions solely based on the transaction ID. Transaction IDs are not cryptographically signed, and can be altered. This has been known since 2011 - www.reddit.com/r/Bitcoin/comments/1xif76/transaction_malleability_issue_was_addressed_long/ If software wants to confirm whether a transaction was included in a block, you typically check for its hash. However, if someone claims the hash never made it into a block, the next check is to confirm whether the inputs were used or not. This is basically an accounting problem. The official Bitcoin-QT client handles this issue fine. A more technical rundown - Transactions consist of one (or more) "inputs" that have been cryptographically signed to prove ownership (inputs are "consumed" in whole). Transactions also consist of one (or more) "output" Bitcoin addresses to receive payment - these "outputs" are also cryptographically signed. These "inputs" and "outputs" can contain many different Bitcoin addresses. Once the entire transaction is constructed, a hash of the the entire transaction can be generated for tracking purposes. However, this hash has not been cryptographically signed. Actually, it can't be signed - because who would sign it? You can't have multiple parties "self sign" a transaction without altering the hash along the way. The core devs have been attempting to stop "transaction malleability" since 2011 by limiting what can be changed elsewhere in the transaction, however, this may not actually be possible. But the fix has been known all along - track the consumed inputs rather than simply tracking the transaction ID.
