"Not that Bitcoin-QT handles Malleability fantastically— but because it tracks inputs it will still detect the mutant transactions."
http://sourceforge.net/mailarchive/message.php?msg_id=319565...
A user on an exchange requests to withdraw btc. MtGox creates a transaction with a tx hash of abc1234cdf... and sends it to the blockchain, polling for the status of tx hash "abc1234cdf...".
Due to tx malleability, the tx hash can change by changing some of the tx data (in insignificant ways), which doesn't invalidate the tx signatures.
A malicious user could wait for MtGox to create a tx, flip a bit and resubmit the tx and try to get it confirmed under a different hash, invalidating Gox's tx as a double spend.
Which leaves Gox polling for the status of tx hash "abc1234cdf...", which will never confirm.
A user then submits a support request and says their tx is "Stuck". MtGox then creates a new tx, Which doesn't respend the same coins, and thus, the user is paid 2x.
This is why many sites are having issues. It is in fact a problem with the reference client.
>In the meantime, users of the reference implementation do not need to be concerned. Transactions are always tracked properly by the Bitcoin-Qt/bitcoind software.
http://www.reddit.com/r/Bitcoin/comments/1xm49o/due_to_activ...
Edit: The concern with the Bitstamp appears to be confusion due to transaction malleability and NOT actual double spend or cancellation issues. However the BTC reference client is not perfect at handling malleability and only gets it right eventually.
I imagine that the more recent versions of the satoshi client don't have this bug, it may have a few years ago when bitstamp and mtgox may have been looking to draw inspiration from it.
