Ask HN: How to "defend" against Transaction malleability?

After reading https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=7244191 I think my website got affect by this. What&#x27;s the best way to defend against it?<p>freedomsponsors.org is a crowdfunding service for open source software where &quot;sponsors&quot; can send Bitcoins to programmers for solving issues.<p>As soon as we confirm we received bitcoins from a sponsor, we keep a 3% fee send the rest to the programmer, using a Python API.<p>Sending through the API returns a transaction hash that we store in our database.<p>Later FS receives a notification with transaction details. If that notification contains a transaction hash that doesn&#x27;t match anything on the database, freedomsponsors.org sends me an email that basically says: &quot;HEADS UP: Blockchain is telling me there is an outgoing transaction that I don&#x27;t know about, here is the transaction details...&quot;.<p>freedomsponsors.org is open source on Github, and the related code is here http:&#x2F;&#x2F;bit.ly&#x2F;1bA2eiQ<p>Today, I got two of those emails and boy did that freak me out! I thought someone was stealing my coins. Only later I could investigate and understand what happened:<p>Transaction created by FS (hash returned by the API):<p>hash = 18311e095c3d8426025ab87fae87e988e1fbad09ba01db32586d066fc28ba87d<p>amount = 0.01570000<p>from = 14LkZoYgcheQCkj1mk6oEKqDsxcKHNAT7q<p>to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW<p>That hash cannot be found in the blockchain anymore. Instead there&#x27;s<p>hash = a76f239a327e8b61f7c3f942d52066696c58ad13fb19e4ec7f523a342a12db59<p>amount = 0.01569999<p>from&#x2F;to = the same<p>So... I can&#x27;t trust transaction hashes anymore, is that it? Should I verify transactions based on &quot;from&quot; and &quot;to&quot; then? Or is there any more reliable way of telling whether money I sent has reached the wallet on the other side?<p>Thanks!