I did a research for past 48hours and it seems like that everybody who is running some bitcoin operation with off-chain 0 confirmations instant transactions (and is using txid for verification) like exchanges ( maybe Havelock(!) ) is vulnerable to malleability attack.
+1 for this
IMHO a lot of vendors, exchanges etc just haven't been doing house keeping. Once Gox spread the news malleability has become a new source of exploit for the kiddyscriptors as well as a convenient excuse for scam artists.
yes, i admit the negativity and conspiracy thinking in my recent posts ... but i hardly find something what makes me think different in bitcoin world in recent months, sorry about that. I am just careful.