[gojomo]

That's only looking at one kind of malleability. Notably, I've been told that MtGox for years issued its own transactions in a non-standard format... so one potential 'attack' would be to mutate those to canonical form and race them into the blockchain. There'd be no evidence of such an attack in the blockchain: only someone who'd been long-archiving losing, non-canonical transactions from multiple places in the network would have a way to estimate the frequency/magnitude of such activity.

[lvs]

That sounds a bit speculative. If someone has a link that shows one of these "non-canonical transactions," that might lend some credence to the idea. Furthermore, if Gox was always issuing weird transaction formats, then looking for addresses that show a statistic prevalence of these would be trivial. Showing that the attack took place would simply require showing addresses that occasionally issued a proper tx, but statistically favored outgoing transactions of the type you describe. That is, there will be evidence in the blockchain if the type of transaction you describe is very specific to gox.

[gojomo]

Their history of oddly-composed transactions could help identify more of their likely addresses, if noone else did the same thing, but that would still be of limited use in funds-tracing depending on whether such addresses were ever reused.

That they've long been issuing valid but unusual signatures was mentioned among other places at: http://www.reddit.com/r/Bitcoin/comments/1x93tf/some_irc_cha...

I'm not sure if this was just a tiny sliver of their transactions, or a large proportion... but it complicates easy analysis of what the malleability losses could be.