Aha, interesting. Seems someone could still run a similar process in reverse: if MtGox's successful make-up transactions are non-canonical, find those first, then look for canonical precursors, within the suspected-exploitation timeframe.
That seems more prone to false-positives, though, and perhaps after some point the flood of copycat non-canonicals becomes a problem. (On the other hand, if MtGox was fairly unique for a while in issuing a particular kind of non-canonical transaction, it could make mapping their affiliated addresses by some larger effort easier.)
Some researchers might have records of most of the alternate transactions that were circulating without being confirmed. For example, I don't know how comprehensive Blockchain.info's double-spend report – https://blockchain.info/double-spends – is, but I imagine TXID-mutated variations might appear as double-spends there. It's currently reporting 1126 detected double-spends - over 1000 in the last 3 days, but before then, quite rare.)
That seems more prone to false-positives, though, and perhaps after some point the flood of copycat non-canonicals becomes a problem. (On the other hand, if MtGox was fairly unique for a while in issuing a particular kind of non-canonical transaction, it could make mapping their affiliated addresses by some larger effort easier.)
Some researchers might have records of most of the alternate transactions that were circulating without being confirmed. For example, I don't know how comprehensive Blockchain.info's double-spend report – https://blockchain.info/double-spends – is, but I imagine TXID-mutated variations might appear as double-spends there. It's currently reporting 1126 detected double-spends - over 1000 in the last 3 days, but before then, quite rare.)