Which attack vector allows a malicious node to return false transaction data to lightweight blockchain clients that rely on SPV (Simplified Payment Verification)?