diff --git a/watchtower/blob/derivation.go b/watchtower/blob/derivation.go
index a052157ad..7f712d077 100644
--- a/watchtower/blob/derivation.go
+++ b/watchtower/blob/derivation.go
@@ -1,23 +1,27 @@
 package blob
 
 import (
+	"crypto/sha256"
 	"encoding/hex"
 
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 )
 
-// BreachHintSize is the length of the txid prefix used to identify remote
+// BreachHintSize is the length of the identifier used to detect remote
 // commitment broadcasts.
 const BreachHintSize = 16
 
-// BreachHint is the first 16-bytes of the txid belonging to a revoked
-// commitment transaction.
+// BreachHint is the first 16-bytes of SHA256(txid), which is used to identify
+// the breach transaction.
 type BreachHint [BreachHintSize]byte
 
 // NewBreachHintFromHash creates a breach hint from a transaction ID.
 func NewBreachHintFromHash(hash *chainhash.Hash) BreachHint {
+	h := sha256.New()
+	h.Write(hash[:])
+
 	var hint BreachHint
-	copy(hint[:], hash[:BreachHintSize])
+	copy(hint[:], h.Sum(nil))
 	return hint
 }