public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Significant losses by double-spending unconfirmed transactions
@ 2015-07-15  3:29 simongreen
  2015-07-15 14:35 ` Tom Harding
                   ` (2 more replies)
  0 siblings, 3 replies; 23+ messages in thread
From: simongreen @ 2015-07-15  3:29 UTC (permalink / raw)
  To: bitcoin-dev

With my black hat on I recently performed numerous profitable 
double-spend attacks against zeroconf accepting fools. With my white hat 
on, I'm warning everyone. The strategy is simple:

tx1: To merchant, but dust/low-fee/reused-address/large-size/etc. 
anything that miners don't always accept.

tx2: After merchant gives up valuable thing in return, normal tx without 
triggering spam protections. (loltasticly a Mike Hearn Bitcoin XT node 
was used to relay the double-spends)

Example success story: tx1 paying Shapeshift.io with 6uBTC output is not 
dust under post-Hearn-relay-drop rules, but is dust under 
pre-Hearn-relay-drop rules, followed by tx2 w/o the output and not 
paying Shapeshift.io. F2Pool/Eligius/BTCChina/AntPool etc. are all 
miners who have reverted Hearn's 10x relay fee drop as recommended by 
v0.11.0 release notes and accept these double-spends. Shapeshift.io lost 
~3 BTC this week in multiple txs. (they're no longer accepting zeroconf)

Example success story #2: tx1 with post-Hearn-relay drop fee, followed 
by tx2 with higher fee. Such stupidly low fee txs just don't get mined, 
so wait for a miner to mine tx2. Bought a silly amount of reddit gold 
off Coinbase this way among other things. I'm surprised that reddit 
didn't cancel the "fools-gold" after tx reversal. (did Coinbase 
guarantee those txs?) Also found multiple Bitcoin ATMs vulnerable to 
this attack. (but simulated attack with tx2s still paying ATM because 
didn't want to go to trouble of good phys opsec)

Shoutouts to BitPay who did things right and notified merchant properly 
when tx was reversed.

In summary, every target depending on zeroconf vulnerable and lost 
significant sums of money to totally trivial attacks with high 
probability. No need for RBF to do this, just normal variations in miner 
policy. Shapeshift claims to use Super Sophisticated Network Sybil 
Attacking Monitoring from Blockcypher, but relay nodes != miner policy.

Consider yourself warned! My hat is whiter than most, and my skills not 
particularly good.

What to do? Users: Listen to the experts and stop relying on zeroconf. 
Black hats: Profit!



^ permalink raw reply	[flat|nested] 23+ messages in thread

end of thread, other threads:[~2015-07-18 15:09 UTC | newest]

Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-15  3:29 [bitcoin-dev] Significant losses by double-spending unconfirmed transactions simongreen
2015-07-15 14:35 ` Tom Harding
2015-07-15 15:18   ` Peter Todd
2015-07-15 15:49     ` Me
2015-07-15 15:53       ` Bastiaan van den Berg
2015-07-15 15:59       ` Peter Todd
2015-07-15 16:06         ` Me
2015-07-15 16:11           ` Pieter Wuille
2015-07-15 16:41             ` Me
2015-07-15 16:12         ` Milly Bitcoin
2015-07-15 18:25           ` Matthieu Riou
2015-07-15 19:32             ` Peter Todd
2015-07-15 19:57               ` Milly Bitcoin
2015-07-16  0:08               ` Matthieu Riou
2015-07-16  5:18                 ` odinn
2015-07-17 11:59                 ` Peter Todd
2015-07-17 12:56                   ` Milly Bitcoin
2015-07-15 17:01 ` Adrian Macneil
2015-07-16 14:30 ` Arne Brutschy
2015-07-16 14:50   ` Me
2015-07-16 15:33     ` Greg Schvey
2015-07-18 11:43   ` Mike Hearn
2015-07-18 15:09     ` Peter Todd

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox