Author

Topic: How to detect a fake transaction? (Read 313 times)

newbie
Activity: 12
Merit: 0
December 28, 2017, 01:31:20 AM
#12
This cannot happen because of the way each transaction is designed. Every single transaction must reference an output of another transaction. Essentially you can only spend the money that you already have. You cannot create BTC out of thin-air.
newbie
Activity: 32
Merit: 0
December 28, 2017, 12:36:05 AM
#11
Well what kind of "fake" are you talking about because this is so broad, though you do a very general step, just look for unusual thing, and always go with your sense , if it is very suspicious then abort the transaction as fast as you can so that no harm/problem will be done
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
December 27, 2017, 05:58:22 AM
#10
i hope this is fixed because it will be so painful to lose hard earned coins

There is nothing to fix... If you are the receiver, wait for a couple of confirmations, also make sure you use a decent wallet and you should be fine... (like others already pointed out in this thread).
newbie
Activity: 28
Merit: 0
December 27, 2017, 05:52:31 AM
#9
i hope this is fixed because it will be so painful to lose hard earned coins
legendary
Activity: 966
Merit: 1042
December 23, 2017, 10:38:47 PM
#8
Man TL;DR version is, no confirmation means that it can be double spent. There's no such thing as a 'fake' transaction, but that certainly doesn't mean that someone can't rip you off with a good old double spend.
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
December 23, 2017, 10:35:29 PM
#7
[Note:  I was in the middle of writing this when ranochigo posted.  Thus some of the redundancy.]

Run a full node for validation, too.  SPV and other “light” clients can be fooled by certain attacks.  I don’t think an SPV node could be made to accept a “fake” transaction, in and of itself; but it could be misled onto a forkchain, which would allow feeding it a whole ledger full of fake transactions.

You are so technical and it isn't good for ordinary people.

If you don’t want technical discussion, then why are you posting in “Development & Technical Discussion”?  Ask in another forum.  I dumb things down for people over there, or I stay away.  Also, I personally couldn’t care less what you say is “good for ordinary people”.

But if you desire a technical education, this is an excellent place.

But i can't run a full node. Also i don't understand how a full node can detect a fake transaction before confirmations.

You never defined a “fake” transaction.  I will infer a precise definition:  A transaction which does one or more of (0) violating consensus rules, and/or (1) spending inputs which were already spent (viz. a double-spend tx).

Protection against (1) is the purpose and the only purpose of miners and “confirmation”.  The technical term is that “confirmation” provides Byzantine fault tolerance in the ordering of transactions.  Ordering is important, that is what chooses between multiple conflicting transactions in a double-spend scenario.  “Byzantine fault tolerance” means in effect that untrusted and mutually untrusting parties with unreliable communications can reliably converge on a common agreement, excluding malicious cheaters.

Full protection against (0) is built into Core, which validates each and every transaction according to a stringent set of rules.  Every bit and byte of each and every transaction must pass validation, or else the whole transaction is simply discarded.  Full nodes also validate whole blocks of transactions, according to yet more rules; this prevents malicious miners from messing with the network.  A Core node follows whichever fully valid chain has the highest total proof-of-work.

If a transaction passes all consensus rule validation and has been “confirmed”, then by definition it is not fake.

If you can’t run a full node, then what you are saying is that you can’t have full validation.  There’s no magical means to wave that away.  The better light clients (such as Electrum) are good enough for most light consumer use; but they will never have the security of a Core node.

Fake transaction like this:
https://blockchain.info/tx/ba8a7fb13a507a4987bfa267a6f12defc0d30216fdf6664cdc06cc4c8de71a84

This tx is happened in blockchain.info and this is still unconfirmed. But it isn't happened in blocktrail.com.

I haven’t bothered to pick that apart and see what’s going on.  But as kahc noted, it’s probably just exploiting a bug in blockchain.info’s (notoriously buggy) software.  Solution:  Run Core.

If you’re worried about unconfirmed transactions, well—you should be.  Wait for confirmation.  Unconfirmed transactions are insecure; they could turn out to be “fake” in the sense of a being overridden with a double-spend.   That’s why the process of confirming transactions exists in the first place!
Double-spend isn't big problem here.
I can detect it by checking final balance and last transactions of sender address that all it's transactions are confirmed.

The only way to protect against double-spends is with confirmations.  Unconfirmed transactions are never safe.  They always have some possibility of being overridden with a double-spend.  It is impossible that you could “detect” that; and if there were such a way, we wouldn’t need miners.  Whatever you are doing, it is not achieving what you suppose.

Quote
Also, if it is not a Segwit transaction, then before confirmation there is the tx malleability issue to worry about.  Segwit fixes tx malleability.
I don't understand it. all BTC transactions after 1st aguest 2017 are Segwit, aren't?

Segwit, which activated 24th August 2017 at Block #481824, was a “softfork”.  It still permits old-style transactions.  Indeed, if your address starts with a “1”, then you are still sending non-Segwit transactions and vastly overpaying in fees.  This is important if you want to save on fees (and also help the network), so I will briefly explain.

Oversimplifying a bit:  Whether or not a transaction is a Segwit tx is determined by the address of the sender.  So if you want to send Segwit tx and get a sharp fee discount, you need to use a Segwit address.  There are two kinds of Segwit addresses:

  • Backwards-compatible P2WPKH-nested-in-P2SH addresses, such as the one in my signature: 36finjay27E5XPDtSdLEsPR1RypfhNW8D8.  These start with a “3”; but not all addresses starting with a “3” are Segwit addresses (just as all dogs are animals, but not all animals are dogs).  There is no way to distinguish whether or not a “3” address is Segwit, just by looking at it.  These addresses have some disadvantages, but one important advantage:  Every Bitcoin client made in the past few years can send money to them.
  • Bech32 addresses, which I call “Bravo Charlie One” addresses because they always start with “bc1”.  Those look like this:  bc1qnym7k9hfl77zgrstcrjhphm0llne5j4w0m3fuu  That’s the Bitcoin address of the future, redesigned with error-correcting codes and no upper/lowercase distinction.  But Bech32 has one temporary disadvantage:  Only people who have upgraded to the newest software can send money to it.  I want people to send me money, so I’m still using nested P2SH; I hope to switch to Bech32 in about 6–12 months.

I do services and get BTC from people for it. I can't wait 5 days for confirmations. Bitcoin is not user-friendly any more. I think I should choose another coin very soon

Ok, bye!  Don’t let the door hit your butt on the way out.

Bitcoin doesn’t need you.  Big money is now involved, and big money is competing with itself.  I am perpetually amused by how people don’t realize that even if you’re a “whale”, you need Bitcoin and Bitcoin does not need you.  You’re not doing Bitcoin any favours.

So sell now, SELL SELL SELL, dump your BTC, and go away.  You will be crying a few years from now, when the 2017 market looks like the 2012 market does now.  But by then, it will be too late; and neither Bitcoin nor I will give a damn what happens to you.

I’m happy to help people who love Bitcoin.  I volunteer many hours of my time explaining how to get an instant fee discount with Segwit, how to generate nested P2SH Segwit addresses with the popular Electrum wallet, etc., etc.  See above!  But if you “choose another coin very soon”, I will be pleased to laugh at your future regrets.
jr. member
Activity: 42
Merit: 2
December 23, 2017, 10:05:43 PM
#6
Hello

I realized recently that making fake transactions are possible. I know no one can undo any transactions, either.

I want to know is there any way to detect that a certain unconfirmed transaction is fake or not, right after sending?

This is a big problem for me because of so many unconfirmed transactions that i'm getting nowadays.

If you are unsure whether your bitcoin address has received funds and/or do not have your bitcoin wallet at hand you can still check by using a Blockchain Explorer, as all bitcoin addresses are publicly visible on the bitcoin blockchain you can look them up if you are aware of the address or the transaction id.

Lists of Blockchain explorers

Blockcypher https://live.blockcypher.com/
Namecoin https://namecoin.org/explorers/
Coinsutra https://coinsutra.com/best-bitcoin-block-explorers/
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 23, 2017, 09:46:47 PM
#5
You are so technical and it isn't good for ordinary people.
But i can't run a full node. Also i don't understand how a full node can detect a fake transaction before confirmations.
Confirmations=/ Verification of transactions.

The mining process isn't all about verifying the validity of a transaction. The transaction is verified when a full node receives it. If it meets the criterion of a valid transaction, it is included in the mempool. If its in your mempool and your node is the reference implementation, then other nodes running the same client will also see it as valid. Hence, if you can see it in your own full node, then you can be sure it is valid.

Fake transaction like this:
https://blockchain.info/tx/ba8a7fb13a507a4987bfa267a6f12defc0d30216fdf6664cdc06cc4c8de71a84

This tx is happened in blockchain.info and this is still unconfirmed. But it isn't happened in blocktrail.com.
The only reason why it is appearing on Blockchain.info is because Blockchain.info runs buggy software and they don't even validate the signatures when you use their broadcast too in the past.


Double-spend isn't big problem here.
I can detect it by checking final balance and last transactions of sender address that all it's transactions are confirmed.
No. The transaction itself has to be confirmed, else it is easy to double spend it.

I don't understand it. all BTC transactions after 1st aguest 2017 are Segwit, aren't?
No. The only thing that happened then was the Bitcoin Cash fork. Segwit wasn't activated yet. Even so, not all transactions are Segwit.


I do services and get BTC from people for it. I can't wait 5 days for confirmations. Bitcoin is not user-friendly any more. I think I should choose another coin very soon
You won't have to, if you pay a decent fee.
member
Activity: 350
Merit: 13
December 23, 2017, 09:26:49 PM
#4
Is likely that blockchain.info is using some customized validation code instead of following the consensus algorithm. Therefore the invalid transaction got accepted into their mempool.
sr. member
Activity: 1120
Merit: 255
December 23, 2017, 08:53:24 PM
#3
Hello

I realized recently that making fake transactions are possible. I know no one can undo any transactions, either.

I want to know is there any way to detect that a certain unconfirmed transaction is fake or not, right after sending?

This is a big problem for me because of so many unconfirmed transactions that i'm getting nowadays.

Run a full node for validation, too.  SPV and other “light” clients can be fooled by certain attacks.  I don’t think an SPV node could be made to accept a “fake” transaction, in and of itself; but it could be misled onto a forkchain, which would allow feeding it a whole ledger full of fake transactions.

You are so technical and it isn't good for ordinary people.
But i can't run a full node. Also i don't understand how a full node can detect a fake transaction before confirmations.


If you’re worried about unconfirmed transactions, well—you should be.  Wait for confirmation.  Unconfirmed transactions are insecure; they could turn out to be “fake” in the sense of a being overridden with a double-spend.   That’s why the process of confirming transactions exists in the first place!
Double-spend isn't big problem here.
I can detect it by checking final balance and last transactions of sender address that all it's transactions are confirmed.

Quote
Also, if it is not a Segwit transaction, then before confirmation there is the tx malleability issue to worry about.  Segwit fixes tx malleability.
I don't understand it. all BTC transactions after 1st aguest 2017 are Segwit, aren't?


I do services and get BTC from people for it. I can't wait 5 days for confirmations. Bitcoin is not user-friendly any more. I think I should choose another coin very soon
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
December 23, 2017, 07:51:11 PM
#2
Hello

I realized recently that making fake transactions are possible. I know no one can undo any transactions, either.

I want to know is there any way to detect that a certain unconfirmed transaction is fake or not, right after sending?

This is a big problem for me because of so many unconfirmed transactions that i'm getting nowadays.

What do you even mean by a “fake” transaction?  That’s a meaningless phrase which could mean anything.  Generally, no, fake transactions are not possible.

If you’re worried about unconfirmed transactions, well—you should be.  Wait for confirmation.  Unconfirmed transactions are insecure; they could turn out to be “fake” in the sense of a being overridden with a double-spend.  That’s why the process of confirming transactions exists in the first place!  Also, if it is not a Segwit transaction, then before confirmation there is the tx malleability issue to worry about.  Segwit fixes tx malleability.

Run a full node for validation, too.  SPV and other “light” clients can be fooled by certain attacks.  I don’t think an SPV node could be made to accept a “fake” transaction, in and of itself; but it could be misled onto a forkchain, which would allow feeding it a whole ledger full of fake transactions.
sr. member
Activity: 1120
Merit: 255
December 23, 2017, 07:21:57 PM
#1
Hello

I realized recently that making fake transactions are possible. I know no one can undo any transactions, either.

I want to know is there any way to detect that a certain unconfirmed transaction is fake or not, right after sending?

This is a big problem for me because of so many unconfirmed transactions that i'm getting nowadays.
Jump to: