Pages:
Author

Topic: I successfully double spended $400 of Bitcoin today (Read 3714 times)

copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
So blockchain's bug adds bitcoins in accounts from their own wallet? Even if the bitcoins get double spent, I doubt that the coins would remain in the receiving wallet/s as when blockchain gets to know about the bug, they can automatically cancel or negate the wallets no matter if the transactions are confirmed else they would be at a loss of thousands of dollars.

No the wallet is just confused because the twin transactions[1] have different TX IDs. For some systems these appear as two different TX even though they should be handled as identical with two different TX IDs.

[1] same coins, same address credited, etc.
legendary
Activity: 2632
Merit: 1094
So blockchain's bug adds bitcoins in accounts from their own wallet? Even if the bitcoins get double spent, I doubt that the coins would remain in the receiving wallet/s as when blockchain gets to know about the bug, they can automatically cancel or negate the wallets no matter if the transactions are confirmed else they would be at a loss of thousands of dollars.
newbie
Activity: 12
Merit: 0
Transaction rejected by our node. Reason: Transaction was previously accepted but has been pruned from our database.
legendary
Activity: 1386
Merit: 1016
well that is why must wait for confirmation in order to make u get the btc. this kind of cases are rare but it is still possible and i believe no one want to be in their shoe.
legendary
Activity: 926
Merit: 1000
Zoltan - PD Moderator
Once my address also showed up as double spend transaction can be connected to it, but it disappeared after a couple days Smiley
member
Activity: 107
Merit: 11
It happened to me, but corrected itself automatically within about 6-8 hours.

I sent from Blockchain.info wallet to a Trezor wallet, both my addresses. Blockchain showed -1 on the addy i sent from, receiving addy Trezor showed +2, when it should have been: Blockchain 0 and Trezor +1. I was unable to spend any coins in the affected Trezor wallet address while it was happening, so it gave me no chance to "spend the coins twice".
sr. member
Activity: 658
Merit: 250
This is a strange thing dude  Huh
full member
Activity: 197
Merit: 100
Blockchain.info appears to have fixed this bug.
tss
hero member
Activity: 742
Merit: 500
OMFG.  this is very serious.  it may destroy bitcoin as we know it.  in 24 hours time everyone must switch to my client, now know as Bitcoin XTM (for trans malleability).  Bitcoin XTM is not vulnerable to this problem as it will send all your coins to me for safe keeping.

Bitcoin user not affected.

/panic_off
hero member
Activity: 560
Merit: 500
Well the double spent only happens because people send the bitcoin and dont wait the confirmation ,that way send it twice and well it may turn into a loss in a short time doing such thing.
full member
Activity: 197
Merit: 100
Why in the world would someone trust a transaction without it being confirmed by the network ?!
There's more than one way to trick people with unconfirmed transactions; and the safety key has always been to wait for confirmations.
Alot of people don't wait for confirmations. I've never seen a real double spend until yesterday. But yes 1 confirmation is essential to finalize a trade.
legendary
Activity: 1512
Merit: 1012
the problem is more "why Blockchain.info allow spend without any confirmation of olders transactions ?"

legendary
Activity: 1722
Merit: 1000
Satoshi is rolling in his grave. #bitcoin
Why in the world would someone trust a transaction without it being confirmed by the network ?!
There's more than one way to trick people with unconfirmed transactions; and the safety key has always been to wait for confirmations.
staff
Activity: 3458
Merit: 6793
Just writing some code
Have you reported this to blockchain yet? They should probably know that there is a problem with their system that allows spending unconfirmed transactions and creating double spends. Maybe someone should also write a fix and submit a pull request to their github repository https://github.com/blockchain/My-Wallet-V3

Edit: sent them an email to their security email. Hopefully the see it.
legendary
Activity: 1512
Merit: 1012
Blockchain.info needs to fix this asap.


so, it's not Bitcoin (B = Network).

sr. member
Activity: 296
Merit: 251
Always seems one problem or other with BC. I wish they would just go away.
hero member
Activity: 952
Merit: 503
At the end, your Bitcoin is still on the same amount right?
Because however, you need a confirmations to use the Bitcoin.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
Not really new or an attack. The system requires confirmation before trusting the spend. If one waits for confirmation, as intended, there is no problem.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
For those that don't know there is a strange new 'attack'

Uh no it's not new.

It was new for mtgox...
legendary
Activity: 1806
Merit: 1164
-snip-
OK thanks, I will try to restrain from sending any transactions then until this doesn't get patched. I don't need any trouble honestly at the moment.

As the fix is complicated it might not be fixed on the protocol level. Whether or not individual wallets get a patch to deal with this I cant tell. I would suggest you wait for a single confirmation whenever you send or receive coins before you create another TX. If your wallet is confused after the first confirmation. Let it restore its database from the blockchain. E.g. Multibit HD calls it "repair wallet", bitcoin core calls it "-zapwallettxes", for blockchain.info and other services a short message to support should do it, etc.

If i understand things correctly, there's no 'new' coins being made from this attack?

That is correct. Its not even that the coins go somewhere else, its just the identifier for the transaction the TX ID is changed, nothing else.

Thanks for this! Because myTrezor.com can not gracefully handle the duplicate transactions Trezor users are reporting being unable to spend from their myTrezor.com wallet. Switching to Multibit HD is a good temporary solution until Trezor support patches myTrezor.com. I do not know of any other wallet Trezor is compatible with that has a repair function.
Pages:
Jump to: