I successfully double spended $400 of Bitcoin today - page 2.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: turtlehurricane on October 05, 2015, 06:01:16 AM

Correct, just 2 transactions for the same bitcoin. Both show up at their destination like any other bitcoin would, but only one is confirmed and the other one disappears (remains unconfirmed forever). This customer waited till he saw it in his blockchain to leave, then as he's driving away I accidentally double spended him and his coins were back in one of my wallets. I called to explain, mostly since I've never seen that before, and sent it back to him.

Due to the events of last night, I will be waiting for 1 confirmation from here on out.

I wouldn't even call what you did a classical double spend. A simple definition of a double spend is the following:

Quote

Double-spending is the result of successfully spending some money more than once.

What wallet did the customer use? If it's blockchain.info then it has something to do with them. I'd like more evidence so that we can analyze what exactly happened here.

Update: I rewrote my whole post, forget the initial nonsense. I should not answer complicated issues when I'm tired.

shorena

copper member

Activity: 1498

Merit: 1499

No I dont escrow anymore.

Quote from: Mickeyb on October 05, 2015, 05:55:58 AM

-snip-
OK thanks, I will try to restrain from sending any transactions then until this doesn't get patched. I don't need any trouble honestly at the moment.

As the fix is complicated it might not be fixed on the protocol level. Whether or not individual wallets get a patch to deal with this I cant tell. I would suggest you wait for a single confirmation whenever you send or receive coins before you create another TX. If your wallet is confused after the first confirmation. Let it restore its database from the blockchain. E.g. Multibit HD calls it "repair wallet", bitcoin core calls it "-zapwallettxes", for blockchain.info and other services a short message to support should do it, etc.

Quote from: fuddudle on October 05, 2015, 05:47:42 AM

If i understand things correctly, there's no 'new' coins being made from this attack?

That is correct. Its not even that the coins go somewhere else, its just the identifier for the transaction the TX ID is changed, nothing else.

turtlehurricane

full member

Activity: 197

Merit: 100

Quote from: fuddudle on October 05, 2015, 05:47:42 AM

If i understand things correctly, there's no 'new' coins being made from this attack?

Correct, just 2 transactions for the same bitcoin. Both show up at their destination like any other bitcoin would, but only one is confirmed and the other one disappears (remains unconfirmed forever). This customer waited till he saw it in his blockchain to leave, then as he's driving away I accidentally double spended him and his coins were back in one of my wallets. I called to explain, mostly since I've never seen that before, and sent it back to him.

Due to the events of last night, I will be waiting for 1 confirmation from here on out.

Mickeyb

hero member

Activity: 798

Merit: 1000

Move On !!!!!!

Quote from: shorena on October 05, 2015, 05:37:52 AM

Quote from: Mickeyb on October 05, 2015, 05:27:32 AM

Quote from: 7788bitcoin on October 05, 2015, 04:54:22 AM

Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.

So what is this all about again? Is this the same old transaction malleability like before? I see that only blockchain.info users are affected, right? Any other wallets that should be worried about?

This affects all wallets. It just varies on the issues this creates. Some wallets report a wrong balance, while others like e.g. core report the TX as conflicting.

OK thanks, I will try to restrain from sending any transactions then until this doesn't get patched. I don't need any trouble honestly at the moment.

fuddudle

full member

Activity: 150

Merit: 100

If i understand things correctly, there's no 'new' coins being made from this attack?

shorena

copper member

Activity: 1498

Merit: 1499

No I dont escrow anymore.

Quote from: Mickeyb on October 05, 2015, 05:27:32 AM

Quote from: 7788bitcoin on October 05, 2015, 04:54:22 AM

Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.

So what is this all about again? Is this the same old transaction malleability like before? I see that only blockchain.info users are affected, right? Any other wallets that should be worried about?

This affects all wallets. It just varies on the issues this creates. Some wallets report a wrong balance, while others like e.g. core report the TX as conflicting.

Mickeyb

hero member

Activity: 798

Merit: 1000

Move On !!!!!!

Quote from: 7788bitcoin on October 05, 2015, 04:54:22 AM

Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.

So what is this all about again? Is this the same old transaction malleability like before? I see that only blockchain.info users are affected, right? Any other wallets that should be worried about?

buddu

hero member

Activity: 700

Merit: 500

I had only one transaction of 0.10BTC and didn't observe anything irregular or double spent.It was smooth and clear transaction made on blockchain.I need not worry about this.

Blazr

hero member

Activity: 882

Merit: 1005

Quote from: turtlehurricane on October 05, 2015, 05:02:24 AM

something in .info's protocol is allowing people to broadcast spent inputs as long as they are unconfirmed.

You can do that with almost any wallet, and the ones you can't do that with you can do it by removing some code. The only solution is to wait for confirmations. Unconfirmed transactions can be double spent, the whole point of confirmations/mining is to prevent double spending. If you accept unconfirmed transactions then you're probably going to get scammed eventually. Some businesses such as bitpay have mitigations that make it somewhat harder to double spend but it is still possible to do so.

turtlehurricane

full member

Activity: 197

Merit: 100

Quote from: 7788bitcoin on October 05, 2015, 04:54:22 AM

Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.

Yes, just hide inside the protocol during times like this. Not everyone is such an expert however. Most of the world uses blockchain.info wallet... If I accidentally double spended $400 then a scammer can double spend just as much as he has in his wallet. These are double spends that occur on the actual blockchain, something in .info's protocol is allowing people to broadcast spent inputs as long as they are unconfirmed. Then send another one with a much higher fee, and the ridiculously good few gives it priority when the miners decide which one goes in the block.

Very real double spend, no 51% attack required. .info needs to overhaul their code ASAP

7788bitcoin

legendary

Activity: 2282

Merit: 1023

Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.

newtons1

member

Activity: 94

Merit: 10

Quote from: onemorexmr on October 05, 2015, 02:10:24 AM

Quote from: newtons1 on October 05, 2015, 01:52:25 AM

Quote from: smoothie on October 05, 2015, 01:46:42 AM

Quote from: turtlehurricane on October 04, 2015, 10:38:31 PM

For those that don't know there is a strange new 'attack'

Uh no it's not new.

This attack has be known for years, but it is only recently (within the last ~18 months) that there have been any serious consequences because of this issue.

MtGox claimed that they had huge losses because of malleability attacks; though its unproven (there also where mallated transactions back then).
they claimed that people withdraw btc. that tx was mallated. their system thought (because of the new txid) their transaction has not been in a block so they refunded.

technically its not a double-spent btw as it only looks like one, but all outputs and inputs are the same: so imho it isnt.

For the record, I do not believe MtGox's story for a minute, unless the transactions in question occurred many years ago prior to bitcoin having any real value.

The malleability attack caused Gox to allow their customer to receive more money then they were really due. It would be similar to you tricking the cashier at Target that you should receive more change for your purchase then you really should.

onemorexmr

sr. member

Activity: 252

Merit: 250

Quote from: newtons1 on October 05, 2015, 01:52:25 AM

Quote from: smoothie on October 05, 2015, 01:46:42 AM

Quote from: turtlehurricane on October 04, 2015, 10:38:31 PM

For those that don't know there is a strange new 'attack'

Uh no it's not new.

This attack has be known for years, but it is only recently (within the last ~18 months) that there have been any serious consequences because of this issue.

MtGox claimed that they had huge losses because of malleability attacks; though its unproven (there also where mallated transactions back then).
they claimed that people withdraw btc. that tx was mallated. their system thought (because of the new txid) their transaction has not been in a block so they refunded.

technically its not a double-spent btw as it only looks like one, but all outputs and inputs are the same: so imho it isnt.

newtons1

member

Activity: 94

Merit: 10

Quote from: smoothie on October 05, 2015, 01:46:42 AM

Quote from: turtlehurricane on October 04, 2015, 10:38:31 PM

For those that don't know there is a strange new 'attack'

Uh no it's not new.

This attack has be known for years, but it is only recently (within the last ~18 months) that there have been any serious consequences because of this issue.

cjmoles

legendary

Activity: 1176

Merit: 1017

Okay, how does the original wallet let a transaction out if the funds aren't in it anymore?...unless some of the wallets ledger history was reversed some???....hmmmm???

newtons1

member

Activity: 94

Merit: 10

Quote from: turtlehurricane on October 04, 2015, 11:53:23 PM

Quote from: manselr on October 04, 2015, 11:50:20 PM

I haven't done anything with Bitcoin lately so I feel safe. I also only operate with Bitcoin core as well. I keep reading about this malleability problem and wonder when they will do something about this. It's a pretty serious thread. Will the LN help with this?

I'm glad someone else in this thread recognizes this is a serious problem. It's not a joke.

Bitcoin Core is already fixed, which means the code is out there to make this not an issue. Blockchain.info needs to patch this as soon as they can, tons of people must be freaking out.

The fact that someone is using core does not mean anything. The issue is that people are spending 0 confirmations transactions which cause transactions to become invalid once the changed transactions confirm.

Any inaccurate display of balances in wallets will eventually correct themselves, most likely after restarting your wallet software

smoothie

legendary

Activity: 2492

Merit: 1473

LEALANA Bitcoin Grim Reaper

Quote from: turtlehurricane on October 04, 2015, 10:38:31 PM

For those that don't know there is a strange new 'attack'

Uh no it's not new.

mexxer-2

hero member

Activity: 924

Merit: 1005

4 Mana 7/7

Quote from: Kakmakr on October 05, 2015, 01:31:11 AM

Is this a problem with the Blockchain.info api or a problem with the client they are using? I am sure these transactions will not be confirmed once it hits the Blockchain and the miners handle the transaction.

I have not experienced this and I did send out some transactions lately from that wallet provider. Is there no official explanation for this from Blockchain.info? ^hmf^

AFAIK it is a problem in the blockchain API , so you send x amount to bob and same amount to your second address with latter being transacted after sending 1st one. What actually happens is not a double spend but rather:
1) You have 1.1 btc in your wallet
2) You send 1btc to bob with a minimal fee.
3) You send the 1 btc to your second address now with a fee of 0.1btc(hypothetically)
4) The btc appear on bob's blockchain wallet, although not confirmed yet
5) Now , the 2nd transaction is the one that is confirmed, which makes the 1 btc to disappear from bob's wallet.
Anyway thats how I understood it

christycalhoun

sr. member

Activity: 378

Merit: 250

So this is basically just a blockchain.info only exploit? Am i understanding this right?

Kakmakr

legendary

Activity: 3458

Merit: 1961

Leading Crypto Sports Betting & Casino Platform

Is this a problem with the Blockchain.info api or a problem with the client they are using? I am sure these transactions will not be confirmed once it hits the Blockchain and the miners handle the transaction.

I have not experienced this and I did send out some transactions lately from that wallet provider. Is there no official explanation for this from Blockchain.info? ^hmf^

Topic: I successfully double spended $400 of Bitcoin today - page 2. (Read 3661 times)