Pages:
Author

Topic: I successfully double spended $400 of Bitcoin today - page 2. (Read 3714 times)

legendary
Activity: 2674
Merit: 3000
Terminated.
Correct, just 2 transactions for the same bitcoin. Both show up at their destination like any other bitcoin would, but only one is confirmed and the other one disappears (remains unconfirmed forever). This customer waited till he saw it in his blockchain to leave, then as he's driving away I accidentally double spended him and his coins were back in one of my wallets. I called to explain, mostly since I've never seen that before, and sent it back to him.

Due to the events of last night, I will be waiting for 1 confirmation from here on out.
I wouldn't even call what you did a classical double spend. A simple definition of a double spend is the following:
Quote
Double-spending is the result of successfully spending some money more than once.
What wallet did the customer use? If it's blockchain.info then it has something to do with them. I'd like more evidence so that we can analyze what exactly happened here.


Update: I rewrote my whole post, forget the initial nonsense. I should not answer complicated issues when I'm tired.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
-snip-
OK thanks, I will try to restrain from sending any transactions then until this doesn't get patched. I don't need any trouble honestly at the moment.

As the fix is complicated it might not be fixed on the protocol level. Whether or not individual wallets get a patch to deal with this I cant tell. I would suggest you wait for a single confirmation whenever you send or receive coins before you create another TX. If your wallet is confused after the first confirmation. Let it restore its database from the blockchain. E.g. Multibit HD calls it "repair wallet", bitcoin core calls it "-zapwallettxes", for blockchain.info and other services a short message to support should do it, etc.

If i understand things correctly, there's no 'new' coins being made from this attack?

That is correct. Its not even that the coins go somewhere else, its just the identifier for the transaction the TX ID is changed, nothing else.
full member
Activity: 197
Merit: 100
If i understand things correctly, there's no 'new' coins being made from this attack?
Correct, just 2 transactions for the same bitcoin. Both show up at their destination like any other bitcoin would, but only one is confirmed and the other one disappears (remains unconfirmed forever). This customer waited till he saw it in his blockchain to leave, then as he's driving away I accidentally double spended him and his coins were back in one of my wallets. I called to explain, mostly since I've never seen that before, and sent it back to him.

Due to the events of last night, I will be waiting for 1 confirmation from here on out.
hero member
Activity: 798
Merit: 1000
Move On !!!!!!
Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.

So what is this all about again? Is this the same old transaction malleability like before? I see that only blockchain.info users are affected, right? Any other wallets that should be worried about?


This affects all wallets. It just varies on the issues this creates. Some wallets report a wrong balance, while others like e.g. core report the TX as conflicting.

OK thanks, I will try to restrain from sending any transactions then until this doesn't get patched. I don't need any trouble honestly at the moment.
full member
Activity: 150
Merit: 100
If i understand things correctly, there's no 'new' coins being made from this attack?
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.

So what is this all about again? Is this the same old transaction malleability like before? I see that only blockchain.info users are affected, right? Any other wallets that should be worried about?


This affects all wallets. It just varies on the issues this creates. Some wallets report a wrong balance, while others like e.g. core report the TX as conflicting.
hero member
Activity: 798
Merit: 1000
Move On !!!!!!
Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.

So what is this all about again? Is this the same old transaction malleability like before? I see that only blockchain.info users are affected, right? Any other wallets that should be worried about?
hero member
Activity: 700
Merit: 500
I had only one transaction of 0.10BTC and didn't observe anything irregular or double spent.It was smooth and clear transaction made on blockchain.I need not worry about this.
hero member
Activity: 882
Merit: 1006
something in .info's protocol is allowing people to broadcast spent inputs as long as they are unconfirmed.

You can do that with almost any wallet, and the ones you can't do that with you can do it by removing some code. The only solution is to wait for confirmations. Unconfirmed transactions can be double spent, the whole point of confirmations/mining is to prevent double spending. If you accept unconfirmed transactions then you're probably going to get scammed eventually. Some businesses such as bitpay have mitigations that make it somewhat harder to double spend but it is still possible to do so.
full member
Activity: 197
Merit: 100
Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.
Yes, just hide inside the protocol during times like this. Not everyone is such an expert however. Most of the world uses blockchain.info wallet... If I accidentally double spended $400 then a scammer can double spend just as much as he has in his wallet. These are double spends that occur on the actual blockchain, something in .info's protocol is allowing people to broadcast spent inputs as long as they are unconfirmed. Then send another one with a much higher fee, and the ridiculously good few gives it priority when the miners decide which one goes in the block.

Very real double spend, no 51% attack required. .info needs to overhaul their code ASAP
legendary
Activity: 2282
Merit: 1023
Not to worry too much. The bitcoin system is still robust. Any errors are definitely caused by blockchain wallet.
member
Activity: 94
Merit: 10
For those that don't know there is a strange new 'attack'

Uh no it's not new.
This attack has be known for years, but it is only recently (within the last ~18 months) that there have been any serious consequences because of this issue.

MtGox claimed that they had huge losses because of malleability attacks; though its unproven (there also where mallated transactions back then).
they claimed that people withdraw btc. that tx was mallated. their system thought (because of the new txid) their transaction has not been in a block so they refunded.

technically its not a double-spent btw as it only looks like one, but all outputs and inputs are the same: so imho it isnt.
For the record, I do not believe MtGox's story for a minute, unless the transactions in question occurred many years ago prior to bitcoin having any real value.

The malleability attack caused Gox to allow their customer to receive more money then they were really due. It would be similar to you tricking the cashier at Target that you should receive more change for your purchase then you really should.
sr. member
Activity: 252
Merit: 251
For those that don't know there is a strange new 'attack'

Uh no it's not new.
This attack has be known for years, but it is only recently (within the last ~18 months) that there have been any serious consequences because of this issue.

MtGox claimed that they had huge losses because of malleability attacks; though its unproven (there also where mallated transactions back then).
they claimed that people withdraw btc. that tx was mallated. their system thought (because of the new txid) their transaction has not been in a block so they refunded.

technically its not a double-spent btw as it only looks like one, but all outputs and inputs are the same: so imho it isnt.
member
Activity: 94
Merit: 10
For those that don't know there is a strange new 'attack'

Uh no it's not new.
This attack has be known for years, but it is only recently (within the last ~18 months) that there have been any serious consequences because of this issue.
legendary
Activity: 1176
Merit: 1017
Okay, how does the original wallet let a transaction out if the funds aren't in it anymore?...unless some of the wallets ledger history was reversed some???....hmmmm???
member
Activity: 94
Merit: 10
I haven't done anything with Bitcoin lately so I feel safe. I also only operate with Bitcoin core as well. I keep reading about this malleability problem and wonder when they will do something about this. It's a pretty serious thread. Will the LN help with this?
I'm glad someone else in this thread recognizes this is a serious problem. It's not a joke.

Bitcoin Core is already fixed, which means the code is out there to make this not an issue. Blockchain.info needs to patch this as soon as they can, tons of people must be freaking out.
The fact that someone is using core does not mean anything. The issue is that people are spending 0 confirmations transactions which cause transactions to become invalid once the changed transactions confirm.

Any inaccurate display of balances in wallets will eventually correct themselves, most likely after restarting your wallet software
legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
For those that don't know there is a strange new 'attack'

Uh no it's not new.
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
Is this a problem with the Blockchain.info api or a problem with the client they are using? I am sure these transactions will not be confirmed once it hits the Blockchain and the miners handle the transaction.

I have not experienced this and I did send out some transactions lately from that wallet provider. Is there no official explanation for this from Blockchain.info? ^hmf^
AFAIK it is a problem in the blockchain API , so you send x amount to bob and same amount to your second address with latter being transacted after sending 1st one. What actually happens is not a double spend but rather:
1) You have 1.1 btc in your wallet
2) You send 1btc to bob with a minimal fee.
3) You send the 1 btc to your second address now with a fee of 0.1btc(hypothetically)
4) The btc appear on bob's blockchain wallet, although not confirmed yet
5) Now , the 2nd transaction is the one that is confirmed, which makes the 1 btc to disappear from bob's wallet.
Anyway thats how I understood it
sr. member
Activity: 378
Merit: 250
So this is basically just a blockchain.info only exploit? Am i understanding this right?
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Is this a problem with the Blockchain.info api or a problem with the client they are using? I am sure these transactions will not be confirmed once it hits the Blockchain and the miners handle the transaction.

I have not experienced this and I did send out some transactions lately from that wallet provider. Is there no official explanation for this from Blockchain.info? ^hmf^
Pages:
Jump to: