Author

Topic: Zero confirmations, im being warned (Read 741 times)

legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
August 30, 2016, 07:53:33 AM
#18
And thanks all for very valuable info. I will stay away from blindly accepting transactions that just appeared on blockchain or has zero confirmation.

Having said that, you may now want to lock this thread to prevent it from being filled with spammy posts
full member
Activity: 184
Merit: 103
August 30, 2016, 07:21:29 AM
#17
- snip -
marking invoices paid without BTC confirmations - 0/zero confirmations, just based on the fact transation appeared on the blockchain:
- snip -

Based on their lack of knowledge about the fundamentals of Bitcoin, it would appear that using spectrocoin.com as a "payment gateway provider" is MUCH MORE RISKY
For You and someone else in this topic. Stop dirtying payment provider, this is me who has low Bitcoin knowledge and who came with that sentence. I written it probably wrongly so it appears payment provider came with that crap. Thanks

And thanks all for very valuable info. I will stay away from blindly accepting transactions that just appeared on blockchain or has zero confirmation.
legendary
Activity: 3472
Merit: 4801
August 30, 2016, 07:00:38 AM
#16
Accepting a transaction with 0 confirmations is a little bit risky.  It is possible that the transaction will never confirm and will become invalid in the future. If that happens, you will have provided your product or service for free.  If it is a cheap enough product or service with a high enough profit margin, that may be an acceptable loss to you to be able to provide the convenience to your customers of not needing to wait for confirmations.

There are additional steps that can be taken to reduce the risk even more.

If a transaction ONLY spends confirmed outputs, then it is much more likely to get confirmed itself.
If a transaction pays a high enough fee, then it is much more likely to get confirmed.
If a transaction has been seen by many nodes on the network, then it is much more likely to get confirmed.

So, if you choose to only accept 0-confirmation transactions with confirmed inputs, reasonable fees, and which are well propogated, then you reduce your risk significantly and might be more willing to accept the small risk that remains.

- snip -
marking invoices paid without BTC confirmations - 0/zero confirmations, just based on the fact transation appeared on the blockchain:
- snip -

Based on their lack of knowledge about the fundamentals of Bitcoin, it would appear that using spectrocoin.com as a "payment gateway provider" is MUCH MORE RISKY than accepting well propogated, transactions with a reasonable fee and confirmed inputs.  I would definitely stay away from them.

You can use spectrocoin.com, but I do not support this decision because it is unsafe.
It is not a good idea to use spectrocoin.com, there is too much risk and they can lose your bitcoins.
I do not support this unknowledgeable "payment gateway provider", and if you choose to do so then this is your own decision and you do it at your own risk.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
August 30, 2016, 06:03:31 AM
#15
Can you explain why this is wrong? http://bitcoin.stackexchange.com/a/23045
The attack described there requires you to be a miner. That is irrelevant in this scenario, but it is the reason why the original white paper from Satoshi recommends 6 confirmations.

Quote
Im interested to allow like <$10 transactions to be 0 confirmations
You can do that, just add the cost of a possible double spend to your price. It will happen eventually.

A transaction with 0 confirmations is like someone showing you the money, but you don't have it in your hands yet. If you give him your part of the deal, he can run off and keep the money.

If the transaction has a low fee, or even no fee at all, a scammer has much more time before the transaction gets confirmed, which make a successful double spend more likely.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
August 30, 2016, 05:52:01 AM
#14
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.

It happened last week, it was quite a buzz, research for it.

Really? Never heard it before, you mean double spend attack? But how can he gets nothing?

Because the attacker loses only the fee of the highest paid transaction and the money is only sent and confirmed (to another or attacker's addresses) in the second transaction.
I also found the link of what happened. From what I see it was 2 days ago, I thought it was more. https://www.reddit.com/r/Bitcoin/comments/4zxu9u/psa_our_business_got_hit_with_a_double_spend_scam/


@NeuroticFish
@1Referee

Can you explain why this is wrong? http://bitcoin.stackexchange.com/a/23045
Im interested to allow like <$10 transactions to be 0 confirmations

I found the discussion in that link incorrect. The easiest double spend is done with same wallet cloned on 2 computers.
https://www.reddit.com/r/Bitcoin/comments/4zxu9u/psa_our_business_got_hit_with_a_double_spend_scam/d6zm2rw

And if you want to be certain the scam works, you better make a script (to ensure the inputs) and pay much bigger fee in the 2nd transaction.


Bottom line: you need at least one confirmation. If there's no confirmation, you leave plenty of room to get scammed.
hero member
Activity: 2954
Merit: 533
Leading Crypto Sports Betting & Casino Platform
August 30, 2016, 04:50:21 AM
#13
Hello,

spectrocoin.com is the bitcoin payment gateway provider for the online merchants warns me before marking invoices paid without BTC confirmations - 0/zero confirmations, just based on the fact transation appeared on the blockchain:

Quote
If you need to make paymet "paid" in the system immediately after it appear on the blockchain, you can do it, but we not support this method, because it is unsafe.
...
this is not good Idea, we not support this method. Becose here is to much risk and you can be scammed
...
WE NOT SUPPORT THIS METHOD, AND THIS IS YOUR OWN DECISION!

So i wanted to ask here how unsafe is it to do it my way, without confirmations being small online service provider.

https://www.cryptocoinsnews.com/zero-confirmation-transactions-safe/

A lot of point about zero transaction like double spend attack.
legendary
Activity: 2170
Merit: 1427
August 30, 2016, 04:46:17 AM
#12
@NeuroticFish
@1Referee

Can you explain why this is wrong? http://bitcoin.stackexchange.com/a/23045
Im interested to allow like <$10 transactions to be 0 confirmations

I explained why in my post. And sorry, but I don't click on links.

It is indeed dangerous. For example, if I can buy something instantly from your site without any confirmations needed, then I can send like 0.2BTC without a fee because I know it won't confirm any time soon as pools will ignore it. Then I simply double spend that same transaction, but now to my own address with a proper fee. And when the transaction to my own address confirms, the other "your" 0.2BTC transaction will vanish, and you end up with a loss.

I know certain places such as pubs that do accept zero confirmation transactions as they use BitPay, and if done properly, I can walk out with free drinks and stuff. However, BitPay marks every incoming transaction as safe, or potentially unsafe, or unsafe, all depending on the fee added and the size of the transaction. If your transaction falls under potentially unsafe, or unsafe, then you'll need to wait before you have at least 1 confirmation.

This is also a more than decent explanation that goes a bit more in depth.

Most importantly: what are you selling?
If it's physical goods, i would accept the order with 0-confirmations, but i would double-check if the transaction was included in a block BEFORE sending the goods, and just cancell the complete order if it was doublespent... Or wait a little longer if it was still unconfirmed.

If it's a service you can easily disable: you can accept 0-confirmations, as long as you re-check if the transaction is in a block after a couple of hours (and disable the service if it's not). You just gave a free trial for a couple of hours...

If it's a non-reclaimable online service, for example if you're an account reseller, but you cannot void a sold account after it has been generated, i would wait for a confirmation. Same goes for service that have a substantial cost for you when they have been generated, or if the buyer can really abuse the service before you disable his account due to a double spend

That being said, just to avoid hassle and headache and complaining people, just handle a minimum of 1 confirmations.
copper member
Activity: 1442
Merit: 529
August 30, 2016, 04:44:15 AM
#11
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.

It happened last week, it was quite a buzz, research for it.

Really? Never heard it before, you mean double spend attack? But how can he gets nothing?

Yes double spend cheating. Some user did that to directbet since they accept and confirm the bet soon after you send them the payment and before it has 1 confirmation. One user thought he was smart and sent 9 BTC to them and then double spend it and sent to another address of his. Luckily his story ended short as he tried to do it another time and this time directbet confiscated his funds.

So yes its really possible and to be sure you need to accept payments only after 1 confirmation. This way you will be safe.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
August 30, 2016, 04:39:31 AM
#10
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.

It happened last week, it was quite a buzz, research for it.

Really? Never heard it before, you mean double spend attack? But how can he gets nothing?

The same coins can be sent elsewhere (either right before or soon after making the transaction in question), and if that later (prior) transaction gets confirmed first, the OP will receive nothing, thereby essentially giving his merchandise for free...

The order in which transactions are confirmed is arbitrary provided the time span between them is tight
full member
Activity: 127
Merit: 100
August 30, 2016, 04:38:14 AM
#9
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.

It happened last week, it was quite a buzz, research for it.

Really? Never heard it before, you mean double spend attack? But how can he gets nothing?
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
August 30, 2016, 04:33:45 AM
#8
It is maybe theorically possible to remove the funds, but I doubt much about it since many sportsbookies and casino accept the deposits after 0 confirmations. In case of, wait 1, then you're 99% safe I guess.

I remember the times when PrimeDice had been doing this (i.e. allowed zero confirmations). So when you were stuck in a row of bad rolls and hadn't enough money in your PD account to make the next roll (for example, when using martingale), you could send more funds and continue playing almost immediately (as though it could help increase your chances). While, in fact, it was no more than a wise policy to increase the casino's profits...

Until someone managed to play, lose and successfully send the same coins elsewhere
hero member
Activity: 675
Merit: 504
August 30, 2016, 04:08:25 AM
#7
@NeuroticFish
@1Referee

Can you explain why this is wrong? http://bitcoin.stackexchange.com/a/23045
Im interested to allow like <$10 transactions to be 0 confirmations

Most importantly: what are you selling?
If it's physical goods, i would accept the order with 0-confirmations, but i would double-check if the transaction was included in a block BEFORE sending the goods, and just cancell the complete order if it was doublespent... Or wait a little longer if it was still unconfirmed.

If it's a service you can easily disable: you can accept 0-confirmations, as long as you re-check if the transaction is in a block after a couple of hours (and disable the service if it's not). You just gave a free trial for a couple of hours...

If it's a non-reclaimable online service, for example if you're an account reseller, but you cannot void a sold account after it has been generated, i would wait for a confirmation. Same goes for service that have a substantial cost for you when they have been generated, or if the buyer can really abuse the service before you disable his account due to a double spend
full member
Activity: 184
Merit: 103
August 30, 2016, 04:00:54 AM
#6
@NeuroticFish
@1Referee

Can you explain why this is wrong? http://bitcoin.stackexchange.com/a/23045
Im interested to allow like <$10 transactions to be 0 confirmations
legendary
Activity: 2170
Merit: 1427
August 30, 2016, 03:41:19 AM
#5
It is indeed dangerous. For example, if I can buy something instantly from your site without any confirmations needed, then I can send like 0.2BTC without a fee because I know it won't confirm any time soon as pools will ignore it. Then I simply double spend that same transaction, but now to my own address with a proper fee. And when the transaction to my own address confirms, the other "your" 0.2BTC transaction will vanish, and you end up with a loss.

I know certain places such as pubs that do accept zero confirmation transactions as they use BitPay, and if done properly, I can walk out with free drinks and stuff. However, BitPay marks every incoming transaction as safe, or potentially unsafe, or unsafe, all depending on the fee added and the size of the transaction. If your transaction falls under potentially unsafe, or unsafe, then you'll need to wait before you have at least 1 confirmation.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
August 30, 2016, 03:38:22 AM
#4
Unconfirmed transactions aren't on the blockchain. Any transaction that is on the blockchain has at least one confirmation. That's what confirmation means.

This is such a fundamental concept that I'd stay away from any payment provider that doesn't understand it.
hero member
Activity: 756
Merit: 502
August 30, 2016, 03:31:52 AM
#3
It is maybe theorically possible to remove the funds, but I doubt much about it since many sportsbookies and casino accept the deposits after 0 confirmations. In case of, wait 1, then you're 99% safe I guess.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
August 30, 2016, 03:31:04 AM
#2
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.

It happened last week, it was quite a buzz, research for it.
full member
Activity: 184
Merit: 103
August 30, 2016, 03:25:57 AM
#1
Hello,

spectrocoin.com is the bitcoin payment gateway provider for the online merchants warns me before marking invoices paid without BTC confirmations - 0/zero confirmations, just based on the fact transation appeared on the blockchain (i came with this idea nd my BTC knowledge is low, it may work different way):

Quote
If you need to make paymet "paid" in the system immediately after it appear on the blockchain, you can do it, but we not support this method, because it is unsafe.
...
this is not good Idea, we not support this method. Becose here is to much risk and you can be scammed
...
WE NOT SUPPORT THIS METHOD, AND THIS IS YOUR OWN DECISION!

So i wanted to ask here how unsafe is it to do it my way, without confirmations being small online service provider.
Jump to: