, ,

Bitcoin Attack Vector Exposed: How to Force-Refund Your Spent Bitcoin

Bitcoin Attack Vector Exposed: How to Force-Refund Your Spent Bitcoin
  • Video shows user double-spending BTC transaction by taking advantage of RBF (Replace By Fee) and zero-conf transactions.
  • Controversial features have been a topic of hot debate among Bitcoin developers for years.
  • A simple four-step guide details how to easily purchase goods with Bitcoin and still keep your money.

A weakness has been found in the Bitcoin code which apparently makes it possible to spend BTC transactions twice.

By taking advantage of Bitcoin’s RBF feature (Replace By Fee), a user can effectively send BTC to a merchant and then immediately recall it.

Bitcoin: So Nice You Can Spend it Twice

The Replace By Fee feature was created to allow BTC users to speed up their transactions on the network. If a transaction takes too long, a user can re-send their original payment but with a higher fee. This replaces the original transaction, and kicks it further up the queue to be included in the next block.

But a problem arises when another of BTC’s features comes into play – ‘zero-conf’ transactions. Zero-confirmation transactions make it so BTC payments don’t have to be confirmed in a block.

This is particularly useful for merchants who wish to accept Bitcoin payments, but who can’t reasonably ask customers to wait twenty minutes for confirmation. Coffee shops would be a typical example.

Put those bitcoin-for-Starbucks plans on hold. | Source: Shutterstock.com

However, it has been shown that by exploiting the gap between RBF and zero-conf transactions, a user can buy coffee and still keep their money.

The video below shows Hayden Otto, CEO of BitcoinBCH.com, enact a double-spend on Bitcoin.

Business are urged to immediately upgrade to Bitcoin Cash (BCH), and cease accepting Bitcoin (BTC). If your business is accepting Bitcoin BTC, also known as Bitcoin Core, you are exposing yourself to grave security risks.

Readers should be aware that Otto supports BTC’s ideological enemy – Bitcoin Cash. However, Otto’s appraisal of Bitcoin’s security risk is shared by many other voices in the cryptocurrency space.

How to Double Spend

As early as 2013 the zero-conf/RBF problem was already being hotly debated on the Bitcointalk forums. The discussion continued for the next six years.

Yet, today a four-step instructional guide can be found which shows how to easily double-spend a Bitcoin transaction. In brief:

  1. Fill Wallet 1 with BTC.
  2. Create Wallet 2, and transfer all the funds from Wallet 1 while setting the lowest possible fee.
  3. Approach merchant who accepts zero-conf transactions. Send the still unconfirmed BTC from Wallet 2.
  4. Go back to Wallet 1 and increase the fee for the original transaction into Wallet 2. This gets confirmed, leaving the merchant’s payment invalid.

Luckily, users and merchants can elect not to use RBF and zero-conf if they choose. However, for small merchants this could mean having to refuse Bitcoin transactions altogether.

Here, Bitcoin’s utility as a day-to-day payment method is drawn into serious question. High fees, long confirmation times, and slippery features like those described above suggest there’s work to be done before BTC can reliably replace fiat currency.

This article was edited by Samburaj Das.

Read More