[bitcoin-dev] Significant losses by double-spending unconfirmed transactions

Me jimmyjack at gmail.com
Wed Jul 15 15:49:13 UTC 2015


Thank you Simon for sharing your tests, if possible can you share TX hashes please. I would recommend to send them money post-mortem. What you did is really valuable information, however it can be classified as fraud. I really don’t want open this topic here, just suggesting to keep your record clean :-) 



> the double-spent txs
> had near 100% propagation on blockchain.info (who has unfortunately
> purged the relevant data already)


Can you please share the TX Hash



> Blockcypher's "confidence factor" model(1)
> under the hood - yet another one of those sybil attacking network
> monitoring things


Peter, I noticed on your twitter you have a lot of bad things to say about Blockcypher and their business model (which I might not full agree, but totally respect), can you share any evidence they perform any form of Sybil attack on the network, please. 






> On Jul 15, 2015, at 8:18 AM, Peter Todd via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:
> 
> On Wed, Jul 15, 2015 at 07:35:21AM -0700, Tom Harding via bitcoin-dev wrote:
>> 
>> You perform a valuable service with your demonstration, but you
>> neglected to include the txid's to show that you actually did it.
> 
>> Your advice is must-follow for anyone relying on an unconfirmed tx: it
>> must pay a good fee and be highly relayable/minable.
> 
> Actually, I was looking at what I believe was (part of?) this attack
> yesterday in the logs on my full-RBF nodes and the txs involved *did*
> have good fees and were highly relayable/minable - the double-spent txs
> had near 100% propagation on blockchain.info (who has unfortunately
> purged the relevant data already)
> 
> Shapeshift.io depends on Blockcypher's "confidence factor" model(1)
> under the hood - yet another one of those sybil attacking network
> monitoring things - to estimate tx confirmation probability by looking
> at the % of nodes a tx has propagated too. But miners frequently use
> customized Bitcoin Core codebases that don't follow normal policies, so
> those measurements don't actually tell you what you need to know.
> 
> hapeshift confirmed(2) the attack - confirming that they disabled
> unconfirmed tx acceptance - said they're going to "improve" their
> system... It'll be interesting to see what that actually entails.
> 
> 1) https://medium.com/blockcypher-blog/from-zero-to-hero-bitcoin-transactions-in-8-seconds-7c9edcb3b734
> 2) https://www.reddit.com/r/Bitcoin/comments/3ddkhy/bitcoindev_significant_losses_by_doublespending/ct468p7
> 
> -- 
> 'peter'[:-1]@petertodd.org
> 000000000000000010bf087ed645cba129e2523930d5cde636ddbae9e03aef9c
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev



More information about the bitcoin-dev mailing list