[bitcoin-dev] Significant losses by double-spending unconfirmed transactions

Arne Brutschy abrutschy at xylon.de
Thu Jul 16 14:30:15 UTC 2015


What are these pre- and post-Hearn-relay drop rules you are speaking
about? Can anybody shed some light on this? (I am aware of the
minrelaytxfee setting proposed in the 0.11.0 release notes, I just
don't see what this has to do with Mike Hearn, BitcoinXT, and whether
there's a code change related to this that I missed).

Related: is there somewhere a chart that plots `estimatefee` over
time? Would be interesting to see how the fee market evolved over
these past weeks.


On 15/07/15 05:29, simongreen--- via bitcoin-dev wrote:
> With my black hat on I recently performed numerous profitable 
> double-spend attacks against zeroconf accepting fools. With my
> white hat on, I'm warning everyone. The strategy is simple:
> tx1: To merchant, but dust/low-fee/reused-address/large-size/etc. 
> anything that miners don't always accept.
> tx2: After merchant gives up valuable thing in return, normal tx
> without triggering spam protections. (loltasticly a Mike Hearn
> Bitcoin XT node was used to relay the double-spends)
> Example success story: tx1 paying Shapeshift.io with 6uBTC output
> is not dust under post-Hearn-relay-drop rules, but is dust under 
> pre-Hearn-relay-drop rules, followed by tx2 w/o the output and not 
> paying Shapeshift.io. F2Pool/Eligius/BTCChina/AntPool etc. are all 
> miners who have reverted Hearn's 10x relay fee drop as recommended
> by v0.11.0 release notes and accept these double-spends.
> Shapeshift.io lost ~3 BTC this week in multiple txs. (they're no
> longer accepting zeroconf)
> Example success story #2: tx1 with post-Hearn-relay drop fee,
> followed by tx2 with higher fee. Such stupidly low fee txs just
> don't get mined, so wait for a miner to mine tx2. Bought a silly
> amount of reddit gold off Coinbase this way among other things. I'm
> surprised that reddit didn't cancel the "fools-gold" after tx
> reversal. (did Coinbase guarantee those txs?) Also found multiple
> Bitcoin ATMs vulnerable to this attack. (but simulated attack with
> tx2s still paying ATM because didn't want to go to trouble of good
> phys opsec)
> Shoutouts to BitPay who did things right and notified merchant
> properly when tx was reversed.
> In summary, every target depending on zeroconf vulnerable and lost 
> significant sums of money to totally trivial attacks with high 
> probability. No need for RBF to do this, just normal variations in
> miner policy. Shapeshift claims to use Super Sophisticated Network
> Sybil Attacking Monitoring from Blockcypher, but relay nodes !=
> miner policy.
> Consider yourself warned! My hat is whiter than most, and my skills
> not particularly good.
> What to do? Users: Listen to the experts and stop relying on
> zeroconf. Black hats: Profit!
> _______________________________________________ bitcoin-dev mailing
> list bitcoin-dev at lists.linuxfoundation.org 
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Arne Brutschy <abrutschy at xylon.de>

More information about the bitcoin-dev mailing list