Author: simongreen at airmail.cc 2015-07-15 03:29:25
Published on: 2015-07-15T03:29:25+00:00
The author of the context claims to have performed profitable double-spend attacks against zeroconf accepting targets. They warn that any target relying on zeroconf is vulnerable to such trivial attacks, which do not require Replace-by-Fee (RBF), but instead rely on normal variations in miner policy. The strategy consists of sending a transaction to a merchant with dust/low fee/reused address/large size etc., which miners do not always accept, followed by a normal transaction after the merchant has given up valuable things in return. Example stories are shared, including one where Shapeshift.io lost around 3 BTC due to multiple transactions and now no longer accepts zeroconf. Another example involves Bitcoin ATMs vulnerable to this attack. BitPay is appreciated for notifying merchants properly when a transaction was reversed. Users are warned to stop relying on zeroconf, while black hats are advised to profit.
Updated on: 2023-06-10T02:45:14.510968+00:00