Author: Adrian Macneil 2015-07-15 17:01:56
Published on: 2015-07-15T17:01:56+00:00
On a Bitcoin development mailing list, a self-proclaimed "white hat" hacker warned against the vulnerabilities of zeroconf transactions, which are often used by merchants to process payments instantly without waiting for confirmations. The hacker described a strategy that they had successfully executed multiple times: sending a low-fee or dust transaction to a merchant as tx1, and then immediately sending another transaction (tx2) with a higher fee or different address to double-spend the same inputs. This resulted in the merchant losing money on the initial transaction since it was not confirmed, and the attacker gaining the products or services paid for with the second transaction. The hacker claimed to have successfully executed this strategy against several companies, including Shapeshift.io, which lost around 3 BTC. The warning advised users to stop relying on zeroconf transactions and instead wait for confirmations.
Updated on: 2023-06-10T02:44:14.685797+00:00