Author: Greg Schvey 2015-07-16 15:33:48
Published on: 2015-07-16T15:33:48+00:00
A user on the Bitcoin-dev mailing list named Simon recently shared his success with double-spend attacks against zeroconf accepting individuals. He describes a simple strategy where he sends a transaction to a merchant that is either dust, low-fee, reused-address or large in size, anything that miners don't always accept, followed by a normal transaction after the merchant gives up something valuable. Simon notes that this method has worked multiple times and that it does not require Replace-by-Fee (RBF) to execute. He further advises users to stop relying on zeroconf for transactions. In response, another user, Arne Brutschy, asks for clarification on the pre- and post-Hearn-relay drop rules mentioned by Simon. Another user requests a chart that plots `estimatefee` over time. This leads to the sharing of links including the minimum relay fee glossary page on bitcoin.org and the bitcoin fees website. Simon states that Shapeshift.io lost around 3 BTC this week due to these types of attacks and that they are no longer accepting zeroconf. However, BitPay was praised for properly notifying merchants when a transaction was reversed. Simon warns others that every target relying on zeroconf is vulnerable and has lost significant sums of money to trivial attacks with high probability.
Updated on: 2023-06-10T02:44:38.138651+00:00