Published on: 2013-05-15T13:31:33+00:00
In a forum post dated May 15, 2013, Bitcoin developer Peter Todd offered a reward of 2 BTC to anyone who could create a command line tool capable of creating two versions of a Bitcoin transaction. One version would send coins to a desired recipient, while the other would send all coins back to the sender. The tool would also need to broadcast both transactions simultaneously to different nodes on the network. Todd suggested that using blockchain.info's raw transaction POST API and a local Bitcoin node might be a clever approach.The proposal sparked some concerns among forum participants, with one commenter likening the promotion of such tools to promoting mail theft. However, Todd had previously discussed the potential security issues with zero-conf transactions and the concept of replace-by-fee in the same thread.Todd later clarified that his intention was to demonstrate an attack before releasing the code for the tool. He believed it would be better for the community to understand and address any vulnerabilities before making the tool widely available. To this end, he invited attendees at a conference to attempt to double-spend against his Android wallet. He offered to buy the Bitcoins off them at Mt. Gox rates plus a 10% bonus and allowed them to keep the loot. Todd requested that the demonstration be videotaped for educational purposes.In a recent proposal addressing the security issues related to zero-conf transactions, it was noted that very few vendors have systems in place to detect conflicting transactions broadcasted on the network simultaneously. Additionally, there is no mechanism to propagate double-spend warnings. To tackle these issues, the author of the proposal offered a reward of 2 BTC to anyone who can develop a tool allowing users to create two versions of the same transaction and broadcast them simultaneously to different nodes on the network.The proposed solution involves finding a way to send coins to a desired recipient while simultaneously sending all coins back to the sender, both with the same transaction inputs. One approach suggested is to utilize blockchain.info's raw transaction POST API along with the local Bitcoin node. Furthermore, the author suggests demonstrating the attack against an Android wallet at a conference, with the intention of buying the Bitcoins at Mt. Gox rates plus a 10% bonus and allowing the attacker to keep the loot. The demonstration should be recorded for educational purposes.
Updated on: 2023-08-01T04:54:02.234899+00:00