Home News Merchants Accepting BTC Warned: Easy to Reliably Reverse Txs Using Unmodified Wallets...

Merchants Accepting BTC Warned: Easy to Reliably Reverse Txs Using Unmodified Wallets in Common

TL;DR: In a recent video, BitcoinBCH.com CEO Hayden Otto demonstrated what appears to be a double-spend transaction using BTC against merchant services. Using what he refers to as “standard, off-the-shelf wallets,” anyone can “go into a store, purchase goods, leave, and then reliably send the funds back to themselves,” Otto claimed. 

Merchants Accepting BTC Warned: Easy to Reliably Reverse Transactions

In the video, Otto, a passionate Bitcoin Cash (BCH) advocate, insisted he used only unmodified wallets to effectively double-spend BTC. “Everything you see here is real, and dangerously easy to execute. Please note: the funds were returned to the merchant at the end of each demonstration,” Otto also stressed. For the mobile demonstration, he used the popular Electrum Wallet on Android for BTC at a restaurant in Australia.

Otto sets up two wallets within the Electrum mobile application, naming them A and B. He begins by sending a replace-by-fee (RBF) enabled transaction from A to B, using a fee set to 1 satoshi-per-byte. He then disables RBF in B, keeping the fee at 1 satoshi as well. He uses wallet B for the transaction at the merchant with typical QR code arrangements — nothing out of the ordinary. The merchant is given a check-mark, a visual indication of having received the funds on their point-of-sale end, and Otto walks away with the goods.

BTC

Importantly, he returns to access wallet A immediately, bumps-up the fee to ensure confirmation, rebroadcasts the transaction, and overrides the previous exchange. “This now means the funds you just sent to the merchant have disappeared back into your wallet B. But you still have the goods, and that means the merchant has successfully been double-spent.” He also points out how an insecure web-based point-of-sale system allows for viewing merchants’ payment history at a very public URL. Under this arrangement, some $50 worth of goods and services in BTC were compromised. He was able to accomplish something similar on desktop as well.

“Merchants should immediately cease accepting [BTC] and switch to Bitcoin Cash,” Otto urged. “Australian merchants are able to field a payment experience built around Bitcoin Cash that is superior to that of even the best fiat systems because Bitcoin Cash was designed precisely for this role,” he added. Otto is based in Australia, but his warning is not geographically restricted, and he describes the problem as being with any merchant accepting BTC anywhere in the world.

ING

CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.

DYOR: CoinSpice is your home for just spicy crypto things. We’re not affiliated with any cryptocurrency project or token. Each published piece is intended for information purposes only, not investment advice and not in the hope of impacting speculative markets. There are plenty of trading sites and coin-specific advocacy journals out there, we’re neither. CoinSpice strives for rigorous accuracy in our reporting. Information presented here is contingent usually on a host of factors, and the ecosystem moves fast — prices change, projects change, and at warp speed. Do your own research.

DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.