What's the easiest way to someone to double-spend 0-confirmation transactions?

2

I heard there is a desktop app today that 'easily double spends 0-conf tx'. Which is it? Is anyone working on a mobile version of this app?

ripper234

Posted 2014-11-05T04:28:42.550

Reputation: 25 852

Answers

4

Peter Todd wrote [Replace-By-Fee Tools](https://github.com/petertodd/replace-by-fee-tools )

Basic usage:

./double-spend.py <address> <amount>

Creates two transactions in succession. The first pays the specified amount to the specified address. The second double-spends that transaction with a transaction with higher fees, paying only the change address. In addition you can optionally specify that the first transaction additional OP-RETURN, multisig, and "blacklisted" address outputs. Some miners won't accept transactions with these output types; those miners will accept the second double-spend transaction, helping you achieve a succesful double-spend.

ripper234

Posted 2014-11-05T04:28:42.550

Reputation: 25 852

1Just to clarify in case this is scaring anyone.. this isn't a tool to successfully make a double-spend. This is just a trick/hack that manages in some occasions to get 2 transactions mined that both use the same source coins. One of those transactions will ultimately fail as the miners and block chain come to a consensus. It's easy to detect that this is being attempted but it could fool a human user briefly so if you're buying coins for cash then just wait a couple of minutes! – George – 2014-11-08T16:05:28.760

@George AFAIK this fools the current Bitpay implementation / some other payment processors that accept 0-conf transactions. – ripper234 – 2014-11-10T17:14:59.237

It probably does, or at least temporarily. If you're buying downloadable content you might just get away with it if you're lucky enough for the trick to work in your favour, but if you're ordering a physical product I'm sure BitPay et al have a system in place to prevent fraud. – George – 2014-11-10T17:33:11.000

1

I strongly doubt if this would work at all. You say you "have heard", just rumours or did you ever see such a thing in action?

Remember, quite some people benefit from spreading FUD like this about Bitcoin.

Many merchants and point of sale Bitcoin acceptants use zero confirmation payments, I've never ever seen or heard of a single case of double-spending.

I guess what such a hypothetical app would do, is send a payment to the node of the receiver, send a conflicting payment to a lot of other nodes almost at the same time, and hope the 2nd one ends up in the blockchain in favor of the 1st.

This is very easily taken care of with various 'payment probability' algorithms, e.g. by checking on several other nodes throughout the Bitcoin network if a conflicting tx appears. If not, then within 2-3 sec the payment propagation will be virtually 100% and any conflicting tx (to perform the double-spend) won't stand a chance. At least not through default nodes, which is like >95% of the network and probably >99.999% of the miners (where it counts).

Madzi Konjo

Posted 2014-11-05T04:28:42.550

Reputation: 756

-2

Nonsense. You need the private key to send coins from an address, only the owner of that key can attempt to spend the same coins twice.

George

Posted 2014-11-05T04:28:42.550

Reputation: 606

Oh, I assumed with a supposed 'double spend app' he meant something that can setup, sign and broadcast transactions itself, thus having the private key. But yes, of course, an app to just double spend any 0-conf transaction is utter nonsense. – Madzi Konjo – 2014-11-05T06:48:48.543

Reading it again you might be right. Either way it doesn't exist because almost instantly the double-spend will be detected and within a few blocks all but one of the transactions will be rejected. – George – 2014-11-05T06:54:13.827

You mean within a few seconds, right? ;) – Madzi Konjo – 2014-11-05T07:08:09.587