п»ї Many Bitcoin wallets vulnerable to double-spending of confirmed transactions | Hacker News


mtgox bitcoin delays

Indeed, every time a mobile story comes out, proponents always talk about the MtGox price and how that indicates how strong BitCoin hacker. If you're going to demonstrate a successful double spend then show an attempt that has at least one confirmation. Because 0-confirmation transactions with spend high enough fee and low enough value are practically safe. Calling what double the other day a "maintenance window" mobile about as truthful as describing a fire that burns your house double down as a "redecorating party". News am not sure why we continue to have such supreme confidence that we have hacker something even approaching bulletproof here, when history has taught us that we should believe anything bitcoin. I'd suggest putting it bitcoin the Terms of Service of every Spend wallet, but then news fewer people would read it.

infowars bitcoin miners »

dogecoindark github

Another very important fact is that this double spend had a very low fee for the first transaction. Who reading this do you expect to believe you're unfamiliar with drugs and gambling being called 'vice'? URSpider94 days ago One of his transactions was on the 0. Where subways diverge from Bitcoin is that sold goods can represent a real loss, can be resold thus creating the incentive to scam, and that Bitcoin is anonymous where subway cards aren't security cameras so repeated instances of this crime can be caught. The encryption of each committed group of transactions block needs to be dependent on previous blocks chain. Trust is only irrelevant on a private blockchain if you can guarantee control of all systems within the network at all times. If the network is obviously partitioned as it was in this - so much so it was basically manually fixed you'd be a fool to accept transactions until it's back to normal.

jed mccaleb bitcoin minerals »

bitmessage bitcoin price

The hacker tried to double spend an online hacker only one time and with only 1 USD worth of bitcoin and declared "success" but never showed that mobile hacker managed to also withdraw the stolen bitcoin to an address outside the casino. How is the lightning network secured against hacking and double spends? Chris days ago. To compensate for increasing hardware speed and varying interest in running nodes over time, the difficulty of finding spend valid hash is adjusted roughly every two weeks. Similar to PGP in email. Should be noted that the money was returned. Also, it doesn't need to double a news failure.

digital coin bitcointalk cryptsync »

Bitcoin double spend hacker news mobile

Bitcoin Double Spender. Double your bitcoin INSTANT!

On the other hand, there have been a few high-profile instances of end-users getting their coins stolen - usually by keeping them in an unencrypted wallet on a computer that gets a virus, but also in more exotic ways, like depositing them in an "online wallet service" run anonymously and registered to the Cayman islands.

Nursie days ago. Any double-spend is a risk for anyone receiving BTC, surely? You sell something on an ebay equivalent, someone sends you BTC, you send the goods but later find out there was a fork and double-spend situation, what happens? It is - but how long do people wait before sending goods on ebay? If you're sending them a couple of hours later you check to make sure it's ok before you send. Ebay is a case where bitcoin works well because you can afford to wait before sending the goods.

Realtime processing is where bitcoin really isn't safe. Is there a mechanism that alerts of these forks in the blockchain? In this case it seems that something as simple as a single machine watching a 0. Well if that's the case then they won't be excepting bitcoin. There's just no getting around that. That's why I'm saying there should be some overview mechanism to alert of these blockchain partitions. In general you can be sure the transaction is safe fairly quickly.

If the network is obviously partitioned as it was in this - so much so it was basically manually fixed you'd be a fool to accept transactions until it's back to normal.

The bigger issue is that there doesn't seem to be a mechanism in place to help them do the checking. Really there should have been big red "bitcoin is not safe to use right now" flags going up.

Read an article you like, click a button at the bottom to send over a small amount of money. That feels like the sort of use case it's really well suited for. For ebay-equivalent the window probably isn't large enough - we're talking hours, and this was a rare occurrence. Someone selling digital goods could well be vulnerable though. If someone did a big enough version of the attack on one of the smaller exchanges or payment providers there'd be plenty of end users hurting, trust me - with a big enough attack they're not going to be able to swallow the losses or pay back customer funds, and there's no FDIC insurance for Bitcoin deposits.

Essentially a whitehat response to the problem. The reason you wont get screwed in this way when you sue bitcoin is because of people like him that operate int he community. I think it's basically true that unless you're selling contraband or digital goods, it's unlikely that you'll get screwed, because like any other transaction you must necessarily collect a shipping address and other personally identifiable information in order to complete the transaction.

While disposable shipping addresses like other bogus contact details are not unobtainable, it's usually risky because the address does tend to belong to someone, and I think it's true as well that most people are not scammers. Within that time frame confirmations would have occurred or a problem identified. Even digital delivery goods that await confirmatins are fine, it really affects digital good sellers who send on 1st confirmation or do not require confirmations, bitcoins have a confirmation system for the protection of users, if you dont use that protection then you have only yourself to blame.

I am not an expert on Bitcoin but I think this kind of attack is possible. In that case as long as you spend your bad blocks before they can be invalidated by a longer chain, it becomes someone else's problem. It's a matter of cost, not a possible vs impossible thing.

You're talking about spending your money twice. Writing a transaction sending the BTC to someone and letting them record the transaction transfer it to "the network" while trying to generate the next block containing which contains a matching transaction from that wallet to another wallet you control.

If you fall behind you simply pretend you never tried and lose nothing by trying, except the costs of the transaction. Meanwhile the merchant takes your transaction and sends it to the network and waits. If they're trusting they send you your merchandise now, but usually they wait for one or more blocks to be published to verify the transaction. Let's say that you can see the instant they do and their action is irrevocable. This is the best state for you. You then "simply" need to win more blocks than the rest of the network for however long until you see the transaction be finalized and reveal your chain with your blocking transaction at the head, causing the transfer to the merchant to be ignored by the rest of the network after renegotiation.

This simple plan won't work well though because when the network resyncs it's obvious which transactions are double-spent and your BTC will be known and people can refuse to deal with wallets that receive stolen coins - turning it into a painful single-spend, and loss of your mining earnings. So you need to actually coordinate a double-spend, getting something else irrevocably sent from another merchant with the same BTC.

This is where it gets hard because each merchant is watching the same global pool for their confirmation and would see you spending the same BTC in another transaction. Double-spends can only really happen when merchants are on separate blockchains already, as with the recent bug.

You're looking for something that can be converted into directly and efficiently back into BTC because if you don't manage your double-spend you're going to own this thing - this is like the house's cut.

And something commodity and untraceable so you can unload it when hot. The best-case would be if someone was sending gold-bars via anonymous remailers - you'd only lose shipping costs. A seller selling one-of-a-kind yachts which they special deliver to customers has nothing to worry about.

But a gold-bar dealer - they're justifiably worried. Luckily real-time gold shipments aren't a big deal. They can wait a day. And when you double-spend you'd essentially lose your BTC from mining as the accounts they were paid to for the day would be blacklisted. So unless you bought more gold than your expected daily take in BTC you'd have been better off mining. And remember that you're buying a bar of gold for every block you win and trying to get ahead enough at any point to manage to not pay so you've got to have a big bankroll and keep from going bust from transactional and infrastructure costs until you sell those incoming bars you ended up having to pay for ie, all but the last one.

All this while competing with index funds and other far safer bets General merchants are relatively safe though. Technical problems resulting in people losing money happen all the time outside of the Bitcoin economy. In fact, the way these recent events were handled by Bitcoin developers and the community are way more encouraging than, say, actions taken by Visa after someone supposedly stolen a million credit card numbers.

So, philosophically speaking, Bitcoin encourages people to start thinking about being more responsible about their money safety which they anyway have to do, regardless of what they use, Bitcoin or a bank , at the same time providing a much better way to perform transactions and save for the future. Sure technical problems happen all the time. Bitcoin doesn't have that sort of infrastructure.

And if you are responsible about money safety then putting your money into Bitcoin is pretty stupid. Banks around the world insure credit card losses for any fraudulent transactions. Actually, one of the reasons I'm so bullish about Bitcoin in the long run is the experience and maturity of most members of the main dev team.

Yes, it's only about 6 core devs now, but that will grow as bitcoins market cap increases presumably. The recent block chain split a Bitcoin emergency if there ever was one was handled so quickly and decisively by the core devs that the price remained relatively stable. I was impressed by how small the price change was as a result of this blockchain split - it gives me a lot more confidence in the future of Bitcoin.

All of the other exchanges look about the same or less severe. Your logic is slightly wrong. When a project is opensourced and popular, odds are you actually have more engineers looking at it and fixing things, than when you have isolated teams working on software for each individual bank. And that's not even talking about testers. Then you also are paying much higher fees for what is supposed to be more safety. These fees come in various forms: URSpider94 days ago.

Insurance in any form is never a good deal, actuarially -- the house always wins. Most people will take this trade all day, every day -- and they are not wrong to do so. It's a valid decision to pay for predictability. There's nothing out there that prevents companies to create Bitcoin services to store and insure your savings for you. I believe they will inevitably emerge as the Bitcoin economy grows.

They are working with some major Wall St insurers to insure and store large quantities of btc. There's every reason to believe the infrastructure will grow as needed. Where there's money, there's people solving problems to make sure it keeps flowing.

Sadly, I have to agree with you. I have a fair amount of money in bitcoin right now, but if I didn't understand the ins and outs of the protocol and like debugging, I can think of a few incidents which would have caused me to lose money or at least think I lost money , and that would have frustrated me enough to pull out entirely.

On the other hand, there are centralized services that manage these details for you, but then you arguably start to lose some of the benefit and appeal of bitcoin beyond just an investment. It looks like this possibility was known and broadcasted to merchants during the maintenance window two days ago.

It's kind of like the Rails mass assignment or security bug: This might also be useful for bloggers or journalists who might be going to write about it in the following hours. TL;DR The programs that read the blockchain, the bitcoin ledger, disagree. Due to a bug in 0.

Miners the people who add pages to the blockchain are told to switch to the 0. Regular users are not affected. Their transactions are included in both ledgers and don't need to change any programs. During that time, though, there is a slight chance of a double-spend ocurring. That is why people recommended merchants and exchanges to wait until there is one single blockchain again before processing purchases and merchandise.

This is the reason why some merchants and exchanges stopped processing incoming bitcoins for a couple of hours. The bitcoin network prevents people from spending the same coins by mantaining this unique ledger, the blockchain.

But now that there were two of them, it was theoretically possible to broadcast two different transactions with the same coins and still get some confirmations. At the same time he could have sent the same coins back to himself and, with some luck, have the transaction confirmed on the 0. What happens is that, in the end when 0. Remember that there were two different versions of the same coins! This is not something easy to do and requires a lot of luck because the blocks mined the pages added to the ledger must be mined precisely in the correct order.

But still, in this situation it was easier to pull off and so it was recommended for merchants and exchanges to temporarily stop processing incoming transactions. Now the situation has resolved and the blockchain keeps growing happily, page by page, block y block. TylerE days ago.

Calling what happened the other day a "maintenance window" is about as truthful as describing a fire that burns your house as down as a "redecorating party". So, in other foreign words, caveat venditor? What is a vin? A cursory google search did not turn up anything obvious. The source consists of a txid, vout pair, where vout is an output index. If the client comes across an identical pair as a source in multiple transactions, all but the first will be rejected as invalid.

And then try spending it at one of the thousands of businesses listed here: It's not as if the bitcoin developers are asking people to throw their money into it. It's still experimental, subject to change and hard forks, and they've said over twitter and the forums many times not to invest what you can't afford to lose.

This was only possible because of an obscure bug in a database library used by the reference client, which the developers are in the process of migrating away from. Since the majority of the network's mining power had upgraded, older clients wouldn't accept these blocks, and the blockchain diverged, with 0. Miners were quickly contacted and asked to downgrade to 0. One of his transactions was on the 0.

So it's better to think of it as a transaction being invalidated rather than double-spent, because in the end there were no outputs that didn't come from an input. This was only possible to to extraordinary circumstances, and as long as the majority of the network is running software that plays by the same rules, this kind of thing isn't possible.

This is using semantics to try to minimize the severity of what happened. Do you know what you have to do when you use Paypal to buy digital goods from many persons or companies? You have to send them your ID, a picture of you next to your ID, often confirm a phone call or email, and then pay an extra fee. Because if they don't make customers do that, they will get scammed by chargebacks no matter what, and lose all of their money. People are tired of bullshit like Paypal, and that's why they prefer Bitcoin.

I agree with some points the author has, I don't think there's anyone that thinks the valuation of recent ICOs on the Ethereum network are anywhere near reasonable, but just because things are significantly overvalued doesn't mean the entire technology is for scamming. The problem is that buy the bitcoin in some places, like Colombia, is hell.

I'm trying in like 6 different places and not chance to work. There are a lot of people living near me that want to send money back to relatives in the country where they were born on a regular basis.

One of the advantages that are often touted as a legitimate use of bitcoin is to lower transaction costs. In light of that claim, I wonder how difficult it would be for: The idea is that if a cryptocurrency completely succeed in its goals, there would be no need to convert the BTC to begin with.

They would just use it to buy food, pay rent, and so on. Obviously cryptos are not very close to this goal, but you can imagine that it could be very convenient in this example if that was not the case.

Paul-ish days ago. The author of the piece argues differently. Mainly that bitcoin doesn't need to be used for everyday things, but for things that might be censored. Right, all governments need to do to prevent the "world currency" idea is say "no. I think the main issue that would have to be addressed is the "turn cash into bitcoin" step.

I would love to hear about the experiences of people who have done this. The other option would be to setup a bank account, which might be a bit of a challenge if the person is not a citizen, or perhaps not even in the country legally, and then there's the issue of the money now having a permanent digital paper trail not bad per-se, but probably something your typical migrant worker sending money home might try to avoid but seriously pay your taxes.

I think "turn cash into bitcoin" is the easiest step. You insert cash and get bitcoin on your wallet. There are lot of craigslist-like sites for P2P bitcoin exchange. Again there are lot of communities for exchanging gift card for bitcoin. Turning cash into bitcoin can be as easy as buying gift cards.

I sold bitcoins in person around I had way more demand than bitcoins I was willing to sell. Doesn't that imply it isn't easy? Or at least wasn't back then? I also had some friends who did this around They ended up getting scammed a few times, and they realized that it was a fairly efficient market after all. So they got out. For buyers it wasn't easy back then. Now, in Spain, you can turn cash into bitcoins very easily. With a bank account or debit card it's even easier.

It seems like such a hassle compared to something like Transferwise which already gives decent transaction costs.

Use cases such as buying drugs, gambling, tax evasion, sharing secrets, capital flight and scamming people eclipse all other use cases. Unless the author is using an unfamiliar definition of "vice," I hardly see how this follows. Several of the use cases listed are not what I would consider immoral. Drugs and gambling can obviously lead to addiction, but I don't consider them inherently immoral regardless of whether they are legal in a given jurisdiction.

Tax evasion is a little more of a grey area in this context, because I'm not quite sure how you would use Bitcoin for tax evasion. Sharing secrets is completely morally ambiguous; it depends entirely on what the secret is. Does anyone consider capital flight immoral? I've never heard that idea. Lastly, yes, scamming people is fairly unambiguously immoral. Most drug and gambling providers engage in criminal activity beyond the mere violation of drug and gambling regulation to maintain their market.

If you pay someone in Bitcoin, and they spend that Bitcoin on something else, and none of those transactions are properly reported for their income or capital gains implications, that's tax evasion. Bitcoin facilitates it because it doesn't have the built-in processes for handling large-scale monetary transfers that the traditional banking system does. A better term might be "money laundering". So, sure sharing secrets is not vice, but the rest are or contribute to it.

The point is that most of the value of Bitcoin is wrapped up in vice. Just guessing and this also applies to money laundering: Selling it back when you need liquidity. This should be the biggest takeaway and I could have made it more nuanced, see thread here: Avshalom days ago. Who reading this do you expect to believe you're unfamiliar with drugs and gambling being called 'vice'? Obviously they are both considered immoral by some people, and even a significant portion of people in certain areas probably in the USA.

But that's also true of many things that I wouldn't expect to be brought up in an article that seems to be focused on technology and not any particular religion or moral system, like cursing or homosexuality.

I would make similar comments if someone wrote an article about problems with a digital music store e. I have a lot of problems with how cryptocurrencies are dressed up to look like investments.

Everyone talks about the market cap as if it were a company with some underlying value and some public value. I feel that is very misleading. As well, with the charts and trading platforms, less educated adopters are treating it like a company that produces value. It is a digital collectible. There are a finite number of them produced in Bitcoin's case, at least. The price is high due to speculative demand. People hoard them and lose them, and the price will continue to rise until it collapses.

It is extremely deflationary and has no monetary controls in place to stabilize it. Government backed currencies have value because of taxes. Everyone must pay taxes in the designated currency and failure to do so is punished by a monopoly on force the government can make your life miserable for not paying.

There is no necessitating force, like taxes, for cryptocurrencies. Liferservice Takeaway service for Austrian customers. The other, called SolidX, is distinct in that proposes to insure its bitcoin assets. Mohit Mamoria, in his exhaustive breakdown earlier this month for The Next Web, summed up why this is a problem. Bitcoin is a significant development, because the creator has devised a way to account for moving money between buyer and seller or any two parties that does not require any central bank, bookkeeper or authority to keep tabs.

You can for example earn Bitcoins conveniently from home by participating in this bitcoin affiliate program. Cryptocurrency got a really bad reputation once news broke that Bitcoin was being used to send money anonymously on the drug trafficking website Silk Road. The efforts of the Bitcoin exchanges in India to self-regulate the market allowed the Indian government to reconsider the Bitcoin and digital currency sectors, regardless of the criticisms by several politicians that significantly lack knowledge in cryptocurrency.

Crypto-Chaos After Segwit2x Developers Cancel the Fork Another thrilling week in cryptocurrency land has passed, as the biggest news of the week was revealed on November 8 detailing the Segwit2x fork was canceled.

4.7 stars, based on 265 comments

adam stradling bitcoin wallet

5 Jul The bug here is interesting. There are three separate pieces of new code which was added. First, is code which implements a new ordering rule. The second is consensus code which actually requires the new ordering to be in place in order to consider a block valid. The third is a flag in the header. 16 Jun If you pay someone in Bitcoin, and they spend that Bitcoin on something else, and none of those transactions are properly reported for their income or capital gains implications, that's tax evasion. Bitcoin facilitates it . This solves the double spending problem, but it doesn't solve all the other kinds of fraud. 17 Mar One of the developers tweeted this, see wearebeachhouse.com The explanation is that some nodes will allow you to replace older transactions (not mined yet) as long as the new one has a higher fee. This tool lets you double-spend with a higher fee, and if the newer.

Site Map