27
28

A simple double spending tool (doublespend.me)

bitcointhailand 投稿

全 33 件のコメント
並べ替え:
ベスト
トップ新着論争中古い順Q&A

[–]blockonomics_co 4ポイント5ポイント  (9子コメント)

interesting ! Bookmarked ...

Asking for private key is a bit scary. I want to use your tool but don't have time to review source code. Could you change this so that it doesn't ask for private key and just generates the transaction. I can then sign the transaction using electrum https://electrum.orain.org/wiki/Cold_storage#Get_your_transaction_signed

[–]bitcointhailand[S] 0ポイント1ポイント  (7子コメント)

The idea behind it is that it's something simple to use on the go...where all you need to do is remember your brain wallet, don't even need to remember your address (no offline signing processing etc...)

If you are going to do an electrum signing process you may as well just manually generate the 2 transactions in electrum while you at it (no need for this tool at all)....but you're not going to be able to do all that while trying to "buy" a cup of coffee :D

Also note that you can download the source from github and run the script locally (so that you can be sure the website hasn't been modified to maliciously steal private keys)

[–]blockonomics_co 0ポイント1ポイント  (1子コメント)

Thanks ... I will go with manually generating transactions from electrum.. Just curious on what crap tx fees bc.io would accept

[–]bitcointhailand[S] 1ポイント2ポイント  (0子コメント)

Currently the app is set to use a fee of 0.000001 (which assuming fairly new coin-age) is way lower than most nodes will allow to broadcast; and bc.info will allow it.

[–]wachtwoord33 -2ポイント-1ポイント  (3子コメント)

Doesn't Bitcoin core restrict you from making a tx with spend inputs (even unconfirmed)? How would you go about doing this?

I might need this if BIP101 and therefore Gavincoins ever come of the ground so I can dump them on the market while keeping the real Bitcoins.

[–]sgornick 2ポイント3ポイント  (1子コメント)

The approach this tool takes is that the first transaction has a fee small enough that it won't propagate quickly. But it might reach your zeroconf-accepting counterparty (e.g., Shapeshift.io) before it reaches a miner. Then once your payment has been accepted you broadcast the double spend with the higher fee in the hope that the second transaction is the one that the miner of the next block happened to see first.

So it is a race attack that takes advantage of the propagation latency that occurs with transactions paying only a really low fee.

Thus even though Bitcoin Core nodes won't relay your transaction that has a double spend, some nodes that you broadcast the second transaction to might not even know about the first one and will relay it.

Also, keep in mind that BitcoinXT nodes will relay double spends. So even if BitcoinXT doesn't cause a fork, enough XT nodes out there can still make double spending like this easier.

It's really a moot point -- almost nobody accepts zeroconf from an untrusted party and those that do (and aren't double spent into insolvency) are using scoring that would ignore a transaction with such a low fee. Shapeshift.io uses BlockCypher's scoring plus some other custom protective measures, according to this: http://reddit.com/r/Bitcoin/comments/387y84/from_zero_to_hero_bitcoin_transactions_in_8/crt098j

As far as BIP101, if that causes a fork you wouldn't do a race attack like this. You would simply taint your pre-fork coins in BitcoinXT with newly mined coin, and then spend (to a new address) from there, while also retaining the ability to spend the pre-fork coins in Bitcoin Core at your leisure.

[–]petertoddPeter Todd - Bitcoin Expert 2ポイント3ポイント  (0子コメント)

Shapeshift.io uses BlockCypher's scoring plus some other custom protective measures, according to this:

Is Shapeshift.io still accepting unconfirmed payments? I tried a few days ago and they didn't seem to be anymore.

[–]Cab000se -1ポイント0ポイント  (0子コメント)

Wow, so you literally made this with malicious intentions of performing double spend transactions at merchant's location? Kind of sickening.

[–]Petebit 5ポイント6ポイント  (5子コメント)

Why is this a good thing for Bitcoin?

[–]davout-bc 2ポイント3ポイント  (0子コメント)

It's neither good or bad, it's how Bitcoin works.

Any technically literate person can do the same manually, this just reduces the gap with non technical folks.

[–]bitcointhailand[S] 4ポイント5ポイント  (3子コメント)

Currently there are a lot of people accepting 0-confirmation transactions with no fraud screening (they see a transaction, then they accept it immediately)...hopefully this tool will raise awareness that it's not safe to do that.

0-confirmation transactions can still be accepted but people need to be aware that they are not safe, and that additional inspection of the transaction details are required to analyze the risk of fraud associated with the transaction.

A simple analysis of the tx fee would be enough to stop someone from being tricked by this tool...yet alot of people don't currently do that.

[–]Petebit 2ポイント3ポイント  (1子コメント)

So like a campaign to make people wear seat belts, a company will go around crashing into people to make them aware of the dangers. I suppose it makes sense :)

[–]klondike_barz 0ポイント1ポイント  (0子コメント)

its the reason why speedbumps are lobbied for by suspension/shock manufacturers like Monroe

[–]AussieCryptoCurrency 0ポイント1ポイント  (0子コメント)

Currently there are a lot of people accepting 0-confirmation transactions with no fraud screening (they see a transaction, then they accept it immediately)...hopefully this tool will raise awareness that it's not safe to do that.

Yeah, just like PseudoNode was raising awareness of something...maybe bitnodes? Because it's not like a script kiddie has written a web app that serves no purpose other than trying to double spend Txs.

Why wouldn't you code for the core software?

Generally these sorts of apps have a reason to exist, rather than "increasing awareness of the problem the solution creates".

[–]rydan 9ポイント10ポイント  (4子コメント)

Can we please have a rule in this subreddit that posts to sites that request a private key are banned? This is just asking for trouble especially when there is no SSL on the site.

[–]bitcointhailand[S] -3ポイント-2ポイント  (3子コメント)

The site is javascript and runs client-side so the SSL would make no difference seeing as no data is sent to the server. (You can also download the source from github and run it locally)

[–]davout-bc 11ポイント12ポイント  (2子コメント)

No SSL = malicious JS injected on the fly...

[–]CrazyCodeLady -1ポイント0ポイント  (1子コメント)

Yeah sure, if you inject it. When you click save page as and then run it with firefox, there is a 0% chance that a remote attacker can spend your private key.

[–]davout-bc 0ポイント1ポイント  (0子コメント)

"No, it's not insecure if no one attacks it!"

Are you retarded or are you just trolling? When you click "Save page" an attacker can very well inject some code that leaks the keys to his API.

[–]110101002 3ポイント4ポイント  (1子コメント)

Do you have some methodology page?

[–]bitcointhailand[S] 6ポイント7ポイント  (0子コメント)

No page currently. (now has a help button with some details)

The script will generate 2 transactions. One with a normal fee, and one with a much below recommended fee.

blockchain.info will accept the crap fee and relay it (most other services would reject it).

You then wait until your target has received a relay of the unconfirmed transaction and broadcast the bottom transaction with proper fee (to blockr.io), which will accept the new transaction because it sees the first transaction as invalid due to insufficient fee.

Second transaction will relay to all nodes that rejected the first transaction...(and so probably reach the miners before the first transaction).

It will have a much better success rate if done during a "stress test"...in which case you can literally wait days until you spend the second transaction.

[–]OutCast3k 1ポイント2ポイント  (4子コメント)

Interesting tool. Nice work! :)

[–]fullofstars67 0ポイント1ポイント  (3子コメント)

Has anyone tried this tool against a 0-conf merchant? I'm really curious how well their risk analysis works especially now that XT is ~10% of the network.

[–]moopma 0ポイント1ポイント  (0子コメント)

XT is nowhere near 10% of the network. It has about 0.1% hashing power and a bunch of fake nodes.

[–]petertoddPeter Todd - Bitcoin Expert 0ポイント1ポイント  (1子コメント)

Does anyone know of any 0-conf merchants? Shapeshift.io seems to have stopped accepting 0-conf.

[–]btcdrak 0ポイント1ポイント  (0子コメント)

Anyone using Coinbase.

[–]Liongrass 3ポイント4ポイント  (1子コメント)

I'm not taking any Bitcoin project seriously that doesn't force https by default.

[–]CrazyCodeLady 0ポイント1ポイント  (0子コメント)

Its javascript, all the code is run in your browser. The only data transmitted is a signed tx, which cant be leveraged to spend funds.

[–]ivanraszl 0ポイント1ポイント  (0子コメント)

Great research project.

[–]R3dPillAndFeminist 0ポイント1ポイント  (0子コメント)

Interesting! We've almost got the apocryphal "double spend wallet". I guess this is exploiting Blockchain.info's dual role as an actor in the bitcoin network and also as an information broker for end users; one role would compel a typical node not to broadcast the transaction, while the other role compels them to do the opposite.

I think we're going to be forced to accept replace-by-fee and a min-one-conf world. But as a band-aid, I wonder if we might amend BIP70 (payment request API) to include a miner's fee; if you don't include at least the recommended fee then the payment is not considered to be fulfilled. Or child-pays-for-parent would be another way to address it.

[–]omgosaurus -2ポイント-1ポイント  (0子コメント)

Scary stuff

[–]BitcoinOdyssey -2ポイント-1ポイント  (1子コメント)

Ppl want fast. This is where other coins or side-chains can lead the way.

[–]sQtWLgK 0ポイント1ポイント  (0子コメント)

10' is enough for most types of money transfers, except payments. Some payments (in store, digital delivery, etc.) need to be instantaneous. Not 1' average; instant.

This is why sending to addresses (push-style, non interactive) is terrible for payments, which ideally need to happen on their own layer on top of the blockchain (and not an altchain or sidechain).

The payment request protocol was the first step in that direction and the Lightning network looks like it would be the next. Off-chain, trustless and instant.