Video: Watch This Bitcoin Double Spend Attack Using Replace-by-Fee
Bitcoin’s (BTC) main developers seem to have forgotten to warn the general public about the hole that was created by the “replace-by-fee” (RBF) feature. This could allow for real-world bitcoin double spend attacks, without leaving a trace on the blockchain. In this article is one example.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Crypto Reporter Dumps Double Spend on YouTube
Although key developers say its impossible to double spend BTC, the secret of this task has been known to a closed circle of the crypto public since 2017. Others maintain it’s also possible to use a technique like this whether RBF is available or not.
This video was sent to me by an anonymous Russian crypto journalist. Despite it being in Russian, it has English subtitles so is pretty useful. The video author says:
“Many think that Bitcoin (BTC) – is the first of its kind in the history of financial solutions, because it allows to avoid double-spending of the same money. In this video, I show proves that bitcoin double spend is actually a very easy thing to do.”
After receiving this, I understood that the time has come to write an article about the bug that I’ve been familiar with for more than two years. Yes, this is not a completed double spend, but it’s good enough to rob crypto ATMs or anyone else accepting zero or low confirmation payments for efficiency. Attacks like this have already happened in Canada, for example.
Change The Parent’s Hash and You Fully Eliminate the Child TX
In the Canada, four unknown men plundered 112 CryptoATMs during September 2018. They did it so flawlessly that police only started an investigation at the beginning of 2019. Combined with social engineering skills, the secret of this BTC double spending technique is also possible to use with people too.
The interesting aspect here is that the trick uses the RBF feature, which completely changes the parent transaction hash. In fact, it creates a new parent transaction that replaces the old parent, leaving the same inputs, outputs and sums.
“Replace-by-fee” was introduced with Bitcoin Core 0.12.0 in February 2016. Though convenient for clearing transactions that get stuck if the miners’ fee is too low, it has remained a controversial feature.
The issue is that the child transaction can only live if its parent is included in the blockchain. Also, with a very low fee set for both transactions, a child transaction can sit in the mempool for up to two days before you change the parent transaction fee and thus its hash.
This is enough to do bad stuff with zero-confirmation crypto ATMs or LocalBitcoins traders who trust you. The use of the RBF feature with the unconfirmed parent-transactions makes the old parent transaction disappear, together with its child. Because the child transaction connects to the parents via its hash, after you replace the parent and change its ID, the child transaction disappear from the blockchain with no trails, forever.
The Main Developers Prefer To Ignore The Problem
Bitcoin’s main developers seem to think that there’s no need to inform the public about the issue.
Here you see my letter to Wladimir van der Laan from November 2018. And here’s his answer.
He said that it’s impossible to make transactions disappear from the blockchain. As you can see in the video above though, the maker demonstrates this thing is possible. Moreover, Bitcoin ABC lead developer Amaury Sechet has said that there are many ways of doing double spend attacks within the BTC, BCH and BSV networks.
Also, Wladimir suggested that I contact the Electrum wallet developer regarding the wallet issue. The problem is, I had already contacted Thomas Voegtlin about two years ago. He replied that this is not Electrum’s issue, it’s Bitcoin Core’s RBF-related issue. Looks like it’s true, because the transactions disappear not only from the Electrum wallet, but from blockchain explorers too.
Cryptograffiti CEO Gives His Professional Opinion
Since I still needed some quotations for the article, I wrote about this issue to my fellow Erich Nakamoto, CEO of the Cryptograffiti.info service. He is a professional coder, and his answer was:
“Sure, I know about this double spend issue. I even had to implement special software for a bunch of crypto related projects. It was about two years ago, yeah. I made it very difficult to execute this kind of attack with firms that I work in.”
I need to admit that Erich is a very notable blockchain coder and his services touch a very broad list of cryptocurrency use cases. Looks like all this time, a circle of very smart developers (and myself) knew about the double spend bug, but the lack of time or will to fix it (and maybe zero interest from crypto press) obscured it from the public. Till this day.
The moral of this story? Accepting low or zero confirmation bitcoin transactions is risky, if not downright dangerous. If you’re offering goods, services or cash in return for BTC — even if it’s from someone you “trust” — it’s worth waiting for those three or more confirmations.
Legal Disclaimer: This article is not for use in illegal activities. The information that you learn is for self defense and educational purpose only. Bitcoin double spend attacks using Electrum+RBF are not the invention of Bitsonline contributors or their informants.
Is RBF a bigger threat to Bitcoin security than some want to admit? Share your thoughts in the comments section below.
Images by Jeff Fawkes