Bitcoin Forum

Hi, all. I have been running a Bitcoin miner for a while, but haven't really contributed to the project in any other way. I decided it was my turn to give back, so I spent the better part of my Saturday writing a simple Bitcoin exchange in PHP. I don't have very many coins to sell, but I am generating more at a rate of about 100/month. Additionally, I would greatly appreciate it if some of you would stress test the system by doing stupid things and/or intentionally trying to abuse it, and discretely inform me of your results. I am open to any suggestions, and will be giving rewards. There are more details on the site (http://dylanw.dyndns.tv:8331/lvbx/). Pay With PayPal.

EDIT: Some bugs resulted in several incomplete transactions. Those affected have been refunded and given a few BTC as compensation. The problem has been resolved, and the exchange is open for business.

doesn't really seem to be a security flaw, but I get:

"Fatal error: Uncaught BitcoinClientException:

• : Didn't receive 200 OK from remote server. (HTTP/1.1 500 Internal Server Error) thrown in on line 0"

when I fill in 1 in the bitcoin field and 1 in the bitcoin address (rather than putting in a real bitcoin address)

You are very vulnerable to paypal charge-back fraud.

FIXED.

I'm working on an implementation that will store transactions and not deliver them until they are marked "Completed" by Paypal. Is is possible to refund a purchase after it has been market completed without going through the dispute process (which involves notifying the buyer)?

EDIT: Actually, that step seems to be unnecessary. You cannot charge back payments to Business Accounts.

I don't know a way, except wait for 2 weeks (if I remember it well, this is the time after which you can't charge back a transaction). Or integrate the risk of been charged back into your fees.

I just had two different people try it out, and the "Cancel Payment" option did not appear for them (it had appeared in the paypal sandbox). The "Dispute Payment" button was clickable, but if they try that they bring me and a Paypal customer service agent into the situation. Anyway, I'm not paying for my (mined) Bitcoins, so it's okay if there is a little profit loss.

Does anyone want to try chargeback a transaction and see if they can? You can buy 0.01 BTC for $0.01 USD.

403 error on your site. Im interested in buying some bitcoins.

I apologize, I was migrating some stuff. It's back up, but now at: http://dylanw.dyndns.tv:8331/lvbx/ (http://dylanw.dyndns.tv:8331/lvbx/). I currently have 9.51 Bitcoins for sale, and 5 more coming within 24 hours.

*shameless bump*

With the help of some nice people from IRC, I've hammered out what looks like to be the last of the bugs. You can now buy any number between 1-100 Bitcoins, though I only have 2 left!

I'd love it if someone would try it out ;)

You working With LR ?

To be honest I have no idea what you're talking about.

Liberty Reserve (some other form of e-cash).

LR - Liberty Reserve www.libertyreserve.com

The chargeback fraud, if I understand correctly, isn't a result of people cancelling payment or disputing it through paypal, rather that the transfers are funded by credit card, and the credit card receives a chargeback request, at which point paypal reverse the transaction, since it was funded fraudulently (allegedly).  My understanding is it is quite difficult to eliminate them, other than simply waiting a long time to clear transactions.  I'm not sure if there is a way to only accept paypal transactions funded by account balances, I'm sure it's been discussed before though, since this has come up quite often in the bitcoin community.

There is the paypal chargeback -- scammer disputes their purchase, and gets back funds -- in addition to the credit card chargeback.

The scam, and the net result, are the same:  PayPal seller loses funds from purchase, and scammer keeps the hard cash (bitcoins or LR).

I see. There doesn't appear to be any defense, so I'll just accept the risk. Good think Bitcoin doesn't have chargebacks!

I am now considering adding support for Liberty Reserve, as they have a similar API to PayPal and charge lower fees. Would anyone be interested in that?

Mtgox can do LR transactions easily so it doesn't make sense (getting to LR requires a significant amount of money to be cost effective).

You should also add details of the amount of bitcoins you have and your fees to the main page.

EUREKA! It works! I have one more bitcoin!

The defense against Paypal chargebacks is to not use Paypal at all.

Paypal only works when the receiver trusts the spender.

As a consumer protection feature, Paypal allows buyers to back out of trade and charge back their purchase. Users might cry that they did not get what they paid for, or they may claim their account was cracked or phished. Paypal will take the money back from the receiver.

As a seller, it's easy to trust someone who is buying a service that can't easily be resold, such as a subscription. 

With something liquid, the classic example being the mail order laptop, it's harder to trust the spender. What is to stop him from charging back after the hardware is shipped?

In the case of trading Paypal for cash money, like bitcoin, it's very hard to trust the spender. Nothing is more liquid than digital currency. It belongs to the bearer, as does cash. It's easily traded into anything you can imagine. It's liquidity is very attractive to phishers and scammers.

There is a whole army of thieves who understand this and will steal from you Quip. This is an old problem and has been addressed so very often by every digital currency in use, past and present.

When you start verifying and validating and ID ing and KYC ing and AML ing and on and on, you completely undo the benefit that the digital currency delivers. It's no longer private. Privacy is the necessity that did mother this invention. It's no longer cheap. All that checking and validating and getting to know someone is time consuming and expensive. In the end, you will be wrong about some users and you will be the only one to pay for those errors.

Now you are an exchanger; you are effectively upgrading the hardness of your users' money. The buck stops with you. You are the firewall against fraud.

Good luck and best wishes.

Yes i would be interested, let us know when you have this ready.

I am still unsure about Liberty Reserve for that reason.

I'll try to add balance and pricing to the front page in the next couple of days. For now you can see that info at http://dylanw.dyndns.tv:8331/lvbx/info.php (http://dylanw.dyndns.tv:8331/lvbx/info.php).

Well MTgox has a min coin purchase of 100,
so anyone who can offer small amounts with via Liberty Reserve,
would be very useful.

Thanks for clearing that up. I'll do my best to implement LR payment this weekend.

You might want to evaluate the contents of this thread (http://bitcointalk.org/index.php?topic=3176.0) before you do so.

Note, I have never used LR (though I did sign up, and considered it at one point), and have not followed the situation at all. That said, MadHatter appears to know what he's talking about, and I find his concerns very valid.

Thanks for that. The decision is now back in Limbo.

Unrelated: I just realized that paypal charges a $0.30 fee for each transaction, which I am currently absorbing. Would anyone object if I shunted this to the buyer? It would raise the cost of all purchases by $0.30, regardless of the number of bitcoins purchased, so I am hesitant.

People already can automatically swap BTC in or out of LR  with low fees and no minimum, auction style at Mt. Gox or instantly at NG. That functionality has been in use for over a year already.

Bank wires have to be large enough to overcome the hefty flat fee. LR works fine for small spends, even for micropayments.

That settles it then, I'm not adding LR support.

Why not?

I don't understand your logic.

If you can convert paypal to LR for free and then buy bitcoins using LR at mt. gox with no minimum quantity, then how am I supposed to compete?

You can't convert Paypal for anything resembling cash. Not for anything remotely liquid.

Trading bitcoin in and out of LR is easy, cheap and quick.

Read again post I made above.

http://exchangezone.com/en/Welcome claims to do free conversion of paypal to LR. Your service claims free conversion of LR to bitcoins. Am I misunderstanding something?

EDIT:
I just noticed your earlier post. Thank you!

I suggest you read the Paypal rules which state that consumer protection is only for Tangible goods. As a paypal buyer you can't back out of such a trade for the situation you just described.

You can put a receiving paypal account into micropayment mode (google paypal micropayment) - then you're charged 5% and 5c per transaction instead of 30c + a smaller percentage.

if you expect your market to be small transactions rather than large transactions maybe that makes sense

.30 cents isn't much, I know I wouldn't mind if you shunted the cost to me

You have to make a new account to utilize micropayments.

I may do that, or I may just add a checkbox (checked by default) that allows customers to optionally contribute an additional $0.30 USD.

You are now charged an extra 30 cents per transaction unless you opt-out. I'll see how that goes for now.

I've made several big changes to the site today:

• My current balance and pricing are now displayed on the homepage.
• The $0.30 USD PayPal fee is now mandatory
• You can now optionally leave me a tip, default 5%
• There is now significantly better fraud detection, which may result in a temporary delay on purchases made using unverified accounts.

I rewrote the bulk of the way transactions are processed to better prevent fraud while simultaneously ensuring faster delivery. I also have 40 BTC available.

Bitcoin for Paypal! Too good an opportunity to refuse.

Sorry but I just bought all your bitcoins  :) Left a tip though.

Site works perfectly, very quick and easy.

You can buy more bitcoin with Paypal from me: http://bitcoinmorpheus.tumblr.com/how_to_buy_bitcoin_with_paypal

I have a $500 limit on purchases. Also, there is a 3 day waiting period for delivery. However, you get today's price for your purchase.

My Paypal account is not verified! I believe the only way to get verified in the UK is by giving Paypal access to my bank account; I can't think of anybody that I would trust less with my bank account.

Are you saying that your bank account number is a secret that you can't trust Papal to know?

Yes.

PayPal has a nasty habit of doing ACH transfers FROM people's bank accounts when those transfers are unwanted, and there's no way to stop it except to not give them the bank account number in the first place.

Heh, it's a good thing I keep nothing but the minimum balance in my bank account. All my savings are in Bitcoin and Silver.

Pretty much. Yes.

The stupid thing is I couldn't care less who else knows my bank account details, but not Paypal.

In the UK we call it a Direct Debit, they can be set up electronically and they come with a guarantee that if money is taken from your account without your permission then your bank will automatically refund you.

But, of course, if you verify your Paypal account then they can produce a 24,000 word user agreement that proves that they are not acting fraudulently, and in fact you did give your permission.

Other than that it's a very convenient service!

Thanks for your purchase!

What happens if PayPal overdraws your account?

Corrected for accuracy.

That is an issue between you and your bank.

Mine would probably bounce the Direct Debit and charge me £12 for the privilege. Another bank may pay the Direct Debit and then charge an unauthorised overdraft fee!

Hi, I've noticed that the site is down for maintenance... everything's OK? Can you drop us an answer on this thread when it's up again?

Thanks!

I've run into a bunch of trouble maintaining it, and I honestly don't have time. I may bring it back eventually, but for now use CoinPal.

Quip, sorry to hear that.

I used your service and liked it a lot.

As I have thought about running a similar service myself, can you elaborate on the trouble you had? Also, would you consider making your software Open Source?

Thanks!

thanks completely for these notions,
so: pratically,
i'm italian, i'd like to buy and sell bitcoin, what would be my best choice?
excuse me but it’s days i’m reading about Bitcoin (trying to understand as much as i can.. i’m italian..),
and i still don’t get HOW to buy and then HOW to reSell my bitcoin.
 
could you explain/ make clear (and just easier) to me?
E.G.:
I find one who sell 100bitcoin, and i buy it sending my money through paypal[NOW YOU SAID NO SURE SO..?](this one will get a % of a translation , isn’t it?)
and the (HOPEFUL) person will charge my bitcoin with the address & string..
 
then:
if i’d like to sell, i should write a post on forum , HOPE that someone will buy and then send my bitcoin to the string buyer and TRUST that he’ll charge my paypal[NOT SURE EITHER SO?]??
 
how does these exchanges works? (IS IT SURE PAYPAL?) What would you suggest me to do for buy like 100bitcoin and resell in a future?
 
thanks REALLY in advance if you could try to answer me