Bitcoin Forum

Greetings!
I have been on hiatus from posting on BitcoinTalk for quite a while now, I have recently started school and have been extensively busy, but when I visited another e-marketplace that I frequent, I noticed a surge in Scam Reports, it all followed the general gist of this, the seller was contacted by a buyer interested in paying with Bitcoin, the buyer agreed to go first to the user, the buyer paid in bitcoin and the seller delivered the virtual product to them, and a few hours later, the $ that the buyer sent disappears from the wallet of the seller.

This is something that there is no doubt people on this forum are very familiar with, this is called Double Spending.
Double Spending is described as the act of sending the same coins twice, this is an inherent risk with cryptocurrency and virtual tokens, and it has one which has been around forever, but not one that too many people who are new to crypto are familiar with. So consider this post an introduction to double-spending for newbies

**** I WILL NOT BE GOING IN-DEPTH ABOUT HOW TO DOUBLE-SPEND A TRANSACTION OR HOW IT WORKS ON A DEEP TECHNICAL LEVEL, IF YOU CAME FOR THAT, SORRY, YOU WONT FIND IT HERE ****

Anatomy of Double Spending - An example of a DS Scam
To criminally over-simplify Double Spending, Double Spending is as the name states, spending the same coins multiple times.
Here is an easy to understand example:
- Lets say that Joe has a balance of BTC0.1 in the wallet 0x001
- Joe isn't a very good guy, but he wants to buy Item X for BTC0.09 from John
- Joe sends BTC0.09 with a transaction fee of BTC0.01 and John delivers Item X
- Joe used a very very low fee for the BTC0.1 transaction he sent to John, so the transaction has 0 confirmations after 30 minutes of waiting, John just thinks that the network is being slow
- Joe decides to strike, taking advantage of the fact that the transaction hasn't confirmed and the fact that his fee was extremely low, along with using the RBF Protocol, he sends a duplicate transaction, a transaction with the exact same amount and fee that was used in the original transaction, but this time, he sends it to another address that he controls instead of John's, since the original transaction hasn't been confirmed yet, the first transaction is essentially overwritten on the blockchain, sending the funds to his own wallet instead of John's.
- The original BTC0.09 that John had received disappears from his wallet andJoe has received his Item X, costing him only the price of the transaction fees.

** It obviously isn't this simple, but this is essentially how double-spend

Double spending is a threat that an unreal amount of casual BTC users are unaware of, this is a threat that is truly only present with virtual coins, as you cant do that with a physical currency, but theres always a price tag to progression, the price in this instance is knowledge, the more people know what Double Spending is and how to combat it, the less effective this scam will be.

And speaking of protection....

The importance of Confirmations - How to protect yourself from DSing
There is only 1 100% effective way to prevent Double Spending, and it is much simpler than most people think, there is one way to absolutely ensure that a transaction never gets double-spent, and thats using confirmations, once a transaction has confirmed, there is essentially no possible way to double-spend it without the help of a 51% attack, I will not cover 51% attacks in this post but there are numerous other resources that you can use to learn about them on this forum


* I left a lot of stuff out of this post, I'm not too familiar with the technology behind double-spending attacks but I feel like this is something newbies to crypto should be aware of, if you have any additions I can make, please ensure that you comment them below so I may edit them in to the original post, thanks!

Or you (as a seller), can apply the standard for transaction confirmation if you receive payment in crypto.
Example: I bought a PC from you, I want to pay with crypto (example in ETH). You agree to the terms, the PC will be sent after after the transaction gets a minimum of 4 confirmations.

Even though the fee used is small, you can still check it through an internal transaction
https://i.imgur.com/igTPvYP.png
Source : https://etherscan.io/ (https://etherscan.io/)

You can also use escrow to avoid a situation like this. While it's usually used to protect buyers from scammy sellers, it also gives benefits for the sellers in case of buyers' lack of credibility.

Contrary to popular belief, you don't actually need 51% of the hashpower to reverse transactions which have already been confirmed.

When a 51% attack occurs, an attacker is starting at a deficit of however many confirmations a transaction has. With 1 confirmation, they only start at a 1 block deficit. With 6 confirmations, they have to start at a 6 block deficit. The attacker then generates their own alternative blockchain as quickly as possible, trying to overtake the main chain. With 51% of the hashpower, they are guaranteed to be successful (provided they can maintain their 51% or higher proportion of the hashpower) regardless of how far behind the main chain they start. However, with a much smaller proportion of the hashpower, they still have a chance to be successful. An attacker has a 50% chance of success at reversing a transaction with 1 confirmation with only 24% of the hashpower. With 6 confirmations, they would need 40% of the hashpower for a 50% chance. You can use this site to play around with the numbers and get a feel for it yourself: https://people.xiph.org/~greg/attack_success.html

There is also such a thing as a stale block - a block which was mined correctly, but then later discarded since another block mined at the same height was included instead. Any transactions which were included in the stale block but not in the replacement block would go from showing 1 confirmation to being unconfirmed.

TL;DR: Always wait for at least 1 confirmation, but even 1 isn't a complete guarantee. The higher the value/risk, the more confirmations you should wait for.

Will edit this in to the OP in the morning, thanks for the input!

Main rule: "Always as minimum 1 confirmation for a deal. More - better."

Hello, its nothing new i mean confirmations are basic rule of how Bitcoin works.
If you have pocket money 0 confirmations are OK if you accept risk of sometimes loosing pocket money.
Any serious money should have at least 1 confirmation.

Thats it :P in simpler words.

Double spending, attacks and roll backs are MUCH more relevant for alts, though of course people should remain vigilant for Bitcoin stuff too.

Some chains have now been attacked multiple times. Some have inadvertently forked themselves. I think people naturally assume that because you're unlikely to get raped that way using BTC the same applies for everything else and that is very definitely not the case.

There are plenty of revealing stats regarding this. For example I sold some BSV for LTC on Okex. Okex wouldn't let the LTC go until 200 BSV confirmations. That took several days of waiting and pretty much says it all in terms of how trusted and secure it is.

I really like the site https://howmanyconfs.com/, which compares the time needed between different proof of work coins to reach the same level of difficulty as 6 bitcoin confirmations. Sure, it's not 100% accurate since its difficult to compare different hashing algorithms (you can read about their methods here (https://github.com/lukechilds/howmanyconfs.com/blob/master/README.md#how-are-these-values-calculated)), but it gives a good indication. It's a great site to show newbies when they complain about bitcoin being slow and altcoins being much faster; the reason Litecoin (for example) is faster is because it is less secure. It's block time is only 2.5 minutes, but it needs somewhere around 900 confirmations taking a day and a half to be as secure as 6 bitcoin confirmations. As you say, BSV takes around 3 days.