I successfully double spended $400 of Bitcoin today

[turtlehurricane]

For those that don't know there is a strange new 'attack' underway https://www.cryptocoinsnews.com/bitcoin-attack-coinkite-reports-malleability-attack-urges-caution/

When using blockchain.info wallet any transaction you sent gets sent twice, causing the balance to go negative, at least on the GUI. This is freaking out alot of people, including me when it first happened to me. I sent out around 5 BTC and then suddenly another 5 BTC were sent. Fortunately the remaining BTC were still there, the wallet just went negative even more when I sent those out.

Anyways, I sent 1.65 BTC to someone ( https://blockchain.info/tx/0ded68289e93a5db468293f106a8992e03e7125130340c9929a4e72add3c4b15?show_adv=true ) and it showed up on blockchain as usual, at which point the customer left. Before that transaction confirmed I sent 1.15 BTC to myself using the same input (accidentally, to get my btc out of my fucked up blockchain wallet), except I put a transaction fee 5X higher. The 2nd transaction confirmed before the 1st one did, and the $400 of BTC disappeared from the customer's wallet.

After much confusion, I sent the 1.65 BTC to the customer again after getting my BTC to a Bitcoin Core wallet and all is now well. People must be getting robbed today though, this is really dangerous. Blockchain.info needs to fix this asap. If I was dishonest I could have easily kept the Bitcoins, they were in my wallet and confirmed.

[--Encrypted--]

People must be getting robbed today though, this is really dangerous.

wait for the transaction to get confirmed before leaving. problem solved.
also I've read that those attacks doesn't do anything more than that. you won't lose your btc or anything (cmiiw)

[BitcoinNewsMagazine]

Coinkite says they solved the problem for their users "... As of today, all deposits into Coinkite accounts must receive one confirmation before we will use them in a new transaction. We have deployed new code that tracks these modified transactions, and when they get confirmed into blocks, we retroactively adjust our records and continue with the new transaction number in effect." Coinbase also says their customers are no longer affected I imagine they did the same.

[EthanB]

Some of my bitcoin got double-spent today. No loss from my side, but it certainly freaked me out.
Might have been you. 

[turtlehurricane]

Blockchain.info needs to fix it. Bitcoin Core accounts for this now too.

Basically until a transaction gets confirmed its possible to broadcast another transaction using the same inputs, and if you put the fee alot higher than you have a good shot at getting confirmed first. This is very unusual and not 100% due to the malleability attack itself. The malleability attack makes the blockchain.info wallet software bug out so you can spend an input thats already been used in a transaction.

This can most definitely be used to rob during peer 2 peer trading... the malleability bug itself wont lose you Bitcoins, but this blockchain.info bug definitely could if you buy BTC from a untrustworthy source.

[brg444]

Bitcoin users not affected  

[EthanB]

Blockchain.info needs to fix it. Bitcoin Core accounts for this now too.

Basically until a transaction gets confirmed its possible to broadcast another transaction using the same inputs, and if you put the fee alot higher than you have a good shot at getting confirmed first. This is very unusual and not 100% due to the malleability attack itself. The malleability attack makes the blockchain.info wallet software bug out so you can spend an input thats already been used in a transaction.

This can most definitely be used to rob during peer 2 peer trading... the malleability bug itself wont lose you Bitcoins, but this blockchain.info bug definitely could if you buy BTC from a untrustworthy source.

Did you double-spend your posts to get more activity? How do you have more activity than posts?

EDIT : wut https://gyazo.com/53f9ae994fa3c63e9dd38ede63469f75

[manselr]

I haven't done anything with Bitcoin lately so I feel safe. I also only operate with Bitcoin core as well. I keep reading about this malleability problem and wonder when they will do something about this. It's a pretty serious thread. Will the LN help with this?

[turtlehurricane]

I haven't done anything with Bitcoin lately so I feel safe. I also only operate with Bitcoin core as well. I keep reading about this malleability problem and wonder when they will do something about this. It's a pretty serious thread. Will the LN help with this?

I'm glad someone else in this thread recognizes this is a serious problem. It's not a joke.

Bitcoin Core is already fixed, which means the code is out there to make this not an issue. Blockchain.info needs to patch this as soon as they can, tons of people must be freaking out.

[EthanB]

I haven't done anything with Bitcoin lately so I feel safe. I also only operate with Bitcoin core as well. I keep reading about this malleability problem and wonder when they will do something about this. It's a pretty serious thread. Will the LN help with this?

I'm glad someone else in this thread recognizes this is a serious problem. It's not a joke.

Bitcoin Core is already fixed, which means the code is out there to make this not an issue. Blockchain.info needs to patch this as soon as they can, tons of people must be freaking out.

I haven't been using my BlockChain since this has become a bigger wide-spread issue. Been using my Core and very sparingly.

[Possum577]

Some of my bitcoin got double-spent today. No loss from my side, but it certainly freaked me out.
Might have been you. 

Oh great. All we need is a this shit to spread and bitcoin will be finished. No one is going to use a payment system that has the real threat of inadvertently defrauding users.

What's being done to fix this?

Here's one article about a potential fix: http://bitcoinvista.com/2014/01/18/fixing-double-spending-why-bitcoin-is-revolutionary/

[EthanB]

Some of my bitcoin got double-spent today. No loss from my side, but it certainly freaked me out.
Might have been you. 

Oh great. All we need is a this shit to spread and bitcoin will be finished. No one is going to use a payment system that has the real threat of inadvertently defrauding users.

What's being done to fix this?

Here's one article about a potential fix: http://bitcoinvista.com/2014/01/18/fixing-double-spending-why-bitcoin-is-revolutionary/

This is one of the reasons I have been studying bitcoin api, and improving my programming skills. Hopefully the Dev's get some more man-power to handle these things.

[Kakmakr]

Is this a problem with the Blockchain.info api or a problem with the client they are using? I am sure these transactions will not be confirmed once it hits the Blockchain and the miners handle the transaction.

I have not experienced this and I did send out some transactions lately from that wallet provider. Is there no official explanation for this from Blockchain.info? ^hmf^

[christycalhoun]

So this is basically just a blockchain.info only exploit? Am i understanding this right?

[mexxer-2]

Is this a problem with the Blockchain.info api or a problem with the client they are using? I am sure these transactions will not be confirmed once it hits the Blockchain and the miners handle the transaction.

I have not experienced this and I did send out some transactions lately from that wallet provider. Is there no official explanation for this from Blockchain.info? ^hmf^

AFAIK it is a problem in the blockchain API , so you send x amount to bob and same amount to your second address with latter being transacted after sending 1st one. What actually happens is not a double spend but rather:
1) You have 1.1 btc in your wallet
2) You send 1btc to bob with a minimal fee.
3) You send the 1 btc to your second address now with a fee of 0.1btc(hypothetically)
4) The btc appear on bob's blockchain wallet, although not confirmed yet
5) Now , the 2nd transaction is the one that is confirmed, which makes the 1 btc to disappear from bob's wallet.
Anyway thats how I understood it

[smoothie]

For those that don't know there is a strange new 'attack'

Uh no it's not new.

[newtons1]

I haven't done anything with Bitcoin lately so I feel safe. I also only operate with Bitcoin core as well. I keep reading about this malleability problem and wonder when they will do something about this. It's a pretty serious thread. Will the LN help with this?

I'm glad someone else in this thread recognizes this is a serious problem. It's not a joke.

Bitcoin Core is already fixed, which means the code is out there to make this not an issue. Blockchain.info needs to patch this as soon as they can, tons of people must be freaking out.

The fact that someone is using core does not mean anything. The issue is that people are spending 0 confirmations transactions which cause transactions to become invalid once the changed transactions confirm.

Any inaccurate display of balances in wallets will eventually correct themselves, most likely after restarting your wallet software

[cjmoles]

Okay, how does the original wallet let a transaction out if the funds aren't in it anymore?...unless some of the wallets ledger history was reversed some???....hmmmm???

[newtons1]

For those that don't know there is a strange new 'attack'

Uh no it's not new.

This attack has be known for years, but it is only recently (within the last ~18 months) that there have been any serious consequences because of this issue.

[onemorexmr]

For those that don't know there is a strange new 'attack'

Uh no it's not new.

This attack has be known for years, but it is only recently (within the last ~18 months) that there have been any serious consequences because of this issue.

MtGox claimed that they had huge losses because of malleability attacks; though its unproven (there also where mallated transactions back then).
they claimed that people withdraw btc. that tx was mallated. their system thought (because of the new txid) their transaction has not been in a block so they refunded.

technically its not a double-spent btw as it only looks like one, but all outputs and inputs are the same: so imho it isnt.