|
postcd (OP)
|
 |
August 30, 2016, 08:25:57 AM
Last edit: August 30, 2016, 12:28:47 PM by postcd |
|
Hello, spectrocoin.com is the bitcoin payment gateway provider for the online merchants warns me before marking invoices paid without BTC confirmations - 0/zero confirmations, just based on the fact transation appeared on the blockchain (i came with this idea nd my BTC knowledge is low, it may work different way): If you need to make paymet "paid" in the system immediately after it appear on the blockchain, you can do it, but we not support this method, because it is unsafe.
...
this is not good Idea, we not support this method. Becose here is to much risk and you can be scammed
...
WE NOT SUPPORT THIS METHOD, AND THIS IS YOUR OWN DECISION! So i wanted to ask here how unsafe is it to do it my way, without confirmations being small online service provider. |
|
|
|
|
|
|
TalkImg was created especially for hosting images on bitcointalk.org: try it next time you want to post an image
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
NeuroticFish
Legendary
 Offline
Activity: 3654
Merit: 6349
Looking for campaign manager? Contact icopress!
|
 |
August 30, 2016, 08:31:04 AM |
|
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.
It happened last week, it was quite a buzz, research for it.
|
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
Redrose
|
|
August 30, 2016, 08:31:52 AM |
|
It is maybe theorically possible to remove the funds, but I doubt much about it since many sportsbookies and casino accept the deposits after 0 confirmations. In case of, wait 1, then you're 99% safe I guess.
|
|
|
|
|
Foxpup
Legendary
 Online
Activity: 4340
Merit: 3041
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
August 30, 2016, 08:38:22 AM |
|
Unconfirmed transactions aren't on the blockchain. Any transaction that is on the blockchain has at least one confirmation. That's what confirmation means.
This is such a fundamental concept that I'd stay away from any payment provider that doesn't understand it.
|
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions! |
|
|
1Referee
Legendary
Offline
Activity: 2170
Merit: 1427
|
|
August 30, 2016, 08:41:19 AM |
|
It is indeed dangerous. For example, if I can buy something instantly from your site without any confirmations needed, then I can send like 0.2BTC without a fee because I know it won't confirm any time soon as pools will ignore it. Then I simply double spend that same transaction, but now to my own address with a proper fee. And when the transaction to my own address confirms, the other "your" 0.2BTC transaction will vanish, and you end up with a loss.
I know certain places such as pubs that do accept zero confirmation transactions as they use BitPay, and if done properly, I can walk out with free drinks and stuff. However, BitPay marks every incoming transaction as safe, or potentially unsafe, or unsafe, all depending on the fee added and the size of the transaction. If your transaction falls under potentially unsafe, or unsafe, then you'll need to wait before you have at least 1 confirmation.
|
|
|
|
|
|
|
|
merelcoin
|
|
August 30, 2016, 09:08:25 AM |
|
Most importantly: what are you selling? If it's physical goods, i would accept the order with 0-confirmations, but i would double-check if the transaction was included in a block BEFORE sending the goods, and just cancell the complete order if it was doublespent... Or wait a little longer if it was still unconfirmed. If it's a service you can easily disable: you can accept 0-confirmations, as long as you re-check if the transaction is in a block after a couple of hours (and disable the service if it's not). You just gave a free trial for a couple of hours... If it's a non-reclaimable online service, for example if you're an account reseller, but you cannot void a sold account after it has been generated, i would wait for a confirmation. Same goes for service that have a substantial cost for you when they have been generated, or if the buyer can really abuse the service before you disable his account due to a double spend |
|
|
|
|
deisik
Legendary
Offline
Activity: 3430
Merit: 1280
English ⬄ Russian Translation Services
|
|
August 30, 2016, 09:33:45 AM |
|
It is maybe theorically possible to remove the funds, but I doubt much about it since many sportsbookies and casino accept the deposits after 0 confirmations. In case of, wait 1, then you're 99% safe I guess.
I remember the times when PrimeDice had been doing this (i.e. allowed zero confirmations). So when you were stuck in a row of bad rolls and hadn't enough money in your PD account to make the next roll (for example, when using martingale), you could send more funds and continue playing almost immediately (as though it could help increase your chances). While, in fact, it was no more than a wise policy to increase the casino's profits... Until someone managed to play, lose and successfully send the same coins elsewhere |
|
|
|
|
danishcookie
|
|
August 30, 2016, 09:38:14 AM |
|
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.
It happened last week, it was quite a buzz, research for it.
Really? Never heard it before, you mean double spend attack? But how can he gets nothing? |
|
|
|
deisik
Legendary
Offline
Activity: 3430
Merit: 1280
English ⬄ Russian Translation Services
|
|
August 30, 2016, 09:39:31 AM |
|
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.
It happened last week, it was quite a buzz, research for it.
Really? Never heard it before, you mean double spend attack? But how can he gets nothing? The same coins can be sent elsewhere (either right before or soon after making the transaction in question), and if that later (prior) transaction gets confirmed first, the OP will receive nothing, thereby essentially giving his merchandise for free... The order in which transactions are confirmed is arbitrary provided the time span between them is tight |
|
|
|
|
BitcoinSupremo
|
|
August 30, 2016, 09:44:15 AM |
|
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.
It happened last week, it was quite a buzz, research for it.
Really? Never heard it before, you mean double spend attack? But how can he gets nothing? Yes double spend cheating. Some user did that to directbet since they accept and confirm the bet soon after you send them the payment and before it has 1 confirmation. One user thought he was smart and sent 9 BTC to them and then double spend it and sent to another address of his. Luckily his story ended short as he tried to do it another time and this time directbet confiscated his funds. So yes its really possible and to be sure you need to accept payments only after 1 confirmation. This way you will be safe. |
|
|
|
|
1Referee
Legendary
Offline
Activity: 2170
Merit: 1427
|
|
August 30, 2016, 09:46:17 AM |
|
I explained why in my post. And sorry, but I don't click on links. It is indeed dangerous. For example, if I can buy something instantly from your site without any confirmations needed, then I can send like 0.2BTC without a fee because I know it won't confirm any time soon as pools will ignore it. Then I simply double spend that same transaction, but now to my own address with a proper fee. And when the transaction to my own address confirms, the other "your" 0.2BTC transaction will vanish, and you end up with a loss.
I know certain places such as pubs that do accept zero confirmation transactions as they use BitPay, and if done properly, I can walk out with free drinks and stuff. However, BitPay marks every incoming transaction as safe, or potentially unsafe, or unsafe, all depending on the fee added and the size of the transaction. If your transaction falls under potentially unsafe, or unsafe, then you'll need to wait before you have at least 1 confirmation.
This is also a more than decent explanation that goes a bit more in depth. Most importantly: what are you selling?
If it's physical goods, i would accept the order with 0-confirmations, but i would double-check if the transaction was included in a block BEFORE sending the goods, and just cancell the complete order if it was doublespent... Or wait a little longer if it was still unconfirmed.
If it's a service you can easily disable: you can accept 0-confirmations, as long as you re-check if the transaction is in a block after a couple of hours (and disable the service if it's not). You just gave a free trial for a couple of hours...
If it's a non-reclaimable online service, for example if you're an account reseller, but you cannot void a sold account after it has been generated, i would wait for a confirmation. Same goes for service that have a substantial cost for you when they have been generated, or if the buyer can really abuse the service before you disable his account due to a double spend
That being said, just to avoid hassle and headache and complaining people, just handle a minimum of 1 confirmations. |
|
|
|
|
|
JeffBrad12
|
|
August 30, 2016, 09:50:21 AM |
|
Hello, spectrocoin.com is the bitcoin payment gateway provider for the online merchants warns me before marking invoices paid without BTC confirmations - 0/zero confirmations, just based on the fact transation appeared on the blockchain: If you need to make paymet "paid" in the system immediately after it appear on the blockchain, you can do it, but we not support this method, because it is unsafe.
...
this is not good Idea, we not support this method. Becose here is to much risk and you can be scammed
...
WE NOT SUPPORT THIS METHOD, AND THIS IS YOUR OWN DECISION! So i wanted to ask here how unsafe is it to do it my way, without confirmations being small online service provider. A lot of point about zero transaction like double spend attack. |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3654
Merit: 6349
Looking for campaign manager? Contact icopress!
|
|
August 30, 2016, 10:52:01 AM |
|
If a transaction has 0 confirmations, basically it can be easily double spent: the scammer has to send the same inputs with higher fee somewhere else.
Then you get nothing.
It happened last week, it was quite a buzz, research for it.
Really? Never heard it before, you mean double spend attack? But how can he gets nothing? Because the attacker loses only the fee of the highest paid transaction and the money is only sent and confirmed (to another or attacker's addresses) in the second transaction. I also found the link of what happened. From what I see it was 2 days ago, I thought it was more. https://www.reddit.com/r/Bitcoin/comments/4zxu9u/psa_our_business_got_hit_with_a_double_spend_scam/I found the discussion in that link incorrect. The easiest double spend is done with same wallet cloned on 2 computers. https://www.reddit.com/r/Bitcoin/comments/4zxu9u/psa_our_business_got_hit_with_a_double_spend_scam/d6zm2rwAnd if you want to be certain the scam works, you better make a script (to ensure the inputs) and pay much bigger fee in the 2nd transaction. Bottom line: you need at least one confirmation. If there's no confirmation, you leave plenty of room to get scammed. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16498
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
August 30, 2016, 11:03:31 AM |
|
The attack described there requires you to be a miner. That is irrelevant in this scenario, but it is the reason why the original white paper from Satoshi recommends 6 confirmations. Im interested to allow like <$10 transactions to be 0 confirmations
You can do that, just add the cost of a possible double spend to your price. It will happen eventually. A transaction with 0 confirmations is like someone showing you the money, but you don't have it in your hands yet. If you give him your part of the deal, he can run off and keep the money. If the transaction has a low fee, or even no fee at all, a scammer has much more time before the transaction gets confirmed, which make a successful double spend more likely. |
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3360
Merit: 4570
|
|
August 30, 2016, 12:00:38 PM |
|
Accepting a transaction with 0 confirmations is a little bit risky. It is possible that the transaction will never confirm and will become invalid in the future. If that happens, you will have provided your product or service for free. If it is a cheap enough product or service with a high enough profit margin, that may be an acceptable loss to you to be able to provide the convenience to your customers of not needing to wait for confirmations. There are additional steps that can be taken to reduce the risk even more. If a transaction ONLY spends confirmed outputs, then it is much more likely to get confirmed itself. If a transaction pays a high enough fee, then it is much more likely to get confirmed. If a transaction has been seen by many nodes on the network, then it is much more likely to get confirmed. So, if you choose to only accept 0-confirmation transactions with confirmed inputs, reasonable fees, and which are well propogated, then you reduce your risk significantly and might be more willing to accept the small risk that remains. - snip -
marking invoices paid without BTC confirmations - 0/zero confirmations, just based on the fact transation appeared on the blockchain:
- snip -
Based on their lack of knowledge about the fundamentals of Bitcoin, it would appear that using spectrocoin.com as a "payment gateway provider" is MUCH MORE RISKY than accepting well propogated, transactions with a reasonable fee and confirmed inputs. I would definitely stay away from them. You can use spectrocoin.com, but I do not support this decision because it is unsafe. It is not a good idea to use spectrocoin.com, there is too much risk and they can lose your bitcoins. I do not support this unknowledgeable "payment gateway provider", and if you choose to do so then this is your own decision and you do it at your own risk. |
|
|
|
|
|
postcd (OP)
|
|
August 30, 2016, 12:21:29 PM |
|
- snip -
marking invoices paid without BTC confirmations - 0/zero confirmations, just based on the fact transation appeared on the blockchain:
- snip -
Based on their lack of knowledge about the fundamentals of Bitcoin, it would appear that using spectrocoin.com as a "payment gateway provider" is MUCH MORE RISKY And thanks all for very valuable info. I will stay away from blindly accepting transactions that just appeared on blockchain or has zero confirmation. |
|
|
|
deisik
Legendary
Offline
Activity: 3430
Merit: 1280
English ⬄ Russian Translation Services
|
|
August 30, 2016, 12:53:33 PM |
|
And thanks all for very valuable info. I will stay away from blindly accepting transactions that just appeared on blockchain or has zero confirmation.
Having said that, you may now want to lock this thread to prevent it from being filled with spammy posts |
|
|
|
|
