Low-Volume Bitcoin Exchange

[Quip]

Hi, all. I have been running a Bitcoin miner for a while, but haven't really contributed to the project in any other way. I decided it was my turn to give back, so I spent the better part of my Saturday writing a simple Bitcoin exchange in PHP. I don't have very many coins to sell, but I am generating more at a rate of about 100/month. Additionally, I would greatly appreciate it if some of you would stress test the system by doing stupid things and/or intentionally trying to abuse it, and discretely inform me of your results. I am open to any suggestions, and will be giving rewards. There are more details on the site. Pay With PayPal.

EDIT: Some bugs resulted in several incomplete transactions. Those affected have been refunded and given a few BTC as compensation. The problem has been resolved, and the exchange is open for business.

[1715163374]

1715163374

[1715163374]

1715163374

[barwench]

doesn't really seem to be a security flaw, but I get:

"Fatal error: Uncaught BitcoinClientException:

• : Didn't receive 200 OK from remote server. (HTTP/1.1 500 Internal Server Error) thrown in on line 0"

when I fill in 1 in the bitcoin field and 1 in the bitcoin address (rather than putting in a real bitcoin address)

[ptd]

You are very vulnerable to paypal charge-back fraud.

[Quip]

"Fatal error: Uncaught BitcoinClientException:

• : Didn't receive 200 OK from remote server. (HTTP/1.1 500 Internal Server Error) thrown in on line 0"

when I fill in 1 in the bitcoin field

FIXED.

[Quip]

You are very vulnerable to paypal charge-back fraud.

I'm working on an implementation that will store transactions and not deliver them until they are marked "Completed" by Paypal. Is is possible to refund a purchase after it has been market completed without going through the dispute process (which involves notifying the buyer)?

EDIT: Actually, that step seems to be unnecessary. You cannot charge back payments to Business Accounts.

[unclescrooge]

I don't know a way, except wait for 2 weeks (if I remember it well, this is the time after which you can't charge back a transaction). Or integrate the risk of been charged back into your fees.

[Quip]

I just had two different people try it out, and the "Cancel Payment" option did not appear for them (it had appeared in the paypal sandbox). The "Dispute Payment" button was clickable, but if they try that they bring me and a Paypal customer service agent into the situation. Anyway, I'm not paying for my (mined) Bitcoins, so it's okay if there is a little profit loss.

Does anyone want to try chargeback a transaction and see if they can? You can buy 0.01 BTC for $0.01 USD.

[bitjet]

403 error on your site. Im interested in buying some bitcoins.

[Quip]

403 error on your site. Im interested in buying some bitcoins.

I apologize, I was migrating some stuff. It's back up, but now at: http://dylanw.dyndns.tv:8331/lvbx/. I currently have 9.51 Bitcoins for sale, and 5 more coming within 24 hours.

[Quip]

*shameless bump*

With the help of some nice people from IRC, I've hammered out what looks like to be the last of the bugs. You can now buy any number between 1-100 Bitcoins, though I only have 2 left!

I'd love it if someone would try it out

[idev]

*shameless bump*

With the help of some nice people from IRC, I've hammered out what looks like to be the last of the bugs. You can now buy any number between 1-100 Bitcoins, though I only have 8.50 left!

I'd love it if someone would try it out

You working With LR ?

[Quip]

You working With LR ?

To be honest I have no idea what you're talking about.

[BioMike]

You working With LR ?

To be honest I have no idea what you're talking about.

Liberty Reserve (some other form of e-cash).

[bit-numismatist]

You working With LR ?

To be honest I have no idea what you're talking about.

LR - Liberty Reserve www.libertyreserve.com

[breandan81]

The chargeback fraud, if I understand correctly, isn't a result of people cancelling payment or disputing it through paypal, rather that the transfers are funded by credit card, and the credit card receives a chargeback request, at which point paypal reverse the transaction, since it was funded fraudulently (allegedly).  My understanding is it is quite difficult to eliminate them, other than simply waiting a long time to clear transactions.  I'm not sure if there is a way to only accept paypal transactions funded by account balances, I'm sure it's been discussed before though, since this has come up quite often in the bitcoin community.

[jgarzik]

The chargeback fraud, if I understand correctly, isn't a result of people cancelling payment or disputing it through paypal, rather that the transfers are funded by credit card, and the credit card receives a chargeback request, at which point paypal reverse the transaction, since it was funded fraudulently (allegedly).  My understanding is it is quite difficult to eliminate them, other than simply waiting a long time to clear transactions.  I'm not sure if there is a way to only accept paypal transactions funded by account balances, I'm sure it's been discussed before though, since this has come up quite often in the bitcoin community.

There is the paypal chargeback -- scammer disputes their purchase, and gets back funds -- in addition to the credit card chargeback.

The scam, and the net result, are the same:  PayPal seller loses funds from purchase, and scammer keeps the hard cash (bitcoins or LR).

[Quip]

I see. There doesn't appear to be any defense, so I'll just accept the risk. Good think Bitcoin doesn't have chargebacks!

[Quip]

You working With LR ?

To be honest I have no idea what you're talking about.

LR - Liberty Reserve www.libertyreserve.com

I am now considering adding support for Liberty Reserve, as they have a similar API to PayPal and charge lower fees. Would anyone be interested in that?

[ptd]

I am now considering adding support for Liberty Reserve, as they have a similar API to PayPal and charge lower fees. Would anyone be interested in that?

Mtgox can do LR transactions easily so it doesn't make sense (getting to LR requires a significant amount of money to be cost effective).

You should also add details of the amount of bitcoins you have and your fees to the main page.

[nanaimogold]

I see. There doesn't appear to be any defense, so I'll just accept the risk. Good think Bitcoin doesn't have chargebacks!

EUREKA! It works! I have one more bitcoin!

The defense against Paypal chargebacks is to not use Paypal at all.

Paypal only works when the receiver trusts the spender.

As a consumer protection feature, Paypal allows buyers to back out of trade and charge back their purchase. Users might cry that they did not get what they paid for, or they may claim their account was cracked or phished. Paypal will take the money back from the receiver.

As a seller, it's easy to trust someone who is buying a service that can't easily be resold, such as a subscription. 

With something liquid, the classic example being the mail order laptop, it's harder to trust the spender. What is to stop him from charging back after the hardware is shipped?

In the case of trading Paypal for cash money, like bitcoin, it's very hard to trust the spender. Nothing is more liquid than digital currency. It belongs to the bearer, as does cash. It's easily traded into anything you can imagine. It's liquidity is very attractive to phishers and scammers.

There is a whole army of thieves who understand this and will steal from you Quip. This is an old problem and has been addressed so very often by every digital currency in use, past and present.

When you start verifying and validating and ID ing and KYC ing and AML ing and on and on, you completely undo the benefit that the digital currency delivers. It's no longer private. Privacy is the necessity that did mother this invention. It's no longer cheap. All that checking and validating and getting to know someone is time consuming and expensive. In the end, you will be wrong about some users and you will be the only one to pay for those errors.

Now you are an exchanger; you are effectively upgrading the hardness of your users' money. The buck stops with you. You are the firewall against fraud.

Good luck and best wishes.