Don't accept 0 confirmation tx

[hosseinimr93]

You could either only allow 0-conf transactions if they are send without the RBF flag which makes it much harder (not impossible) to double spend a transaction. That's definitely fine for low value (coffee) transactions.

In addition to what stated by bob123, not only RBF-enabled transactions shouldn't be accepted, but also you shouldn't accept transactions that have an unconfirmed parent transaction with a RBF flag.
A transaction that has a RBF-enabled parent is even more risky than an RBF-enabled transaction.

For abusing a RBF transaction, it is needed to change the outputs as well (I don't know any wallet that allow this).
For abusing a transaction that has a RBF parent, the only thing needed is to bump the fee of the parent transaction. (It is allowed in all wallets supporting RBF such as Electrum)

[o_e_l_e_o]

Losing one out of a few hundred coffees to a double spend isn't too much and definitely manageable.

It is also far easier, and requires far less technical knowledge, to reverse a transaction with a credit card than a non-RBF bitcoin transaction. A simple phone call and saying "I didn't make this transaction, my card must have been lost/stolen/cloned/hacked/whatever" is all it takes. Stores can accept a little bit of credit card fraud for the convenience of allowing customers to pay by credit card.

-snip-

Transaction malleability also makes it unsafe to accept any transaction which has an unconfirmed parent regardless of RBF, unless all the parents are SegWit transactions, since SegWit fixed the transaction malleability bug.

[Chivas Regal]

Another way that a person can be caught out is when the -zapwallettxes is used to cancel an unconfirmed TX already in play by the sender who then sends a second TX (usually with a higher TX fee paid) that overtakes the first spend and is confirmed quickly.

As everyone else has already pointed out - wait for a TX to be confirmed!

[nc50lc]

For abusing a transaction that has a RBF parent, the only thing needed is to bump the fee of the parent transaction. (It is allowed in all wallets supporting RBF such as Electrum)

Except for Bitcoin core GUI (Bitcoin-qt),
it will gray out the right-click menu option: "Increase transaction fee" of an RBF parent transaction once any of the outputs was/were spent.
There are still workarounds though but it will not be an easy task.

[pooya87]

Transaction malleability also makes it unsafe to accept any transaction which has an unconfirmed parent regardless of RBF, unless all the parents are SegWit transactions, since SegWit fixed the transaction malleability bug.

transaction malleability isn't really possible on bitcoin because almost all the nodes are running bitcoin core and core nodes reject any non-standard transaction which includes the malleated transactions. some of the rules started from 0.6.0 and all the rest has been in effect ever since 0.9.0 and 0.10.0

[UserU]

Just don't use it to buy a cup of coffee then. Why would you need main chain security when you can simply use your card or second layer solution as mentioned above?

Well, if the crypto wants widespread adoption then it has to be used for daily transactions. I'm aware of LN but that thing is hardly implemented on sites I frequent on, let alone IRL.

I could always opt for cards, cash or e-Wallet but then more options are always better, you know.

[smyslov]

Bitcoin transactions works on trust so before you send your coins to anyone, and before you receive it to someone you already did diligent research  to the one you are receiving coins and sending coins, and OP is absolutely right never accept transaction with 0 confirmation, you still don't own the coin, if it is still showing zero coin because it can be manipulated to over ride it.

[o_e_l_e_o]

I'm aware of LN but that thing is hardly implemented on sites I frequent on, let alone IRL.

LN is still very much in development, and using it remains a risk. I wouldn't expect many merchants to start using it yet. Give it time.

Bitcoin transactions works on trust

If you choose to accept zero confirmation transactions, then sure, you are placing full trust in the other party not to double spend the transaction, but bitcoin is designed specifically not to require trust. Every transaction you receive and every block which is mined can and should be verified by your own full node. This requires no trust in any third parties and allows you to independently check that you actual have received the coins you think you have.

[Harlot]

I feel comfortable with 3 confirmations. Although I am so erratic at the moment, that it will probably be a lot more by the time I can check.

I remembered that it will really depend on how much is the value of the transaction you are expecting since the number of confirmations is link to how much money is the scammer willing to spend to reverse the transaction. I forgot where I have read it but I think it is in stackexchange where they have tried to link how secure the number of confirmations are depending on how much are you expecting to receive.

[yazher]

I heard about this kind of situation where people fell victims to these strategies. I won't really consider the deal that has been done before I see some confirmation in the transactions because the unconfirmed transaction can also be unsuccessful at some point. One confirmation is enough though cause you can really sure that the funds will be going to your wallet after a few minutes.

[Akiko]

Check this thread- https://bitcointalk.org/index.php?topic=5279758.0
OP has been scammed because they accepted tx without a single confirmation. It's possible to manipulate a tx in such cases where scammer will send you the fund and make sure they have received what they have paid for and later they will create another tx with higher fee with the same input. The later tx will get confirmed and yours one will be invalid.
Therefore, don't accept zero confirmation tx. Wait for at least 1 confirmation.

I already seen this kind of scam in social media platform they are looking for trade from other crypto currency  they are telling that they  will send first by using that tricks . Other will believe because there are incoming unconfirmed transaction that they can see in thier wallet  and that bogus traders will say many things and accuse you of being a scammer .he will tell you that you are a fake seller if you don't send the one he want to trade after having fake transaction .

[btcltcdigger]

Check this thread- https://bitcointalk.org/index.php?topic=5279758.0
OP has been scammed because they accepted tx without a single confirmation. It's possible to manipulate a tx in such cases where scammer will send you the fund and make sure they have received what they have paid for and later they will create another tx with higher fee with the same input. The later tx will get confirmed and yours one will be invalid.
Therefore, don't accept zero confirmation tx. Wait for at least 1 confirmation.

Good advice,
0 confirmation transaction can easily be canceled using only metamask.
A good example of this fraud is sending funds with 1 gwei gas fee. The tx is visible, but will be pending until ragnarok.

[o_e_l_e_o]

I forgot where I have read it but I think it is in stackexchange where they have tried to link how secure the number of confirmations are depending on how much are you expecting to receive.

It is entirely variable, and depends on the person receiving, their risk model, and how much bitcoin is being transferred. If I'm receiving money from a friend or relative I trust, then I'm going to be happy with zero confirmations for relatively large amounts. Conversely, if I'm receiving money from a complete stranger, then I'm going to wait for a couple of confirmations for even small amounts. A large business may accept zero confirmations for transactions less than 5 dollars, because the small amount of fraud they would experience is more than offset by the speed of being able to serve more customers. Conversely, someone for whom 5 dollars represents an entire day's wage is going to wait for several confirmations.

6 confirmations was picked as a completely arbitrary number.

0 confirmation transaction can easily be canceled using only metamask.

Irrelevant when we are talking about Bitcoin, not Ethereum.

[bob123]

Another way that a person can be caught out is when the -zapwallettxes is used to cancel an unconfirmed TX already in play by the sender who then sends a second TX (usually with a higher TX fee paid) that overtakes the first spend and is confirmed quickly.

That basically is a RBF. That's how one would implement a RBF with core and the appropriate flag being set.

Bitcoin transactions works on trust [...]

Actually, they don't.
That's the whole point of bitcoin. If it would require trust, it would have failed on what it was meant to achieve. A trustless, decentralized and uncensorable payment network/protocol.

Wrong usage can - under given circumstances - require trust.

[jerry0]

How long has this been going on for?


So this is exactly the double spend scam i heard about from years ago?


So say someone send you btc and you send them money.  You need to make sure it has at least how many confirmations before you send them the money or give them cash?  Someone said if its less than a thousand dolllars, you can do x confirmations, if its smaller than a hundred dollars, x confirmations... but if its huge amount... always 6 confirmations?  So if someone send you 5000 dollars worth of btc, how many confirmations you need before you give them cash or online payment?

[nc50lc]

So this is exactly the double spend scam i heard about from years ago?

So say someone send you btc and you send them money.  You need to make sure it has at least how many confirmations before you send them the money or give them cash?  Someone said if its less than a thousand dolllars, you can do x confirmations, if its smaller than a hundred dollars, x confirmations... but if its huge amount... always 6 confirmations?  So if someone send you 5000 dollars worth of btc, how many confirmations you need before you give them cash or online payment?

By connecting 6confirmations and double-spend, I'd say that it isn't what you've heard years ago.
But double-spending is an old term and it's even in the Whitepaper.

Double-spending can only be done with unconfirmed transactions.

Those additional required confirmations are for assurance that your confirmed transaction will be harder to manipulate by a miner who will do a "51% attack".
The deeper the block where the transaction is in the blockhchain, the harder it is to tamper with the transactions in it.
So it's recommended to wait for 6 confirmations for high-value transactions and 3-5 for medium risk, but you actually only need 1 to consider it as "paid".

[bob123]

Double-spending can only be done with unconfirmed transactions.

There are multiple attacks which do double-spend a transaction with 1 confirmation.
Most of them either require a collusion with a miner or to sacrifice a block reward.

While it is technically possible, it is highly unlikely, not guaranteed to work out and too costly to perform.

~snip~

Always at least 1 confirmation.
If the amount is extremely high (in your opinion), wait for 3-6 confirmations.

[Harlot]

I forgot where I have read it but I think it is in stackexchange where they have tried to link how secure the number of confirmations are depending on how much are you expecting to receive.

It is entirely variable, and depends on the person receiving, their risk model, and how much bitcoin is being transferred. If I'm receiving money from a friend or relative I trust, then I'm going to be happy with zero confirmations for relatively large amounts. Conversely, if I'm receiving money from a complete stranger, then I'm going to wait for a couple of confirmations for even small amounts. A large business may accept zero confirmations for transactions less than 5 dollars, because the small amount of fraud they would experience is more than offset by the speed of being able to serve more customers. Conversely, someone for whom 5 dollars represents an entire day's wage is going to wait for several confirmations.

6 confirmations was picked as a completely arbitrary number.

Yeah I have found several threads from stackexchange saying that 6 confirmations is the rule of thumb when it comes to how many confirmations needed in order for us to say that the transaction is secure and somehow irreversible. But what I can't manage to see again is their price to confirmation model they have done in that forum. It sorta goes like this.

0-1 Confirmations - up to 10$
3 Confirmations - 100$
6 Confirmations - 10,000$

The numbers above are made up but these is how they made the model explaining why these prices of transactions are safe depending on the number of confirmations.

[Bitcoin Smith]

Yeah I have found several threads from stackexchange saying that 6 confirmations is the rule of thumb when it comes to how many confirmations needed in order for us to say that the transaction is secure and somehow irreversible. But what I can't manage to see again is their price to confirmation model they have done in that forum. It sorta goes like this.

0-1 Confirmations - up to 10$
3 Confirmations - 100$
6 Confirmations - 10,000$

The numbers above are made up but these is how they made the model explaining why these prices of transactions are safe depending on the number of confirmations.

Is it possible to cancel a transaction which got one confirmation? Its not really possible from what I need because once the transactions included in the blocks then there is no way of reversing it other than 51% attack so we can trust 1 confirmation is enough for any transaction to get accepted or correct me if I am wrong here.

[Upgrade00]

Is it possible to cancel a transaction which got one confirmation? Its not really possible from what I need because once the transactions included in the blocks then there is no way of reversing it other than 51% attack

Technically, it is not possible to reverse a transaction which has been confirmed and included into the valid chain asides with an attack on the network.

so we can trust 1 confirmation is enough for any transaction to get accepted or correct me if I am wrong here.

Putting it into perspective; an attack on the network means an entity controls majority of the hashrate or more than anyone else, creating a monopoly on the network. This is very expensive and can not be realistically maintained for a long period of time.
51% is used to indicate one who controls majority of the network, this is the range where it becomes possible to manipulate the network and reverse already confirmed transactions, it is still very difficult to actually implement from here on. One who controls less percentages than that (<51%) can still try to manipulate the network but it is much less probable and still expensive, this is why there is an advisable range for transactions to be considered irreversible;

• 1 confirmation would be okay for low transactions as it would not be worth it for someone to try and reverse.
• For extremely large transactions, like $1 million and above, it is possible and profitable for someone who controls majority of the hashrate for a little while to manipulate the network and invalidate, so it is advisable to wait at least 6 confirmations.
• For intermediate amounts, between both extremes, 3 confirmations and above should suffice.

The deeper a block is in the chain the more secure it is, reason why it is advised to wait for more conformations when dealing with much larger amounts.