-snip-
You have been extremely informative thus far.
Thanks.
Do you have any suggestions as to where to look for the information i need to prevent this in the future? I thought waiting for 3 confirmations was the way to go for this but aparently thats not entirely true since this has happend and the user has been paid.
Confirmations are the way to counter this, yes. This however is a very long chain of transactions all without confirmation.
I paid for the script that i am using and would be willing to pay a secondary Well known & trusted scripter to look over the code and verify there are no loopholes / backdoors that could have caused this. Im looking for this specifically i had a small conversation with the dev of my scripts that at the time seemed innocent but now that there was a dbl spend attack it raises suspicion
I assume you control this[1] address or rather that however controls this address was attacked here, if this is an attack. This[2] transaction spends 5 inputs, 4 are confirmed one is not. Two hops along the chain of unconfirmed inputs and we are here[3]. The address[4] seems to belong to epay.info[5] some sort of API provider for micropayments. They allready have problems in this chain, but lets get back to your address[1] and this[2] transaction. What happened here is that a transaction was created that spend an unconfirmed input which should not have happened (3 confirmations > 0 conf.). It sends some coins to 1j25...[6] and the change back to 1GkoAX...[1] this repeats several times with different recipients. IMHO you should not have accepted this[7] as confirmed. It has a fee and everything looks fine, besides that one pesky input that is not confirmed, we allready know where this chain leads us.
[1]
https://blockchain.info/address/1GkoAX4KoydkVxDdpXYyXpaKJwd8RFGZyA[2]
https://blockchain.info/tx/520e06c42aed049f112e1bbdcfe5136fecdf0319cab36c45b46b3ad5e9fcaa44?show_adv=true[3]
https://blockchain.info/tx/05230a2f992775f79130114a2e4c9ba921a289819ef603d9778a43811669f569[4]
https://blockchain.info/address/1DqCqiSWw7u5VGH16DQy5MNDDC9G7dVwLf[5]
http://epay.info/[6]
https://blockchain.info/address/1j254nct4kyPBCaNQmDZajXFLNco3D6h7[7]
https://blockchain.info/tx/3ef478121e82780ea66acfd79a2732563692320b05667c8ffa6657ed28fd4e51PS:
Why exactly bitcoin core/qt is showing this as conflicted I beyond me. I cant follow all the inputs, but the usual reason is that the transaction from your screen shot (lets call it A) and another transaction (lets call it B) try to spend the same inputs and your client knows about this. The transaction that gets confirmed first will make the other invalid. If A get confirmed first you get to spend the BTC. If B gets confirmed first someone else gets to spend the BTC and all transactions you created "on top" of A are invalid. This could also happen for the whole chain.