Real Bitcoin Double Spends Are Hard, Looking Into Alleged Issue
Bitcoin Cash-focused firm BitcoinBCH has potentially misled the public into believing that Bitcoin double-spends is easy to carry out.
On Dec. 18, BitcoinBCH’s CEO Hayden Otto published a video on YouTube allegedly showing how TravelByBit’s Bitcoin Point of Sale (PoS) wallet misleads merchants into believing that they were paid before a transaction is actually concluded. Hayden Otto also runs a competing BCH-based PoS solution called Hula.
Countering the claims
In a recent interview, a TravelByBit representative said that merchants using its service are insured against fraud and will not lose money. The firm’s founder Caleb Yeoh also said that — if many users begin to exploit their system’s design — the firm will drop support for Bitcoin and Bitcoin Cash on-chain transactions in its PoS solution.
Overall, Yeoh admitted that accepting on-chain payments in in-store settings is not practical and requires a compromise between security and convenience. The main reason is that no one will want to wait in line for at least 10 minutes for a transaction to be confirmed before being able to get hold of the product. While accepting unconfirmed transactions is a major security concern, it is the only way to accept Bitcoin or Bitcoin Cash on-chain payments in time-sensitive situations.
Yeoh points to the Lightning Network as a potential solution, noting that it can address the impracticality of waiting for transaction finality when paying with cryptocurrency inside physical stores. He told Cointelegraph that Lightning Network transactions also constitute a significant portion of the payments facilitated by its PoS system:
“If we remove the online travel booking transactions and you look at the number of transactions purely from a retail perspective we, over 47% of transactions around Australia the last 3 months was done over the lightning network.”
Instead of pointing out that unconfirmed transactions — as the name suggests — are not final, the video suggests that the wallet’s flawed design is, in fact, a Bitcoin security flaw that enables double-spends. Hayden Otto, the person in the video, says merchants should “immediately cease accepting Bitcoin and switch to Bitcoin Cash.”
Using the replace by fee Bitcoin feature
In the demonstration, Otto first sends the lowest transaction possible — 1sat/byte — to another wallet that he controls with replace-by-fee (RBF) enabled. As Bitcoin users will know, a transaction with such a low fee will be confirmed and placed in a block on Bitcoin’s blockchain after a notoriously long time, often multiple hours or even over a day if the network is severely congested.
RBF is a function that allows a user to replace a non-final — not yet confirmed on the blockchain — transaction with another one which has a higher fee. This Bitcoin functionality raised criticism because it enables unconfirmed transaction double spends.
Still, those concerns have no basis given that unconfirmed transactions can be double-spent without this feature as well. An in-depth analysis of how this can be done was published in 2015 by the author of the BitTorrent protocol, Bram Cohen. Overall, unconfirmed transactions are not final and should not be accepted as payment.
Bitcoin claims unconfirmed transaction irreversibility
BCH-centric website Bitcoin.com recently reported that Bitcoin Cash removed the RBF feature from its code. The website also claims that — as a consequence — Bitcoin Cash unconfirmed transactions are not safe to use. The article reads:
“The Bitcoin Cash community believes that zero-confirmation transactions are reliable and secure.”
After sending the first low-fee RBF-on transaction in the video, Otto performs a Bitcoin payment to a merchant in a store without RBF. At this point, the merchant’s wallet shows a big green checkmark on the screen, misleading the user into believing that she received the payment.
Because of the wallet’s user interface, the merchant cedes the goods when the transaction is still unconfirmed. Right after, Otto bumps (increases) the transaction fee on the first transaction, ensuring that all the funds are moved to another address he controls before they are sent to the merchant.
This way, the funds do not reach the merchant who accepted the unconfirmed transaction, while Otto ends up holding both the good and the Bitcoin — minus the transaction fees.
Later in the video, Otto says that the ability to reverse Bitcoin transactions is dangerous. This statement erroneously implies that a transaction was reversed. The transaction that was changed was unconfirmed — which makes it non-final — and the protocol acted as it was intended to.
Otto is also suggesting in the video that “Bitcoin Cash fixes this,” referring to unconfirmed transaction double-spends. While Cointelegraph was unable to definitely establish that BCH unconfirmed transactions are also non-final, Yeoh suggested so:
“Nothing stops BCH miners from replacing transactions right now, as it's more of a gentlemen's agreement, but once in a while "RBF-like" double spends do happen on the BCH network. It's important to note RBF is not a protocol consensus feature, it's a node policy that any Bitcoin or Bitcoin cash miner can choose to run and it does not affect the reliability of payments.”
Furthermore, Yeoh pointed out that the hashrate distribution gap between Bitcoin and Bitcoin Cash also influences the security, and plays in Bitcoin’s favour. Overall, he also said that tribalism in cryptocurrency hinders innovation in the space:
“Honestly, I think the community should focus on helping build and grow wider adoption across the various ecosystems and not focus on running attacks on each other’s bitcoin projects. It creates a tit for tat scenario which erodes the entire space as a whole. People should be free to transaction in any crypto they want and help contribute to the ecosystems as builders.”
This is not the first time that the Bitcoin Cash community is accused of spreading misleading information. As Cointelegraph reported in April last year, Bitcoin.com was accused of misleading buyers into purchasing Bitcoin Cash instead of Bitcoin by presenting the crypto assets in an unusual way.