Unconfirmed Bitcoin Transactions: How (Un) Safe Are They Really?

Of course, unconfirmed Bitcoin transactions are not secure. Otherwise you would need no miners. But as so often, the thing is not just black and white. Security is not absolute but always relative and contextual.

The life cycle of a Bitcoin transaction consists of two steps: First it is propagated in the network. This in itself can recognize everyone in the whole network after seconds, if not milliseconds. In this state, the transaction is still considered unconfirmed. Only when a miner packs them into a block and attaches this block to the blockchain, the transaction is confirmed. This can be done after a minute or two, but, depending on the operation on the blockchain and fee, it can take hours if not days.

As long as a transaction is unconfirmed, it is considered uncertain. The payment service provider BitPay writes in its information for traders that the risk of falling victim to a double-donation is high in this phase. A double donation means that someone "bends" the transaction, that is, substitutes another transaction for sending the returned bitcoins back to themselves. Like a chargeback on credit card fraud or a chargeback with PayPal.

You can never be completely sure that unconfirmed transactions will not result in a double donation. So, if you are uncertain, do not trust your counterpart, and accept a valuable transaction, be sure to wait for one or more confirmations. Definitely.

However, the thing is not as black and white as it is sometimes portrayed. There are many circumstances in which one can accept carelessly unconfirmed transactions. Let's look at some double-donation attacks in different situations.

The Race Attack

The easiest way to spend a Bitcoin twice is the Race Attack. One first sends a transaction to the dealer. At the same time - or shortly afterwards - one sends the same bitcoins with another receiver directly to mining pools. When the pools first receive the second transaction, they will consider them valid and put them in the block. Within a time window of up to a second or two, such an attack, according to a paper, has a relatively high chance of success.

However, you can still adjust the attack so that it works a minute later. For this one sends the first transaction with very little or no fees sent, so that the miners do not record them or only after a very long time in a block. The second transaction, which is sent about a minute later, has significantly higher fees and is immediately accepted by the miners.

Peter Todd publicly demonstrated this attack in 2016 to prove that unconfirmed transactions are fundamentally uncertain. He bought a "Reddit Gold" at Reddit and then turned the transaction over to him. Coinbase, the payment service provider used by Reddit, accepted the transaction. To prove his point, Peter Todd has published a tool for double-spends written in Python.

Everything is a Matter of Context

However, Peter Todd not only proved that unconfirmed transactions are uncertain - but also that this is perfectly fine depending on the context. Reddit Gold is an almost perfect example of this. It is a kind of "award" that you can give to other users, if you like a post very well. You have to buy the award for a small amount of money. Apart from its symbolic value, Reddit Gold does not have much use.

There is no market for Reddit Gold that can benefit a hacker, nor does Reddit lose too much when someone steals Reddit Gold. The worst thing that can happen is that the double spends become an epidemic and the value of Reddit Gold inflates.

But even in this case, Reddit or the payment service provider Coinbase can intervene very easily. Once the wrong transaction is in a block, you can see that there was a double donation. After Reddit realized what had happened - or Peter Todd publicly blurted it out - the developer's account was suspended and the gold withdrawn. So the only one who lost something was Todd himself.

Such verification of unconfirmed transactions is easily possible. Thus, it is safe for all platforms that sell goods to users for use on the platform to accept them. Steam would be another good example, except for coupon codes, but presumably the sale of videos, music, articles and e-books may be possible as there is simply too little motivation to cheat beyond a tolerable level.

Likewise, just about every mail order company can safely accept orders for unconfirmed transactions. He just needs to check again shortly before shipment - which is usually done a little bit further from the order - if the transaction has actually been confirmed, or set up an alert system to alert him to double spends

For Whom are Double-Donation Attacks relevant at all?

There are some types of business models for which double spends on unconfirmed transactions are actually a big threat. Roughly speaking, these fall into four categories:

1.) Companies that sell digital, resoldable assets: These can be altcoins, or even keys for games or other programs.

2.) Gambling sites, such as Satoshi Dice, who pay off on a deposit to an address immediately make a profit, or not.

3.) Physical acceptance points, ie shops, coffees, pubs, restaurants, supermarkets.

4.) Bitcoin ATMs trading bitcoins for cash

With these four types of companies, the risk of double-donations plays a major role. For example, it is not possible to buy Altcoins with an unconfirmed transaction - at least I do not know of any example. However, there are certainly companies that unclear keyboards for computer games and, for example, many restaurateurs who accept unconfirmed payments. Also Satoshi Dice does this.

How is this possible? How can it be that these companies are not being flogged by Double Spends?

Protection against Simple Race Attacks

The simple version of the Race Attack is very easy to fend off. If the merchant or payment service provider operates one or more well-connected nodes and also connects to a mining pool, the risk of becoming a victim of double-spending drops dramatically within half a second. By observing the network for a few seconds, it can be ruled out with relative certainty that such an attack will happen. Most Internet sites selling Steam keys against bitcoins seem to be coping well with this attack.

In a physical environment, this can be even easier. MiniPOS, a Bitcoin Cash-based store, queries the transaction for multiple block explorers. Since these block explorers are usually very well networked, Wallet can assume with a relatively high degree of certainty that an unconfirmed transaction will go through when seen by multiple explorers. There are several theoretical attacks, such as sending the same transaction with a different sender to a mining pool at the same time.

However, it takes some effort and skill to manipulate a smartphone wallet to perform this type of double-donation at the same time as the actual transaction, without the trader noticing. It is possible, but one wonders if someone who is really capable of doing that and has the corresponding criminal energy does not otherwise make more risk-free money than if he bills a store of a commodity. However, merchants accepting Bitcoin or Bitcoin Cash by POS should keep some residual risk in mind, especially if they plan to sell expensive goods, such as laptops or smartphones, against cryptocurrencies.

There are several ways to increase protection against simple race attacks. The Bitcoin cash developers are thinking about the idea, unlike Bitcoin, to allow the nodes to spread double spends. This makes it easier to identify a double-donation attempt and warn the payee. If there is no alarm after about ten seconds, you can rule out that there will be such a double-donation attack.

Overall, it seems to be quite possible to deal with this variant of Double Spending, if you know what you are doing. However, this is less true for the second, extended version.

Protection against Advanced Race Attacks

It will be more difficult if we turn to the race attack of Peter Todd. Here the first transaction is sent with extremely low fees, and the second with a much higher one. In fact, miners have the principle, "first seen first," that they only accept the first transaction they see, and reject any other attempt to spend the same funds.

However, some miners, depending on the fee level, have the policy, for example, to reject transactions without charge in principle. Others may be "bribed" by a higher fee to prefer a later transaction. Since the selection of transactions for a block is not subject to consensus rules, there is no way to prevent the miners from doing so. The "first seen first" rule is less a hard rule than a convention.

BitPay offers its customers a tool that tries to estimate the risk of this attack. It "analyzes incoming transactions and determines if they are at particularly high risk of not being confirmed." When a transaction is high risk, BitPay automatically and proactively requests confirmation, while low-risk transactions can be accepted as unconfirmed. A block explorer such as BlockCypher also offers paying customers API access to a "confidence factor" that estimates the likelihood that a transaction will be confirmed. Under normal circumstances, this also seems to provide sufficient security.

Good and Bad Victims

Even so, BitPay did not recognize double-spends. For example, one owner of a store for ingame items for Counterstrike reports that there have been several successful double-donations. Subsequently, he only delivered the items after a transaction had at least one confirmation. Also SatoshiDice, the gambling site, which accepted unconfirmed transactions, was repeatedly the victim of such double-donations in 2012. It does not seem to be possible to completely eliminate the risk, but Satoshi Dice managed to keep it under control for a relatively long time so that it would not completely run out.

SatoshiDice is almost the perfect victim for double spends. There is hardly a business model that can be exploited so efficiently with successful double-donations of unconfirmed transactions. For many other business models and contexts even the advanced race attack seems to pose a negligible risk. An owner of a bar and restaurant reports that unconfirmed transactions work well for him: "The reward to cheat is not high enough to make cheating worthwhile. In addition, the cost of a double-donation is too high, and the yield too low, as people forget their fundamental honesty. In two years, when we accept unconfirmed Bitcoin transactions, we had thawing transactions, but no double-donation. Not a single! In other words, unconfirmed transactions are 100 percent safe for us."

For Bitcoin ATMs, however, unconfirmed transactions are not secure enough. According to a 2014 FAQ, some machines allowed the sale of smaller amounts of Bitcoin against unconfirmed transactions that are checked by BlockCyphers Confidence Factor, but usually use a payout code, which only becomes active after a transaction has been confirmed. According to Peter Todd, the operators of the machines have already lost large sums of money through double donations. It's hard to say if the vending machines accept any unconfirmed transactions today, or if they completely went down. However, it is clear that waiting for a confirmation at full blocks and the associated often difficult predictability of the duration of confirmations leads to immense problems for the users.

Also, the exchange platform ShapeShift, which waives accounts, has previously accepted unconfirmed transactions. Thanks to Blockcypher's Confidence Factor, the platform was able to avoid serious losses. In mid-2015, however, a hacker publicly proved that you could run Double Spends against ShapeShift and steal Altcoins. The platform then deactivated the acceptance of unconfirmed transactions, allegedly to later safely re-enable them. This never happened.

More Attacks ...

You could add more double-spends to the extended race attacks. For example, the scammer could cooperate with a miner who ensures that the second transaction actually gets into a block instead of the first one. While every form of race attack is not impossible, but it can make it harder and perhaps more unlikely through good algorithms, there is absolutely nothing you can do in this case.

A miner will always be able to redirect an unconfirmed transaction to himself if it is him who puts them in a block. No distribution on the network and no charge can stop him. For example, the SatoshiDice clone BetCoin Dice end of 2013 was the victim of such an attack, which was carried out by or at least in cooperation with the then dominant mining pool GHash.io. Although GHash.io has stopped exploiting its market power at the urging of the community, it also lost its position as the primary pool over the following year. But the case shows that, no matter how well you do it, you can not guarantee that unconfirmed transactions will actually arrive.

When it works and when not

Previous examples show that there are cases where unconfirmed transactions work, and there are cases when they do not work. We have restaurant owners who say unconfirmed transactions are 100 percent safe, and we have gambling website operators, exchanges and ATMs, for whom accepting unconfirmed transactions equates to corporate suicide.

One could formulate a simple rule: Whenever the business model allows someone to enrich themselves through double-spends without risk, systematically and with highly scalable profits, it will not work. SatoshiDice, ATMs, and ShapeShift are examples in which unconfirmed transactions with relatively high security are exploited in ways that result in massive losses (SatoshiDice, now migrating to Bitcoin Cash, still accepts unconfirmed transactions is puzzling in this case).

At the other end of the scale are platforms such as Reddit or Steam, which can identify the creators of the double-spends and take back the goods sold, as well as mail order companies that do not ship the goods immediately upon receipt of the payment. You can accept unconfirmed transactions without hesitation, but you should check again later to see if it has been confirmed.

Even restaurants or digital content outlets should be largely secure. If the low scores even motivate anyone to go the not-so-easy way of double-donating, the losses should be within tolerable, at worst comparable to those caused by credit card fraud. As long as there is no way to profit systematically and automatically from the double-donations, the risk will remain manageable. An important role also plays the question of whether he makes a loss to attackers by a failed double-donation. For example, Cryptonize offers to accept a double donation for a $ 1,000 Amazon voucher, but asks $ 2,000 for it. In this way, a double-donation becomes a loss if it does not succeed with sufficient certainty. The challenge of the shop has not been cracked yet.

In the end, however, each trader must decide for himself what risk he is prepared to take.

The Role of Replace-by-Fee (RBF)

Replace-by-Fee is one of Peter Todd's favorite projects, which he enforced in mid-2016, and which became standard with the latest release of Bitcoin Core. RBF means nothing more than that the advanced race attack becomes normal. It is no longer the exception that a transaction is replaced with a transaction with a higher fee, not a break from the first-seen-first rule, but a normal rule that every miner knows. Double-Spend is no longer a hack with RBF, but a normal function of Wallet.

Peter Todd has been fighting for RBF since 2013. He said that he wanted to prevent this from continuing "in this very damaging direction ... it is obvious to a miner that he would put the transaction paying the highest fee into a bloc and that makes it very clear that Unconfirmed transactions are not really secure. It forces the entire ecosystem to seek better solutions. "

It was said that a long time RBF would completely ruin unconfirmed transactions because it established the rule in clients that one could replace them with another. Peter Todd would, if it were, pursue a scorched earth approach: what does not work perfectly should be torn down. The answer to this accusation was usually that RBF is firstly "opt-in", so it is announced by a special mark of a transaction and can be so easily recognized, and secondly that unconfirmed transactions are already broken anyway. How can you destroy something that does not work anyway? In addition, RBF has the distinct advantage of allowing users to subsequently increase the fee of a transaction, which is of immense benefit when a transaction is stuck in the congestion on the blockchain.

Nevertheless, RBF is a step backwards for unconfirmed transactions. It is not a hack anymore, but a rule. Any point of acceptance that calculates its risk, that the effort to run a double-donation is too big to be dishonest, will have problems with RBF. Also, the security scanners probably scandalous, but in reality often functioning tactics to complicate Double Spends so far by good algorithms that they are not worthwhile for cheap things, will not work with RBF.

The traders and payment service providers will have no choice but to accept transactions with the RBF mark as unacknowledged. However, as RBF is now selected by default with the latest core release and also Electrum, this should lead to chaos and further increase the user experience and error rate of unconfirmed payments.

For these reasons, Bitcoin Cash has decided not to implement RBF as an explicit feature. Unconfirmed transactions should not be deliberately made more insecure, but as secure as possible, depending on the context. Of course, this does not preclude Miners from choosing to replace transactions in order to pay higher fees. Since Bitcoin Cash does not intend to push the transaction volume ever to a limit anyway, no fee market is likely to arise, whereby it is also not necessary to subsequently increase the fee. For Bitcoin itself, however, RBF makes sense. So the handling of unconfirmed transactions will end up becoming another distinguishing feature between the two cryptocurrencies.

---

---

Image Sources:

• Post header created by myself
• support.bitpay.com
• blog.bitpay.com

Have a nice day!

LOVE&LIGHT