Criminal Double Spending Bitcoin ATM Users Wanted by Calgary Police Service
According to reports by CBC, double-spend attacks have taken place against Bitcoin ATMs in four Canadian cities. The attacks carried out by four men, entail 112 transactions. Though the identities of the perpetrators are not currently known, the Calgary police are requesting the public’s help in identifying them.
The attacks were carried out at a point that the Bitcoin ATMs accepted zero-confirmation transactions. By carrying out the transactions, the scammers were able to obtain around $200,000 from the ATMs.
It seems that replace-by-fee tools, developed by Peter Todd, the developer of Bitcoin Core, were what allowed the transactions to go through. Although the tools were not specifically created for such criminal activity, the tools essentially enable “stuck” transactions become “unstuck” when one pays an extra fee. Further, there is a “double spend” tool that also seems to be at the heart of the transactions.
The latter tool has been described by Todd as one that
“Creates two transactions in succession. The first pays the specified amount to the specified address. The second double-spends that transaction with a transaction with higher fees, paying only the change address. In addition, you can optionally specify that the first transaction additional OP-RETURN, multisig, and “blacklisted” address outputs. Some miners won’t accept transactions with these output types; those miners will accept the second double-spend transaction, helping you achieve a successful double-spend.”
Even though there is controversy surrounding the tools, at the end of the day, they do have utility in that they work to encourage services and users to receive one confirmation before they determine that the transaction is completed. The trouble is that it can be inconvenient because customers must wait anywhere from 10 to 30 minutes for the transaction to essentially go through.
The four men who took advantage of the technology have taken over $200,000 in funds that were not theirs to take, all by exploiting the technology.