Four scammers wanted for conducting double spending attacks in Bitcoin ATMs from major cities in Canada. The criminals managed to steal bitcoin worth of $200,000.
Four Canadian men are wanted by the police for double-spending attacks on Bitcoin ATMs. The attacks took place in 7 cities across Canada, half of them taking place in Calgary. The attacks in this particular city were conducted over a span of ten days in September 2018.
Other cities that were attacked are Winnipeg, Toronto, Montreal, Sherwood Park, Ottawa, and Hamilton.
Calgary police began its investigations in October after the swindled Bitcoin ATM company alerted them of the issue. Each suspect operated in a different city.
The photos of the men have been released online, and the police are asking for public assistance to identify them. All pertinent information regarding the suspects can be anonymously submitted to the police.
These guys double spent BTC at ATMs using Replace by Fee. Stole over $200,000 over 112 transactions.
Samson is right, BTC is no longer a payments system. https://t.co/qasEv8tMf8
— Collin Enstad (@CollinEnstad) March 13, 2019
The men succeeded in their theft because they exploited the Bitcoin ATMs’ zero-confirmation transactions to double-spend Bitcoin in exchange for money. They conducted a total of 112 transactions, gathering a sum of $200,000. The average withdrawal was approximately $1800.
Canadian Bitcoin Core developer Peter Todd’s replace-by-fee tools are what made these transactions possible. While it was not designed to facilitate theft, the tool lets “stuck” transactions to become released for the cost of an extra fee. A “double spend” tool is incorporated in the kit, which according to Todd:
“Creates two transactions in succession. The first pays the specified amount to the specified address. The second double-spends that transaction with a transaction with higher fees, paying only the change address. In addition, you can optionally specify that the first transaction additional OP-RETURN, multisig, and “blacklisted” address outputs. Some miners won’t accept transactions with these output types; those miners will accept the second double-spend transaction, helping you achieve a successful double-spend.”
Calgary police, in collaboration with Ontario and Manitoba authorities, acquired CCTV images featuring the suspects which are thought to “have in-depth knowledge or interest in cryptocurrency, bitcoin and/or blockchain technology”.
Calgary is home to a total number of 45 Bitcoin ATMs, but only 21 of them support Bitcoin sales. These ATMs are owned by several companies including Bitnational, Bitcoin Solutions, and Bitcoiniacs, with some of them having daily sales limit of up to $9000.
Top #bitcoin ATM manufacturers w/r/t installations in February 2019 @generalbytes +49 / 3.7%, @genesiscoin +20 / 1.4%, @LamassuBTC +10 / 2.3%, #ShitcoinsClub +7 / 18.9%, #OrderbobATM +6 / 5.9%, @Bitaccess +3 / 1.2%, @Coin_Source +3 / 1.6% https://t.co/cJCE3hNbXf pic.twitter.com/XbPfhbeuXv
— Coin ATM Radar ₿🏧🚀 (@CoinATMRadar) March 12, 2019
None of these companies confirmed if they allow for 0-confirmation transactions or not.
The news generated controversy regarding Bitcoin’s replace-by-fee (RBF) which enables the re-sending of unconfirmed transactions in exchange for a higher fee. Many believe that this feature can be used to conduct double-spending attacks. While it is not required to have RBF to double-spend, the feature enables even non-tech users to pull off a scam.
Featured Image: cryptocurrencynews