Hi, I’m Amanda B. Johnson
and welcome to DASH: Detailed.
If a series of ones and zeros transmitted over
the internet is to be considered a foundation for
global money, it should probably be exploit free.
So goes the philosophy of a new
anonymous South Korea-based hacking
collective called Glass Hunt.
Glass Hunt burst onto the scene recently with
their Youtube video that depicts them double spending
an online Bitcoin casino.
A double spend takes place when a user
broadcasts a transaction to someone — say a
merchant — waits for them to see the broadcast,
and then broadcasts those same
inputs but this time with a higher fee
in a transaction back to one of
their own addresses.
If this is done in a special way and takes place
before the next block is found the user has
successfully double spent their funds.
The merchant has zero and they have their coins back.
Watch how Glass Hunt
did it to Anonymous Casino:
Here’s a good example of a Bitcoin double
spend. This is purely for educational purposes.
So, I have zero balance here in Bitcoin
on this Anonymous Casino and I’m
going to first go to my address that they have
given me, and I’m going to click “Deposit.” Once I
deposit — let me get my deposit address,
I just grabbed it right here — I’m gonna head
over to Glass Hunt and I’m going to
double spend by sending funds to them.
First I’m going to copy my address.
I’m going to quickly send some funds over.
Click “Send Funds” and then “Confirm.”
Once that’s confirmed this will pick up that transaction.
So here is my funds. I’m gonna then
click on “Next” and I’m going to send it
to here. To my address. And then it’s going
to go ahead and create my transaction.
Once my transaction is created
successfully and actually sent — so it’s been sent.
There’s my transaction ID. It will appear over
here in my balance. So I’ll refresh this page
and it’ll show my balance. There it is.
I can refresh this page and now all of a sudden I
could play some roulette. So let’s have some fun.
I’m gonna roulette spin on this, and have some fun.
Here we go there’s my balance.
I’m gonna pretty much, you know, go
essentially it’s gonna bet, I’m gonna spin.
Let’s see what happens. I’m going to skip this.
Oh! And it’s red.
Oh so let me double up. New bets and go here,
I’m gonna spend two, spin again.
Oh! I won again. Okay great. And then I’m
going to do a new bet and I’m going to double up again.
And spin. And skip. And oh! It’s black.
I lost all my money.
But well, I didn’t make as much money as I wanted.
Oh no. I’ll go back to Glass Hunt.
I’ll put an address that I want to send the
funds back to. This is my own address.
I’ll just put that here, and I’ll click “Double Spend,”
it’ll generate the transaction, and then
all of a sudden now their wallet doesn’t
have my bets in it.
Let’s review what just happened. This is
my double spend. I sent this back to myself.
And this was the original transaction
that I sent to Anonymous Casino.
And it — if I click on their wallet, it
will show that they have a zero balance.
So their — that transaction will not
appear in the blockchain, but this
transaction will.
And I have my funds right back.
So good — good to have all the money
I spent back. And if I go back here,
actually if I refresh this page, it will show
the really bad balance that I have over here,
which will just never be confirmed
because it’s like they never got their funds.
Now all of the funds will be
returned to Anonymous Casino.
I’m just going to make a deposit into this
address and then tell them to keep it.
So that there was no harm no foul.
But just wanted to share this for
educational purposes.
Three members of the for-profit collective Lord Pi,
Foxtrot Tango and Sir Pringles agreed to
grant me an audio-only interview. First I
asked what’s with the Bitcoin double spends?
Regarding Bitcoin we see that for
example double spending as a problem
that needs to be overcame for mass
adoption to take place. And we figured if
just anyone, anywhere, could
simply perform it and it easy instant fashion,
that what will eventually happen
is merchants, how deal in Bitcoin,
will take more security measures. But also the
Bitcoin Foundation, which has a history
of being, you know, a little slower
to to adopt changes just because
of how large its become and how much,
how many different factions with
opposing views there are,
we felt that it would
definitely create a conversation within the
community so that people would really
start talking about how to how to
overcome that problem. So with the
increasing ease-of-use and accessibility
of Bitcoin double spending tools like on
Glass Hunt’s own website, I then asked for
an estimate of roughly how many Bitcoins
are double spent in any given 24-hour period?
I would say a few Bitcoin. A few Bitcoin.
Which is a few thousand bucks.
The Glass Hunt collective told me
that various developers around the world
have reached out to them and asked what
they think is a solution for the double
spends. The team reported no potential
protocol level fixes rather seeing
additional burdens upon merchants to
verify payments as the only feasible option.
It goes into a thing called
“confidence score.” You can find confidence scores,
for example, on Block Cypher they’re.
They’re a great website for identifying the
confidence of a transaction. Usually if it’s over
eighty-five percent to ninety percent
confidence, when it’s broadcasted,
it’s hard to double spend. Right now you just
have to kind of go out yourself and check. And
just because it has a high confidence score
or low confidence score doesn’t mean a
person is going to double spend but they
have the opportunity to, in an easier fashion.
I then asked Foxtrot Tango, Sir Pringles,
and Lord Pi why this problem isn’t
talked about more often and why they’re
video hasn’t sparked a larger online discussion.
People don’t want to
necessarily I’m share the fact that they
can double spend and so that’s one big part
of it. Because once it’s up — we’ve seen a few
actors on the site — they’ll double spend quite a bit
and then, I don’t think it’s something
that people really talked about. And then
the people who advocated Bitcoin, they
don’t necessarily want other people to
know that there are maybe cracks in the
foundation so they kind of just don’t talk about it.
For any Bitcoin accepting
merchants who are concerned about the
potential for Bitcoin double spends
and/or the costs of
further verifying incoming payments,
I invite you to visit Dash.org/Downloads
and go ahead and download our
core wallet. While there you can
experiment with the sending and
receiving of InstantSend transactions.
This offers a confirmation in an average of 1.3 seconds.
Glass Hunts tools, mission statement, and registration
for upcoming hacking courses can all be found at
GlassHunt.co. That’s it for this
week’s DASH: Detailed. Subscribe to this
channel for more of this information
every Wednesday. And I’ll see you next week.
My job, and the job of my colleagues,
is to review digital currency wallets
for acceptance or rejection into the
Apple App Store.
Don’t even think about checking out the
digital currency Dash, digital cash.
It’ll put hair on your palms.