In the previous post we covered the case of bitcoin ATM operator, who got attacked by a group of criminals doing double-spend transactions and withdrawing cash and later reverting bitcoin transaction from ATM operator.
During research on this we contacted manufacturers of ATM’s and asked what are the settings available for operators to control 0-confirmation transactions and risk associated with them. We reached out to top 4 bitcoin ATM producers based on number of ATM’s installed worldwide as of today: Genesis Coin, General Bytes, Lamassu and Bitaccess. In this post we review what are the options with respect to risk control of double spends that are available at operators’ disposal and are provided by suppliers.
To refresh, in the previous post we made an assumption that following settings and limits could mitigate the loss significantly:
Limit the 0-conf transaction size;
Limit the cumulative size of 0-conf transactions across full ATM’s network;
Check for miner fee in order to process 0-conf when miner fee is large enough. This might not mitigate the attack in all cases, but can reduce the success rate of attack;
Whether software allows to differentiate and limit processing of 0-conf transactions when RBF-transaction is received (which makes it much easier to double spend).
Recently a news about 0-conf attack on bitcoin ATM operator circulated on the web. The attack was conducted by 4 unknown individuals in several cities in Canada back in September 2018. In total, they were reportedly able to withdraw / steal from operator $195K CAD (or $146K USD as of today’s rate).
Anyone with information about the identity of any of these suspects is asked to call the Calgary police service non-emergency line at 403-266-1234, regardless of what jurisdiction they live in.
In this post we try to look in details what this attack is about and why it could happen. We try to have a deeper understanding of the problem and choice, which operators face.
At the beginning of February, the price of Bitcoin was $3,454 and it was stagnating for a week before it started to rise. It reached its peak at the $4,020 near the end of the month before it started to fall again. February ended with a price of $3,844 which is an 11% rise compared to the beginning of the month.
The number of new machines continued to grow at the relatively stable rate, although a bit slower than in previous month.
Period Start: 4291, Period End: 4387
Opened: 160, Closed: 64, Net Growth: +96(2.3%)