In this post we have a brief overview of what Lightning Network is and how it can and is integrated with existing cryptocurrency ATM’s. We check what are potential advantages and disadvantages of using LN payments for both users and operators.
Lightning Network Overview
There is a lot of information on what Lightning Network is. In short, it is a second layer protocol on top of cryptocurrenices like Bitcoin, Litecoin etc. Effectively, two users have a mutual (multi-signature) transaction on the base layer and then exchange signed new transactions, which are not broadcast to the base layer network and hence are not included into blockchain. Only last transaction in a sequence of exchanged signed transactions (commitment transaction) is broadcast to the blockchain, when one party decides to close the financial relationships with counterparty. Such funding transaction and exchange of signed transaction is called a payment channel.
During the recent years there was natural growth in two industries — bitcoin ATM installations reached almost 6000 as of end 2019 and cannabis industry legalization was happening steadily over time in various US states. In this article we check how the two industries fit together and factors that can be beneficial for both sides from synergy.
With introduction of cryptocurrencies in our lives, they became instrument for funds transfer not only among users with legitimate purposes, but also for fraudulent activity. Usually, the victims are the less knowledgeable people, who are instructed by scammers what to do, and who send large amounts by using bitcoin ATM’s. The advantage of using cryptocurrencies by scammers is because payments are non-refundable, once the payment is done and confirmed at least in 1 block, there is hardly anything can be done to revert the payment. Advantage of using cryptocurrency ATM’s is that they are the easiest bridge between old traditional fiat world (accept cash banknotes) and transform to cryptocurrency.
If you are asked or forced to use bitcoin ATM in order to deposit cash and scan a given to you QR code — please STOP. This is a scam, and you will lose all money.
Fair to say that similar schemes are used by scammers with different money transfer vehicles, e.g. users are asked to buy gift cards or various vouchers types. Cryptocurrencies and bitcoin ATM as conversion mechanism is much easier for scammers to use. First of all, bitcoin ATM is less understood by masses, and hence might look more “official” for victim and more people can fall for scam, which increases the probability of scam success. The figures from Edmonton Police Service confirm this, as fraud using Bitcoin were larger than 80% of CRA scams in 2018:
In the previous post we covered the case of bitcoin ATM operator, who got attacked by a group of criminals doing double-spend transactions and withdrawing cash and later reverting bitcoin transaction from ATM operator.
During research on this we contacted manufacturers of ATM’s and asked what are the settings available for operators to control 0-confirmation transactions and risk associated with them. We reached out to top 4 bitcoin ATM producers based on number of ATM’s installed worldwide as of today: Genesis Coin, General Bytes, Lamassu and Bitaccess. In this post we review what are the options with respect to risk control of double spends that are available at operators’ disposal and are provided by suppliers.
To refresh, in the previous post we made an assumption that following settings and limits could mitigate the loss significantly:
Limit the 0-conf transaction size;
Limit the cumulative size of 0-conf transactions across full ATM’s network;
Check for miner fee in order to process 0-conf when miner fee is large enough. This might not mitigate the attack in all cases, but can reduce the success rate of attack;
Whether software allows to differentiate and limit processing of 0-conf transactions when RBF-transaction is received (which makes it much easier to double spend).
Recently a news about 0-conf attack on bitcoin ATM operator circulated on the web. The attack was conducted by 4 unknown individuals in several cities in Canada back in September 2018. In total, they were reportedly able to withdraw / steal from operator $195K CAD (or $146K USD as of today’s rate).
Anyone with information about the identity of any of these suspects is asked to call the Calgary police service non-emergency line at 403-266-1234, regardless of what jurisdiction they live in.
In this post we try to look in details what this attack is about and why it could happen. We try to have a deeper understanding of the problem and choice, which operators face.