With the growing popularity of Bitcoin, more businesses are starting to accept it as a payment method. As with any financial asset, there is increasing acceptance along with an increase in fraud attacks. While Bitcoin is designed so that transactions are publicly validated, the Bitcoin ecosystem will always witness double spending efforts as a primary means of perpetrating network fraud. Criminals look to a) spend coins in shops while also, b) transfer the same to their own wallets, effectively revoking payments and cheating merchants.
Fraudsters adopt a wide spectrum of strategies for this purpose.
In the “race attack” variant, they send the two consecutive conflicting transactions to the network, aiming only to confirm the wallet transfer. To achieve this, criminals often use the Fee Replacement (RBF) option, which is available in many wallets. Here, fees that accompany trader charges are set low enough to discourage miners from validating those transactions. After a few minutes, pending payments are canceled by changing the recipient’s address to the address of your own wallet.
Criminals also carry out “Finney attacks” – sending payment transactions directly to retailers’ goals, when broadcasting wallet transfers across the entire network. This technique also increases the chance of remissions. Other strategies include “Vector76 attacks” (a combination of the two typologies above).
Unfortunately, it takes, on average, 10 minutes to confirm that a Bitcoin transaction is not a double-spending attempt. Fast-pay merchants (like ATMs, vending machines, fast-service restaurants) can’t afford to wait for confirmed payments. Therefore, they are exposed to the risk of fraud, as goods change hands before victims realize payments have been canceled.
Then there are other threat vectors (such as “fork attacks”), where even after confirmation of payments, sellers could be deceived, thereby hurting even slow-wage traders. (Forks are creating an alternative version of the blockchain, with both variants running simultaneously on different parts of the network.)
In the “alternative history attack,” criminals present the payment while privately digging another fork, including the fraudulent expenditure. While retailers are waiting for n confirmation and approval of the payment, criminals are trying to get more than n processed blocks to release the fork and retrieve the coins. Successful execution of the above requires fraudsters to own systems with a relatively high hash rate (number of calculations performed per second). By design, hash rate requirements mean that this type of fraud is highly discouraged by the Bitcoin network.
A “majority attack” is a better version of the above, with criminals controlling more than 50 percent of the network’s hash rate (virtual impossibility on Bitcoin). In such cases, double spending is guaranteed to succeed. No amount of confirmations can stop this attack. However, waiting for multiple confirmation increases the resource cost of such threat vectors, and thus deter fraudsters.
To protect consumers from incurring the costs of fraud incidents, there is an increasing need to find measures that are scalable and realistic to use.
Fraud Analysis Solutions
One such approach would be to include a layer of real-time fraud analytics solutions, such as “observer nodes” in the network. These can alert vendors to risky payments, by running machine learning models on transactions. These models can calculate the potential profits of fraudsters in case they try to eliminate double payments and spending, thereby reaching the likelihood of any payment being fraudulent.
APIs hosted in apps / merchant websites can read the processing power of machines that initiate payments, thereby verifying hidden hash rate. Such models can also suggest the number of confirmations that sellers should wait for (using features like user-to-network hash rate ratio), before approving payments.
In addition, a “reputation score” can be calculated for each user. APIs that capture behavioral biometrics (such as typing styles) as well as IP address, device details, etc. can be used to cluster payments into homogeneity hubs, thereby having a high chance of originating from the same users.
Bitcoin’s public transaction log leaks considerable information about user profiles. “Network algorithms” can use this data to connect different wallet addresses, thereby undoing coordinated attacks. Accordingly, we can reach such scores even for wallet clusters. This can allow us to implement accountability measures within the system (eg blacklisted linked wallet addresses and IPs).
“Reputation scores” may be of particular use in case of fork attacks, as payments may be revoked irrespective of the number of confirmations.
It must be noted that, as with any analytics model, there would clearly be a risk of misclassification of legitimate payments as double spending efforts. Traders therefore need to be able to choose their own risk appetite and decide on the “severity threshold” of model warnings, beyond which they may wish to withhold suspicious payments. Comparison of benefits of the expected fraud loss savings with cost a potential revenue loss (resulting from the decline of legitimate payments) can provide guidance in this space. Retailers can be charged for using model recommendations, which can be calculated dynamically by automating the performance of a model.
Commercial education can be an additional avenue to mitigate the risk of fraud.
Business owners can be trained to protect against race attacks. Shops can a) connect to an adequate random sample of nodes in the Bitcoin network and b) disable incoming connections. These measures will prevent fraudsters from correctly identifying and sending payment transactions directly to merchant goals.
Double spending efforts are usually facilitated by a lack of anonymity in practice. Many retailers publicly associate their wallet nicknames with their identities. This gives criminals the ability to social engineer information, which is relevant to any seller’s Bitcoin goal.
Traders also need to understand the difference between confirmed and unconfirmed activity and be able to check payment status using a block probe. Better user-wallet interface design can help in this context, by sharply highlighting the difference between actual and declared user balances.
Research has shown that profile leaks in Bitcoin’s public activity log rise with the number of user-initiated transactions. This is because those that can be mapped to an abundance of records can be easily scrutinized, compared to others. Interestingly, the above can serve as a built-in deterrent for a large number of coordinated attacks by syndicate fraud hoards, perennially in vogue in credit card space.
Obviously, anti-fraud solutions for the Bitcoin ecosystem could run into privacy concerns.
However, increasing network congestion due to Bitcoin’s growing popularity could lead to a rapid increase in the average confirmation time. This, combined with the continuous discovery of fresh threat vectors, means that systematic fraud mitigates the need of the hour.
This is a guest post by Debanjan Chatterjee. They are solely their own opinion and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
- Karame, GO, Androulaki, E., & Capkun, S. (2012). Two Bitcoins for the price of one? Double spending attacks on fast payments in Bitcoin (No. 248). Retrieved from http://eprint.iacr.org/2012/248.
- Podolanko, JP, Ming, J., & Wright, M. (nd) (2017). Counter double spending attacks on fast Bitcoin transactions. (p. 7). Retrieved from http://www.ieee-security.org/TC/SPW2017/ConPro/papers/podolanko-conpro17.pdf.
- Karame, GO, Androulaki, E., Roeschlin, M., Gervais, A., Capkun, S. (2015). Misconduct in bitcoin: a study of double spending and liability. Cross ACM. Inf. Syst. Secur. 18 (1). Retrieved from https://www.researchgate.net/publication/279246556_Misbehavior_in_Bitcoin_A_Study_of_Double-Spending_and_Accountability