It is a common practice nowadays for online ventures to invite white hat hackers to attack their systems via security challenges or cyber bug hunts. Companies usually do this to learn what vulnerabilities they might have and improve, or to show their confidence in their existing defense capabilities. The method can also be used to prove a point about the reliability of a certain system as seems to have happened now with 0-conf BCH transactions.
It appears that someone has lost $2,000 buying a $1,000 gift card trying to carry out a “double spend” attack with bitcoin cash (BCH), according to transaction data from Cryptonize.it. Whoever was behind this failed attempt thought that they can exploit a feature in BCH called 0-conf (wherein transactions are broadcasted immediately with still zero conformation), but the attempt backfired, costing them double the gain and verifying the security of the cryptocurrency for merchants.
As we previously reported, Cryptonize.it is an online shopping website selling gift cards for Amazon, Steam, iTunes, Starbucks and many other popular services. It exclusively accepts BCH payments, offering merchants a platform to sell their products to the bitcoin cash community while avoiding volatility risks. As such, it was important for the founders of the site to demonstrate to merchants that accepting payments with the BCH cryptocurrency is safe and secure. So the company challenged anyone who think they can double spend by exploiting 0-conf to get a $1000 Amazon gift card (priced at $2000 to make sure no one buys it by mistake), promising not to report the incident to Amazon or to press any charges.
More Challenges to Come
Cryptonize.it co-founder Arian Kuqi explained to news.bitcoin.com how the whole thing came about: “It started about a month ago, I noticed a lot of comments and posts about 0-conf and how it’s not safe to use. It’s understandable, people are stuck in their head with BTC problems and think the same goes for BCH. Having 0-conf on cryptonize.it, I started commenting and posting about it. Then, a user on reddit suggested I set up a challenge for people who were so confident 0-conf can’t possibly be reliable so one day later I did. A month went by, a lot of talk in the beginning but no action. Until one guy made it clear that he was going to try under the impression of a 80% shot in his favor. A couple of days later, it happened!”
The co-founder added that more similar challenges are on the way: “I’m going to keep coming with challenges until everybody is satisfied 0-conf is safe to use for any online retailer supporting Bitcoin Cash or until these trolls run out of money. My goal is to show merchants the benefits and safety of the Bitcoin Cash ledger and attract more adoption by merchants.”
What other challenges are needed to test vulnerabilities in the cryptocurrency ecosystem? Share your thoughts in the comments section below!
Images courtesy of Shutterstock.