Scammers steal £113,000 from Bitcoin ATMs by double spending before transactions can be cleared

Attackers took advantage of 'replace by fee' feature that makes 'stuck' transaction become 'unstuck'

Police in Canada are hunting for four men who stole CA$200,000 (£113,000) from Bitcoin cash machines in a scam that took advantage of the slow speed with which Blockchain updates.

The attacks took place over 10 days in September 2018, with the men taking part in 112 fraudulent transactions at Bitcoin kiosks across seven cities in Canada. The average transaction was $1,800.

The double-spend attacks involved the men taking advantage of a feature built-in to the ATMs, combined with the slow speed with which Blockchain updates Bitcoin transactions.

The attack involved withdrawing money from one kiosk and remotely cancelling the transaction before the withdrawal is processed.

Bitcoin experts claim that the fraud was facilitated by a ‘replace by fee' feature used by the Bitcoin exchange running the ATMs enabling ‘stuck' transactions to become ‘unstuck' by the payment of a fee.

"From a philosophical standpoint, the tools are controversial, but intended to encourage services and users to wait for at least one confirmation before considering a transaction completed.

"However, in reality, it's inconvenient to have customers standing around for 10-to-30 minutes (or longer) for a transaction to go through," notes specialist website CCN.

The AI and Machine Learning Awards are coming! In July this year, Computing will be recognising the best work in AI and machine learning across the UK. Do you have research or a project that you think deserves wider recognition? Enter the awards today - entry is free.