Online scams and fraud are increasing every day and, sadly enough this activity often includes cryptocurrencies. Moreover, fraud is not about the darknet only, one can be cheated on trusted sites like eBay as well.
Oleg Khovayko, CTO of Emercoin, shared with ForkLog one such instance along with a simple way to give scammers a good lesson.
If you check Bitcoin price at eBay, you will see something really extraordinary: it is nearly 50% higher than the average market price. For instance, if the current Bitcoin price is around $600, on eBay it will be close to $800. One might think of a great speculation opportunity – just buy bitcoins at an exchange and sell them on eBay with huge profit of 40 per cent a week which is an average item time. Dreams come true!
But, as it often turns out, the only free cheese is in the mousetrap, and chances are high you don’t see something bigger. What we actually see is a fraud scheme that works as follows:
1. You post an item (Bitcoin in this case) on sale.
2. The scammer buys it from you and sends money to your PayPal account.
3. You send the bitcoins to the scammer.
4. The next day, the scammer opens a PayPal dispute regarding an “unauthorized transaction”.
5. PayPal contacts you requesting the tracking number of the item sent.
6. You provide them with the Bitcoin TXID and the buyer’s affirmative response.
7. PayPal ignores your evidence and, for reasons only they know, makes one of two decisions:
7.1. Unauthorized transaction is not proven, so you keep the money. This way, you have successfully sold your bitcoin.
7.2. The transaction is considered unauthorized, and PayPal sends the money back to to the scammer who now has both his own money and your bitcoin. And all you have now is the negative feedback rating.
As we can see, it’s nearly a safe game for scammers: they either buy bitcoins from you (at a higher price, though), or they take them for free.
Just to have some fun and at the same time in order to test Bitcoin for deliberate double spending via manipulating priorities of block additions, Emercoin experts have designed and tested a counter-strategy ensuring you 100 per cent sell bitcoins to Ebay scammers at a higher price.
To be honest, we have experimented with this only twice, yet our assumptions were fully proven. After that we stopped researching the topic as it no longer interested us. And certainly we took measures so that tricks like this wouldn’t work in Emercoin.
However, people kept on asking, so below is our counter-strategy in detail. It is all about the artificial double spending to get your bitcoins back. So, this is how you cheat the cheater on eBay.
1.You post an item (bitcoins) for sale. We tested 0.1 BTC, so that’s the recommended amount.
2. The scammer buys the item from you and sends money to your PayPal (so far everything is going according to his plan).
3. You create a backup of your bitcoin wallet, wallet.dat.
4. You send bitcoins to the scammer with zero fee on any business day.
5. The zero-fee transaction normally freezes in pools awaiting confirmations. It might take several days.
6. The next day, the scammer opens the “unauthorized transaction” dispute.
7. If the transaction is still not confirmed (i.e. it’s not on the blockchain), you have almost won. And since the PayPal transaction is not authorized, the payee is not entitled to receive your bitcoins. And that’s what you do next:
8. You check the wallet outputs used for the payment to the scammer (for instance, on blockchain.info).
9. You recover the wallet.dat file stored as a backup. It, of course, has no information about the transaction to the scammer, while the UTXO outputs it employed look unspent.
10. Using transaction control, you spend the same outputs (actually, one will be enough, but you may use all of them just to be on the safe side) to create a transaction sending the same bitcoins to yourself or any other trusted address. And this is where you don’t have to be greedy about the fees, be as generous as you can.
11. After receiving the second transaction with a higher fee (and, consequently, with a higher priority) miners will be happy to add it to the blockchain. Now blockchain contains a transaction (see item 10), while the unconfirmed transaction (see item 4) causes conflicts and never makes it to the blockchain. Furthermore, even if the scammer has already spent the money, his spendings are now in conflict as well, and more problems with his counterparties are guaranteed. As a result, you have your bitcoins and turn the tables with the scammer.
12. In such a manner, if PayPal acknowledges the transaction is not authorized and repays the scammer, you still keep your bitcoins. However, if PayPal says “the unauthorized transaction is not proven”, you have the scammer’s money while still keeping your bitcoins.
We’ve run two experiments by selling two 0.1 BTC items on eBay, and we’ve seen both responses from PayPal. One of the scammers opened a dispute a week after the purchase and was reimbursed by PayPal. However, the other scammer faced the music: he paid the money without getting bitcoins.
Eventually, we managed to sell bitcoins at the eBay price and proved our counter-strategy successful. Also we proved vulnerability of the Bitcoin priority queue.
We do not recommend the aforementioned counter-strategy for profit-making. Even if you succeed, PayPal will soon close your account as the one that causes constant troubles.