Bitcoin Core contributor Peter Todd is sometimes demonized in the Bitcoin community due to his role as “chief naysayer” of the Bitcoin development process, but many developers in the space recognize his value as a security researcher. One aspect of Bitcoin that Todd has often criticized in the past has been unconfirmed transactions.
Unconfirmed transactions are Bitcoin transactions that have not yet been included in a block by a miner. While nodes (including miners) may have the transaction in their respective mempools, it hasn’t yet been confirmed and entered into Bitcoin’s blockchain. Some payment processors and merchants believe unconfirmed transactions to be safe enough, but Todd has long taken a different position.
Although many believe Peter Todd takes things too far when he says unconfirmed transactions are not secure, the longtime Bitcoin security researcher illustrated his point on this issue by double-spending a payment sent to Coinbase earlier this year. Todd recently went into the details of this event on an episode of The Crypto Show.
Proving That Double-Spends are Easy
When asked about the double-spend event on The Crypto Show, Peter Todd indicated that it was sort of a spur-the-moment affair. He stated, “I was sitting with Jeremy Gardner in his living room, and he wasn’t very convinced that double-spending was trivial.”
Todd responded to Gardner’s skepticism by saying, “I’ll show you right here. This is actually really easy.”
Todd did not want to double-spend a large amount of money, so he decided to buy some Reddit Gold through their Coinbase-powered Bitcoin checkout process. The Bitcoin researcher noted, “It’s like the smallest amount that I knew that a provider accepted.”
Peter Todd claimed he knew the Coinbase checkout system would pay the merchant (Reddit) no matter what. Todd intended to warn Coinbase about his upcoming double-spend, but something went wrong and his email about the attack was never received. After he completed the double-spend, Todd informed Coinbase about the situation and asked them if they wanted their money back.
Peter Todd’s Double-Spending Software
Peter Todd did not have to do much work to double-spend Coinbase, as he’s had a python script for double-spending available on GitHub for roughly a year. The longtime Bitcoin Core contributor explained how the script works:
“All it does it send one transaction with a low fee -- so low that it would take hours (if ever) for it to get mined -- and then it waits maybe thirty seconds and then it sends another transaction spending the same bitcoin back to yourself rather than to the recipient with a higher fee . . . There are enough miners out there that would have not accepted the first transaction because it has such a low fee . . . [but] they’ll accept the second transaction.”
Peter Todd also explained that, somewhat ironically, Bitcoin XT nodes help propagate double-spends throughout the network due to a unique feature in the alternative Bitcoin software client. This feature is described on the Bitcoin XT website as follows:
“XT has a useful feature: double spend monitoring and relaying. By running XT you help propagate information about double spends across the network, making it harder for payment fraudsters to steal from sellers by broadcasting two conflicting transactions simultaneously.”
Todd noted that his own replace-by-fee nodes have the same sort of functionality. He also added that a double-spend will work practically every time with his software.
The Reddit Trolls Attack
In the aftermath of double-spending the purchase of his Reddit Gold, Peter Todd’s Reddit account was suspended. He described this part of the story on The Crypto Show:
“[Reddit] got a flood of /r/Bitcoin trolls -- really probably more /r/btc trolls -- trying to go get my account suspended. They flooded the admins, and they were like, ‘Yeah, whatever. Seems like this guy’s doing something bad. Hit the suspend button. Figure it out later.’”
After explaining the full situation to the admins, Todd’s Reddit account was reinstated a week later. Peter Todd told The Crypto Show, “Based on what I heard from the Reddit admin, it was a very deliberate attempt to get my account banned.”
During the interview, Peter Todd’s main point seemed to be that his Coinbase double-spend was made out to be much more than it was -- in large part to the trolls on various Bitcoin subreddits. Having said that, the Reddit community seems hell-bent on always making him out to be the bad guy.