Skip to main content
SpringerLink
Log in
Book cover

International Conference on Financial Cryptography and Data Security

FC 2016: Financial Cryptography and Data Security pp 581–599Cite as

Refund Attacks on Bitcoin’s Payment Protocol

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9603))

Abstract

BIP70 is a community-accepted Payment Protocol standard that governs how merchants and customers perform payments in Bitcoin. This standard is supported by most major wallets and the two dominant Payment Processors: Coinbase and BitPay, who collectively provide the infrastructure for accepting Bitcoin as a form of payment to more than 100,000 merchants. In this paper, we present new attacks on the Payment Protocol, which affect all BIP70 merchants. The Silkroad Trader attack highlights an authentication vulnerability in the Payment Protocol while the Marketplace Trader attack exploits the refund policies of existing Payment Processors. Both attacks have been experimentally verified on real-life merchants using a modified Bitcoin wallet. The attacks have been acknowledged by both Coinbase and Bitpay with temporary mitigation measures put in place. However, to fully address the identified issues will require revising the BIP70 standard. We present a concrete proposal to revise BIP70 by providing the merchant with publicly verifiable evidence to prevent both attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    A form of identity (26–35 alphanumeric characters) that is related to a public-private key pair and is used to send/receive bitcoins.

  2. 2.

    Currently 8.9% of all bitcoins are stored using the ‘pay-to-script-hash’ approach [1].

  3. 3.

    The protocol specification allows messages to be sent over HTTP and for the merchant not to have an X.509 certificate, but this is not considered secure.

  4. 4.

    URL from the X.509 certificate’s ‘common name’ field.

  5. 5.

    A single payment transaction \(\mathrm {\tau }_{\mathrm {C}}\) is considered for simplicity. The protocol supports one or more payment transactions, and our results still apply in this case.

  6. 6.

    Currently 50% of nodes on the network receive a new transaction within 5 s [2].

  7. 7.

    A transaction input does not record the number of bitcoins ‘sent’ and instead references an output from a previous transaction which specifies the bitcoins.

  8. 8.

    https://groups.google.com/forum/#!msg/bitcoinj/ymFRupTSRJQ/zANj2RpslCcJ.

  9. 9.

    Our solution continues to allow customers to send one or more Payment messages to the merchant until all requested bitcoins have been received. Furthermore, these messages can contain a list payment transactions.

References

  1. Alcio: Monitor pay to script hash adoption, May 2015. http://p2sh.info/. Accessed 21 May 2015

  2. Ali, S.T., McCorry, P., Lee, P.H.-J., Hao, F.: ZombieCoin: powering next-generation botnets with Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 34–48. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48051-9_3

    Chapter  Google Scholar 

  3. Allison, I.: Silk road prosecutors talk about Bitcoin, ripple and money laundering. International Business Times, August 2015. http://www.ibtimes.co.uk/silk-road-prosecutors-talk-about-bitcoin-ripple-money-laundering-1517414

  4. Andresen, G.: Pay to script hash. Bitcoin Improvement Process (2012). https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki. Accessed 07 Dec 2015

  5. Andresen, G., Hearn, M.: BIP 70: payment protocol. Bitcoin Improvement Process, July 2013. https://github.com/bitcoin/bips/blob/master/bip-0070.mediawiki. Accessed 15 Jan 2015

  6. Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in Bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39884-1_4

    Chapter  Google Scholar 

  7. BitPay: New invoice adjustment and refund flow, August 2015. https://blog.bitpay.com/new-refund-flow/. Accessed 20 Sept 2015

  8. Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for Bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45472-5_31

    Google Scholar 

  9. Coinbase: How do i do a customer refund with the API? May 2015. https://support.coinbase.com/customer/portal/articles/1521752-how-do-i-do-a-customer-refund-with-the-api-. Accessed 15 May 2015

  10. Fincen: Request for administrative ruling on the application of FinCENs regulations to a virtual currency payment system (2015). http://www.fincen.gov/news_room/rp/rulings/pdf/FIN-2014-R012.pdf. Accessed 07 Sept 2015

  11. Dagher, G., Bunz, B., Bonneau, J., Clarke, J., Boneah, D.: Provisions: privacy-preserving proofs of solvency for Bitcoin exchanges. In: The 22nd ACM Conference on Computer and Communications Security (2015)

    Google Scholar 

  12. Geiger, B.: Overstock.com offers its staff the option of being paid in Bitcoin (2015). http://fortune.com/2015/01/09/overstock-com-offers-its-staff-the-option-of-being-paid-in-bitcoin/. Accessed 26 Feb 2015

  13. Hearn, M.: Re: [Bitcoin-development] BIP 70 refund field. Bitcoin-Development, March 2014. http://sourceforge.net/p/bitcoin/mailman/message/32157661/. Accessed 01 Feb 2015

  14. Maxwell, G.: CoinJoin: Bitcoin privacy for the real world (2013). https://bitcointalk.org/index.php?topic=279249. Accessed 20 May 2015

  15. McCorry, P., Shahandashti, S.F., Clarke, D., Hao, F.: Authenticated key exchange over Bitcoin. In: Chen, L., Matsuo, S. (eds.) SSR 2015. LNCS, vol. 9497, pp. 3–20. Springer, Cham (2015). doi:10.1007/978-3-319-27152-1_1

    Chapter  Google Scholar 

  16. Meiklejohn, S., Orlandi, C.: Privacy-enhancing overlays in Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 127–141. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48051-9_10

    Chapter  Google Scholar 

  17. Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of Bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 127–140. ACM (2013)

    Google Scholar 

  18. Miers, I., Garman, C., Green, M., Rubin, A.: Zerocoin: anonymous distributed e-cash from Bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)

    Google Scholar 

  19. Monero: Monero is a secure, private, untraceable currency. It is open-source and freely available to all (2015). https://getmonero.org/home. Accessed 08 Dec 2015

  20. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system, November 2008. https://bitcoin.org/bitcoin.pdf. Accessed 01 Jan 2015

  21. Perez, Y.: Could the Bitcoin lightning network solve blockchain scalability? (2015). http://www.coindesk.com/could-the-bitcoin-lightning-network-solve-blockchain-scalability/. Accessed 15 May 2015

  22. Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: Privacy, Security, Risk and Trust (PASSAT), 2011 IEEE Third International Conference on and 2011 IEEE Third International Conference on Social Computing, pp. 1318–1326, October 2011

    Google Scholar 

  23. Ruffing, T., Moreno-Sanchez, P., Kate, A.: CoinShuffle: practical decentralized coin mixing for Bitcoin. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 345–364. Springer, Cham (2014). doi:10.1007/978-3-319-11212-1_20

    Google Scholar 

  24. Schildbach, A.: Re: [Bitcoin-development] BIP 70 refund field. Bitcoin-Development, March 2014. http://sourceforge.net/p/bitcoin/mailman/message/32157651/. Accessed 1 Feb 2015

  25. State, N.Y.: Chapter i regulations of the superintendent of financial services, part 200. Virtual currencies. Department of Finance Services, February 2015

    Google Scholar 

  26. Tur, M.: Can BitPay refund my order? (2015). https://support.bitpay.com/hc/en-us/articles/203411523-Can-BitPay-refund-my-order-. Accessed 07 Apr 2015

  27. Valenta, L., Rowan, B.: Blindcoin: blinded, accountable mixes for Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 112–126. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48051-9_9

    Chapter  Google Scholar 

  28. Wuille, P.: Switch to libsecp256k1-based ECDSA validation. Bitcoin Github Repository, November 2015. https://github.com/bitcoin/bitcoin/pull/6954. Accessed 31 Dec 2015

Download references

Acknowledgements

The second and third authors are supported by the European Research Council (ERC) Starting Grant (No. 306994). We would like to thank the original authors of the Payment Protocol; Mike Hearn for his constructive feedback on our proposed solution and recommendation to include customer-specified instructions and Gavin Andresen for reviewing this paper and giving feedback. Also, we thank the anonymous reviewers for their very good feedback.

Author information

Authors and Affiliations

  1. School of Computing Science, Newcastle University, Newcastle upon Tyne, UK

    Patrick McCorry, Siamak F. Shahandashti & Feng Hao

Authors
  1. Patrick McCorry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Siamak F. Shahandashti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Feng Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Patrick McCorry .

Editor information

Editors and Affiliations

  1. Technical University Munich, Garching, Germany

    Jens Grossklags

  2. Department of Electrical Engineering-ESAT, KU Leuven, Leuven, Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Cite this paper

McCorry, P., Shahandashti, S.F., Hao, F. (2017). Refund Attacks on Bitcoin’s Payment Protocol. In: Grossklags, J., Preneel, B. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54970-4_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-54970-4_34

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-54969-8

  • Online ISBN: 978-3-662-54970-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation