BlockCypher provides Bitcoin wallet services to larger organizations such as exchanges and payment providers. During the recent fracas of “dust” transactions crowding the Bitcoin network, one of their larger clients, Erik Voorhees’ ShapeShift.io, suffered a double-spend attack amounting to 2.6 BTC.
The biggest offering of BlockCypher is what they call a “Confidence Factor” which basically means what it sounds like – if the processor is reasonably sure (as in more than 99%) that a double-spend will not be attempted, the transaction is processed with zero confirmations. BlockCypher describes their method like so:
In simpler terms, if an unconfirmed transaction returns a confidence factor of 99.9%, then our data says there’s a 0.1% chance that an attempted double-spend will succeed. By design, we’re conservative. Even when we return 90% confidence, the likelihood of a successful double-spend is significantly lower than 10%.
The ability to do fast transactions is crucial to a business like ShapeShift, which offers instant conversions between cryptocurrencies. The technology is useful to Bitnet, the payment processor that has made several strategic partnerships in the last few months, not the least of which was with Cardinal Commerce, one of the bigger payment providers on the globe. Their ability to process transactions quickly and seamlessly is critical to their business model, and so it is no surprise that they have integrated BlockCypher’s Confidence Factor as well.
Although vague as to how it occurred, a representative of BlockCypher, Josh Cincinnati, has published an insightful blog explaining that the attack vector used to execute the double-spend has already been patched. By successively implementing improvements to their algorithm after any successful attack, Cincinnati says, the company has systematically improved the likelihood that zero-confirmation transactions passed through will not wind up double-spent. He writes:
In fact, we’ve witnessed dozens of different kinds of double-spend attempts, some successful, some not. All those cases — this one included — provide useful lessons that iteratively improve our Confidence Factor. […] 99.989% of double-spend attempts were against transactions with less than 90% Confidence, and even fewer were successful. Our Confidence Factor, even with a low threshold of 90%, does an excellent job of filtering the most problematic and risky transactions.
He says that there were more than 100,000 double-spend attempts on the network during the same period as the ShapeShift double-spend, but of those, only 11 were targeted at transactions that BlockCypher’s Confidence Factor had rated more than 90%. In large enough quantities and if successful, these could have been very damaging, but they were not successful. Out of all these attempts, the post illustrates, only one was successful, and it had nothing to do with Bitcoin being broken.
Featured image from Shutterstock.