What happens when systems mistake or confuse Bitcoin Cash (BCH) for SegWit1x (BTC)? Bad things, potentially.
Security researcher Brian Krebs recently disclosed a glitch in the Overstock website’s payment integration with Coinbase. The glitch in the payment section let customers purchase any item for a fraction of the listed price, and also allowed anyone paying with Bitcoin (BCH) to receive multiple refunded amounts in BTC for cancelled orders.
To differentiate, Bitcoin is designed for cheap and fast peer-to-peer transactions, as described in the whitepaper written by Satoshi Nakamoto. The first block of BCH was mined precisely nine years ago.
Back in January 2014, Overstock.com and Coinbase embarked on a partnership which allowed customers to pay for goods using BTC as virtual currency. At this point, BTC’s network wasn’t as clogged as it is today, due to high saturation and volatility.
This is one of the many reasons why Bitcoin Cash emerged as its successor, a true heir to Satoshi’s vision. As the first official fork from the legacy chain, BCH is designed with consumers in mind, addressing the scalability issues of the former.
KrebsOnSecurity reported that it was contacted by JB Snyder, owner and proprietor of Bancsec, a white hat penetration testing firm that gets paid to break into banks to check their security compliance. Snyder informed the security blog about a discrepancy that he noticed while purchasing an item at Overstock.
At the checkout process for payments via crypto, Overstock.com gives customers a BTC address which can be used to fill the invoice and complete the transaction. However, as Snyder noticed, Overstock’s payment page also accepted Bitcoin Cash as payment.
When Krebs tried to replicate the process, he ordered three outdoor solar lamps from Overstock for $78.27 and paid 0.00475574 BCH to the address provided by Overstock through Coinbase. Given the efficiency of Bitcoin Cash, it only took a few seconds for Overstock to send an email confirming the transaction, complete with shipping details and tracking. The discrepancy? $78 isn’t equal to 0.00475574 BCH, which is just somewhere around $12.
“But that wasn’t the worst part. I didn’t really want the solar lights, but also I had no interest in ripping off Overstock. So I cancelled the order. To my surprise, the system refunded my purchase in [BTC], not bitcoin cash!” Krebs shared.
If not for the disclosure by Krebs, this glitch would’ve been overlooked and exploited by scrupulous individuals. When asked for a statement, both Coinbase and Overstock declined to point who was at fault.
The problem might be Coinbase’s API (application program interface), or a wrong call from Overstock.com’s implementation. Luckily the bug only lasted for approximately three weeks, with only a negligible amount of transactions were impacted by the issue, according to Coinbase.
Cryptocurrency payments have become so widely adopted in the past year. However, both merchants and consumers have been ditching BTC because of its recent volatility and the surge in associated fees for the simplest transactions.
With major tech companies like Microsoft and Steam ceasing support for Bitcoin Legacy payments, it’s only a matter of time before Bitcoin Cash, now recognized by Blockexplorer as Bitcoin, becomes the standard in peer-to-peer micropayments. After all, what’s the point of a cryptocurrency if it has no use?