All bitcoin transactions get written to a globally-shared ledger of transactions that is maintained by the bitcoin network. Roughly every ten minutes, a new page is added to the ledger that includes (most of) the latest transactions. When your bitcoin transaction is added to this ledger, it is called a "confirmation".
Accepting bitcoins with "zero confirmations" means that namecheap doesn't wait ~10 minutes before accepting your payment. Instead, they accept your transaction as soon as it is widely broadcast over the network, which takes only about a second after you send your money.
The danger, of course, is that the payment never makes it into this ledger, which basically means the transaction is invalidated, and the money "was never sent". This only happens in unusual circumstances (can't get into them all in this short explanation) and is only a small risk.
"The danger, of course, is that the payment never makes it into this ledger"
As a registrar I can confirm that we can back out and get our money refunded for any transaction within 5 days. Now you can't abuse that (and there is a ratio of reversals you can do w/o having a problem) but the risk they are taking by waiting is actually far less than a credit card risk where you lose big time if fraud is involved (it gets kicked out much later than the cutoff to get the money back for the registry fee). And with cc you get dinged with a penalty and lose the money.
Isn't this exploitable by forging a transaction? The way I thought the ecosystem worked was that bitcoin mining verified the authenticity of transactions of the page, thus creating the "confirmation". Couldn't a malicious party create a fraudulent transaction to namecheap if they aren't verifying that it's real?
Yep. It's only an issue if you are giving the buyer something irreversible.
It's essentially no greater risk than accepting credit cards; any buyer can do a chargeback and get their money back at a moment's notice, but it happens fairly infrequently and when it does happen, you just revoke their rights to the service and ban them if necessary.
As I understand it, in order to forge a transaction and construct a double-spend scenario, you have to have the ability to rapidly mine a bitcoin block, and then not submit it, thus forfeiting the 25BTC reward you'd normally get for the block. So, that type of fraud doesn't seem worth it unless you're scamming significantly more than the value of 25 BTC (currently close to $2500).
Which makes it fairly reasonable for a seller of $5-15 products that can be cancelled to take on that risk, since it's a lot less problematic and time-delayed than credit card chargebacks. "You'll gain high confidence within 10-40 minutes" seems preferable to "you might get a chargeback months later".
(Clarifying edit: I don't know if that's accurate for zero-confirmation double-spends; it's accurate for non-zero-confirmation double-spends.)
Not quite. The essence of a double-spend attack is creating two transactions spending the same bitcoin: one to the merchant (call it A) and one to another of your accounts (call it B). You send A to the merchant and secretly submit B to another node. A looks valid to the merchant, so they accept it.
Now it's basically a 50-50 chance of which transaction will make it into the ledger and which will be rejected as invalid because the input was already spent. If you have your own compute power, you can shift this, up to the extreme of having >50% of the total power, in which case you can guarantee B is accepted, since you can outmine any chain that includes A. However, there is no reason you would need to forfeit any reward if you personally mine the block with the transaction in it.
Confirmations shift the probabilities back towards the merchant, since no honest node will mine on a chain not already including A because the one including A is longer. In this case you must mine secretly on the chain including B until it exceeds the length of the chain including A. This absolutely requires more than 50% of the network compute power, since you must totally outmine the honest network. But again, if you can get the length of chain B up to the point where it exceeds chain A, the block rewards in chain B are yours and those in chain A are forfeit.
As I understand, if they wait 10-20 seconds and listen to the network to make sure no conflicting transaction is broadcast, the odds of a successful double spend drops to very very low.
This is complicated to answer in detail, but the short answer is "It is easier to make gold out of lead than forge a bitcoin transaction." Not sure where that quote originally came from.
This is a perfect use case for zero confirmation transactions. Less friction for a legit customer and no real loss for the business if they need to roll back the transaction if it doesn't confirm. The only risk[1] I can see for Namecheap is the $.18 ICANN fee and that's assuming they're still on the hook for it if they cancel the registration.
[1]: Besides currency conversion risk of Bitcoin -> USD of course.
Funny this got to the front page today - this morning I bought a domain name from namecheap. First I tried to use my credit card. It was denied, for no apparent reason as I keep it paid off. Then I used my debit card, and it went through. However, later today BOTH my cards were temporarily suspended, and I had to wait on hold twice to verify that, yes, I did authorize a payment to namecheap.com.
Nothing else in my recent purchase history was out of the ordinary, which makes me think that namecheap.com is just one of those entities that the Cc companies have flagged.
Sounds like the first denial was due to an automated fraud check with a false positive. When that happens, it's a good idea to call your credit card company right away - if it was such a fraud check, they can usually reactivate it right away and whitelist the merchant you tried to buy from, allowing you to retry the transaction - and more importantly, ensuring that your card isn't suspended and later declined again at an inopportune time.
As an interesting note, I used the free Namecheap domain coupon I got at the Bitcoin conference to register NeoCities.org. Thanks guys! Great service, highly recommended.
I think the limit is shorter these days (more like 2 or 3 days), and there's a penalty for using it too often. Still plenty for these purposes, though.
Not really. If it's a situation where having the service for a brief period of time is valuable, and which can be active before a double-spend would be detected, you'll probably see as much fraud as for a physical good of a similar value.
On the flip side, requiring confirmations before physically shipping a product but not before beginning provisioning would likely be doable.
Well, you can go to my bookstore cointagion.com and buy lots of ebooks :-)
But yes, for the most part bitcoin is still a solution looking for a problem. The three best candidates for large-scale future use are, in my opinion (1) sending money overseas for employees/family (2) store of value in countries with high inflation (3) some kind of business model, as yet undiscovered, involving "reverse micropayments" (by which I mean micropayments involving few buyers, many sellers)
If you're a serious speculator then you can figure out how to buy BTC with an ACH or wire transfer. Also, I suspect a lot of miners are looking for ways to spend their BTC.
I just see that more and more people adopt bitcoin, that it's anonymous, distributed and secure, and it's been described as the next best thing since banknotes - I just can't see the usefulness...
While most people want Bitcoin to replace the US dollar, I think that as a secure, decentralized payment method, it's more useful as an alternative to Paypal. Like everything else, it's usefulness is tied to the number of people who adopt it.
Do you use cash in real life to avoid telling companies what you spend, where you spent and what you spent it on? If your answer is no, then you probably won't find much value in doing the same online with bitcoins.
I'd love to hear more about the decision trade off they made. On the one hand, you want to have a minimum of at least a handful of confirmations to verify that the btc aren't being double-spent. This means a delay of several minutes or longer. Alternatively, you can accept on faith with zero-confirmations that the btc is legit.
In this case, it sounds like Namecheap decided the ease of use is economically more valuable than the threat of being cheated. I like this line of thinking.
Further, it could be that it's not really a risk for Namecheap, because they can reverse a domain name purchase afterwards if the btc payment is fraudulent.
The latest I've heard is that an extremely sophisticated hacker can roll back* a zero confirmation transaction in about one third of attempts... so long term such a hacker could manage a 33% discount on purchases.
*Via a double spend attack with careful selection of peer connections and precise timing
I wouldn't usually worry about accepting zero confirmation transactions on a website. Most digital orders are reversible and physical orders take some time to process (packaging, shipping, etc).
However, with brick and mortar stores, 0-confirmations transactions are much more problematic for the business. The customer could be long gone with your product by the time you notice the double-spend. OTOH, the 10 minutes delay is also much more problematic for the customer with physical stores (imagine a customer having to wait for 10 minutes to buy a pack of gum).
One interesting solution for making zero-confirmations safer to accept is fidelity bonds [1], where you would "sacrifice" some Bitcoins from your address, a sort of "safe deposit" that you never get back. From that point on, until that address is seen to commit a double-spend, merchants can accept zero-confirmation payments from it knowing that attempting to double-spend would make the customer's initial deposit invalidated. As long as the deposit is larger than the transaction amount, it'll make double-spending unprofitable.
Edit: Another interesting aspect is that fidelity bonds can also be used to make other kinds of fraud unprofitable, not only double-spending. However, while its easy to determine when a user committed a double-spend attack (just show two signed transactions paying the same coins to two different places), its not that straight forward to prove other kinds of fraud.
Fidelity bonds are interesting, but it seems to me there are a couple of alternative solutions that are much easier to understand and hence more likely to get traction. One would be to rely on green addresses (downside: requires third party trust) and another is to simply sniff the bitcoin network for an additional small time window looking for suspicious double spend attempts (downside: not 100% effective)
However, I suspect you understand these issues better than I, so I'd love to hear your input on these alternatives and why you think Fidelity bonds are the most likely solution that will be adopted.
The most interesting alternative solution right now to make zero-confirmation transaction safe is rather counter-intuitive:
"However we can make zero-confirmation transactions safe without complex trusted identity systems, ironically by making it easier to double-spend. If we implement replace-by-fee nodes will always forward the transaction with the highest overall fee (including parents) even if it would double-spend a previous transaction. At first glance this appears to make double-spending trivial and zero-confirmation transactions useless, but in fact it enables a powerful counter-measure to an attempted double-spend: the merchant who was ripped off creates a subsequent transaction sending 100% of the funds to mining fees. All replace-by-fee miners will mine that transaction, rather than the one sending the funds back to the fraudster, and there is nothing the fraudster can do about it other than hope they get lucky and some one mines their double-spend before they hear about the counter spend. The transaction can also be constructed such that the payee pays slightly more in advance, with the merchant refunding the extra amount once the transaction confirms, to ensure that a double-spend will result in a net loss for the fraudster." - https://bitcointalk.org/index.php?topic=251233.msg2669189#ms...
In English, if you want to reverse a transaction, IE cancel a payment, the most you can steal from the person you paid is the value of the transaction itself. But if we implement a system where you can change a transaction after the fact, sending more of the fees to miners, the merchant can always outbid you, so it's almost impossible to actually get away with the theft and gain anything. You'll still pay for whatever you stole, thus turning what was a profitable attack, into a unprofitable attack that at best is simple vandalism. Namecheap isn't going to care much if a thief lost $10 when their loss was at most a $0.17 registrar fee.
Disclaimer: I'm working on implementing this feature in Bitcoin, although it's John Dillon's idea.
> green addresses (downside: requires third party trust)
I think that fidelity bonds are in fact a decentralized solution for green addresses.
With traditional green addresses, you would have to use 3rd party services to prove you're honest. Those services would have to charge fees in order to operate.
With fidelity bonds, you would prove you're going to be honest by making it unprofitable to act otherwise. This doesn't require a trusted party, should be much cheaper for users in the long run, and imho a much more elegant solution.
But even if that's the case, when the double spend is spotted the service can be canceled, which in this case seems likely to be before service is started anyway.
Yes, of course... I was just giving the "maximum ceiling" for the risk. There are many mitigation strategies at several points in the process that can lower this risk significantly.
That site isn't great because it's tricky to hit the two submit buttons in succession, but a fairly trivial script can do the same thing without much difficulty.
The reason why you don't hear about it is in reality there pretty much aren't any services out there that are actually vulnerable to that kind of double-spend in a way that results in genuine financial loss. Aside from some rare exceptions everyone accepting zero-conf transactions are either selling something that can be recalled after the fact, (tell the shipping department to stop) or has zero marginal cost. (like mp3s)
Maybe I'm missing something, but I do not believe there is a possibility of a double spend with the way NameCheap has setup their payment.
To pay with Bitcoin, you have to send BTC to your Namecheap account (which is done through BitPay), and wait for 6 confirmations (1 hour). They say "Funds will be added to your account within one hour after payment is confirmed. On very rare occasions, it may take up to 24 hours for the funds to be credited."
After that point, you can buy domain names with zero confirmations, but there is no risk at this point, because it is Namecheap account credit.
Nice to read this. The experience with paying with BTC last time I tried is was less than pleasant - I had to wait about an hour until the funds appeared.
I hate to disappoint you, but the main stream user experience of bitcoin remains a clusterfk. Things are slowly improving though (new payment protocol, hardware wallets, zero-conf transactions, lightweight wallets, deterministic wallets, etc.)
This depends on the client. The reference client will not display the funds as available until it reaches 6 confirmations (~60 minutes) but the coins are theoretically available to spend as soon as your client knows about them, it's just a matter of using a client that allows you to do so, and also making sure that the network knows that you have coins in the address you specified as an input before you try to spend them yourself.
Long story short it was alleged there was child pornography hosted on imgur. Namecheap took it upon themselves to "Block the domain for abuse" because the owner of the domain didn't reply in a time frame Namecheap deemed appropriate. Since Namecheap neither hosts, nor transmits any of the content on Imgur, it was very troublesome to hear they would shut down someones domain by their own hand, with no involvement, nor request from law enforcement.
> I'm the CEO of Namecheap here. Just want to let you all know
> that I am personally looking into this. The domain was taken
> down by an overzealous abuse team member who had no knowledge
> of who imgur was. Although we did send 6 separate emails over
> the last week, it should have still been escalated. I am
> reviewing our policy to see how we can avoid this type of
> situation further in the future. To the folks at IMGUR, I want
> to sincerely apologize for this situation and the extreme
> inconvenience this has caused you. If you can connect me with
> someone in your company. I'd like to give you a personal call
> and discuss the matter further.
>
> -Rick Kirkendall - CEO
I just don't feel comfortable leaving my domain name in the hands a lone abuse department team member that can evidentially change any domains nameservers without any approval or oversight.
Additionally, the new nameservers Namecheap picked had a 48 hour TTL, meaning the website was potentially down for 2 days for some people.
You're holding them to an unreasonable standard here, IMO. They've got "cheap" in their name - you can't have your cake (dirt cheap product) and eat it too (perfect service and procedures).
The profound apology and promise of fixing the procedure is already above and beyond what anyone (again, IMO) has a right to expect from a vendor of a $4 product.
All bitcoin transactions get written to a globally-shared ledger of transactions that is maintained by the bitcoin network. Roughly every ten minutes, a new page is added to the ledger that includes (most of) the latest transactions. When your bitcoin transaction is added to this ledger, it is called a "confirmation".
Accepting bitcoins with "zero confirmations" means that namecheap doesn't wait ~10 minutes before accepting your payment. Instead, they accept your transaction as soon as it is widely broadcast over the network, which takes only about a second after you send your money.
The danger, of course, is that the payment never makes it into this ledger, which basically means the transaction is invalidated, and the money "was never sent". This only happens in unusual circumstances (can't get into them all in this short explanation) and is only a small risk.