21
1
I'm making a list of real-life examples of occasions where bitcoins were lost to various known attacks. One of these known attacks is that lightweight (SPV) wallets can't verify whether a transaction only spends UTXOs (a requirement full nodes enforce) so lightweight wallets can be tricked into accepting bitcoins that don't really exist.
Of course, only a dishonest miner would confirm that transaction, making the attack expensive if confirmations have to be involved.
Does anyone know of a real-life example of a user who lost money to this attack, either involving an unconfirmed transaction or a confirmed transaction? I'd prefer an example from Bitcoin, but examples from altcoins are welcome too.
1It would be difficult to know if it ever had, wallets don't support logging to that sort of degree so chances are they would just see no money suddenly with no explanation. It's probably unlikely to have happened, there's easier attacks like a finney attack which has been used to great effect in the past. – Anonymous – 2015-06-05T00:20:22.070
@Bitcoin Given that this attack would cost in the neighborhood of five thousand dollars of electricity, I think it would only be used in cases where there was more than five thousand dollars at stake. If that much money disappeared from my wallet, you can bet that I'd investigate. – Nick ODell – 2015-06-05T00:27:27.723
I'm not sure that premise is correct. Assuming an abundance of malice why would you bother spending money on power, you would just compromise some random mining pool and sneak off with a few blocks, just like has happened in the past. Five thousand USD is small stuff in comparison to some of the BTC heists so far, the recent Bitstamp one was in the order of 5 million USD. There's complaints on forums daily about $10k+ disappearing and often no appreciable explanation for it. I definitely think attacks like this unlikely though, there's probably easier hanging fruit. – Anonymous – 2015-06-05T00:39:04.597