Refund Attacks on Bitcoin’s Payment Protocol

We got our paper “Refund Attacks on Bitcoin’s Payment Protocol” accepted at the 20th Financial Cryptography & Data Security Conference in Bridgetown, Barbados. The question is… what is the paper about and why do we think it is important for the Bitcoin community?

BIP70: Payment Protocol is a community-accepted standard which governs how customers and merchants interact during the payment process. It is currently in use by Coinbase and BitPay, the two largest Payment Processors in the Bitcoin Community, who collectively provide the Payment Protocol for more than 100,000 merchants world-wide to use with their customers. The premise behind the protocol is to improve the user experience as customers no longer handle (or see) Bitcoin addresses during the payment process. Most importantly, the protocol should prevent man in the middle attacks as customer’s can authenticate messages from the merchant when a payment is requested.

A Bitcoin Core wallet displaying a Payment Request from BitPay.com (Source: BitPay)

Figure 1: A Bitcoin Core wallet displaying a Payment Request from BitPay.com (Source: BitPay)

To briefly describe the Payment Protocol:

  • The merchant sends a Payment Request message that contains their Bitcoin address, the number of bitcoins requested and a memo describing the purpose of the payment. This message is signed using their X.509 certificate’s private key.
  • The customer’s wallet verifies the authenticity of the merchant’s Payment Request message and displays on-screen the payment details to the customer (as seen in Figure 1).
  • If the customer authorises the payment, the wallet performs two actions:
    1. Authorises a payment transaction and broadcasts it the Bitcoin network,
    2. Responds with a Payment message that contains a copy of the payment transaction (Bitcoin transaction that sends bitcoins to the merchant), the customer’s refund address and the number of bitcoins that should be refunded in the event of a dispute.
  • Finally, the merchant replies with a Payment Acknowledgement message that repeats the customer’s Payment message and informs the wallet to display a confirmatory message, “Thank you for your payment!”.

A full description of the Payment Protocol can be found in our paper and in the BIP.

It should be noted that the protocol provides two pieces of evidence in case of a dispute:

  1. The customer has publicly verifiable evidence that they were requested to make a payment by presenting the Payment Request message signed by the merchant.
  2. The customer has publicly verifiable evidence that they fulfilled the requested by presenting the payment transaction that is stored in Bitcoin’s Blockchain.

What we propose in the paper is that a third piece of evidence should be provided.

The merchant should have publicly verifiable evidence that he sent the refunded bitcoins to a Bitcoin address endorsed by the same pseudonymous customer who authorised the payment. 

Why is this endorsement important? In conventional online commerce, the merchant refunds the money back to the same account that authorised the payment. However, in Bitcoin (and the Payment Protocol), refunds are sent to a different Bitcoin address. This refund address has no connection to the Bitcoin address(es) that authorised the payment. Fundamentally, the merchant needs to be confident they are actually sending the bitcoins back to the customer.

Furthermore, there is no community-accepted refund protocol in use today. The Payment Processors (and merchants) have had to implement their own policy to deal with refunds in Bitcoin. Unfortunately, sending refunds in Bitcoin is not as trivial as it first appears and these observations lead us to identify two new attacks:

  • The Silkroad Trader attack relies on an authentication vulnerability in the Payment Protocol as customers can send bitcoins to an illicit trader via an honest merchant, and then plausibly deny their involvement.
  • The Marketplace Trader attack relies on the current refund policies of Coinbase and BitPay who both accept the refund address over e-mail. This allows a rogue trader to use the reputation of a trusted merchant to entice customers to fall victim to a phishing-style attack.

Full details of the attacks can be found in the paper (and are written in such a way that we hope even people without any prior knowledge about Bitcoin can easily understand them).

We performed experiments on real-world merchants to validate the feasibility of our proposed attacks and privately disclosed our results to Coinbase, BitPay, Bitt and others (all our experiments were approved by our university ethical committee). These Payment Processors have taken precautionary measures to prevent the Marketplace Trader attack (as it relies on their refund policies). However, to solve the Silkroad Trader attack requires the Payment Protocol to endorse the refund addresses sent at the time of payment.

A concrete solution is outlined in the paper and we are in the process of implementing it for both Bitcoin Core and Bitcoinj. We hope to soon release the code to the Bitcoin community alongside a new BIP to outline the technical details. In essence, the solution aims to associate each transaction input with a refund address – as the keys that authorised the transaction are also required to sign the refund address. We settled with this solution to ensure the customer has full flexibility over which refund address was chosen. (i.e. No additional information needs to be stored to re-generate the refund address).

We recommend reading the paper to understand the attacks, experiments and solution. Please do leave us a comment if you found the post interesting or want to know more information. I can also be privately contacted at patrick.mccorry at ncl.ac.uk.

This entry was posted in Academic paper by Patrick Mccorry. Bookmark the permalink.

About Patrick Mccorry

My name is Patrick McCorry and I am currently a student under the supervision of Feng Hao. My colleagues are Sia, Taha, Maryam and Ehsan. The purpose of a PhD is to learn how to become a researcher (hopefully a great one!) and while I hope to learn from others on how to become a "great" researcher - at heart I am an Engineer. My interests include cryptocurrencies such as Bitcoin and how I can make them better.

15 thoughts on “Refund Attacks on Bitcoin’s Payment Protocol

    • Hello, as a newbie to cryptocurrency trading, I lost a lot of money trying to navigate the market on my own, then in my search for a genuine and trusted trader/broker, i came across Trader Bernie Doran who guided and helped me retrieve my lost cryptocurrencies and I made so much profit up to the tune of $60,000. I made my first investment with $2,000 and got a ROI profit of $25,000 in less than 2 week. You can contact this expert trader Mr Bernie Doran via Gmail : BERNIEDORANSIGNALS@ GMAIL. COM and be ready to share your experience, tell him I referred you

  1. Great work. I hope you others can learn from the contents of your paper. We really need people like you doing this kind of work.

  2. In 2022, crypto criminals directly stole a record US$3.2 billion worth of cryptocurrency, according to Chainalysis. That’s a fivefold increase from 2020. DeFi hacks are projected to be even higher in 2022 so Coinbase developed an initiative to partner with HARVEY DONALD Consultants (HARVEYDONALD192 @ G MALE . com) to help curb this problem of cryptocurency theft around the world. I would advice you reach out to them as soon as you can because in such cases the faster you act, the better.

  3. When I first read about cryptocurrency investment, I was thrilled at how one can earn enormous money by investing a small amount and earning 100% of what I have invested. I was advised to start my investment with just $3,200, and from there, the purpose of needing endless money to get access to my funds never stopped coming. I paid hundreds of thousands on multiple occasions till I hit the wall. All I had left was to find a means of getting back all I had lost from these scammers. I tried several options but all yielded no success. The authorities weren’t helping either. I can still feel the cold shiver in me when I remember I am about to lose $34,000 worth of Bitcoin. Honestly, I still can’t recall how I came in contact with BRUNOE QUICK HACK but it was the best decision ever. I was able to get all my Bitcoin successfully recovered with the help of BRUNOE QUICK HACK within a couple of hours. Thank you all, season greetings. Contact the best cryptocurrency recovery experts via. in need. Contact info Whatsapp: + 1[7]05784[2635]
    Email: brunoequickhackATGMAIL.COM
    Website: brunoquickhack.com

  4. Thank you EXNER HACKER for thekindness you showed me and for being so loyal in my lost funds recoveryprocess. You just saved my life big time. I am glad that you were also able tohand me over the scammers and now they are being dealt with by the law. Well,this all was a dream as I clearly informed you when we successfully got thefunds back to the last dime. I can finally put my aging mum into a goodnursing home and I can successfully finish my medical course. When I firstheard about The EXNER HACKER, I was in the bank where I met my school mentorand I happened to mention my troubles. She didn’t hesitate to mention EXNERHACKER as she herself had received their services earlier on. As we speak, my $291,000is successfully deposited in my account. All is well and I am one happyfulfilled person. If you need funds and cryptocurrency related help, seek thiscompany out at:Email:TheexnerhackerATprotonmailDOTcomTelegram: (PLUS)1 (917) 384‑3379

  5. Get In Touch With The Hack Angels To Retrieve Your Funds Back From Bitcoin Scammers.

    Mail Box; support@thehackangels. com      Whats Ap; +1 520) – 200, 23  20   

    Many experienced cryptocurrency users have fallen victim to bitcoin scams, either through intentional or inadvertent transfers. However, keep in mind that any type of loss of cryptocurrency can be reversed and recovered, and that if you report the loss to the appropriate party, you can also quickly receive your money back.I highly recommend The Hack Angels.

    Web: https://thehackangels.com

  6. MetaMask is the biggest scam you can have , all my NFT and coins where stolen in a twinkle of an eye and their very rude customer care will ignore you and tell you there’s nothing they can do, expresshacker99 was competent enough to help me recover my lost asset. You can reach them via expresshacker99[at]gmail[dot]com.

  7. Cryptocurrency investing is a smart move. When I first began to trade cryptocurrencies, I invested in a phony trading organization that stole from me more than 110,000 Dogecoin and 1.95BTC (approximately). It was a terrible moment for me; I sought out a recovery specialist immediately to retrieve my money, and Deftrecoup saved the day. From the very start to the the end, they was helpful. If you find yourself in a similar circumstance to mine at that time, I strongly recommend using Century Hackers’ services. Send an email to support(@)deftrecoup . com right now.

  8. I want to publicly thank Seeker Assets Recovery, a professional private investigator and a certified expert in Bitcoin Recovery Services, for their assistance in helping me recover the money I lost to fraud. An online manipulation artist who represented themselves as knowledgeable and experienced in the field of Crypto investments conned my wife and myself. My 88,000 USD worth of funds were put into cryptocurrency. I was left helpless after the fraud tricked us and had to spend hours looking for a Crypto recovery service to get my money back. The specialist I found was Seeker Assets Recovery. I just had to be patient after describing my situation to the expert, and all of my money was returned to my wallet in less than 48 hours. Thank you Seeker Assets Recovery for your excellent assistance in getting my money back. Seeeker Assets Recovery can be reached through various channels like:
    Email: info @ seekerassetsrecovery .com

  9. Legitmate Crypto Recovery | Best Crypto Recovery Company – OPTIMISTIC HACKER GAIUS
    If you wish to recover your lost bitcoin, contact OPTIMISTIC HACKER GAIUS, the leading provider of cryptocurrency recovery services worldwide. By investigating both technical and non-technical clues, tracing the location of the funds, and eventually identifying the most effective and secure ways to retrieve the lost funds, OPTIMISTIC HACKER GAIUS helps victims of cryptocurrency frauds. It is highly recommended to use OPTIMISTIC HACKER GAIUS for any type of Bitcoin recovery task.

    Speak with GAIUS 
    WhatsApp ……… +44 737 674 0569
    Homepage: ……… https://optimistichackergaius.com
    Contact Email;…. [support@optimistichackergaius.com]
    Telegram,…….      Telegram: Contact @optimisticha

  10. Legitmate Crypto Recovery | Best Crypto Recovery Company – OPTIMISTIC HACKER GAIUS If you wish to recover your lost bitcoin, contact OPTIMISTIC HACKER GAIUS, the leading provider of cryptocurrency recovery services worldwide. By investigating both technical and non-technical clues, tracing the location of the funds, and eventually identifying the most effective and secure ways to retrieve the lost funds, OPTIMISTIC HACKER GAIUS helps victims of cryptocurrency frauds. It is highly recommended to use OPTIMISTIC HACKER GAIUS for any type of Bitcoin recovery task. Speak with GAIUS  WhatsApp ……… +44 737 674 0569 Homepage: ……… https://optimistichackergaius.com Contact Email;…. [support@optimistichackergaius.com] Telegram,…….      Telegram: Contact @optimistichackergaiuss

  11. RECOVER YOUR FUNDS FROM SCAMMERS.

    As a seasoned investor, I thought I had seen it all. But my recent encounter with Trade Deluxe left me shaken and wiser. This article serves as a warning to others: beware of the allure of false promises.
    Trade Deluxe presented themselves as a reputable investment firm, boasting impressive returns and minimal risk. their charismatic representatives assured me that my investment would yield substantial dividends. Blindly trusting their promises, I invested €680,800.00 hoping to secure my financial future.
    However, when I attempted to withdraw funds, I encountered hidden fees and bureaucratic hurdles. My calls and emails were met with evasion and vagueness. Reality hit hard: I had fallen prey to a sophisticated scam.
    Desperate for recourse, I discovered Icon Assets Recovery specialists in recovering lost funds. Their expertise and support gave me new hope. Together, we navigated the complex recovery process.

    This experience taught me valuable lessons:

    1. Verify investment opportunities thoroughly.
    2. Be cautious of unusually high returns.
    3. Monitor communication and transparency.

    *Testimony*

    “I fell victim to Trade Deluxe’s deceptive tactics, losing €680,800.00 But thanks to Icon Assets Recovery I regained control. Their professionalism and dedication helped me reclaim my lost funds. I urge others to exercise caution and verify investment opportunities.

    For further details contact:
    
website: https://iconassetsrecovery.com
    
Email: {support (at) iconassetsrecovery (dot) com
    
Whatsapp: +1-8-5-0-3-7-0-7-0-5-6
    
Telegram: iconassetsrecovery

Leave a Reply

Your email address will not be published. Required fields are marked *