Bitcoin Satoshi’s Vision [BSV] has been in the news recently due to its inflated price growth over the past week. However, a programmer and computer security researcher is known as Reizu recently found that, among other things, it is possible to double spend a zero-confirmation transaction on the BSV chain.
He also discovered that the hashrate on the network is also highly concentrated, with just 4 nodes controlling over 75% of the hashrate, out of the 450 nodes on the network. He begins by saying that double spending a 0-conf transaction is possible, but restricted by multiple real-world limitations. These include the fact that the propagation of transactions is very fast on the Bitcoin network, and that miners follow the “first seen safe” rule.
Moreover, whenever fees of greater than 1 satoshi/byte are used, the transaction is considered safe. In case of double-spending actually occurring, it is easy to detect it by connecting to several different nodes and waiting for 5 seconds, as that would effectively show if transactions have the same output.
Reizu stated that the main reason he picked Bitcoin SV is that the community believes that 0-conf transactions are safe, and said that he wanted to see whether it was possible to send a transaction to one node and another transaction with the same input to another node. He discovered that he indeed could, and presented a short tutorial doing so, using a tool known as izubitcoin.
The tool has some features that enable this, such as using parallelization to connect to each node on the network and connecting to the Bitcoin protocol natively. He explained:
“Once connected to the remote nodes (after a few seconds) I send a signal to the processes. Upon receipt, each thread sends the transaction to their node and disconnects. In this way the synchronization is very effective.”
The condition is exploited on the BSV network with a success rate between 90% and 97%, with a simultaneous connection to all the nodes on the network allowing for a precise control over the distribution of the transactions.
When trying to discover whether double spending was possible by sending the first transaction to a set of non-mining nodes and the second to a minority of mining nodes, he saw that the mined transactions were always sent to the same nodes. This confirms that the mining of the BSV chain is very centralized. More specifically:
“34% of the hashrate is only 1 node. 59% of the hashrate are 2 nodes. 68% of the hashrate are 3 nodes. 75% of the hashrate are 4 nodes.”
The programmer further said that he has double-spent many transactions on the BSV network, with a 90% success rate if the second transactions are sent to 6 nodes and a 100% success rate if sent to 20 nodes. He further found that the difficulty of double-spending is proportional to the number of nodes on the network and that doing it is “practically free”, as one needs only an internet connection and a mid-range or high-end router.
Moreover, this method works even if all miners are honest, which opens up the BSV network to a host of double spend attacks. Even as the network is presenting itself as one of the biggest payment networks of the next decade, this exploit must be fixed before it can compete for the position.