About Teletype
Join
bitcoin doublespend
@bitcoindoublespend
November 3, 2020

How to search vulnerable sites for bitcoin double spend

First, let's understand what a bitcoin double spend is.


Bitcoin Double-spend consists in spending the same coins twice. This tool emits two different transactions using the same coins. One of the transactions goes to your target's wallet, whereas the second transaction goes back to you. Once the second transaction sended, the first one is cancelled from mempool and will not be able to receive confirmation.

What other names does bitcoin double spend have?

Some call it "Bitcoin fake transaction", "Cancel bitcoin transaction", "Double spending" and etc.

How can you make a profit from this? By using a double spend you can receive various goods/services/real money, etc. If the store/service/person accepts payment without waiting for confirmations, then you can get something from them in return, while spending small amounts on commissions.

Example:

  1. Bitcoin ATM(risky) β€” some ATMs accept payments in bitcoin without waiting for confirmations. Therefore, you can sell them bitcoins and get cash in return.
  2. Humans(risky) β€” a large number of people are looking for where to buy bitcoin every day, in most cases these people do not know how to safely check transactions and can often complete the deal without waiting for the confirmation of the transaction.
  3. Forum sellers β€” a huge number of sellers on the forums accept bitcoin for payment, many of them also do not know about confirmation of transactions. In particular, by buying various goods/services on the forums, you can successfully do it shareware.
  4. Sites/services β€” every day a large number of new sites appear that accept bitcoin for payment. Not all of these sites check the confirmations, which makes them vulnerable to bitcoin double spend. The site can be anything from gambling to subscription to adult content. Ideally, of course, this is a service that sells some popular electronic product, which you can then sell without problems.
  5. Cryptocurrency exchange β€” it is quite difficult to find an exchanger that will be vulnerable, we can say that you are very lucky. But, occasionally there are new exchanges that do not check the confirmations and can give you an exchange.
  6. Gambling sites β€” Some casinos do not check deposits for confirmation in order to improve the conditions for their players. This usually means that you can play on such sites and if you lose, you will send a second transaction and not lose your coins. If you win, you just wait for your deposit to receive confirmation and withdraw all your winnings. Even very large casino sites can be vulnerable.
  7. Bitcoin mixers β€” Some mixers may send you transactions before yours receives a confirmation. This means that they are vulnerable to bitcoin double spend.

Now you understand the ways to use double spend.

Now let's look at examples to look for both vulnerable sites. After all, this lesson is quite difficult and requires enough time to search.

He that can have patience can have what he will. Benjamin Franklin


Where to find vulnerable sites?

  1. Google β€” Yes, seriously. You can search for any queries in the query which you will mention keywords (Bitcoin deposit, instant deposit, beta bitcoin and etc.) by choosing various search settings, you can find sites that are not included in the top results and thus you can find fairly fresh sites. Don't get hung up on the same queries, search smartly. You can also use other search engines(duckduckgo.com , yahoo.com , baidu.com and etc.)
  2. Forums β€” The forums have a huge number of sites/offers related to bitcoin. Also, some forums have threads on announcing new sites. There are also a lot of sellers on the forums, especially on darkweb(.onion)
  3. Catalogs β€” Such catalogs collect sites that accept bitcoin for payment, for example. Such sites may contain old sites that are not popular, but continue to work and accept Bitcoin for payment without waiting for a confirmation. You should not pay attention to sites that offer physical goods for sale, in 95% of cases they will not send you the goods.
  4. Social networks β€” Using social media search, you can find small sites that may be vulnerable. You can also find people who provide services with bitcoin payment.
  5. ADS β€” Yes, advertising on sites. While exploring various new sites, you will see banners and other advertisements that are of great interest to you. You can find a little-known site that will be vulnerable. I advise you to disable your adblock and often look at banners in search of a site that accepts bitcoin. Personally, I use this method constantly and quite successfully.
  6. PTC(Paid To Click) β€” These are sites that post sponsored links for their users and make money on it. On such sites, you can find mainly hyip projects that accept payment in bitcoins. Some of them may be vulnerable and you can use their referral system to get profit from this. But, be careful, mostly such hyip projects are scam and may not pay.
  7. Friends β€” Ask your friends who use bitcoin as a means of payment, perhaps they have recently used some kind of site and it accepted payments without waiting for confirmations.
  8. Spam β€” I do not want to tell you that it is worth paying much attention to spam on social networks or blogs. But, it is usually spammed with various referral programs that may also be of interest to you. Sometimes you don't have to dig a huge hole to get to the gold, it can be on the surface.

How to understand that a site is vulnerable?

First, it must accept bitcoin for paymentsπŸ˜…. Next, the best way is to make a deposit through bitcoin double spend tool. But, it is not always necessary to do this. Before the deposit, you can understand that the site is vulnerable or not. Look for the FAQ page on the website, perhaps the conditions for accepting payments are written there (the actual information is not always there). Next, try to make a request for payment and look in the modal window or on the page with payment for any information about the confirmations. If you did not find information about this, then the last method remains. To do this, you need to use developer console(Windows: F12, MacOs: Cmd+Opt+J)

After opening the console, you need to go to the Network tab. In this tab, you will see the requests that the site sends using its API, by opening this request you can sometimes see whether the service requires a confirmation for a transaction or not. Take your time, requests can be long and may come even after 10 minutes. But it usually takes up to 1 minute.

For example, we found a site that requires 0 confirmations (sometimes in some API 0 = 1, 1 = 2)

If we really found such a site, then it is worth making a deposit using double spend.

If you find a site that uses a vulnerable service to accept payments in bitcoins, then you can also find out through API requests or other data in the developer's console about which payment merchant they are using. Further, for example, using the ahrefs service, you can try to find other sites that can use the same payment merchant.

P.S Some sites may give you a reward if you find a vulnerability on their site.

And remember that no one will sell you a good vulnerable site that will give you a profit. The best method is search it yourself.

This Tutorial Is Only For Educational Purpose. Please don't use this material in illegal purposes.

bitcoin doublespend
November 3, 2020, 22:22
0Β reactions
0Β views