FAQ

Fomero

FAQ | Contact

Frequently Asked Questions

What is double spending?
Double spending bitcoins means including the same bitcoins as inputs in two or more transactions.

Why does the bitcoin network allow this?
Because when you double spend, only one of the transactions will get confirmed. So you don't really get 2 bitcoins for the price of 1.

So why would I want to double spend?
Double spending takes advantage of people or web sites who give you something in return for an unconfirmed bitcoin payment. The creators of bitcoin warned users to never trust an unconfirmed transaction (because of the double spending problem). However, not everyone listens to recommendations.

So how can I use double spending to my advantage?
Find people or web sites that will give you something in return for an unconfirmed payment. Send the first transaction to them and get something from them. Then, create a double spend transaction back to one of your own addresses. If the second transaction confirms (which means the first can't confirm) then you get your bitcoins back, plus whatever the person or web site gave you.

How do I get the second transaction to confirm instead of the first?
Use a higher transaction fee for the second transaction.

Can you give me some examples of situations where double spending might give me something for free?
1. In-person bitcoin trading. You want to sell bitcoins to someone. You meet up with them. You send them the bitcoin payment. They see your payment, but don't wait for the confirmation (bad idea!) and give you the cash. You walk away and then double spend the bitcoins back to yourself. Now you have the bitcoins and the cash. Then they hire Chuck Norris to hunt you down. OK, maybe this is a bad idea.
2. Bitcoin casinos. Some online casinos (such as BitCasino, WixiPlay, and 8 Bet allow you to bet while your deposit is still unconfirmed. Here's how to take advantage: First, send in a deposit payment. Then, while the payment is still unconfirmed, you make a bet. If you win, great! Just wait for the payment to confirm. When it does, withdraw your winnings. What if your bet loses? No problem. Just double spend the same coins back to yourself before your deposit transaction confirms. Now you have your coins back and you didn't lose anything (except your transaction fee).
3. Bitcoin mixers. Some mixers (such as BitCloak) will send your output payment to you while your input payment is still unconfirmed. First, send the mixer a payment. Then wait until you see the payment from the mixer incoming to your wallet. When you do, double spend the bitcoins you sent the mixer back to yourself. If the mixer's output transaction to you confirms but your input transaction to the mixer does not confirm (because your double spend transaction confirms instead) then you really have doubled your bitcoins (minus the mixer's fee and your transaction fee).
4. Bitcoin ATMs. Some dispense cash before your bitcoin payment into the ATM confirms. Grab the cash and double spend the coins back to yourself.
5. Cryptocurrency exchange sites. Some will send you a payment in another cryptocurrency (such as Monero) before your bitcoin deposit payment confirms. Sounds like a bad idea for them. Of course by now you know what to do about that...

Isn't this all too good to be true?
Most of the time, yes. It takes a lot of finesse to actually make this work. Most web sites that give you something while your payment is still unconfirmed have an algorithm that scores the likelihood of your payment confirming. If the algorithm predicts your payment could be double spent then it won't give you anything until your payment confirms.

So is it hopeless to even try?

Not if you have a lot of time on your hands. Here are some suggestions:
1. Try to target newly-created web sites, as they are less likely to have been burned by double spends before. So they won't be ready for you.
2. Look for simple web sites that seem to have been created by just one person. The administrators of these small sites often make mistakes that lead to successful attacks because they don't have anyone helping them review their system for vulnerabilities.
3. Play around with the transaction fees and the time lag between your transactions. You have to find a sweet spot where the transaction fee for your first transaction is high enough for the web site to accept your payment while it's still unconfirmed, but low enough so that you can get your second transaction (the double spend back to yourself) to confirm first if you use a higher transaction fee. The lag time between your first and second transactions matters too. Sometimes you might want to send both transactions just a second or two apart and sometimes you might want to put a longer delay between them. It takes a lot of trial and error before you might have your first success.

Does this ever actually work?

Sure it does. Check out these postings that mention successful double spend attacks:
1. https://www.reddit.com/r/Bitcoin/comments/3dygn9/double_spend_on_pocket_dice (PocketDice was allowing people to bet with 0 confirmations and double spend back to themselves if they lost.)
2. https://blog.blockcypher.com/yes-someone-double-spent-bitcoin-no-zero-confirmation-payments-are-not-dead-944d021b865e (BlockCypher assigns a "confidence score" to evaluate how likely a transaction is to be double spent...in this case they got it wrong.)
3. http://bitcoinist.com/peter-todd-double-spends-on-coinbase (Peter Todd, one of the bitcoin core developers, made a successful double spend attack on Coinbase in order to prove how easy it is.)

OK, I want to try this out. How do I use Fomero?
1. Go to the Create page to start a new double spend.
2. Enter the transaction amount. For each of the two transactions in the double spend, enter the destination address and fee rate. Note that the fee rate for your second transaction must be at least 10 satos/byte higher than the fee rate for your first transaction.
3. Fomero will add up the transaction amount, the transaction fee amount, and the Fomero fee amount and tell you the total, along with the funding address.
4. Send your funding payment to the funding address.
5. You can now click the Send First Transaction button to send the first transaction. The page will reload and tell you the transaction ID of this transaction and give you a link to look it up on blockchain.
6. At any time before your first transaction confirms you can click the Send Second Transaction button. This will create a double spend of the same bitcoins to the second address you entered.
7. The difference in transaction fees and sending time between the first and second transactions will determine whether the first or second transaction confirms.

How much is the Fomero fee?
Only 4% from your transaction.

What if I have a problem or need to ask a question?
You can Contact support.