Canadian law enforcement officials are on the lookout for 4 individuals who are responsible for carrying out over 100 double spending transactions at Bitcoin ATMs in several cities, including Calgary, Winnipeg, Toronto, Montreal, Sherwood Park, Ottawa and Hamilton.
Reportedly, 4 individuals, whose identities remain unknown, were aware of an exploit which meant that zero confirmation transactions were possible in these ATMs. Taking advantage of this, the men spent Bitcoin in exchange for cash, to an amount totaling nearly $200,000.
According to the official release:
The Calgary Police Service cybercrime team’s investigation began in October 2018 when officers were tipped off to a major fraud involving transactions that target a Canadian bitcoin company…Those attacks involve withdrawing money from a bitcoin kiosk and remotely canceling the transaction before the company can process the withdrawal.
The double spends, which occurred over the course of 10 days, are possible with unconfirmed transactions and tools exist to deal with this problem.
Bitcoin Core developer Peter Todd, who has created a replace-by-fee tool, criticized the ATM operator that operated those ATMs:
The simple truth of the matter is that the ATM operator in question is negligent if they are accepting unconfirmed transactions without other mitigating security measures such as obtaining positive legal identification; the fact that they’re asking for help in identifying the thieves is a strong sign of such negligence. This is no different than, say, a store selling high value items choosing not to hire cashiers and instead relying on an “honesty box” for payment.
Despite being somewhat cumbersome, these ATMs are a convenient way for users to get some bitcoin.
However, security exploits like this are most definitely a major concern and if Bitcoin is to grow into mainstream usage, such issues will have to be solved.
Individuals with any leads can submit their tips to Crime Stoppers.