The online sales giant Overstock said in a statement to a customer on Jan. 9 that he is "aware" of a major problem in his payment system. , which allows customers to pay with Bitcoin (BTC) and Bitcoin Cash (BCH) interchangeably, allowing accidentally a huge potential reduction.

In which online publication The Verge describes as "a lesson on how not to offer cryptocurrency payments" Overstock, who has accepted Bitcoin since 2014, has inadvertently provided BCH holders with an opportunity to make money. gold arbitrage.

In addition to charging BTC or BCH at the rate of 1: 1 for the same item, any refund request was paid exclusively in BTC, resulting in a huge profit potential for anyone paying in BCH.

The problem was publicly announced by Brian Krebs of KrebsOnSecurity on January 9th. Krebs would have bought Overstock's solar lights worth $ 78.27, paying for them in Bitcoin Cash. But the overstock made him pay Bitcoin Cash at the same rate as Bitcoin, which means he only paid $ 12.02 for the lights. He then asked for a refund and was returned the payment in Bitcoin, worth $ 77.80 then.

After Kreb's report of the bug, Overstock wrote him a reply that imputed the glitch to their payment integration partner, Coinbase, and confirmed that they had since corrected the Error:

"We were made aware of a problem affecting cryptocurrency transactions and reimbursements by an independent researcher [Krebs]." After working with the researcher to confirm the discovery, this payment method was disabled while we were working with our cryptocurrency integration partner, Coinbase, to make sure they solved the problem. "

telling Krebs that it was a problem on the Overstock side, but that the companies were working together to solve it:

"The problem was caused by the trading partner using incorrectly t the return values ​​in our merchant integration API. No other Coinbase customer has had this problem. After being made aware of a problem in our common refund processing code on Saturday, Coinbase and Overstock worked together to roll out a solution in a matter of hours. To our knowledge, a very small number of transactions have been affected by this problem.

Krebs summarized the potential impact of the situation by saying:

"Consider the implications here: A dishonest customer could have used this bug to make ridiculous amounts of Bitcoin in a very short period of time.

According to Krebs, Overstock told him to keep the "profit" that he did in the process of discovering and testing the glitch. donating extra money to a non-profit library.

Coinbase told Krebs that the situation had existed on the Overstock website for three weeks before his discovery and report.