Hundreds of merchants in Australia have reportedly stopped accepting Bitcoin for payments after a double-spend exploit revealed that unconfirmed transactions could be reversed.

As reported by Micky, Bitcoin-accepting merchants in Australia supported by cryptocurrency payment processor TravelByBit were shown falling victim to a double-spend attack, where the attacker makes a payment and then immediately redirects the payment back to a wallet they control, tricking a merchant into accepting a payment that is not yet permanently settled and stealing goods or services. As the video of the double-spends became popular, TravelByBit will reportedly stopped accepting both Bitcoin and Bitcoin Cash for payments, with founder Caleb Yeoh quoted as saying “We will be dropping both Bitcoin and Bitcoin Cash from the [point-of-sale].”

The risks of double-spends on major cryptocurrencies cause merchant adoption issue

The Bitcoin double-spend issue highlights some of the issues facing cryptocurrencies when used in a short timeframe point-of-sale environment. In most major cryptocurrencies, transactions are broadcast to nodes nearly instantly, where they reside in a backlog known as the mempool until they are included in a block by miners. This means that a transaction becomes visible within seconds, but is not yet reliable for several minutes depending on the network’s structure and current conditions. According to Bitcoin creator Satoshi Nakamoto, transactions which have simply been broadcast should not be considered as secure as those which have been written to the blockchain:

“As you figured out, the root problem is we shouldn’t be counting or spending transactions until they have at least 1 confirmation. 0/unconfirmed transactions are very much second class citizens. At most, they are advice that something has been received, but counting them as balance or spending them is premature.”

Q. Are #Dash LLMQ #ChainLocks ⛓️🔐 just hype or something interesting? 🤔 Watch @aantonop 👨‍💻 answer in his most recent Q&A video. I'm very impressed with how well-versed Andreas is with @Dashpay. 🏆👏 Make sure to watch full video 🙂👍 📽️ Full video: https://t.co/LcnZ6PfPny 👀 pic.twitter.com/43Bwfxtuxe — Mark Mason (@StayDashy) August 22, 2019

Bitcoin in particular has a distinct vulnerability to double-spend attacks due to an implementation called replace-by-fee, which more easily allows a higher-fee duplicate of a transaction to supersede the original. However, even chains without replace-by-fee such as Bitcoin Cash are vulnerable to double-spend attacks to an extent. According to statistics displayed on DoubleSpend.Cash, 215 double-spend attempts have been made on the Bitcoin Cash network in the past 24 hours, with 39 being successful and three being undetermined. Since 2017 a total of 3,874 Bitcoin Cash transactions have either been double-spent or are undetermined.

The competitive advantage of Dash InstantSend is becoming more apparent

Recent exploits such as the recent Bitcoin double-spends highlight the competitive advantage maintained by Dash in the cryptocurrency payments space. Utilizing the masternode layer of incentivized nodes, all Dash transactions are instantly locked-in with a mechanism known as InstantSend, which prevents the transaction from being double-spent until it is securely locked in a block. This process takes under two seconds on average, resulting in a permanently-settled transaction instantly. Additionally, because of recently-implemented ChainLocks functionality, Dash blocks are permanent after a single confirmation, protecting against 51% attacks and eliminating the need to wait for over a single confirmation.

Because of these features, Dash transactions are instantly secure compared to competitors such as Bitcoin and Bitcoin Cash, which offer lower levels of security in the short-term and likely in the long-term, giving Dash the edge as a form of payment at the point-of-sale.