Quick read
For about three weeks, a bitcoin payment glitch left online retailer Overstock and bitcoin wallet Coinbase vulnerable to potential fraud. Customers were being charged in bitcoin, but allowed to pay the numerical equivalent in bitcoin cash. (KrebsOnSecurity)
Mini-explainer
So if an item cost 10 BTC, customers were allowed to pay 10 BCH instead. Additionally, if customers canceled the order, refunds were made in BTC even if the payment was made in BCH. Given the value disparity between BTC and BCH (bitcoin is about 7 times more valuable than bitcoin cash), this was a serious problem.
The key facts
Consider the implications here: A dishonest customer could have used this bug to make ridiculous sums of bitcoin in a very short period of time. Let’s say I purchased one of the more expensive items for sale on Overstock, such as this $100,000, 3-carat platinum diamond ring. I then pay for it in Bitcoin cash, using an amount equivalent to approximately 1 bitcoin ($~15,000).
Then I simply cancel my order, and Overstock/Coinbase sends me almost $100,000 in bitcoin, netting me a tidy $85,000 profit. Rinse, wash, repeat. (KrebsOnSecurity)
The bottom line
Coinbase implemented the bitcoin payment solution, so it stood to lose the most from the glitch. As the cryptocurrency space becomes more crowded, the potential for these types of mistakes will increase. Payment processors need to be extra careful moving forward to avoid situations like this.