Overstock Payments Glitch Mixes Up Bitcoin and Bitcoin Cash: Report

Online retail giant Overstock.com has reportedly experienced a bug that meant it mixed up payments made in two different cryptocurrencies.

AccessTimeIconJan 10, 2018 at 1:00 p.m. UTC
Updated Aug 18, 2021 at 7:53 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Online retail giant Overstock.com has reportedly experienced a cryptocurrency payments bug that could have allowed customers to mint money simply via repeated cancellation of orders.

Last week, North Carolina-based bank security firm Bancsec informed journalist Brian Krebs that Overstock.com had erroneously accepted bitcoin cash instead of bitcoin as payment for a product.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • To confirm the issue, Krebs ordered a $78 motion sensor light on Overstock and opted to make payment by bitcoin.

    "Logging into Coinbase, I took the bitcoin address and pasted that into the 'pay to:' field, and then told Coinbase to send 0.00475574 in bitcoin cash instead of bitcoin," Krebs writes on his website. Because of the glitch, the security specialist was able to make a $78 purchase by sending approximately $12-worth of bitcoin cash.

    As experienced by Bancsec, Overstock's website approved the transaction. What was potentially more damaging to the firm is the fact that, upon cancellation of the order, Overstock processed the refund in bitcoin.

    Currently, a single bitcoin is priced at around $14,000, while its offshoot bitcoin cash is trading at $2,400. So, a malicious customer could have easily made large amounts of money simply by making repeated cancellations of orders of high-priced items at Overstock.

    Krebs writes: "Reached for comment, Overstock.com said the company changed no code in its site and that a fix implemented by [payments partner] Coinbase resolved the issue."

    Coinbase reportedly said that the issue was caused by "the merchant partner improperly using the return values in our merchant integration API," and noted that no other Coinbase customer had reported the problem. The error had existed for about three weeks, it added.

    Krebs said he and Bancsec had looked for the same glitch at other merchants that "work directly with Coinbase in their checkout process," but they found "no other examples of this flaw."

    Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Coinbase.

    Overstock image via CoinDesk archives

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.