These guys certainly show a lack of understanding here about the Bitcoin protocols.  The issue here isn't gaining temporary control of a majority of the CPU power of the network, the issue is gaining control of a majority of the network over a prolonged period of time.

More importantly, there is a mistaken notion here that transactions are "irreversible".  If you are engaged in gaming Bitcoins, transactions are indeed reversible and any attempt to double spend will be wiped out upon verification by the trusted nodes on the network.  BTW, CPU power alone isn't sufficient but also having the transactions verified by the various nodes including those who aren't necessarily even providing CPU power but rather merely network bandwidth.  If you can't get the majority of the nodes to accept your blocks & transactions, it is a wasted transaction even if you have a huge amount of CPU bandwidth being thrown at the issue.

BTW, this is one of the reasons why changed in 0.3.16 were such a big deal because it did change some of what the "ordinary nodes" were doing with some of the blocks and packets, rejecting certain transactions because of "unusual" data.

This kind of "attack" does point out that folks who are shipping physical merchandise ought to set up perhaps some sort of policy of requiring perhaps a few more than just six confirmations, as that is the real scam here.  In the attempt to double-spend, the attacker is trying to fool somebody into thinking they have legitimately received payment when in fact they haven't received any bitcoins at all.  When the attack fails, the "accounts" or at least who has what bitcoins will be a settled issue.

From the article:


Assuming that they are trying to get physical merchandise from somebody where it is being sent to a physical address of some kind as their way of being able to gain money from this scam.  By double spending, the attacker is assuming that they are going to be receiving the merchandise in spite of the merchant not receiving payment.  When the merchant realizes that the transaction is invalid (you don't even need to be reading the forums to notice that fact... contrary to what was said in the article earlier) they are going to either withhold shipment (and announce a strange set of blocks on the forums if they are thinking clearly or at least saying WTF happened to my transaction!) or they can then notify the shipping agent they are using that some sort of fraud was going on with the package and "request" that the package be returned or discarded and not sent to the addressee.  Either way, the scammer isn't going to get the merchandise and at worst is only wasting somebody's time or forcing a merchant to lose some money.

Furthermore, fraud can certainly be prosecuted under current laws.  Nothing new even needs to be passed in terms of going after these scammers legally in most countries and jurisdictions.  This is indeed very much within the legal definition of fraud and can be proven in court and certainly explained to law enforcement as if a "check" bounced and that payment failed or some other similar kind of explanation until you have to get inside of a court room.  You might be able to attack the validity of Bitcoins as a payment method, but certainly the fact that something of value was transmitted in exchange for something else of value, but then that "something" (in this bitcoins) was not in fact actually transferred would be considered fraud.  I would also argue that typically a judge in this situation would recognize Bitcoins as a valid payment method, at least if you can get somebody to explain what exactly is Bitcoins in simple terms that can be told to a jury without getting into the gritty details.  That both parties thought Bitcoins had value is the only legal question that would have to be asked in this case.

Some idiot presuming that the court system will stay away from you merely because you are using Bitcoins may have cold hard reality facing down upon themselves.  It isn't that this could be illegal, I'm suggesting that an attack of this nature would be illegal already and in fact is.  If you want chapter and verse, at least specify jurisdiction if you want me to give you an answer.  I can think of several laws this would violate and in at least America nearly a dozen law enforcement agencies who would all have jurisdiction too in any given town depending on what was sold and how it was shipped.

It is possible that somebody really thinking this through might set up dead drop mailboxes and have other ways to launder the merchandise, but we aren't talking check kiting here that can take a day or two and up to a couple of weeks to detect.

In short, the author of this piece is completely clueless about Bitcoins and doesn't know what he is talking about.  A good try, and certainly there are ways to scam Bitcoins from people who are unsuspecting, but trying to do that through an attack on the system in the nature described is not only a waste of time, but dangerous to do even from a legal standpoint where the risk on the ROI is far greater than even presumed as with potential criminal penalties and loss of liberty are enough to make this a negative ROI... at least with this method.  If you are going to scam, scam at least with "legitimate" transactions with something like a Ponzi scheme.

The issue of money laundering via Bitcoins is something real, but that is confusing a criticism of Bitcoins with a legal protection of some weird and perverse kind.  Just because trade in cocoa beans may or may not be legal in a jurisdiction doesn't stop a trade transaction using cocoa beans from being illegal for other reasons too.

The other issues listed in this article have been amply debunked in earlier postings on this thread and deserve no further analysis as they are equally faulty.