Disclaimer: this article includes affiliate links. When you make a purchase through one of our links, we may receive commissions.
In this post we are going to cover:
Plus more... Read on to learn everything you need to know about how constructing a double spend saved my Bitcoin.
Honestly, I never thought it would happen to me: scammed on Telegram. I’d like to pretend it was some super-sophisticated, social engineering attack that would have fooled anyone, but the truth is it wasn’t. I got lazy. I didn’t do my due diligence and I trusted without verifying.
Here’s the run-down: I had placed a bid in a charity auction on the BitcoinTalk forums for a Kialara Hydrat to adorn my Bitcoin shrine and forgot about it. I was contacted by someone I thought was the auctioneer on Telegram informing me that I was probably going to win the auction.
I didn’t even remember placing the bid, so he sent me the link where I was the highest bidder at the time (I was) and it started jogging my memory.
At this point, I was more preoccupied by the auction, and a bit embarrassed having forgotten placing the bid, than I was with verifying the auctioneer was legit.
Alarm bells should have been going off, right? But they didn’t. The guy was slick and said all the right things, even diverged into off-topic small chat. He didn’t seem like a scammer.
In fact, he proposed escrow for security, and asked me to pick someone I trust. So I did. Then I was pulled into a new chat group on Telegram with the “auctioneer” and the “escrow” I picked.
At this point, I should have scrutinized the escrow account, but it looked legit. The avatar was right and so was the name.
In the span of 2 minutes, the “auctioneer” had spun up a fake “escrow” account on Telegram and I didn’t question it. Again, I have no excuse here. I still can’t believe I fell for this trap. But I did.
So I sent the Bitcoin to the address, as requested, and then everything disappeared. The fake auctioneer account; the fake escrow account and the group chat itself.
They probably did this to cover their tracks, but to be honest, had they not done this, I probably would have just went-along with my day thinking nothing was amiss. So this is when alarm bells started going off.
You’re probably shaking your head right now, right? I don’t blame you.
I contacted the escrow through Twitter and he basically confirmed what I already knew: he didn’t just act as an escrow and I had been, clearly, scammed.
Starting to Sweat
Panic started to set in. Thousands of dollars in Bitcoin lost forever. But I had one ace up my sleeve: I’m notoriously cheap with txn fees.
I set it super low at 12 sats/byte so the txn shouldn’t have made it into a block for hours.
“Just RBF, Mike! No worries!” you say. Well here’s where you get to roll your eyes and give me the L because I didn’t use RBF.
It wasn’t a conscious decision, it’s just that the wallet I was using at the time didn’t support it. Guess what that means? I needed to find someone to build me a double-spend, by hand, and fast.
The clock was ticking. Fortunately, I was able to find someone I trusted who had never done it before, but had the technical chops to give it a shot. Fingers crossed.
Building the Replacement TX
He walked me through the first few steps as it required access to the seed, building the replacement transaction in Electrum and signing it. Attached was an absurd 900 sats/byte miner fee. Something to incentivize miners to include this transaction rather than the earlier one.
To be honest, it was probably overkill, but it was a tense situation. We probably only had one shot with the clock ticking, so better have a big enough bribe ready to go. I sent him the signed transaction and he had to do a bunch of stuff with the UTXO strings, but I won’t get into the technical weeds, it’s not important.
Double spend ready! Let’s broadcast it! REJECTED. Mempool no like. It looks like a double-spend attempt. Let’s try an accelerator! REJECTED.
Accelerator no like. It looks like a double-spend attempt. Bare in mind, neither of these rejections were due to breaking with Bitcoin consensus itself. These are just policies. Maybe good policies in order to curtail rampant double-spend attempts, but mere policies.
The new transaction was just as valid as the previous transaction. The REAL transaction is whichever one gets into a block first. Blockchain is truth, after all. So we reached out through back-channels and public channels to mining pools.
Here’s where I really have to stop and thank everyone who helped. So many people went out of their way to help me get this transaction to miners, it was really heart-warming and I thank you all.
At one point, I had about 60% hashrate working on including my transaction, but it was early morning in China. There was literally a guy racing to work, in China, to include the txn around 8 am their time.
It kinda felt like living through an Action movie, racing against the clock before the bomb goes off. Poolin, ViaBTC, F2Pool. I had them all in my DMs. Everyone was doing their best to get the job done.
But there can be only one. 4 blocks before the scammers got my money (according to mempool.space) I got a tweet notification. F2Pool had just mined the transaction into a block.
Relief finally set in. I got most of my money back (minus the miner fee and a reward to the person who crafted the double spend on short notice) but most importantly, the scammers got nothing.
Don’t Trust. Verify.