Overstock runs into cryptocurrency trouble

Red faces all round at Overstock.com, which has allowed customers to pay with either Bitcoin or Bitcoin Cash interchangeably.

In January 2014, the retailer partnered with Coinbase to let customers pay for merchandise using Bitcoin, making it among the first of the largest e-commerce ventures to accept the virtual currency. The aforementioned glitch is embarrassing because Bitcoin and Bitcoin Cash, which split off from one another last year, have wildly different valuations. It was first reported by Brian Krebs of KrebsOnSecurity. He purchased a set of three outdoor solar lamps from Overstock for $78.27.

“Logging into Coinbase, I took the Bitcoin address and pasted that into the “pay to:” field, and then told Coinbase to send 0.00475574 in Bitcoin Cash instead of Bitcoin. The site responded that the payment was complete. Within a few seconds I received an email from Overstock congratulating me on my purchase and stating that the items would be shipped shortly,” he writes. “I had just made a $78 purchase by sending approximately USD $12 worth of Bitcoin Cash. Cryptocurrency alchemy at last! But that wasn’t the worst part. I didn’t really want the solar lights, but also I had no interest in ripping off Overstock. So I cancelled the order. To my surprise, the system refunded my purchase in Bitcoin, not Bitcoin Cash!”

He adds: “Consider the implications here: A dishonest customer could have used this bug to make ridiculous sums of Bitcoin in a very short period of time. Let’s say I purchased one of the more expensive items for sale on Overstock, such as this $100,000, 3-carat platinum diamond ring. I then pay for it in Bitcoin cash, using an amount equivalent to approximately 1 Bitcoin ($~15,000). Then I simply cancel my order, and Overstock/Coinbase sends me almost $100,000 in Bitcoin, netting me a tidy $85,000 profit. Rinse, wash, repeat.”

Overstock.com said it changed no code in its site and that a fix implemented by Coinbase resolved the issue. “We were made aware of an issue affecting cryptocurrency transactions and refunds by an independent researcher. After working with the researcher to confirm the finding, that method of payment was disabled while we worked with our cryptocurrency integration partner, Coinbase, to ensure they resolved the issue. We have since confirmed that the issue described in the finding has been resolved, and the cryptocurrency payment option has been re-enabled.”

CryptocurrenciesStaff WriterOverstock, Bitcoin, Bitcoin Cash, Online retail, CryptocurrenciesComment