> transferred some BTC over from my Coinbase account, withdrew cash within 20 mins.
Fascinating. Somehow the ATM network was confident that it had your BTC and was willing to give you actual cash within 20 minutes. That suggests that either they don't care much about security or that what you actually did had very little to do with Bitcoin. Did you perhaps actually just convert Coinbase value to Hungarian Forints without really involving any Bitcoin transactions?
I'm not really trying to be snarky. There may be a genuinely useful economy based on companies like Coinbase that operate under different rules than your usual banks, but it's not clear to me that Bitcoin per se or, for that matter, blockchains, are an important part of this.
I'm pretty sure they waited for two-block confirmations instead of the usual 6 because of the risk analysis. The amount was not much and so I think that might have something to do with it.
Using your Coinbase account means it didn't involve a private key belonging to you. We don't know if the ATM network and Coinbase transacted on the blockchain.
That's still an occurrence of Bitcoin being a transferable unit of value, though.
We're not yet on the canonical usage of Bitcoin (that would be you using a private key you're in control of), but we're getting there.
> Using your Coinbase account means it didn't involve a private key belonging to you.
True.
> We don't know if the ATM network and Coinbase transacted on the blockchain.
The action on my part on Coinbase was basically transferring / sending BTC to an external BTC address. So the transaction was definitely on the blockchain. But yes, I see your point.
I was also carrying my Ledger wallet but to plug it into my laptop and then initializing the transfer while standing at the ATM was not possible. So yeah, still getting there.
> The action on my part on Coinbase was basically transferring / sending BTC to an external BTC address
Oh, so it did involve a Bitcoin address. You're right, I don't think they tried to find each other through metadata to settle it outside the Blockchain. That would be dumb, plus the inconveniencing 20 minutes is consistent with that.
It's great to see examples like this in the wild. I've been hearing lightning is getting greater usability and traction as well. Interesting times.
Normal chain reorganizations of length two are rare (4 observed in a 2 year period [1]), and since miners mostly select transactions for inclusion in a block based only on price, blocks on both side of the fork normally contain the same set of transactions.
It is of course possible for some motivated attacker to force a reorg and double spend some Bitcoin.
Since Nakamoto consensus is probabilistic, it is possible to force a reorg with significantly less than 51% of the total hashpower in the network. For example, an attacker with 20% of the hashpower has a 22% chance of causing a reorg after 2 blocks and an attacker with 51% of the hashrate has a 98% chance of causing a reorg after 2 blocks [2]
The commonly cited 6 block wait time was chosen as after this time the probability of an attacker with 10% of the hash power being able to force a reorg is below 0.001 [2].
Only ~0.05% of the hashpower in the Bitcoin network is available to rent on the open market[3], meaning that it is extremely cost and labor intensive to attain the required computational resources (even 20% of the hashpower would require being able to direct the hashpower of ~733,000 Bitmain's newest miner [4]).
However it is safe to assume that organisations with control of sufficient computational power exist (Bitmain, operators of large mining pools), and it seems quite credible to believe that multiple large mining farms would collude if forcing a reorg would be profitable.
In order to attack the ATM one of these organisations would need to send money to the ATM service, wait two blocks, immediately withdraw the money at an ATM, and then broadcast their malicious fork (with the deposit transaction erased) to the network.
Since this attack would fail at least some of the time, miners would have to forgo some portion of their income (blocks from failed attacks are not included in the main chain and so miners don't get the reward in those blocks). An attacker controlling 20% of the hashrate would give up 78% of their profits for the duration of the attack [2].
The attack would need to gain the miners more than the expected loss in block reward (for 20% hashrate this is ~$430,000 per hour [5]), which seems unlikely for such a logistically intensive attack (would require a v large on the ground operation), and there are anyway much easier targets (transfers to large exchanges are the most common double spend attack vector).
Pool operators could maybe run this attack for a while without being detected, but the same issues with logistics as above apply.
Fascinating. Somehow the ATM network was confident that it had your BTC and was willing to give you actual cash within 20 minutes. That suggests that either they don't care much about security or that what you actually did had very little to do with Bitcoin. Did you perhaps actually just convert Coinbase value to Hungarian Forints without really involving any Bitcoin transactions?
I'm not really trying to be snarky. There may be a genuinely useful economy based on companies like Coinbase that operate under different rules than your usual banks, but it's not clear to me that Bitcoin per se or, for that matter, blockchains, are an important part of this.