Overstock Glitch Gave Customers ‘Discounts’ With Bitcoin Cash

by 10:06:00 AM 0 reacties


This week security experts found a website glitch on the e-commerce marketplace Overstock that let customers purchase items for a fraction of the price. The reason users were getting such huge discounts is because the system was accidentally allowing bitcoin cash (BCH) purchases in place of items priced in bitcoin core (BTC).

'Big Discounts': Some Overstock Customers Pay for Items Priced in BTC With BCH
Overstock Glitch Gave Customers 'Discounts' With Bitcoin Cash According to the company Krebs on Security and the security firm Bancsec, Overstock's marketplace had a serious glitch allowing people to pay for products priced in BTC in BCH. On January 5 a Krebs researcher chose to purchase three outdoor solar lamps from Overstock which added up to $78.27. At the time Overstock's invoices told the researcher to pay 0.00475574 bitcoins to a specific address. Instead of paying BTC, Krebs on Security decided to send 0.00475574 BCH to the specified address. In a matter of minutes, the researcher purchased the three lamps for roughly $12 worth of bitcoin cash.

If things couldn't get any worse, they did: Krebs decided to get a refund for the three solar lamps purchased with BCH.
"I didn't really want the solar lights, but also I had no interest in ripping off Overstock," explains the Krebs employee.
So I canceled the order — To my surprise, the system refunded my purchase in bitcoin, not bitcoin cash.

Payment Glitch Lasted for Three Weeks
Overstock Glitch Gave Customers 'Discounts' With Bitcoin Cash Krebs contacted Overstock and informed the firm that individuals were allowed to purchase lavish items like diamond rings for very little money compared to the real retail price. Overstock says they disabled the payment method glitch immediately after an independent researcher investigated the problem.

"After working with a researcher to confirm the findings, that method of payment was disabled while we worked with our cryptocurrency integration partner, Coinbase, to ensure they resolved the issue," explains Overstock to Krebs. "We have since confirmed that the issue described in the finding has been resolved, and the cryptocurrency payment option has been re-enabled."

Coinbase revealed to Krebs that the bug existed for "three weeks" and the issue was caused by the merchant partner "improperly using the return values" in the company's  merchant integration API.

What do you think about Overstock accidentally letting people buy items priced in BTC but used BCH instead? Let us know what you think of this story in the comments below.