eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2016/024

Refund attacks on Bitcoin’s Payment Protocol

Patrick McCorry, Siamak F. Shahandashti, and Feng Hao


BIP70 is a community-accepted Payment Protocol standard that governs how merchants and customers perform payments in Bitcoin. This standard is supported by most major wallets and the two dominant Payment Processors: Coinbase and BitPay, who collectively provide the infrastructure for accepting Bitcoin as a form of payment to more than 100,000 merchants. In this paper, we present new attacks on the Payment Protocol, which affect all BIP70 merchants. The Silkroad Trader attack highlights an authentication vulnerability in the Payment Protocol while the Marketplace Trader attack exploits the refund policies of existing Payment Processors. Both attacks have been experimentally verified on real-life merchants using a modified Bitcoin wallet. The attacks have been acknowledged by both Coinbase and Bitpay with temporary mitigation measures put in place. However, to fully address the identified issues will require revising the BIP70 standard. We present a concrete proposal to revise BIP70 by providing the merchant with publicly verifiable evidence to prevent both attacks.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. 20th Financial Cryptography and Data Security
bitcoinimplementationpayment protocolsilkroad tradermarketplace traderrefund attacks
Contact author(s)
patrick mccorry @ ncl ac uk
2016-01-12: revised
2016-01-12: received
See all versions
Short URL
Creative Commons Attribution


      author = {Patrick McCorry and Siamak F.  Shahandashti and Feng Hao},
      title = {Refund attacks on Bitcoin’s Payment Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2016/024},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/024}},
      url = {https://eprint.iacr.org/2016/024}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.