I got scammed (but you don't have to) \ stacker news ~lightning

1327 sats \ 24 comments \ @purpurato 9 May lightning

I thought I could write a separate post about this question from @Signal312 P2P scam because I already fallen and it's quite annoying. I thought the escrow system would avoid all types of scams if you were using it carefully, but there's another type of problem and it has to do with reputation.

One of the best P2P platforms to trade non-KYC is with the lnp2pbot that works over Telegram, it's simple, you only need a username and a way to send/receive fiat. A few months ago one user took one of my offers to sell, fiat was received, BTC sent, trade over. A few days later I got my bank account closed and notified by police that I was involved in a scam. The guy whom I sent the money said he paid for some protein or something and never got it. I said I sold BTC and sent them to buyer, it was not even much. As with everything legal in this country it took months and I finally had to make an agreement with the guy who accepted that I paid half the trade value as I was also scammed like him. I actually believe he was the scammer and he wanted to keep both the BTC and the fiat.

Morale: be very careful when trading P2P and go with experienced users, or establish low limits and some type of ID for you to check new users. The escrow system doesn't protect from everything.

Besides that, I never had any trouble with the bot. I just never take trades with users that have no experience. Reputation is the only answer when trading with anons on the web. The bot shows how many trades each user has with the bot, how many days he's been using it and the rate he got (from 1 to 5) from other users in completed trades.

view all related items

10 sats \ 0 replies \ @BitcoinAbhi 10 May

Very informative post. People will definitely learn from this. Scammer are everywhere. You have to protect yourself with the learning.

30 sats \ 0 replies \ @riberet19 10 May

Thanks for sharing, being sure that you are not going to be scammed in a P2P transaction is complicated, as you say reputation is everything, and here it was demonstrated.

75 sats \ 10 replies \ @oomahq 10 May

It's unlikely that that guy was trying to scam you, rather he was the real victim of the scam. This is what it's called a triangulation attack. It works like this:

The real scammer puts up an ad to sell whatever, in this case protein powder (but it doesn't exist).
A prospective buyer is interested, and the scammer sends him the payment details. These payment details are not his, but rather those he got from a seller at the LNP2PBot or another P2P exchange, in this case your payment details.
The protein powder buyer pays for the Bitcoin purchase in fiat, thinking he's purchasing protein powder. You see the fiat hitting your bank account and approve the release of the sats to the scammer's address, which at this point disappears forever.
A few days later the police knocks on the door of the Bitcoin seller, who's been sued by the protein powder buyer who never got the product he thought he was purchasing.

Note that Bitcoin buyers on LNP2PBot and such are not vulnerable to this attack, but on the other hand sellers have no way to protect themselves from it.

The mitigation would be for those platforms to require buyers to post a bond of at least 2x times the amount they want to purchase, and freeze it for 2-4 weeks.

This way the scammer would have nothing to gain from the scam, and even if that didn't deter him the scammer's bond would be confiscated and used to pay back both the seller and the non-bitcoin buyer.

10 sats \ 1 reply \ @purpurato OP 10 May

Thanks for clarifying, this is a thorough explanation of what happened. Not sure if the bond method is useful as it also makes the whole experience complicated.

If we want to live in a world with privacy and no third trusted parties, reputation becomes key. In the future this will be even more important. I think I realized that when I read "The sovereign individual" where this topic is discussed.

10 sats \ 0 replies \ @Signal312 10 May

Interesting that Robosats (another P2P trading platform) has built a system with no reputation. You are encouraged to never re-use your robot tokens.

However, people do re-use their robot tokens, all the time. So, that's their reputation. You see the same users all the time.

I wonder about how the Robosats no-reputation thing can work, over the long term. Especially when attacks like this come up.

0 sats \ 7 replies \ @MiddleWay 10 May

who would arbitrate this? with a bond, now the seller can game the system and falsely claim he was scammed by the buyer to earn the bond. they cannot go to court etc.

0 sats \ 6 replies \ @oomahq 10 May

At least in Bisq arbitrators are people of good reputation who also posted some collateral to do this job and earn some income from doing it.

I believe in case of dispute buyer and seller must submit evidence to convince him to rule in their favor.

In the particular case of a triangulation, the seller would submit evidence of the suing, and the scammer buyer would not be able to submit proof of payment for the sats, as he didn't pay for them.

0 sats \ 5 replies \ @MiddleWay 10 May

An anonymous scammer can cook up any screenshot or pdf. Maybe when lightning comes to Bisq 2 I will consider using it.

0 sats \ 4 replies \ @oomahq 10 May

Nobody said arbitraging is an easy job. Still, I don't see any better alternative to protect sellers somewhat from triangulation attacks.

By the way, the scammer doesn't know nor would be able to guess the bank account number that sent the fiat transfer.

0 sats \ 3 replies \ @MiddleWay 10 May

Why not? He can request the other scammed party to send him proof of payment.

0 sats \ 2 replies \ @oomahq 10 May

Fortunately I never had to go to arbitration so far, so I don't know for sure, but I see no reason why the arbiter would forward each parties submissions to each other.

That would defeat the point of catching scammers.

0 sats \ 1 reply \ @MiddleWay 10 May

No, I mean the third person scammed in the triangle. The one who paid for protein powder in our case. The scammer can submit his proof of payment as his own.

view replies

40 sats \ 0 replies \ @cryptoshalix 10 May

First rule: Never use your day to day bank account!!

Is that simple, if your really need that, open one in any neobank, there are plenty. And, have there just the amount you are able to transfer. If you need more, send some more from another account, and when you receive more fiat in that account, just move that to another place, or just spend it with the debit/credit card they offer.

But, I do have to pass another KYC Of course... but the key is to use this bank as a temporal shitcoin (the fiat) deposit.

This same rule can be applied to your Bitcoin wallet. Don't use the one with all your savings. Use one with onchain, LN, Liquid, whatever you need, but only with the amount you need.

So, as @darthcoin says:

One fiat account/btc wallet for transfers. This acts like your new intermediary.
Another fiat account/btc wallet as your main. The one with your savings.
Optional. Another fiat account/btc wallet as your day to day. You can use the 1, but is risky.

31 sats \ 1 reply \ @DiedOnTitan 10 May

I just never take trades with users that have no experience.

How would an honest new user get started if everyone held the same view?

16 sats \ 0 replies \ @purpurato OP 10 May

Valid question.

You need to make some small trades before with someone who accepts zero-experience traders, or ask a friend of yours to trade in order for you to get some ranking.

This in turns opens the question, can the experience ranking method be gamed? Well in theory it could, but it would cost the scammer more time and money and I believe that persuades theme to drop it.

21 sats \ 0 replies \ @xmrk2 10 May

One partial solution is to spend BTC instead of selling. Try companies like Bitrefill orThe Bitcoin Company.

And I would like to force buyers to put payment reason / message like "I am $MY_LOGIN_ON_TELEGRAM @ telegram". Don't even have to mention bitcoin (so bank cannot use bitcoin as pretext to close bank account), just link the BTC buyer and payment sender. Although this does diminish buyer's privacy, data from bank and telegram could be user against buyer. The ideal setup would be to buy by cash deposit (perhaps money order in the US), and then write the message on the receipt and send photo of the receipt to the seller. This way, bank doesn't learn anything.

At a minimum, platforms like lnp2pbot and Robosats should warn sellers about this risk and possible countermeasures. I quickly checked Robosats and saw no warning. I am tempted to open an issue about this at github.

21 sats \ 1 reply \ @duvel 10 May

Thank you for sharing this. This is the second time I've read something like this on SN. I only buy with RoboSats, but on every trade you usually have a new identity so there's no reputation. That probably means also this could happens on RoboSats? On HodlHodl and Bisq I think there's a reputation system. So maybe that's a bit safer?

0 sats \ 0 replies \ @purpurato OP 10 May

Yesterday I tried to open Robosats but couldn't access the Tor site, not sure what's going on.

You are right, there is no way to build any reputation there if you use new robots for every trade, that is a problem on that platform.

0 sats \ 0 replies \ @memeverse 10 May

I'm really sorry for what happened to you. It's truly frustrating to fall victim to a scam, especially when you're acting in good faith. Unfortunately, scammers are everywhere and they've now infiltrated the world of blockchain and crypto trading. Thank you for sharing your experience.