pull down to refresh
75 sats \ 10 replies \ @oomahq 10 May freebie \ on: I got scammed (but you don't have to) lightning
It's unlikely that that guy was trying to scam you, rather he was the real victim of the scam. This is what it's called a triangulation attack. It works like this:
-
The real scammer puts up an ad to sell whatever, in this case protein powder (but it doesn't exist).
-
A prospective buyer is interested, and the scammer sends him the payment details. These payment details are not his, but rather those he got from a seller at the LNP2PBot or another P2P exchange, in this case your payment details.
-
The protein powder buyer pays for the Bitcoin purchase in fiat, thinking he's purchasing protein powder. You see the fiat hitting your bank account and approve the release of the sats to the scammer's address, which at this point disappears forever.
-
A few days later the police knocks on the door of the Bitcoin seller, who's been sued by the protein powder buyer who never got the product he thought he was purchasing.
Note that Bitcoin buyers on LNP2PBot and such are not vulnerable to this attack, but on the other hand sellers have no way to protect themselves from it.
The mitigation would be for those platforms to require buyers to post a bond of at least 2x times the amount they want to purchase, and freeze it for 2-4 weeks.
This way the scammer would have nothing to gain from the scam, and even if that didn't deter him the scammer's bond would be confiscated and used to pay back both the seller and the non-bitcoin buyer.
Thanks for clarifying, this is a thorough explanation of what happened. Not sure if the bond method is useful as it also makes the whole experience complicated.
If we want to live in a world with privacy and no third trusted parties, reputation becomes key. In the future this will be even more important. I think I realized that when I read "The sovereign individual" where this topic is discussed.
reply
Interesting that Robosats (another P2P trading platform) has built a system with no reputation. You are encouraged to never re-use your robot tokens.
However, people do re-use their robot tokens, all the time. So, that's their reputation. You see the same users all the time.
I wonder about how the Robosats no-reputation thing can work, over the long term. Especially when attacks like this come up.
reply
who would arbitrate this? with a bond, now the seller can game the system and falsely claim he was scammed by the buyer to earn the bond. they cannot go to court etc.
reply
At least in Bisq arbitrators are people of good reputation who also posted some collateral to do this job and earn some income from doing it.
I believe in case of dispute buyer and seller must submit evidence to convince him to rule in their favor.
In the particular case of a triangulation, the seller would submit evidence of the suing, and the scammer buyer would not be able to submit proof of payment for the sats, as he didn't pay for them.