Crypto Transactions and Payments are still Risky: Here’s What to Do
Blockchain enthusiast developer and writer. My telegram: ksshilov
Sending digital currencies is a novel experience even for frequent users of electronic banking and payment apps. Irreversible transactions, errors, and bugs can lead to immediate loss, so here’s what to do to stay safe in this electronic frontier.
On the surface, sending a digital coin or token may take just a few clicks; it’s as simple as sending an email. But this seemingly simple act has several potential pitfalls, making crypto transfers a risky affair.
On the upside, however, digital coins are borderless and much faster than banks. No extra fees are levied to move funds across the globe and they don’t require account creation, verification, or third-party approval. But dealing with traders can be unnerving in a system that inherently won’t allow refunds and is ultimately unforgiving of human error. Even sending funds between friends has led to mistakes and lost funds.
Lost coins and waiting for confirmation
Over the years, after the initial enthusiasm for paying with crypto coins, users started noticing a few unnerving faults. For one, in 2019, sending digital coins may not be as fast as anticipated due to factors such as network congestion and rules for confirmations.
In 2019, the Bitcoin (BTC) network still goes through days with a significant backlog of transactions
, adding to the wait times. While the coins are not lost, the wait for having your transaction mined and confirmed may take hours. The Ethereum (ETH) network also goes through busy days
. Merchants and exchanges also ask for multiple confirmations to ensure the transaction cannot be rolled back.
Whose money is it?
Blockchain transactions are pseudonymous, that is, they are not connected to any digital or real-world identity. The funds belong to the person controlling the private key, which is simply a long string of letters and numbers unrelated to real-world and virtual identities.
What complicates the matter further is that the counterparties processing the transactions are also anonymous. Miners and node operators are largely unknown and distributed worldwide. Unfortunately, cross-chain transactions
happen by mistake, and fixing these mistakes is time-consuming and expensive.
Sometimes a user will make the error of sending a truly anonymous coin, like Monero (XMR), to an exchange without an identifying code. This muddies the water even more as support has to manually search for the transaction. Sometimes users who send anonymous coins to exchanges without a special code end up losing the balance entirely.
Once a transaction is out of the wallet, it’s irreversible. Only by an act of goodwill can BTC be refunded. And if a transaction arrives at the wrong address, there is nothing one can do. Sometimes, clipboard hijacking
malware may even switch the address, and if the user overlooks the error, the funds will end up in the hacker’s wallet.
Irreversible transactions are unsuitable for Internet merchants and buyers, where the most natural thing is to ask for a refund.
The risk of double-spending
A malicious actor can, under certain technical circumstances, achieve so-called “double spending”. This means that coins will arrive at an address, apparently transferring value, but the hacker will find a way to roll back the transaction. Achieving this is next to impossible for Bitcoin, but not for the smaller networks that can be taken over. While common knowledge suggests that blockchains are immutable, this is not entirely true, and some transactions can be rolled back, leaving the coins open to spending once again.
Double spending happens for various reasons, but the most common one is through a 51% attack
. This is when a malicious actor takes over more than 51% of a network’s hashrate and can rewrite the blockchain’s history. Double spending can also occur due to bugs in the coin’s protocol. Usually, the losing side is an exchange or a merchant who will recognize the incoming transaction, only to realize far too late that the coins are gone. In the meantime, the hacker has already liquidated their balance and is long gone.
Assets are uninsured
Only the largest exchanges can afford to keep insurance on digital assets. There is no insurance against loss, technical errors, or other unforeseen events. The reason for this is that crypto coin networks are meant to be trustless, and there is no one entity to carry responsibility for the assets. Once a coin is gone, regardless of whether it’s because of theft or a faulty smart contract, it’s gone for good.
Escrow service: Here’s how to not take any chances
Using an escrow service to make purchases or send and receive money may be the best way to mitigate the risks of direct transactions. There are multiple approaches, including anonymous, trustless smart contracts, that serve as a form of escrow.
But if you want a curated approach to sending coins, options include tools like Escaroo
, and Setescrow
. Escaroo is a new service set to launch on October 1st, initially offering just three coins. Escaroo will offer escrow accounts for BTC, ETH, and TrustToken assets, with the potential for TrueUSD (TUSD) escrow services. A dollar-pegged coin is safer since it eliminates the risk of price fluctuation. Lockscrow offers escrow services for 13 coins in total, offering personalized service and consulting. Lockscrow has been around for seven years, standing out as one of the oldest crypto escrow startups. Setescrow launched in 2016 and quickly added multiple lesser-known coins. As of this year, Setescrow now offers a selection of 26 coins and tokens
; among them is Tether (USDT), one of the most widely used dollar-pegged coins.
Escaroo is unique for being completely peer-to-peer, not requiring any oversight or transfers to another wallet. The company supplies safe, audited smart contract software so that the deposited funds are never pooled or held by a third party. A new smart contract is created for each peer-to-peer payment, adding a layer of verification, and ensuring that the assets arrive at the final destination without issue. Instead of relying on an algorithm to send the coins to the right owner, using a non-custodial escrow service eliminates human error.
Compared to Lockscrow and Setescrow, Escaroo offers a limited selection of coins in its initial phase. Especially in the case of Setescrow, the choice of coins includes multiple assets
that are inherently risky and volatile. Lockscrow also supports more obscure coins and tokens
Using an escrow service for payments adds an extra layer of verification for sending and receiving digital coins. A dedicated service will fit cryptocurrency users that want to attach a name and an account to their coins to avoid losses. Smart contracts are also one of the most powerful escrow tools, ensuring a predetermined flow of funds. A smart contract is always in control of the funds, thus successfully dealing with the risks of double spending or sending funds to the wrong address.
The author is not associated with any of the projects mentioned.
Subscribe to get your daily round-up of top tech stories!