Online retail giant Overstock.com has reportedly experienced a cryptocurrency payments bug that could have allowed customers to mint money simply via repeated cancellation of orders.
Last week, North Carolina-based bank security firm Bancsec informed journalist Brian Krebs that Overstock.com had erroneously accepted bitcoin cash instead of bitcoin as payment for a product.
To confirm the issue, Krebs ordered a $78 motion sensor light on Overstock and opted to make payment by bitcoin.
"Logging into Coinbase, I took the bitcoin address and pasted that into the 'pay to:' field, and then told Coinbase to send 0.00475574 in bitcoin cash instead of bitcoin," Krebs writes on his website. Because of the glitch, the security specialist was able to make a $78 purchase by sending approximately $12-worth of bitcoin cash.
As experienced by Bancsec, Overstock's website approved the transaction. What was potentially more damaging to the firm is the fact that, upon cancellation of the order, Overstock processed the refund in bitcoin.
Currently, a single bitcoin is priced at around $14,000, while its offshoot bitcoin cash is trading at $2,400. So, a malicious customer could have easily made large amounts of money simply by making repeated cancellations of orders of high-priced items at Overstock.