Share this article
Overstock Payments Glitch Mixes Up Bitcoin and Bitcoin Cash: Report
Online retail giant Overstock.com has reportedly experienced a bug that meant it mixed up payments made in two different cryptocurrencies.
Updated Sep 14, 2021, 1:55 p.m. Published Jan 10, 2018, 1:00 p.m.
Online retail giant Overstock.com has reportedly experienced a cryptocurrency payments bug that could have allowed customers to mint money simply via repeated cancellation of orders.
Last week, North Carolina-based bank security firm Bancsec informed journalist Brian Krebs that Overstock.com had erroneously accepted bitcoin cash instead of bitcoin as payment for a product.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
To confirm the issue, Krebs ordered a $78 motion sensor light on Overstock and opted to make payment by bitcoin.
"Logging into Coinbase, I took the bitcoin address and pasted that into the 'pay to:' field, and then told Coinbase to send 0.00475574 in bitcoin cash instead of bitcoin," Krebs writes on his website. Because of the glitch, the security specialist was able to make a $78 purchase by sending approximately $12-worth of bitcoin cash.
As experienced by Bancsec, Overstock's website approved the transaction. What was potentially more damaging to the firm is the fact that, upon cancellation of the order, Overstock processed the refund in bitcoin.
Currently, a single bitcoin is priced at around $14,000, while its offshoot bitcoin cash is trading at $2,400. So, a malicious customer could have easily made large amounts of money simply by making repeated cancellations of orders of high-priced items at Overstock.
Krebs writes: "Reached for comment, Overstock.com said the company changed no code in its site and that a fix implemented by [payments partner] Coinbase resolved the issue."
Coinbase reportedly said that the issue was caused by "the merchant partner improperly using the return values in our merchant integration API," and noted that no other Coinbase customer had reported the problem. The error had existed for about three weeks, it added.
Krebs said he and Bancsec had looked for the same glitch at other merchants that "work directly with Coinbase in their checkout process," but they found "no other examples of this flaw."
Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Coinbase.
Overstock image via CoinDesk archives
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
KindlyMD Turns to Kraken as Fourth Provider for Bitcoin-Backed $210M Loan at 8%
An SEC filing shows the Kraken facility will be used to retire an outstanding Antalpha loan and requires significant bitcoin collateral.
What to know:
- KindlyMD turned to Kraken for a $210 million loan “bearing a fee of 8% per annum” with maturity on Dec. 4, 2026.
- The company said it will use the proceeds to satisfy its obligations to Antalpha Digital in full.
- Kraken becomes the company’s fourth financing source this year following earlier arrangements with Yorkville Advisors, Two Prime and Antalpha.
Top Stories
