According to the police profiling, one of the suspects has attacked in the Toronto, Montreal, Ottawa and Hamilton area, while the other took the Calgary area for the attacks.
The transactions all targeted a Canadian bitcoin company that police are not identifying and resulted in a loss of 195-thousand dollars.
In the Canadian attacks on Bitcoin ATMs, the suspects are accused of initiating transactions and then remotely cancelling them before the kiosk/ATM company could process them.
The cybercrime division of the Calgary Police believes that these suspected fraudsters with in-depth knowledge of bitcoin transactions successfully pulled off 112 double spend attacks over a span of ten days. The Calgary Police Service pleads with the public to supply any information relevant to the apprehension of these men.
While not appearing in the report by CBC News, Bitcoin Core engineer, Peter Todd highlighted the fact that the theft was successful due to the fact that the ATM operator allowed "zero-conf (0-conf)" transactions to scale through. The cities which fell victim to the attack include Calgary, Toronto, Montreal, Winnipeg, Sherwood Park, Ottawa and Hamilton. The second double-spends that transaction with a transaction with higher fees, paying only the change address.
The Calgary Police Service is being assisted in its investigation by authorities from Toronto, Hamilton, Winnipeg, and Halton. Police are now seeking information regarding four suspects believed to be involved in the fraud. People can also anonymously submit tips through Crime Stoppers. That is why services ask for multiple confirmations for every transaction.
Authentic double spend attacks either involve exploiting a code defect in a crypto network's software or a "51% attack"(brute force attack) on a cryptographic ledger's processing of transactions.