Bittylicious Blog

Bittylicious turns five years old


Today, on Bitcoin Pizza Day, Bittylicious celebrates its fifth birthday since incorporation way back in 2013.

It has been, by far, the busiest year in Bittylicious’s history and is the year that Bittylicious really took off from the geeky underground and made it mainstream.

Thank you!

We owe our success to those who have introduced Bittylicious to friends and family via word of mouth and personal recommendations. From the outset, we have worked hard getting ourselves known in the local communities, specific forums and generally being Good Guys, and this groundwork has resulted in Bittylicious now being the go to place for many users.

It goes without saying that we couldn’t have done it without the amazing work our brokers perform, offering world class support, speedy delivery of coins and great prices. These guys work hard and it’s hugely appreciated every time a user reports positive feedback with our brokers.

And none of this would have been possible without our excellent staff who were willing to put in the extra help when things were silly busy (December 2017, anyone?) and the many trusted people who assisted with profile verification during these peak periods.

What have we achieved?

Here are some of the highlights from the last year.

Summer 2017

The summer of 2017 saw us publicly support the UASF project which ultimately resulted in SegWit being finally implemented and the future of Bitcoin looking much brighter. We fully ran a UASF node until SegWit was locked in (at which point it was unnecessary). One of our proudest moments.

Winter 2017

Bitcoin Cash was integrated in November 2017 owing to user demand, available for bank transfer and card sales.

We have an intimate Q&A session at New River Studios in Dalston, London, mainly with an aim to spread the word about cryptocurrencies. The price hit $10,000 that night. Coincidence?

December 2017 happened. An absolutely insane month at Bittylicious where on one day, over £1.4 million was traded. We did better than many others, with verifications taking 72 hours at its absolute worst. We did not turn away any signups.

Q1 2018

Bittylicious signed a deal to display advertising against Rugby League and Cricket ODE and T/Twenty matches. You will be able to see us on pitchside banners until the end of summer.

The integration with ihavebeenpwned was completed in February to protect users from insecure passwords.

Throughout 2018, Bittylicious integrated with new credit card providers for resilience and we also negotiated cuts in prices in March.

SegWit became fully supported with the release of Bitcoin Core 0.16, including full bech32 addresses.

Q2 2018

Bittylicious launched (softly) in Australia in April and now serves Australian users 24/7.

In April, Bittylicious reached 1,000 reviews on TrustPilot with a 9.5 rating. Customer support is key and is the basis of our entire company.

And in general over the last year

The media has been good to us – we have been featured and had interviews on BBC Radio Sheffield, BBC News 24, Financial Times, BBC Radio 4 (Moneybox), The Telegraph, The Metro, The Guardian, iNews, Soho Radio and Evening Standard.

Four cryptocurrencies were integrated into Bittylicious and available for credit card sales – DigiByte, Groestlcoin, Bitcoin Cash and Vertcoin.


And our vital statistics for the last year, 22nd May 2017 – 21st May 2018:

  • 220,000 trades completed.
  • £99 million traded.
  • 67,000 new user sign ups.
  • 150,000 pieces of documentation verified.

Going forwards

It’s near impossible to plan for the long term in the cryptocurrency world, but in the next year, we will hopefully give Bittylicious a long overdue facelift, integrate more coins, offer more payment methods and generally make Bittylicious better and better.

Thank you once again to all our lovely customers and please continue spreading the word!

CEO, Bittylicious

Have I Been Pwned?


Bittylicious is now integrated with the excellent have i been pwned service created by well known security expert, Troy Hunt. This service collates used passwords from breaches and dumps when company data has been compromised.

For each user that newly logs in, Bittylicious will interrogate with the service to determine whether the password being used by the Bittylicious user is one that is commonly used and has been listed in one of many breaches. This means that from now onwards:

  • Users will not be able to change their password to one that is very well known, i.e. used regularly by many others and appears in multiple lists.
  • Privileged users (brokers and administrators) will not be able to use the service if their password is in any single list at all; the password will need to be changed before the service can be used.

We also intend on making other changes in the future, e.g. possibly decreasing limits if the account is more likely to be compromised, but we will assess the impact this has first.

If you’re a developer with any sort of sensitive service, consider also integrating. It’s a great project and a useful tool in the arsenal against compromised accounts.

Uncategorized Comments Off on Have I Been Pwned?

DigiByte and Groestlcoin now on Bittylicious


Two new altcoins have been added to the Bittylicious exchange: DigiByte and Groestlcoin. These are both instantly available for purchasing via bank transfer (British Pounds), credit cards (in British Pounds, Euros and US Dollars) and SEPA transfers (Euros).

DigiByte is a quick coin with 15 second block timings, and was an early adopter of Segregated Witness. It also uses five different hashing algorithms in order to make it resistant to 51% attacks, and is GPU miner friendly.

Groestlcoin uses Grøstl-512 as its mining algorithm which is ASIC resistant and efficient, and thus ideal for GPU miners and associated centralisation. SegWit and the Lightning Network is also enabled, and there is a strong focus on anonymous transactions.

Uncategorized Comments Off on DigiByte and Groestlcoin now on Bittylicious

Let’s Sport


Bittylicious is proud to have acquired media rights for TV signage for various sports including Rugby Union and Cricket T20.

Pitchside sponsorship at London Scottish vs Richmond on 3rd December 2017

Bittylicious has 24 metres of signage positioned at the front row ground level, opposite the main TV camera arc. The aim is to get viewers and the audience to consider trading Bitcoin, and obviously using Bittylicious to achieve this.

The banner has already been shown on Sky Sports Action HD in the first Rugby Union women club match ever on 3rd December 2017, and later on that day in the Pro14 London Scottish vs Richmond match.

The upcoming fixtures where you will see the Bittylicious banner is as follows:

29th December 2017

Rugby Union: Doncaster vs Yorkshire Carnegie, Sky Sports Action

10th February 2018

Ealing Trailfinders v Bristol, Sky Sports Action

18th May 2018

Cricket: Royal London 50 DURHAM v YORKSHIRE

29th May 2018

Cricket: Royal London 50 KENT SPITFIRES v SOMERSET

10th June 2018

Cricket: 1 day International SCOTLAND v ENGLAND Edinburgh

12th June 2018

Cricket: T/Twenty SCOTLAND v PAKISTAN Edinburgh

13th June 2018

Cricket: T/Twenty SCOTLAND v PAKISTAN Edinburgh

14th June 2018

Cricket: Royal London 50 Qtr Finals (TBC)

Other 2018 dates are yet to be decided, but there will be in total:

  • 4 x Rugby Union Championship / Guinness Pro14 matches.
  • 10 x Cricket T20 Blast matches.
  • 2 x Women’s 6 Nations 2018 matches.
  • 2 x Women’s Super League cricket.
  • Three month campaign on Internet radio station Cyber Hot Hits.
In The Media Comments Off on Let’s Sport

StartCOIN facing removal


Sales of StartCOIN on the Bittylicious platform have been extremely low in the last few months meaning it is sadly facing removal from the platform. The last sale was on 19th December 2016 for around £50 and there has not been a single sale in 2017 yet.

To declutter the platform and stop CPU cycles from being wasted, we are intending on turning off the StartCOIN daemon at the end of March 2017 unless there is a significant uplift in StartCOIN sales.

Uncategorized Comments Off on StartCOIN facing removal

Syscoin now on Bittylicious


white-logo-640x130-e1459111923427Syscoin is now available for sale on Bittylicious. Presently, it is available to UK users via bank transfer but we intend on making it available to users buying via credit/debit card, and thus available globally.

Syscoin has a very active development team and is ranked 35th on CoinMarketCap. Consistently, they are a top-ten coin on both Poloniex and Bittrex.


Quark gone and Maxcoin at risk


Spring is approaching and it’s time for our spring tidy up of coins that people no longer are interested in.

There have been no sales whatsoever of Quark this year, and sadly with the recent warnings of low volumes, this coins is being removed immediately.

Maxcoin is also at risk, with three sales totaling less than £60 year to date. Maxcoin has had an extremely turbulent ride, but I believe part of its decrease in popularity has been due to the increase in popularity of StartCOIN. Maxcoin will be removed in about a month assuming no significant increase in sales.

Ether (Ethereum) for sale


From Monday 23rd November, Bittylicious will be allowing users to buy Ether, the currency of the Ethereum project, on the Bittylicious platform. This will be available via the following payment methods:

  • UK bank transfer
  • SEPA
  • Credit / debit cards

Ethereum is much more than a next-generation cryptocurrency. It is a distributed, Turing Complete programming platform, which uses a cryptocurrency as its “fuel”. Many believe that this is the logical evolution of Bitcoin-style cryptocurrencies and that it has a very bright future. Ether is the fuel this platform uses, which is used when processing smart contracts on the platform. From an investment perspective, some believe that the widespread use of this platform will make the value of Ether very high in the future.

Transaction Malleability


Transaction malleability is once again affecting the entire Bitcoin network. Generally, this causes a lot of confusion more than anything else, and results in seemingly duplicate transactions until the next block is mined. This can be seen as the following:

  • Your original transaction never confirming.
  • Another transaction, with the same amount of coins going to and from the same addresses, appearing. This has a different transaction ID.

Often, this different transaction ID will confirm, and in certain block explorers, you will see warnings about the original transaction being a double spend or otherwise being invalid.

Ultimately though, just one transaction, with the correct amount of Bitcoins being sent, should confirm. If no transactions confirm, or more than one confirm, then this probably isn’t directly linked to transaction malleability.

Change outputs

However, Bittylicious noticed that there were some transactions sent that have not been mutated, and also are failing to confirm. This is because they rely on a previous input that also won’t confirm.

Essentially, Bitcoin transactions involve spending inputs (which can be thought of as Bitcoins “inside” a Bitcoin address) and then getting some change back. For instance, if I had a single input of 10 BTC and wanted to send 1 BTC to someone, I would create a transaction as follows:

10 BTC -> 1 BTC (to the user) and 9 BTC (back to myself)

This way, there is a sort of chain that can be created for all Bitcoins from the initial mining transaction.

When Bitcoin core does a transaction like this, it trusts that it will get the 9 BTC change back, and it will because it generated this transaction itself, or at the very least, the whole transaction won’t confirm but nothing is lost. It can immediately send on this 9 BTC in a further transaction without waiting on this being confirmed because it knows where the coins are going to and it knows the transaction information in the network.

However, this assumption is wrong.

If the transaction is mutated, Bitcoin core may end up trying to create a new transaction using the 9 BTC change, but based on wrong input information. This is because the actual transaction ID and related data has changed in the blockchain.

Hence, Bitcoin core should never trust itself in this instance, and should always wait on a confirmation for change before sending on this change.

Mitigation steps on Bittylicious

We have configured our primary Bitcoin node to no longer allow change, with zero confirmations, to be included in any Bitcoin transaction. This was configured by running bitcoind with the -spendzeroconfchange=0 option.

This is not enough though, and this can result in a situation where transactions cannot be sent because there are not enough inputs available with at least one confirmation to send a new transaction. Thus, we also run a process which does the following:

  1. Checks available, unspent but confirmed inputs by calling bitcoin-cli listunspent 1.
  2. If there are less than x inputs (currently twelve) then do the following:
    1. Work out what input is for around 10 BTC.
    2. Work out how to split this into as many 1 BTC transactions as possible, leaving enough space for a fee on top.
    3. Call bitcoin-cli sendmany to send that ~10 BTC input to around 10 output addresses, all owned by Bittylicious.

This way, we can convert one 10 BTC input into approximately ten 1 BTC inputs, which can be used for further transactions. We do this when we are “running low” on inputs and there twelve of less remaining.

These steps ensure that we will only ever send transactions with fully confirmed inputs.

Fixing old transactions

One issue remains though – before we implemented this change, some transactions got sent that rely on mutated change and will never be confirmed.

At present, we are researching the best way to resend these transactions. We will probably zap the transactions at an off-peak time, although we want to itemise all the transactions we think should be zapped beforehand, which will take some time.

Other techniques to decrease the impact

One simple technique to decrease the chances of malleability being an issue is to have your Bitcoin node to connect to as many other nodes as possible. That way, you will be “shouting” your new transaction out and getting it popular very quickly, which will likely mean that any mutated transaction will get drowned out and rejected first.

There are some nodes out there that have anti-mutation code in already. These are able to detect mutated transactions and only pass on the validated transaction. It is useful to connect to trusted nodes like this, and worth considering implementing this (which will come with its own risks of course).

The future, from a Bitcoin perspective

All of these malleability issues will not be a problem once the BIP 62 enhancement to Bitcoin is implemented, which will make malleability impossible. This unfortunately is some way off and there is no reference implementation at present, let alone a plan for migration to a new block type.

Although only brief thought has been given, it may be possible for future versions of Bitcoin software to detect themselves when malleability has occurred on change inputs, and then do one of the following:

  • Mark this transaction as rejected and remove it from the wallet, as we know it will never confirm (potentially risky, especially if there is a reorg). Possibly inform the node owner.
  • Attempt to “repackage” the transaction, i.e. use the same from and to address parameters, but with the correct input details from the change transaction as accepted in the block.

It may be the case that the above is impossible, as these really are just rambling thoughts.


Written by Marc Warne of Bittylicious.

Assistance and good chat from iwilcox, midnightmagic and Victorsueca of the #bitcoin IRC channel.

Bittylicious is two years old today


It has been exactly two years since Bittylicious was first announced to the public on BitcoinTalk.

Back then, Bittylicious was a simple service with all sales being done by just one person. You could only buy Bitcoins for UK bank transfers, the limits were quite low, and most things were manual.

Bitcoins only cost around £70 each back then, and the regulatory environment was totally unknown. There was a lot of fear about needing to be regulated by the FCA (FSA back then), worries about VAT being charged and fears about banks shutting down accounts. Alas, the last worry is still one to this day.

It became apparent that if Bittylicious were to survive, it would need to evolve into a marketplace so that multiple bank accounts could be used and, in theory, cheaper prices could be achieved if there were competition. This was clearly the correct decision to make.

Two years on and Bittylicious is multi-seller, multi-payment method, multi-country, multi-currency, multi-altcoin and multi-direction. The fraud environment has changed significantly, as has the general recommendations for AML and KYC, so Bittylicious constantly needs to evolve. Bittylicious is developed to this day, and even two years on, this is just the beginning.

To the moon!