This paper reveals a possible attack on the well-known protocol for anonymous currency exchange by David Chaum et al. We show that there is a possibility to spend a single coin many times, so that the bank does not have absolute certainity about a real abuser. In such a case the bank can determine a small group of potential abusers, but cannot indicate a specific person. This potential situation has serious consequences and leads to the conclusion that the system should not be used for irreversible off-line transactions. We also present a modification which could prevent that kind of attacks and enable the protocol to be used for off-line transactions without regard to the reversability.
