Yup, I was imagining a group of people coordinating to make a purchase at different merchants at (approx.) the same time. Even though there is a large coordination cost to it, this does seem like a major attack vector.
Questions:
- Is there a way to better disincentivize the attack above?
- What other types of attacks are possible?