Sounds interesting, I can help with that.

Here’s how I’d approach it in your test environment:

Make Stripe webhooks safe

Use Stripe’s official helper to verify each webhook with the signing secret and timestamp, and ignore anything that fails verification or has an unexpected event type.

​

Treat each Stripe event ID as one‑time only so the same webhook can’t be replayed to trigger another withdrawal.

​

Add a double‑confirmation withdraw flow

When a user requests a withdrawal, create a record in Mongo with status like pending_confirmation.

Send a Telegram “Are you sure?” step (and optionally a PIN/2FA). Only if the user confirms, update the record to approved. The actual crypto/Stripe payout will only run for approved records.

​

Block double‑spend in Mongo

Use a single atomic update such as: “find order where _id matches, status=approved, processed=false → mark processed=true and send withdrawal”.

If a webhook is replayed, that update will no longer match anything, so no second payout happens.

​

If you can share the test api_webhooks.py and the Mongo order schema (with any secrets removed), I can suggest concrete changes to the webhook handler and the withdraw logic so you can drop them into your project.