A double-spend attack is a problem unique to digital currencies in which one user can spend the same digital asset more than once. This is possible as end users can reproduce digital information easily.
Bitcoin has been countering the double-spending problem successfully, but not all cryptocurrencies use the same consensus algorithm.
So, just because Bitcoin has been keeping users safe against double-spend attacks, that doesn’t mean all your transactions are secure. Here’s all you need to know about double-spending and how a double-spend attack can affect a cryptocurrency.
Double-spend attacks explained
Double-spending is a transaction that uses the same input as another transaction that has already been validated on the network.
A double-spend attack obviously isn’t possible with physical fiat money. When you spend $5 to get a coffee, for example, you give the physical note away and can’t use it a second time.
When it comes to using credit cards, a third party – the bank – guarantees that the money from your account gets transferred into the vendor’s account. This way, you get no further access to those funds and can’t use them a second time to make payments.
However, things aren’t that simple on the blockchain. A cryptocurrency is a digital file, which is pretty easy to copy. Since there’s no centralised authority to control transactions, users can replicate digital files more easily and use them to make purchases. The holder makes a copy of the digital coin and uses it to make another transaction while keeping the original in a wallet.
How Bitcoin prevents double-spending
The Bitcoin blockchain has implemented a protocol to counter double-spend attacks inspired by the traditional cash system. It’s a confirmation mechanism that maintains a “chronologically-ordered” blockchain starting with the first registered operation back in 2009.
Let’s say a holder plans to use one Bitcoin to make multiple purchases to other merchants. All transactions go into a pool where they have to wait for confirmation. The first transaction is validated and published on the blockchain. With every new block added to the ledger, the operation gets more confirmations.
The second transaction using the same input won’t be validated because miners can identify the double-spend attack based on the previous records.
So what happens if two of these transactions are pulled from the pool simultaneously? Miners will only validate the one with the higher number of confirmations, and this one will be the only transaction recorded on the blockchain.
Merchants accepting payment in Bitcoin should wait for the confirmation before releasing the goods or services to avoid scams. This way, sellers have the guarantee that the transaction is irreversible.
If you made a digital copy of your Bitcoin and tried to use it, you wouldn’t be able to spend the funds saved in your wallet in the future. Miners use complex mathematics and huge amounts of power to analyse previous records and avoid double-spending. With the copy already registered as spent on the blockchain, it’s impossible to use the digital coin a second time.
The downside? It slows down the buying process since merchants have to wait (sometimes for almost an hour) to get the confirmation they need.
Types of double-spend attacks
While not all cryptocurrencies use the confirmation mechanism and the Proof-of-Work consensus, most of them can counter double-spending. However, it is still theoretically possible for a double-spend attack to occur.
A race attack becomes possible when merchants accept payments before receiving block confirmations on the transaction. An end user sends two transactions almost simultaneously, one to the merchant and another one back to another wallet. In this case, miners could validate the operation toward the wallet, which would mean that the merchant wouldn’t receive the funds.
A Finney attack also occurs when the merchant doesn’t wait for confirmation of the transaction. In this case, a miner transfers funds from one wallet to another but doesn’t validate the block immediately. Then, he or she uses the source wallet to make a purchase. Once the second transaction is set, the miner broadcasts the previously mined block, which also includes the first transaction.
A 51% attack in this situation is called a majority attack because it requires the attacker to control more than half of a network’s hash rate. This could be possible if one miner or a group of miners managed to generate blocks faster than the rest of the other users on a network. All consensus algorithms are built to eliminate the risks of a 51% attack.
A double-spend attack is dangerous for cryptocurrency users. Merchants and other users get scammed and left out of pocket, and the network’s reputation gets damaged. A cryptocurrency that can’t counter double-spending will have to deal first with inflation and then with a lack of trust. This inevitably leads to a worthless network.