Double-Spending

Double-spending is basically the ability to repeat transactions using the same digital asset. This becomes possible if a disparity arises between the amount of digital money available and the record of its expenditure in the blockchain. Since it takes some time to conduct transactions on the blockchain network, scammers have a chance to spend the same amount in different directions.

The possibility of re-spending remains feasible in the blockchain, even though there are various security features. Several types of attacks can be distinguished, leading to double-spending.

Finney Attack

The Finney attack is only viable if a merchant accepts unverified transactions or conducts verification with a delay of at least a few seconds. Theoretically, the attack can be performed if the attacker is mining and controls block content.

The Finney attack process looks like this:

1. The hacker includes the transaction in the block but doesn’t execute it.
2. After finding the mined block, the hacker redirects the same coins into another transaction.
3. This transaction is canceled by another miner, but not immediately.

To prevent a Finney attack, the recipient should wait for at least six confirmations.  

Race Attack

The “race” type of attack is only possible when accepting unconfirmed transactions. The hacker sends the same coin to two different recipients using two different devices. If one of the recipients accepts it without waiting for block confirmation, it will be rejected later during the mining process. The recipient must wait for at least one confirmation for the Race attack to fail.

Note that attackers often use a direct connection to the victim’s node to perform the Race attack. Turning off incoming connections to nodes will keep the recipient safe and stop the hacker from performing the transaction directly.

Vector76 Attack or One Confirmation Attack

The Vector76 attack is based on the fact that even a transaction that has been validated once can be reversed. The main steps in carrying out this type of attack are the following:

1. The attacker creates two nodes. The first may be connected to the exchange node, and the second may be connected to peer-to-peer nodes in the blockchain network.
2. The hacker then generates two transfers with different price values.
3. The hacker sends the additionally mined block and the high-value transaction directly to the exchange service.
4. Once the previous transaction is confirmed, the hacker sends the low-value transaction to the blockchain network, thus rejecting the high-value transaction.
5. The first high-value transaction is deposited back into the hacker’s account.

This attack can be protected by disabling incoming connections and only joining well-connected nodes.

Brute Force Attack

If the receiving side performs transactions only after a few confirmations, the attacker with high hardware capacity can execute a brute force attack. The attacker sends the payment without stopping the block verification, which will include the transfer.

While the recipient verifies the transfer, the hacker branches the chain. The more confirmations the attacker finds, the more likely they can get their coins back. For example, in the case of p2p trading, the attacker will take over the victim’s funds, only simulating the transaction on their side. 

The fact is that if the hacker has highly powerful hardware and can identify all the confirmations in the network, they will have the ability to reverse them. In practice, the brute force attack is quite unlikely due to the fact that even if the hacker had 10% of the entire network’s power, the success rate would be only 0.01%.

The 51% Attack or Majority Attack

The majority attack, or the 51% attack, is one of the most well-known techniques for double-spending. 

With more than 51% of the entire network’s processing power, attackers can start generating blocks on their own, making changes to new blocks, rejecting or approving transactions. In this way, they essentially gain control of the blockchain network, so they can easily re-spend funds.

The 51% attack has been carried out on blockchain more than once. Here are some of the successful examples:

1. Ethereum-based crypto projects Krypton (KR) and Shift (SHIFT) were attacked in 2016. As a result, hackers managed to steal 2,200 coins through the Bittrex exchange.
2. In 2018, an anonymous attacker, using a code bug, performed the majority attack on Verge (XVG). The total loss amounted to about $800,000.
3. Bitcoin Gold (BTG) was targeted by the majority attack in 2018. Hackers withdrew more than $18 million in cryptocurrency through several popular exchanges.
4. In mid-2018, attackers succeeded in withdrawing more than $2.5 million in tokens through exchanges thanks to the 51% attack on cryptocurrencies MonaCoin (MONA), ZenCash (ZEN), and Litecoin Cash (LCC). 
5. Aurum Coin (AU) lost over $500,000 in cryptocurrency at the end of 2018 due to the 51% attack.
6. In 2019, two major mining pools conducted the 51% attack on the Bitcoin Cash (BCH) altcoin network.

To protect a project from such an attack, you should increase its popularity among users. The more users in the network, the lower the likelihood of an attack. Another protection solution is to switch to the PoS algorithm. The 51% attack on large projects based on the Proof-of-Stake algorithm is too expensive, though still theoretically possible. 

How to Solve the Double-Spending Problem

Blockchain networks possess some features that reduce the risk of double-spending attacks:  

1. A large number of confirmations. The more confirmations a transaction requires, the more blocks will be added. Accordingly, the transaction will become more secure.
2. The openness of the blockchain. The open blockchain ledger contains time-stamped records of transactions. Adding a new block is accompanied by adding it to a common chain identical to all nodes in the blockchain. Therefore, miners will consider only the first transaction in the open blockchain to be valid.

So, the most common double-spending technique is to create the absence of transactions in the blockchain. This possibility often arises due to a purposeful disruption of the blockchain network or an error in the project code. The current development of blockchain technology and anti-tampering systems minimizes the risk of double-spending but does not eliminate it completely, especially in small projects.