In a double-spending attack, the same digital asset or currency is spent more than once before a transaction is added and confirmed in the blockchain. No central authority can verify transactions in a decentralized system like a blockchain. This decentralized feature of blockchain raises the issue of double-spending attacks. The illustration below shows how a buyer spends the same coins to buy from two different sellers.
Some common types of double-spending attacks are:
Race attack
51% attack
Finney attack
Now we will discuss each of them.
In the race attack, the buyer makes two conflicting transactions and broadcasts them to the network. One transaction purchases services or goods from the seller, and the other redirects the transaction to the buyer himself.
Let us discuss this by considering an example where Alice is a buyer, and Bob is a merchant. Alice will simultaneously make two transactions, one to Bob and one to herself (double spending), of the same digital coin. As Bob receives the confirmation, they will ship the product to Alice. Alice has more computation power, thereby, she will receive more confirmation for the double spending transaction, and the chain to this transaction will get longer. As per the consensus algorithm, the longer chain is the valid chain.
So the double spending chain will be valid, and all other transactions will be rejected. Hence, Alice will be able to exploit Bob in a race attack.
In a 51% double-spending attack, malicious nodes gain more than 51% of the total computation power in the blockchain.
With the issue of a 51% attack, an attacker can create a double-spending attack. As they have more computation power, they can have more confirmations on the transaction, resulting in the longest chain in the network. By the rule of majority authority, the double spending transaction will be considered valid, and all other transactions will be neglected.
It relies on the attacker's ability to mine blocks quickly with accurate time to deceive the merchant.
In a Finney attack, the attacker makes his private fork that includes a transaction of some bitcoins. At the same time, he buys goods from the merchant with the same bitcoins as used in the private fork of the attacker. As the transaction is confirmed in the blockchain, the merchant considers it valid.
The attacker starts to mine the private fork, and as the chain gets longer, he reveals it, reversing the merchant's chain. In this way, the longer chain of an attacker is considered a valid chain.
A double-spending attack is spending the same coins in two or more transactions. In this attack, the attacker has more computation power to reverse the state of the blockchain from illegal to valid. With time, blockchain has improved its security to have its users' trust. The primary solution to prevent double-spending attacks is to wait for six confirmations per transaction. This action will ensure that the transaction follows the longer chain and remains valid.
Solve the quiz and test your understanding of the double-spending attack.
What is a double-spending attack in the context of blockchain?
An attack that manipulates the consensus algorithm of a blockchain.
An attack where an entity gains control of over 50% of the blockchain’s computational power.
An attack where the same cryptocurrency is used in multiple transactions to exploit the system.