Double-Spending Attack: How to Deceive thy Neighbour

Double-Spending Attacks Image credits to cousinos.io

Blockchains are experiencing the double-spending problem. In a decentralized trustless Blockchain network, how can you be sure the transaction is not double-spent? Double-spending is the risk that a digital currency can be spent twice. The double-spending attack is when the attacker attempts to duplicate a transaction, while sending the coin twice, for example, to the recipient and himself at the same time.

Blockchains are trying to solve the double-spending problem by timestamping the transactions and include them in the block. Attackers may try to mine the block that contains the duplicated transaction, in order to increase the probability of tricking the receiver that the transaction was sent. This kind of attack is difficult to perform and it is more common in proof of work Blockchains. Before the transaction is confirmed, the attacker may eventually try to double spend it.

Before the second transaction is mined to be invalid, the attacker got the first transaction output, resulting in a double-spend. At this time of the attack, the attacker would send the same transaction to the vendor and to a colluding wallet that the attacker himself controls. The first transaction that the attacker sends to himself has a higher transaction fee and it is approved.

The double-spending possibility in Blockchain is one of the reasons that you have to wait for 3–4 block confirmations in the network. In reality, the double-spending attack requires the attacker to control more than 51% percent of the network to succeed in the attack. However, the attacker may trick the receiver for a short period of time and that is why it is important to wait for the confirmations.

An example of a double-spending attack may be Hong Kong ATM scam:

Hong Kong City

In 2020, a group of fraudsters stole 30M dollars worth of Bitcoin. The group targeted ATMs that did not require confirmations, a client could send Bitcoin to the ATM and would immediately receive cash. You could transfer Bitcoin to the ATM’s address, and the ATM would immediately allow you to withdraw cash, without waiting for confirmation. Such a loophole was easily exploited by the thieves. They have sent Bitcoin to the ATM and then send the amounts to the wallet controlled by themselves.

The vulnerability of existing clients to double-spending attack may seriously harm the industry growth. We are waiting for the talented developers to find the solution!

--

--

--

A huge crypto fan. I believe that the decentralized world is the future, Blockchain technology is changing the world.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A dynamic metric to estimate the time required to execute mentally a program

Introduce the Blue Terra project to the Solana ecosystem

Six Vocab Words to Get Started With Kubernetes

Example of a container running with Docker

zenity Cheat Sheet

How to Structure Your Machine Learning Code Repository

Refactoring a legacy app into an exciting opportunity

[GoLang] Go run or go build: no such file or directory

Java Annotations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Goldberg

Alex Goldberg

A huge crypto fan. I believe that the decentralized world is the future, Blockchain technology is changing the world.

More from Medium

ETHEREUM CASH- AN EXTRAORDINARY DECENTRALIZED FINANCE TOKEN THAT IS POWERED BY ETHEREUM BLOCKCHAIN…

A brief rundown of CreDa and it benefits

Berry Data Weekly Report #54 (January 31st — February 6th)

Mars Ecosystem Weekly Report #28