Double-Spending Attack: How to Deceive thy Neighbour
Blockchains are experiencing the double-spending problem. In a decentralized trustless Blockchain network, how can you be sure the transaction is not double-spent? Double-spending is the risk that a digital currency can be spent twice. The double-spending attack is when the attacker attempts to duplicate a transaction, while sending the coin twice, for example, to the recipient and himself at the same time.
Blockchains are trying to solve the double-spending problem by timestamping the transactions and include them in the block. Attackers may try to mine the block that contains the duplicated transaction, in order to increase the probability of tricking the receiver that the transaction was sent. This kind of attack is difficult to perform and it is more common in proof of work Blockchains. Before the transaction is confirmed, the attacker may eventually try to double spend it.
Before the second transaction is mined to be invalid, the attacker got the first transaction output, resulting in a double-spend. At this time of the attack, the attacker would send the same transaction to the vendor and to a colluding wallet that the attacker himself controls. The first transaction that the attacker sends to himself has a higher transaction fee and it is approved.
The double-spending possibility in Blockchain is one of the reasons that you have to wait for 3–4 block confirmations in the network. In reality, the double-spending attack requires the attacker to control more than 51% percent of the network to succeed in the attack. However, the attacker may trick the receiver for a short period of time and that is why it is important to wait for the confirmations.
An example of a double-spending attack may be Hong Kong ATM scam:
In 2020, a group of fraudsters stole 30M dollars worth of Bitcoin. The group targeted ATMs that did not require confirmations, a client could send Bitcoin to the ATM and would immediately receive cash. You could transfer Bitcoin to the ATM’s address, and the ATM would immediately allow you to withdraw cash, without waiting for confirmation. Such a loophole was easily exploited by the thieves. They have sent Bitcoin to the ATM and then send the amounts to the wallet controlled by themselves.
The vulnerability of existing clients to double-spending attack may seriously harm the industry growth. We are waiting for the talented developers to find the solution!
