What is Double-spending?
The primary goal of blockchain technology is to create a reliable and secure digital money system. Before Bitcoin was invented, attempts to design a similar system had already been made, but they were all faced with the problem that transactions could be copied. This is a so-called double-spending problem that means the repeated spending of the same funds. In decentralized systems, it occurs when the account sends the same amount of funds to several recipients at the same time (before the first transaction is included in the block).
Double-spending is an instance in which a transaction uses the same input as another transaction that has already been broadcast on the network. Bytes (digital data) is much easier to copy than paper money. It is a very serious problem that can result in inflation and a lack of confidence in the currency, rendering its worthless
Imagine: A person comes into a cafe and buys a cup of coffee for $5, the money is transferred to the cash desk and it is impossible to spend these funds twice. Digital currencies are not physically transferred, so the funds remain in the wallet before the transaction is verified and executed. It means that a re-payment (double-spending) is possible in the period between sending and confirming the transaction.
In the case of a cup of coffee, the person has paid in cash, so the payment was confirmed immediately by the cashier and the cash register. In the field of digital money, anyone can copy the funds and make a double-spent anywhere else. Such a scheme is present in real life, for example, the same apartments can be sold to a few people by fraud. Due to the red tape, it takes time for the change of ownership to be reflected in the registries.
Blockchain as a decision
The blockchain concept solves the problem of double-spending with the transaction confirmation mechanism. It is a ledger, which keeps a chronologically ordered record of transactions with timestamps. For example, in the Bitcoin network, a block containing a group of transactions is added to the ledger every 10 minutes, and all the nodes save a copy of the blockchain. Bitcoin uses a consensus algorithm known as Proof-of-Work (PoW) to avoid the need for centralized control. Instead of requiring a trusted third party to verify that transactions are not duplicated, a decentralized group of miners performs this task. Blockchain ensures that it can be proven that any user spending BTC really is in possession of those bitcoins.
Suppose you have 1 BTC that you’re trying to spend twice. You sent 1 BTC to the B wallet from your BTC-address, then sign and send the same 1 BTC to the wallet C. Both transactions go to an unconfirmed pool of transactions: the first transaction (to B wallet) has been verified by the miners, confirmed, and added to the new block. The second transaction (to wallet C) does not receive a sufficient number of confirmations, as it is already considered invalid by the miners. What happens if both transactions are accepted simultaneously by the miners? The transaction which receives the maximum number of confirmations will be included in the blockchain. The other is not going to be added. In order to be safe, the recipient needs to wait for a couple of confirmations. Until the transaction is confirmed and received, it is not considered to have been executed. Confirmations are blocks containing all the transactions that have been validated by the blockchain. All the blocks are linked to the previous ones, and therefore all the transactions are also linked. A transaction does not necessary to be confirmed earlier than the other, but must be in the longest chain.
Types of attack
There are different types of hacker attacks on the network in the cryptocurrency world.
The attacker sends the same coins to two different addresses very quickly. The seller accepts the fact of payment without confirmation from the network. Thus, only one of the recipients will receive the funds.
In this case, the hacker must also be a miner. The attacker sent coins from his wallet A to their Wallet B and then tryes to find a block with this transaction. After that, he’s going to make the same transaction to the seller wallet C. If the seller considers that the goods have been paid, without confirming the transaction on the network, the attacker will choose the block with the first transaction (from wallet A to wallet B) and validate it. The transaction sent to wallet C will remain unconfirmed.
It is a combined attack made up of the two schemes described above. Vector76 is based on intentional block branching and lasts only 10 minutes.
Brute force attack
After the recipient receives the necessary number of confirmations and ships the goods, the attacker branches (forking) the blockchain and receives the funds back. The success of the attack depends directly on the hashing power of the fraudster ‘s equipment.
If the attacker holds most of the network’s power (more than 51%), double-spending is possible according to the scheme described above, but with a 100% guarantee of success. An attacker is able to generate blocks faster than the rest of the network and creates their own blockchains for dishonest transactions.
You need to wait for a few confirmations to ensure security and protection against double-spending. The more blocks added the more secure the transaction is:
- 0 confirmations: the transaction has been broadcast across the network but has not been included in any block. So-called unconfirmed transactions are not be trusted.
- 1 confirmation: The transaction has been validated and included in a block, and the double-spend risk decreases but is still possible.
- 6 confirmations: In the case of Bitcoin, the network has spent one hour protecting the transaction and an attacker would require a significant amount of network hashing power to make double-spend.
As you see one confirmation is not enough, it is recommended to wait for 6 or more network confirmations. After successful completion, users will be able to see the transaction data in the wallet with their identifier. Anyone can find an identifier using a blockchain explorer to check the number of confirmations that have been made for a particular transaction.