Double-spending is a problem unique to digital currencies in which a malicious actor attempts to spend the funds in their wallet and then exclude the outgoing transaction from the blockchain, enabling them to retain ownership of the funds that they spent.
There are a couple of ways that an attacker can try to double-spend their coins. One is to send a fake transaction log to a merchant who would then validate an invalid transaction based on fraudulent data. The most prominent risk of double-spending is a 51% attack, which means that the malicious actor attempts to control a majority of the network's mining power in order to mine the longest chain, allowing them to exclude their initial transaction from the blockchain.
The creator of Bitcoin, Satoshi Nakamoto, mentions double-spending several times in the Bitcoin whitepaper. Nakamoto describes the Bitcoin blockchain as a solution to the double-spending problem as a "peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions." He goes on to say, "the system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes."
Honest nodes are nodes which validate transactions according to the protocol rules. One of the critical rules in terms of double-spend attacks is that the first transaction involving specific coins moving from a specific address is valid, while all subsequent transactions attempting to move the same coins from that address are invalid.
Double-spends are a possible attack vector against every decentralized blockchain-based cryptocurrency.
There has not been a successful large-scale double-spend attack against Bitcoin to date, but there have been reports of some smaller-scale successes. One double-spend was reported by the spender himself in a bitcointalk thread in 2013, in which the user was able to double-spend $9800 worth of Bitcoin through a payment service provider called OKPAY. However, he did not have malicious intent and returned the funds to the OKPAY.
In May 2018, an unknown party with access to substantial amounts of hashpower was able to 51% attack Bitcoin Gold in order to pull of successful double-spend attacks against exchanges, worth approximately $17.5 million in total.
Another cyrptocurrency, ZenCash, was the target of a successful 51% attack with multiple double-spend transactions in June 2018.
An Explanation of Nakamoto’sAnalysis of Double-spend Attacks
A. Pinar Ozisik, Brian Neil Levine
Bitcoin: A Peer-to-Peer Electronic Cash System
ZenCash's Statement on Double Spend Transactions
Documentaries, videos and podcasts
- BlockchainA blockchain is an append-only digital ledger storing a set of time-ordered transactions grouped in blocks that are linked together using cryptographic hashes.
- CryptocurrencyA cryptocurrency (or crypto currency) is a digital asset designed to work as a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency. Cryptocurrencies are a subset of alternative currencies, or specifically of digital currencies.
- BitcoinBitcoin is a cryptocurrency and a digital payment system invented by an unknown programmer, or a group of programmers, under the name Satoshi Nakamoto. It was released as open-source software in 2009.
- 51 percent attack51 percent attack happens when an individual miner or group of miners takes control of more than 50% of the network's computing power.
- EquihashEquihash is a Proof-of-Work algorithm used by Zcash, Komodo, ZenCash, and numerous other cryptocurrencies.
- Show More