The "Double-Spending" Problem

Contents

The traditional monetary system is plagued by counterfeiting and other forms of money manipulation.

Governments spend a lot of money attempting to prevent people from reproducing money without the proper authorization.

Almost every government deals with this issue, as some unscrupulous actors exploit it for financial gain. It is common to see various agencies develop strategies to make it easier to identify fraudulent individuals who benefit from counterfeiting. On the other hand, cryptocurrencies appear to have found a way around this by operating independently of any centralized authority.

What is the Double-Spending Problem?

The double-spending problem occurs when a currency unit, whether fiat or cryptocurrency, is spent more than once. This implies that a person buys something worth more than their currency. For instance, if a user purchases an item in a store that costs twenty pounds (£20) with a twenty-pound note, adds an extra item that costs twenty pounds, and uses the same twenty-pound note to buy both items. We can term that scenario “double-spending.

Types of Double-Spending Attacks

Double-spending attacks occur in a blockchain: race attacks, 51% attacks, and Finney attacks.

• Race attacks

A race attack occurs when a hacker initiates two transactions simultaneously and then decides to send only one at the end, which is confirmed by the blockchain. An unscrupulous user may initiate two transactions simultaneously if they only want one confirmed to purchase an item using the unconfirmed transaction.

This may be successful if the seller or receiver agrees to the unconfirmed transaction before confirming that validators have verified it on the blockchain. Unsuspecting victims may fall for this if they are in a hurry to confirm a transaction before verifying it with a blockchain explorer to see if it was validated.

• Finney attacks

Only miners can execute a Finney attack because they are involved in verifying transactions and mining blocks. In this attack, the miners opt to pre-mine a transaction into a block on multiple wallets, allowing them to use the first wallet to carry out another transaction. The second transaction isn’t recorded in the blockchain. Finally, they only try to broadcast the initial transaction to the network.

For this to happen, the miner must follow specific procedures. As always, it is advisable to use a blockchain explorer to cross-check that a transaction was verified and added to the blockchain.

Hal Finney, a renowned cryptographer, was the first person to receive bitcoin from Satoshi Nakamoto, the creator of the foremost cryptocurrency. The transaction occurred on January 12, 2009, over thirteen years ago.

As a notable cryptographer and the first-ever recipient of bitcoin, Finney spoke about the risk of double-spending occurring in the network. Finney believed that the double-spending attack could occur if a miner decides to generate a block and incorporate transactions from one address to another address that he owns. This was why the attack was coined the Finney attack. The attack succeeds if the recipient confirms the transaction without cross-checking the blockchain.

When the recipient inadvertently confirms the transaction, the attacker reverts to the original transaction by unveiling the block that contained the first transaction. The network invalidates the second transaction, and the merchant or recipient suffers a loss. They may have offered services or items to the miner in exchange for payment via the second transaction. They lose their money and items to the miner when the block indicates that the second transaction does not exist. Unscrupulous miners employ this strategy to double-spend. Only miners and validators can execute this attack.

Some blockchains and platforms incorporate mechanisms to prevent miners from attempting to double-spend. This may involve slashing the validator’s stake if it is a Proof of Stake network.

For this to work, the miner must be fraudulent, and some networks have put in strategies to reduce the chances of this. Secondly, the recipient must have accepted the transaction without verifying it on the blockchain with an explorer.

The attack is usually difficult to execute because the miner is expected to have a high level of hash power, more or less. This may also be negated if a new block is created before the miner can complete the attack.

It is advisable to wait for a while and check that several confirmations have been made on the network before the merchant sees the transaction validated by the chain. Once a transaction is incorporated into a block, it is considered irreversible and secure.

• 51% attacks

A 51% attack occurs when some miners or validators have access to at least 51% of the network’s hashing power and decide to use it maliciously. This is one of the reasons why many networks prefer decentralization, as it reduces the risks of miners or validators conspiring to instigate fraudulent transactions.

A miner or group of miners with at least 51% hashing power may successfully execute a double-spend assault as they have complete control over the network. Although, this is impossible in most blockchains because the hash rate is high, which makes garnering 51% hashing power a Herculean task.

To double-spend, the miner may have to mine a secret block faster than the network can create a genuine block. When this is done, they try to trick the network into accepting the block as part of the latest set of blocks, after which they incorporate it into the chain. This means that they can spend cryptocurrency and still have it. This is possible if the miner has at least 51% of hashing power.

How to avoid falling victim to double-spend attacks

Regular network users, as well as validators or miners, can carry out double-spend attacks. Usually, the success rate is low. For instance, in a Finney attack, the miner has to try and initiate the attack before a new block is discovered. In the case of a 51% attack, the miner must have at least 51% of hashing power, which is high in most blockchains and impossible to garner.

Race attacks are only successful if a merchant accepts a transaction without confirming that it was verified and incorporated into a block using an explorer.

To avoid falling victim to double-spend attacks, always ensure that a transaction has been verified and confirmed at least six times by the network. Do not rush to accept a transaction without first confirming it. Scammers try to take advantage of this.

Bitcoin Double-Spending Attack Rumour

In January 2021, there was a rumour that a double-spend attack had occurred in Bitcoin, but it was debunked and found to be a lie after investigation. The Head of Research and Development at Coinmetrics, Lucas Nuzzi, analyzed the situation via his Twitter channel.

His Twitter thread stated, “On the 18th, a user broadcast a transaction with very low fees.

When users underpay fees, their transactions get stuck because miners have more profitable opportunities.

Users are left with 2 options:

a) wait until fee levels drop
b) tell miners they will increase fees.”

His thread continued explaining how the miner decided to opt for the second option. “The most popular way to (b) increase fees of an already-broadcast transaction is through a “Replace By Fee (RBF)” transaction.

Simply put, RBF is a copy-and-paste of the original transaction with higher fees and an explicit instruction to favour the new transaction instead.”

The user tried to increase the fee via a RBF, but it was too low, and the miners ignored it. He decided to increase it a second time.

“A couple of hours later, the user decided to bump fees up again via a second RBF!

This time around, the user paid enough fees.”

Two miners chose different versions of the fee that the user had implemented.

“However… by the time the user broadcast the third transaction, fee levels had quieted down, and the chain was split:

-One miner picked the first (low fee) transaction for their version of the chain

-The other miner picked up the third (highest fee RBF transaction).”

The miner with the lower fee won.

“The chain was split for 1 block (again, normal), but ultimately the miner on the branch with the low fee transaction ended up winning.

The important thing to know is that, yes, there might be different versions of the same transaction, but ONLY 1 will ultimately be accepted.”

The event received much attention, with crypto media publishing stories about the alleged double-spending attack.

In Conclusion,

The double-spending problem occurs when a currency unit, be it fiat currency or cryptocurrency, is spent more than once.
A race attack is a situation where the hacker initiates two transactions simultaneously.
Finney attack is an activity only miners can execute because they are involved in verifying transactions and mining blocks.
A 51% attack is a situation where some miners or Validators have access to at least 51% of the hashing power of the network and decide to use it in an unscrupulous manner.

If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, and Instagram.