Double-spend attack (blockchain) – Wiki

Double-spending is a problem unique to digital currencies in which a malicious actor attempts to spend the funds in their wallet and then exclude the outgoing transaction from the blockchain, enabling them to retain ownership of the funds that they spent.

There are a couple of ways that an attacker can try to double-spend their coins. One is to send a fake transaction log to a merchant who would then validate an invalid transaction based on fraudulent data. The most prominent risk of double-spending is a 51% attack, which means that the malicious actor attempts to control a majority of the network’s mining power in order to mine the longest chain, allowing them to exclude their initial transaction from the blockchain.

The creator of Bitcoin, Satoshi Nakamoto, mentions double-spending several times in the Bitcoin whitepaper. Nakamoto describes the Bitcoin blockchain as a solution to the double-spending problem as a “peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions.” He goes on to say, “the system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.”

Honest nodes are nodes which validate transactions according to the protocol rules. One of the critical rules in terms of double-spend attacks is that the first transaction involving specific coins moving from a specific address is valid, while all subsequent transactions attempting to move the same coins from that address are invalid.

History of Double-Spend Attacks

Double-spends are a possible attack vector against every decentralized blockchain-based cryptocurrency.

There has not been a successful large-scale double-spend attack against Bitcoin to date, but there have been reports of some smaller-scale successes. One double-spend was reported by the spender himself in a bitcointalk thread in 2013, in which the user was able to double-spend $9800 worth of Bitcoin through a payment service provider called OKPAY. However, he did not have malicious intent and returned the funds to the OKPAY.

In May 2018, an unknown party with access to substantial amounts of hashpower was able to 51% attack Bitcoin Gold in order to pull of successful double-spend attacks against exchanges, worth approximately $17.5 million in total.

Another cyrptocurrency, ZenCash, was the target of a successful 51% attack with multiple double-spend transactions in June 2018.