In cryptocurrency, double-spending is a vulnerability that allows hackers to alter a blockchain network and use the same digital token for different transactions. This issue can snowball into a major setback for the digital asset for two major reasons:
- It creates a discrepancy between the spending records and available amounts of the transacted currency.
- It affects the distribution of the currency and causes dilution of the asset.
Examples/types of double-spending attacks include race attacks, 51% attacks, and the Finney attack. A race attack is when the attacker initiates two transactions using the same digital asset, but intending for only one to get confirmed. For example, they can initiate a payment to merchant A while broadcasting the same amount to merchant B. If the latter transaction succeeds first, merchant A will not receive the payment.
A 51% attack happens when hackers or criminals obtain the majority of control over a blockchain. This allows the attackers to verify or deny any transactions, regardless of their legitimacy. They also have the power to modify the arrangement of blocks, allowing double-spending events to slip through. This is mainly targeted at smaller networks, as opposed to large blockchains like Bitcoin or Ethereum.
The Finney attack, named after one of the earliest adopters of Bitcoin, Hal Finney, is targeted at merchants who do not wait for transactions to be confirmed. Finney describes this as a situation where a miner can generate a block that includes a transaction from address A to address B, both of which are owned by the attacker.
Then, the attacker will make another transaction from address A to address C (which belongs to a merchant). If the merchant accepts the exchange of goods or services without confirmation from the network, the attacker can release the block with the initial transaction. This invalidates the transaction made to the merchant.