What Is Double-Spending?
Learn about double-spending, how the blockchain can protect you from double-spending attacks, and why Bitcoin has been mainly immune to this type of attack.
Updated June 24, 2021 • 3 min read
Double-spending is simply the process of making two payments with the same currency or funds in order to deceive the recipient of those funds. With physical currency, this really isn’t possible. You can’t give two people the same $20 bill or silver coin. With most online payments, you trust a third party to make sure funds are sent and received properly. Banks, credit card companies, and payment processors validate the transactions themselves and minimize the risk of double-spending. With cryptocurrency, however, there’s no third-party intermediary — just the sender and the recipient. How can crypto holders protect themselves against double-spending? The answer is on the blockchain.
Bitcoin and Double-Spending
The Bitcoin blockchain is a public ledger of transactions that’s secured by miners who receive mining rewards as an incentive to protect the blockchain. When you initially make a transaction, it’s an unconfirmed, or pending, transaction waiting to be included in a block. New blocks are added to the Bitcoin blockchain approximately every 10 minutes.
Once an unconfirmed transaction is included in a block, it’s been “written” to the blockchain’s public ledger and is now a “confirmed” transaction. A confirmed transaction is assigned to the recipient and is verified by the network through specialized cryptographic proofs, meaning it can’t be double-spent, or “copied.” You don’t need permission from anyone to send the transaction; all you need is a cryptocurrency wallet and an internet connection.
With a market capitalization of nearly $750 billion U.S. dollars in January 2021, there’s a big incentive to double-spend bitcoin. Double-spending would seriously damage the network and remove one of its most important features: trustless, immutable, and decentralized transactions. Thanks to Bitcoin’s robust design, double-spending confirmed transactions is all but impossible.
Types of Double-Spending Attacks
In a race attack, the hacker sends two transactions in quick succession and only one is later confirmed on the blockchain. The goal is to purchase something with the unconfirmed transaction and then invalidate it before it’s confirmed. This is possible only if the recipient or merchant accepts an unconfirmed transaction.
Only miners can perform Finney attacks. The miner pre-mines a transaction into a block from one wallet to another. Then, they use the first wallet to make a second transaction and broadcast the pre-mined block, which includes the first transaction. This requires a very specific sequence to work. Like a race attack, a Finney attack is possible only if the recipient accepts an unconfirmed transaction.
A 51% attack occurs when a group or individual controls more than 50% of a network’s hashing power in order to alter a blockchain. With this control, the hacker(s) can launch a double-spend attack. However, because of Bitcoin’s enormous hash rate, this scenario is highly improbable on the Bitcoin protocol.
While Bitcoin has mostly been immune to these attacks, other cryptocurrencies with less hashing power have been double-spent via 51% attacks. Because 51% attacks are very expensive to pull off, they’ve mainly targeted large exchanges with sizable holdings. The attackers need to successfully double-spend more than the cost of the attack in order to make a profit.
Should You Be Concerned About Double-Spending Attacks?
As long as you don’t accept unconfirmed transactions, you shouldn’t need to worry about double-spending attacks. Most wallets and exchanges will label transactions that haven’t been confirmed as “unconfirmed.” In addition, the longer you wait, the more secure the transaction is. Having more than a few blocks written to the Bitcoin blockchain in front of the block with your transaction makes the chance of a reversal very small.
The recommended wait time depends on the amount sent and what blockchain you’re using. For Bitcoin payments of less than $1,000, one confirmation is widely considered safe. For payments up to $10,000, three confirmations is standard practice. Many recommend six confirmations for very large transactions. On the Bitcoin network, confirmations happen for every block approximately once every 10 minutes. Some blockchain networks have much shorter block confirmation times, ranging from seconds to a few minutes.
Double-spending attacks have been studied and discussed extensively in the blockchain community. As long as you don’t accept unconfirmed transactions, you can accept Bitcoin payments confident that the chance of a double-spending attack is quite small.
Cryptopedia does not guarantee the reliability of the Site content and shall not be held liable for any errors, omissions, or inaccuracies. The opinions and views expressed in any Cryptopedia article are solely those of the author(s) and do not reflect the opinions of Gemini or its management. The information provided on the Site is for informational purposes only, and it does not constitute an endorsement of any of the products and services discussed or investment, financial, or trading advice. A qualified professional should be consulted prior to making financial decisions. Please visit our Cryptopedia Site Policy to learn more.
Is this article helpful?