Bitcoin WikiBlockchain WikiSecurity GuidesSecurity Wiki

What is a double spending attack or double espand?


Double-spend is the case when the same unit of digital assets is spent more than once by fraudulent methods.

In fact, this concern is natural in the digital world; Because digital files can be easily copied and duplicated. Of course, digital currencies are created precisely to address this challenge and use a mechanism that makes it virtually impossible to “copy” them; But there are certain types of hacking attacks through which fraudsters can “reverse” digital currency transactions or “send them to someone else” before a transaction is approved and finalized.

The problem of double spending assets is one of the biggest problems in the world of digital assets. You may be interested to know that the idea of ​​digital currencies existed before Bitcoin. Before Bitcoin, there had been unsuccessful attempts to invent digital currencies, and one of the main reasons for the failure of their developers was the failure to solve the DoubleSpand problem.

Although Bitcoin has largely solved this problem by using Blockchain technology, such attacks are still likely to occur in the Blockchain of Bitcoin and other newer digital currencies. In this article we are going to help an article From the Gemini website encyclopedia, have a comprehensive overview of the issue of re-spending assets in the world of digital currencies and examine the types of this attack.

What are the types of double espand or double spending?

Twice attack

A double-spending attack (as its name implies) means that a certain unit of a digital currency is spent more than once by fraud. We know that digital movies, music and photos can be easily stolen or copied; But it is not possible to “copy” digital currencies because of their clever design.

However, there are certain types of DoubleSpand attacks that scammers and hackers can use to reverse digital currency transactions. Finnish attack، Competitive attack And 51% attack They are among them.

The two attacks mentioned above, the “Finney attack” and the “race attack”, are both subsets of a broader attack called “Unapproved transaction attack” are. If you accept an unconfirmed transaction at your wallet address, you will be vulnerable to both of these attacks.

To better understand the issue of double spending, we will examine all three types of attacks separately.

Also read: How does Bitcoin work and how are its transactions done?

Competitive attack

Competitive attack is simply a “competition” between two transactions that are published at almost the same time. The method of this attack is that a person publishes two transactions simultaneously; In such a way that in the first transaction, the address of the target wallet of the intended recipient and in the second transaction, the other address is registered. Then, before the first transaction is registered on the blockchain, replace it with the second transaction and return the funds to its address.

In December 2019, a video was released that made a lot of noise. This video showed stores that accepted bitcoin as a means of payment and could re-spend bitcoin.

This is done using the Replace-By-Fee feature in some Bitcoin wallets. Fee substitution, or RBF for short, is a relatively controversial upgrade in the Bitcoin protocol.

Also read: Bitcoin fee and transaction verification issue; Everything you need to know

Competitive attack and double spending
Schematic of a competitive attack on the Bitcoin blockchain

In the double-attack attack shown in this video, first one transaction was sent to the seller and immediately after that, the second transaction with a higher commission was sent, this time to the sender’s own address. Due to the fact that a higher fee means that the transaction is prioritized (for network miners), the first transaction was canceled and allowed bitcoin to be re-spent.

In fact, the reason for the success of such attacks was that the sellers accepted the unapproved transactions.

In a similar incident earlier that year, some bitcoin holders in Canada were able to cash in on their bitcoins; Without really spending or losing them. They seem to be sending bitcoins to bitcoin ATMs and canceling the transaction (which has not yet been verified on the network) after receiving cash from the ATM.

Of course, this was due to ATM bugs; But as a general conclusion to such events, keep in mind that any transaction sent over the Bitcoin network is not necessarily definitive and can be canceled for a variety of reasons.

You know that digital currencies like Bitcoin are based on blockchain, and their transactions need to be validated and validated by network nodes to be finalized. Therefore:

Never accept unapproved transactions. Just as if someone transfers money to you via Internet Banking, you do not trust their online receipt and you must wait to receive the SMS deposit to your card, here you should not trust the initial transaction receipt; Instead, you should wait to receive the transaction receipt (TxID) in your wallet and make sure the transaction is completed in the Blockchain.

When the transaction sent to your address is confirmed on the Blockchain, the hash or transaction ID (TXID) is displayed in your wallet. It is best to use this identifier in blockchain-like explorers blockchair.com Search and check the status of its verifications.

We suggest that you wait at least 6 approvals for bitcoin transactions with high amounts and do not finalize transactions with a lower number of approvals.

Also read: Tutorial for canceling and replacing an unapproved Ethereum transaction

Finnish attack

Unlike competitive attacks, finney attacks are relatively technical and difficult attacks that only miners can perform. Miner pre-extracts a transfer transaction from one wallet to another in a block. It then uses the first wallet to perform the second transaction and spreads the pre-extracted block, which contains the first transaction, over the network.

To better understand this attack, follow the steps in the image below.

Finn attack (double spending)
Finnish attack; One of the types of double-walled attacks on the Bitcoin network

This requires a very specific sequence, and of course there is no evidence that such an attack has ever taken place. This type of attack is named after its discoverer, Hal Finney. Hal Finney is the first person in history to receive the first bitcoins from Satoshi Nakamoto.

Also read: The life story of Hal Finney, the first Bitcoin acceptor, in his own words

51% attack

For many digital currency activists, the 51% attack is the most worrying double spending attack. If a group can take control of more than 50 percent of the bitcoin network hash power, it can organize the bitcoin blockchain as it pleases as long as it has that power.

If the group reorganizes the Blockchainchain, it can re-spend any amount of bitcoins it wants. Note that a 51% attack does not mean access to all network bitcoins; In this attack, the saboteur can only re-spend his spent bitcoins.

Attack 51%

So far, there is no evidence of a 51% attack on the Bitcoin network, due to the very high hash (hash power) of the Bitcoin network; That is, the cost and coordination required to take control of this amount of hash power is so great that it ultimately leaves no financial incentive to do so.

The very high hash power of Bitcoin makes the Bitcoin network the longest secure decentralized protocol in the world. Based on mathematical calculations and probability laws, it seems that after the two initial approvals that each block receives, extracting subsequent blocks is much more costly than attempting to carry out such an attack.

Even if one does not take into account any of these economic considerations and wants to destroy the Bitcoin network at any cost with a 51% attack, one will not be able to do so due to the enormous resources required to do so.

Also read: What is a 51% attack on the Blockchain? + Video

Has the 51% attack been successful so far?

Although there has been no successful 51% attack on Bitcoin and Ethereum so far, several other digital currencies have fallen victim to this type of attack, including Bitcoin and Ethereum forks.

Ethereum Classic was the target of 51% in 2019 and 2020; Bitcoin Gold was also attacked in 2018 and 2020. In 2021, Satoshi Vision (BSV) bitcoin network was finally attacked by 51%.

The reason these attacks were possible was that these forks were usually mined in the same way as Bitcoin and Ethereum; But their network hash power is much lower. Thus, a large and destructive miner can suddenly and secretly change the settings of their mining devices from Bitcoin or Ethereum to another digital currency that has much less hash power, and attack 51%.

Such an attack is possible because the attacker hash miner power may not be very high compared to the Bitcoin network, but compared to the hash power of other networks, it is enough to allow the attack. Some platforms have increased the number of verifications required for a transaction to prevent such attacks. This makes the 51% attack more difficult.

Also read: 51% attack on Satoshi Vision Bitcoin network; What happened to BSV?

How does a 51% attack work?

Attackers target money changers in order to make their attacks more profitable. To do this, they first send a large amount of digital currency to an exchange; They then exchange those currencies for another digital currency and transfer the new currency to an address outside the exchange that they own.

When this process is complete, they reorganize the Blockchain using this attack (reOrg) and clear the block containing their first transaction, which has now become an “orphan” block. By doing so, they will retain both the digital currencies they sent to the exchange from the beginning and the new currencies they received.

Never accept unapproved transactions and always use reputable exchanges

Double-spending attacks may never go away; But any attack on the Bitcoin network or other digital currencies increases their resistance to such risks.

In general, if you are careful about the transactions you receive and do not accept transactions until you have received the funds in your wallet, you can be sure that you will never be the target of a financial or competitive attack.

About 51% of attacks, some experts say that in order not to fall victim to these attacks, you should only work with digital currencies in which network power is completely decentralized and distributed. In the case of work-based networks, the more secure the network, the more secure it is. In the case of stock-based networks, the larger the currency market, the greater the 51% security against attacks.

Many experts also believe that you can use any digital currency as long as your investment is not very high and in the millions of dollars; Because in these attacks, only large addresses and exchanges are targeted.

As we have explained many times, an exchange is only a place of exchange and is not suitable for storing assets; But if you really want to store a significant amount of digital currency in an exchange, make sure that the exchange in question is trustworthy and preferably insured against such damages.

.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button