Double spending problem. Validating a transaction twice.

Gepubliceerd op 7 november 2021 om 11:57

Double spending is a possible error in a digital currency. This involves issuing a digital currency more than once. This would be possible because a cryptocurrency consists of a digital file that can be duplicated. This causes a false file to be sent or created. 

In this blog, I will discuss the double spending problem.

What is double spending?

When a blockchain is vulnerable to a Double Spend Attack, users can use a crypto currency multiple times. In this way, someone can therefore spend something that they are not really supposed to own anymore. In this case, the transaction has already been validated by the network, but the user is still able to have the crypto currency validated by the network one more time (one transaction validated twice).

The big danger of a Double Spend Attack is that it can lead to inflation. This is because there is much less value in a crypto currency when it can be used more often.

How can someone perform a Double Spend Attack?

Performing a Double Spend Attack is not easy, but if you have the know-how, not difficult at all. First, the blockchain will have to be vulnerable to such an attack. This is the case when transactions are validated at the same time.

Imagine that I hold 1 BTC and send it to you in a transaction. Subsequently, I also send 1 BTC to a friend of mine. Both transactions are submitted to the network, and continue to wait until they are validated by the nodes in the network. The network will check if I have enough BTC in my possession to make the transaction. If this is not the case, the transaction will be rejected. The moment both transactions are validated at the same time, the network will not see that I actually had just only 1 BTC.

When the network is not vulnerable to such an attack, transactions are verified one by one. In this way, the transaction I made to you is validated, and the transaction I made to my friend is rejected. This is because I have no BTC left after I sent my coins to you.

Types of Double Spending

There are different types of Double Spend Attacks. Each type has its own way of executing the attack. The main three attacks are the Finney Attack, Race Attack and 51% Attack.

Finney Attack

In a Finney Attack, the attacker is a miner in the blockchain network. The moment the attacker (i.e. the miner) makes a transaction, he makes sure that he can mine his own transaction. When he has accomplished this, however, he does not yet send the transaction to the blockchain network yet.

Then he uses exactly the same coin in a second transaction. Again, he makes sure that he can mine this transaction, after which he sends both transactions into the network. In this way, he can validate one cryptocurrency transaction multiple times.

Race attack

The second type is the Race Attack. In a Race Attack, two transactions are also sent at the same time to the network, only the attacker is not a miner. The attacker sends BTC to a victim, who will accept the transaction. For example, think of a web shop selling shoes (the victim sends the attacker a pair of shoes). Then, at the same time, the attacker sends exactly the same coins in a transaction to the network. The network will not accept this transaction. But not only the second transaction will be rejected, also the first transaction will no longer be approved in this case. And this while the attacker has already received his product. So in this case the web shop has become the victim, because they will not receive payment. The attacker uses the double spend problem to make sure the victim is not paid because the network rejects double spending.  

51% attack

The best known type of Double Spend Attacks is the 51% Attack. This attack is only possible when a blockchain uses the Proof of Work consensus protocol. The consensus protocol is the technology that allows transactions to be validated by the blockchain network.

A transaction is only approved when at least 51% of the network supports the transaction. Does only 50% of the network want to approve the transaction? Then the transaction will unfortunately not happen.

At first glance this seems like a safe way of verifying transactions, but it can also have its downsides. In many blockchains, miners work together in so-called miner pools. In this way they join forces to be the first to approve transactions. This is precisely where the danger lies.

When such a miner pool owns more than 51% of the network, they are in the majority. This means that they can also approve transactions, which really should not have been approved at all. This way they can also issue cryptocurrencies multiple times, and then approve them again and again. They can also modify historical data in the blockchain.

This kind of attack takes an incredible amount of energy, as an attacker needs a lot of machines to hold at least 51% of the network. But as mentioned, it can also be done by means of miner pools. It takes an identical amount of energy (51% of the network energy) for such an attack to succeed.


the blockchain prevents double spending by timestamping groups of transactions and then sending them out to all nodes in the bitcoin network. Since transactions are timestamped on the blockchain and mathematically related to the previous one (via hashing), they are irreversible and impossible to tamper with. Timestamping is an important element in preventing double spending attacks.

This timestamp proves that all the data in the hash cannot have been created after the hash was published. Since each timestamp incorporates the previous timestamp into its hash, this forms an immutable (unchanging) record of the order in which transactions occurred. Each timestamp reinforces that before it.

How to prevent double spending

One such way is to use a reliable exchange. These often work with good software, which immediately checks for Double Spending. It can check whether a transaction is valid or not. It also prevents a cryptocurrency, such as Bitcoin, from being issued more than once.

Overall, Double Spend is not something you need to worry about, but keep it in mind when you want to start trading with small, unknown cryptocurrencies. These may not all have the same form of security that other more established cryptocurrency have. 

With a new blockchain (of a new cryptocurrency project), the chance of a Double Spend Attack is a lot bigger. You could take this into account when deciding to invest in a relatively new blockchain, for example by first doing proper research into the security of the blockchain.

Do I have to worry?

Almost every blockchain is protected against the above mentioned attacks. Therefore, with the large and well-known crypto currencies (like top 100-150 cryptocurrencies), you don't have to worry about Double Spend Attacks. However, there are plenty of people who feel that Bitcoin is not secure enough because there is a (small) chance that they will one day fall victim to a 51% Attack.

Verifying Bitcoin transactions takes a lot of time because the process involves intense mathematical work and complex algorithms that require a lot of computing power. Therefore, it is extremely difficult to duplicate or falsify the blockchain because of the huge amount of computing power that would be required to do so. It is practically impossible (but not necessarily impossible for smaller blockchains) to carry out a double spending attack.

A cryptocurrency that cannot combat double-spending will suffer first from inflation and then from a lack of trust. This inevitably leads to a worthless network. No one wants that. 

Key takeaway

Most bitcoin thefts did not involve double spending, but rather users storing bitcoins without appropriate security measures. Lesson 101 in crypto: always store your crypto safely in a wallet!

BTC address: bc1q3nnm8m2vrsv8med8a38dl37g8l3mm4wa7ph7wj 

ETH address: 0x38b84E2D3B50F83A067A7488C1733180651f418A

Reactie plaatsen


Er zijn geen reacties geplaatst.