Double spending is the main problem that the Proof-of-Work algorithm solves. Thanks to the fact that it was possible to eliminate double spending, Bitcoin appeared.
Bitcoin network is protected against double spending
Blockchain is a continuous chain. It is impossible to slip false data into it or overwrite past events.
By using hashing, the Bitcoin network ensures that a new block is produced from the previous block (similar to DNA in a relative and a descendant).
If some miner wants to approve his/her version of the block, while everyone else agreed on a different version, he/she can do it, but will be disappointed in two ways:
- The miner will lose BTC from the block reward, the electricity will be wasted (the reward he/she received will remain, but in the abandoned branch, with which no one agrees; and in the real branch another block will be approved, and the reward will go to an honest miner).
- He/she still cannot perpetuate an individual transaction and desynchronize the blockchain in this way, because there is only 1 real branch of the Bitcoin network with which all converge.
Why this attack is still possible
Blockchain can only be attacked in a short period of time (usually less than 1 hour). And it will not affect in any way those who didn’t make transactions during the period of consensus loss.
This has been tested in practice by the so-called 51% attack.
It is impossible to take over the Bitcoin blockchain and do whatever you want there. You would need billions of dollars of processing power to do that. Due to the openness of the network, the forgery will be detected and the rate will drop so much that the purchase of equipment will not cover the potential benefit of the hack.
On the theoretical example from this picture, we see how a group of malicious miners over the course of 5 blocks was able to approve false blocks (which in the case of the Bitcoin network requires incredible luck and is simply impossible, or mind-bogglingly expensive).
During this period it was possible, for example, to send your Bitcoins to the exchange, which requires from 1 to 5 confirmations of the network, sell them and get other coins or fiat money.
Then, when the attack window closes, the block series will be marked as abandoned, and most miners will continue to mine the real, honest branch.
For the hacker, it would come out that he had 1 BTC, put them on the exchange, sold them, and then when the network restored consensus, he had 1 BTC left in the original network, but managed to sell fake 1 BTC. Hence the name of the attack - double spending.
Historical examples of double spending
Although many sources claim that there have been no successful double-spending attacks on the Bitcoin network, there have been some.
On March 12, 2013, a BitcoinTalk forum user macbook-air sent about 211 BTC → as a deposit to the address of the OKPAY payment system. He then discovered that the old version of the Bitcoin client (before 0.8) did not validate this transaction and repeated it with an API command. As a result, it was also included in block 225446.
In time, of course, the network stopped on the real branch: one of the transactions was rejected and got into an abandoned block. But this time was enough for the OKPAY system mistakenly credited both deposits to the macbook-air.
The problem was that some clients upgraded to 0.8, while others stayed on the outdated one. As a result, the miners and the user themselves, even without being malicious, implemented a double spending attack on the service. The developers have taken this into account and have additionally warned the services not to accept transactions immediately after 1 confirmation, and even more so when there were no confirmations at all.
The Ethereum Classic network (you can learn more about it by clicking here) was attacked three times in 2020 using the NiceHash service's computing power lease.
In July-August 2020, the ETC hash rate dropped significantly, and the attacker took advantage of this. By renting a GPU with a hash rate of over 51% of the entire Ethereum Classic network, managed to create double spending of over 1 million ETC or $9 million at the time.
The cost of renting the hashrate was not insignificant, and amounted to hundreds of thousands of dollars.
The final profit is unknown, because many exchanges blacklisted the addresses, and the hacker had to quickly sell the cloned ETCs.
On June 3, 2018, with computing power that exceeded the network average, the attacker created several blocks and gained by double-spending 23 000 ZEN, defrauding the exchange's deposit system (approximately $600,000 at the time).
How to defend against a double spending attack
Even if you don't intend anything bad, the block with double-spending will be canceled by the network, and your transaction may end up in it. So the need to wait for as many confirmations as possible applies to all members of the network.
If you send or receive a large amount, be sure to wait for 3-7 confirmations on the Bitcoin network or 250 on the Ethereum network (about 1 hour from the first confirmation).
Remember that double spending is a short-term event, and it is impossible to seriously damage the blockchain or access someone else's funds with it. Even with the power of 100% of all mining devices in the world, there is no way to crack your private keys. The hacker makes a “double spend” using his/her own coins.