Understanding Double-Spending and How to Prevent Attacks

What Is Double-Spending?

Double-spending is the risk that a cryptocurrency can be used twice or more. Transaction information within a blockchain can be altered if specific conditions are met. The conditions allow modified blocks to enter the blockchain; if this happens, the person that initiated the alteration can reclaim spent coins.

Key Takeaways

  • Double-spending occurs when someone alters a blockchain network and inserts a special one that allows them to reacquire a cryptocurrency.
  • Double-spending can happen, but it is more likely that a cryptocurrency is stolen from a wallet that wasn't adequately protected and secured.
  • Many variations of attacks could be used for double-spending—51% is one of the most commonly cited attacks, while the unconfirmed transaction attack is most commonly seen.

Understanding Double Spending

To understand double-spending, it helps to review how the blockchain works first. When a block is created, it receives a hash—or encrypted number—that includes a timestamp, information from the previous block, and transaction data. This information is encrypted using a security protocol like the SHA-256 algorithm used by Bitcoin.

Once that block's information is verified by miners (in proof-of-work consensus), it is closed, and a new one is created with the timestamp, transaction information, and previous block's hash. A Bitcoin is awarded to the miner whose machine verified the hash.

For someone to double spend, a secret block has to be mined that outpaces the creation of the real blockchain. They would then need to introduce that chain to the network before it caught up—if this happened, then the network would recognize it as the latest set of blocks and add it to the chain. The person that did this could then give themselves back any cryptocurrency they had spent and use it again.

Preventing Double Spending

Double spending remains a risk; however, it is minimized by the blockchain. The likelihood of a secret block being inserted into the blockchain is very slim because it has to be accepted and verified by the network of miners.

The only chance a miner with illicit intentions has of inserting an altered block is to attempt to get another user to accept a transaction using their secret block and cryptocurrency. Even then, the likelihood that the modified block will be accepted is very slim. The blockchain and consensus mechanism move so quickly that the modified block would be outdated before it was accepted. Even if it was accepted, the network would still have passed up the information in the block and would reject it.

There isn't actually any recorded instance of double-spending. The cryptocurrency community believes that all double-spending has been thwarted. However, the attacks used for double-spending are more often used for other purposes.

Cryptocurrency transactions take some time to verify because the process involves randomly selecting numbers to solve the complex hash—this also takes up a great deal of computational power. It is, therefore, exceedingly difficult to duplicate or falsify the blockchain because of the immense amount of computing power needed to stay ahead of all of the other miners on the network.

Double Spending Attacks

The most significant risk for blockchains comes in the form of a 51% attack, which can occur if a miner controls more than 50% of the computing power that validates the transactions, creates blocks, and awards cryptocurrency.

If this user—or users—controls a majority of the hashing in the blockchain, they will be able to dictate transaction consensus and control the award of currency. In more popular cryptocurrencies such as Bitcoin, this is very unlikely due to the number of miners and hashing difficulty it has reached; however, new or forked cryptocurrencies with smaller networks are susceptible to this attack.

Most commonly, the unconfirmed transaction attack is used to fool cryptocurrency users. If you see one of these transactions, you shouldn't accept it because it can cause an attempted double-spend attack.

Did Double-Spending Happen?

There have been occasions where double-spending attempts have been reported and stopped. The attacks where it could happen generally lead to theft rather than double-spending.

Can You Copy a Bitcoin?

You cannot copy a Bitcoin because the blockchain and consensus mechanism would not accept it.

What Are Examples of Double Spending Attacks?

Several variations of attacks could allow miners with bad intentions to double spend. Included are the Finney attack, race attack, 51% attack, career attack, and unconfirmed transaction attacks.

Investing in cryptocurrencies and other Initial Coin Offerings (“ICOs”) is highly risky and speculative, and this article is not a recommendation by Investopedia or the writer to invest in cryptocurrencies or other ICOs. Since each individual's situation is unique, a qualified professional should always be consulted before making any financial decisions. Investopedia makes no representations or warranties as to the accuracy or timeliness of the information contained herein.

Take the Next Step to Invest
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.