In every economic system, preventing money from being manipulated is a common goal. Whether it is imitation gold, counterfeit banknotes, or copied digital currencies, the exploitation problem or counterfeiting of currencies for personal financial gain is possible.
Let’s look at Double-spending, a security issue in digital currencies.
What Is Double-Spending?
Double-spending occurs when a single currency is spent multiple times at the same time, which creates a disparity between the spending record and the amount of currency available. Let’s go through an example to better understand the problem. If Person X has $100 in his account and wants to send $30 to Person Y through a digital network:
- Scenario 1: If the network works as it should, the Double-spending problem will be avoided. After the transfer, Person X will have $70 in his account, and Person Y will have an extra $30 in his account.
- Scenario 2: If the network is not working properly, Person X will spend the same money twice. Person X would still have $100 left in his account after the transfer, and Person Y would still have an extra $30 in his account.
If Scenario 2 occurs, Person X will manage to create money out of thin air and mislead the network due to the Double-spending problem. If adequate measures are not taken against the possibility of Double-spending, the reputation of the protocol will be damaged. Because if it is not known whether digital assets are spent more than once, the value of the asset will also be affected. Therefore, it is vital to technologically eliminate the risk.
Bitcoin and Double-Spending
One of the most significant innovations that Satoshi Nakamoto introduced with his Bitcoin whitepaper was the data structure he put forward for the Double-spending issue, namely blockchain. Transactions are added to the chain with the confirmation given by miners in networks, which work with the Proof of Work consensus mechanism, such as Bitcoin. Each Bitcoin transaction is signed with a unique “hash code” during the confirmation process and included in transfers within a block. If the same operation is attempted again, nodes will determine that the transaction is fraudulent.
Normally, Double-spending on the Bitcoin network is almost impossible if the system works as expected.
Possible Reasons for Double-Spending
As we have mentioned, Double-spending is almost impossible if the protocol runs as expected. However, it is a potential danger, albeit rare, in blockchain.
Race Attack, Finney Attack, and 51% Attack are among the methods used by attackers to make Double-spending.
Race Attack: It is a Double-spending attack, in which two subsequent transactions are made rapidly and only one is confirmed. The goal is to purchase something with an unapproved transaction and then invalidate it before it is approved. That is only possible when the buyer or seller accepts an unconfirmed transaction. When a recipient accepts a payment without sufficient block confirmations, a Race Attack occurs. To perform a Race Attack, the sender sends two transactions simultaneously. The first transaction goes to the recipient’s Public Address, and the second one goes to another Public Address owned by the sender. If the miners on the network confirm the second transaction, the first one will become invalid. So, the receiver will not receive any payment from the sender. A Race Attack is a potential security issue, mainly for in-store transactions (for example, in cafés and restaurants) or other scenarios where transactions need to be processed rapidly. A Race Attack is not a practical threat in most online transactions or scenarios where the recipient may wait for a few block confirmations. Additionally, blockchains that process transactions faster have a better chance of evading Race Attacks.
Finney Attack: The Finney Attack, which may only be carried out by a miner, was named after Hal Finney, who received the first Bitcoin transfer from Satoshi Nakamoto. Like a Race Attack, a Finney Attack occurs when a recipient accepts a payment before receiving enough block confirmations. To perform a Finney Attack, a miner with significant resources or a large mining pool must first create a block. The miner transfers a transaction to this block in which he sends himself cryptocurrency but does not broadcast this block. He then adds the transaction, which is the payment to the recipient, to another already mined block. After the recipient accepts the payment and provides the service, the miner broadcasts his own block, and the transaction that has sent the cryptocurrencies included in this block invalidates the unconfirmed payment made to the recipient.
%51 Attack: It is an attack in which an individual or a group controls more than 50% of a network’s hash rate. The individual or group may prevent new transactions from taking place or being confirmed, or may reverse the status of transactions already confirmed on the network. The situation may result in the formation of two versions of the blockchain on the network, in other words, a Hard Fork. One is the public version of the blockchain tracked by legitimate miners, and the second is the blockchain that the person or group performing the attack does not make available to the rest of the network.
Therefore, cryptocurrencies with lower hash rates are more likely to be the target of a 51% attack. These attacks are more difficult and costly on projects that require high hash rates. A website called Crypto51 shows how much a 51% attack would cost on an hourly basis if it were carried out on various cryptocurrencies. The table below highlights the risks of cryptocurrencies with lower hash rates.
Source: Crypto51
As seen above, if a 51% attack were made to Bitcoin, the attackers would lose $1.488.928 on an hourly basis. In Ethereum, the attackers would lose $1.627.395 per hour. The amount would be lower on cryptocurrencies with lower hash rates.
Most major cryptocurrencies have sufficient mining capacity behind them, making it extremely costly to obtain the necessary hardware to carry out such an attack. Minor cryptocurrencies have lower hash rates that secures the network.
How to Avoid Double-Spending?
While most of the core technologies in projects have remained the same as Bitcoin, other networks have adopted new approaches in their consensus and continued to develop the crypto ecosystem in this regard. Blockchains that work with the Proof of Stake and the Delegated Proof of Stake (DPoS) consensus have become viable alternatives and have enabled improvements to solve problems such as Double-spending and improve the overall security of networks.
