A double-spending attack is the successful use of the same funds twice. Bitcoin is protected against a double-spending attack thanks to each transaction which is added to the block chain being verified, and the majority of funds contained in this transaction cannot have been previously spent.
Other numerical systems inhibit double-spending attacks with the help of the authorized master source which follows certain trade rules for authorizing each transaction. In the case of Bitcoin, it uses a decentralized system where a large number of nodes following the same rules confirm the transaction without a central control node.
Bitcoin is vulnerable to double-spending attacks during the initial period where a transaction is located on the network. The more transaction confirmations there are, the less risk there is that it will be used for fraud.
Types of attacks
If the transaction has no confirmations, shops and services which accept payment can be exposed to a so-called ‘race attack’. For example, two transactions are created from the same funds and are then sent to different shops/services. In this case, only one of those shops will receive the funds – a transaction from this shop will appear first in the block chain.
Shops can take numerous precautions to reduce this type of attack but it is always good to remember should you accept transactions without any confirmation.
Another type of attack. Shops or services which accept transactions without any confirmation are affected. “Finney Attack” is an attack which requires the participation of the mining expert to add repeated transactions to the block. The risk of such an attack cannot be reduced to nothing regardless of the preventative measures taken by shops or services, but it does require the participation of a mining expert and an ideal combination of contributing factors. It costs a lot of money and is no mean feat. Just as with the other type of attack, the shop or service must seriously consider its politics concerning transactions without any confirmation.
Also called an “attack with confirmation”. This is a combination of the 2 aforementioned attacks which gives the perpetrator the ability to spend funds twice simply with a confirmation.
Brute Force Attack
This attack is possible even if the shop or service is expecting several transaction confirmations. It requires the attacker to be in possession of relatively high-performance hardware (hash frequency).
The perpetrator sends a transaction to the shop paying for a product/service and at the same time continues looking for a connection in the block chain (block chain fork) which recognizes this transaction. After a certain number of confirmations, the shop sends the product. If the perpetrator has found more than n blocks at this point, he breaks his block chain fork and regains his money, but if the perpetrator has not succeeded in doing this, the attack can be deemed a failure and the funds are sent to the shop, as should be the case.
The success of this attack depends on the speed (hash frequency) of the attacker and the number of confirmations for the shop/service. For example, if the attacker possesses 10% of the calculation power of the Bitcoin network and the shop expects 6 confirmations for a successful transaction, the probability of success of such an attack will be 0.1%.
If the perpetrator controls more than 50% of the Bitcoin network power, the probability of success of the aforementioned attack will be 100%. By virtue of the fact that the perpetrator can generate blocks more often than the other part of the network, he can create his own block chain until it becomes longer than the “integral” part of the network.