Topic: Explain double spend attacks to me in simple terms (Read 364 times)

It depends on the target machine, whether it accepts 0-confirmation or not. Try to read the long @Heisenberg_Hunter's post above. To be able to double spend his money, an attacker could perform the techniques mentioned above (theoretically).

The "foolish ATM" (or foolish person, web site, etc) is the perfect example, here the "thief" is actually the owner of the bitcoins and not a third party:

Open the same wallet on two different devices:

• On the first device send the coins to the ATM to have it give you fiat / whatever immediately without waiting for blockchain confirmation.
• On the second device, send the same bitcoins using a higher transaction fee to a different address (which could be the same wallet).

There you go, you doubled your money by stealing the ATM. The transaction from the second device will enter first in the blockchain, and the transaction from the first device will be discarded.

And this is why people designing commerce software have to wait for confirmations, even if that means the customer has to wait 10 minutes or more. The alternative is KYC to prosecute you (hoping you didn't flee the country...)

The 51% attack occurs on a network wide level instead, its a hostile attempt to take control of the blockchain by seizing 51% of the mining hash rate. This is incredibly expensive to attempt nowadays, especially to the largest crypto currency bitcoin.

From my understandings before, double spending is only possible if that someone has equal or more than 51% of the total mining power of the network? So because of that, they get to make transactions according to their will by simply spending the digital coin twice.

What Does Double Spending Mean?

Let’s consider this example:

You go to Starbucks and order a cappuccino worth $10. You pay in cash. Now that $10 in cash is in the cash vault of Starbucks. By all means, you simply cannot spend the same $10 somewhere else to make another purchase.

Unless you steal it…!!!

As you paid with your $10 bill, the service provider at Starbucks instantly confirmed that you have paid, and you received your coffee in exchange for the money.

But Bitcoin is digital money, not physical cash. Hence, Bitcoin transactions have a possibility of being copied and rebroadcasted. This opens up the possibility that the same BTC could be spent twice by its owner.

How?

In our Starbucks example, you paid cash, so the payment was confirmed and verified instantly by another human. But with digital currency like BTC, if this verification mechanism is missing, it can lead to double spending.

Anyone can just copy that digital money and pay somewhere else.

And here is where the unique invention lies…

Bitcoin, although being a digital currency, solves the problem of being copied and getting spent twice.

CMIIW, I read about this issue months ago (forgot the article). From what I recall, the attacker could create two different transactions, for example, tx-A with a lower fee and tx-B with a higher fee.

tx-A then broadcasted to the nodes used by ATM, and then immediately tx-B broadcasted to the rest of the nodes (not connected to the ATM). Thus, tx-B will be mined, meanwhile, tx-A is dropped.

Assumed that the ATM accepts 0-conf, the attacker has already gone with the cash before the ATM realize such attack.

All, thank you very much for the replies.

@Heisenberg_Hunter and @theymos your explanations were the easiest to understand.


What several steps would the thief undertake? Pay a higher transaction fee to ensure his transaction gets mined first?


Yes, I would love to read them. Where can I get the link? If you have a post on the various type of scams you mentioned. I would love to read them too.

Thanks all!

A 51% attack is used to double spend. A 51% attacks is carried out by a miner that has control over 50% of the hash power of that particular blockchain's network. A 51% attack can be considered as creating a counterfeit money (coin) from thin air and can only be done by miners

Meanwhile a double spend attack can be carried out by the average cryptocurrency users. It simple means spending a coin twice due to merchant accepting cryptocurrency transactions with 0 unconfirmed status.

Note: A 51% attack is a double spend attack that has to do with mining while double spend is just spending a particular coins twice.

In order to get a general insight on what does double spending mean, you need to first understand how Inputs and Outputs work in Bitcoin. Those are the important aspects considered while double spending an already spent output. In simple terms, a double spending is creating an alreadey spent money and spending them for another time. Breaking down further, they are like printing your own fake bank notes.

A double spending in fiat money works like, You pay the merchant with the money after that you create your own money with the same Sl. No and spend that note in the public, by this way the money is created twice. But since, the fiat money is unlimited and there isn't any specific limit set on them there wouldn't be much impact in the economy. But digital currencies follow the pattern of having a fixed supply, hence creating any such additional money would not be considered good to the economy of digital money.

Merchants commonly wait for the confirmations to take place in the bitcoin network, since they prevent the double spending to take place. Confirmations are such that, the transactions are mined and added to the block and no such additional instances of double spending can take place or more simply even though the customer creates a transaction with already spent input they won't be confirmed by the network. There are several ways to perform a successfull double spend in the network.

• The one you are mentioning about is called as Race Attack and they are a form of double spending a transaction actually. Here the payee sends two transactions, one to the merchant and the same output to himself. If the merchant accepts the payment with 0 confirmations, he would probably be fooled by this. In most of the cases, this can happen when the merchant node has direct connection with the payee node through the incoming connections. The payee sends a transaction to the merchant legally through his node, and simultaneously broadcasts one to the network. If the merchant accepts the fraudulant transactions which has a 0 confirmation sent throught the incoming connection, there is a possibility for the other transaction broadcasted to the network to get confirmed and by which the payment gets reversed back to the payee.

• NO. A 51% Attack is a type of attack to perform a double spending. They are not double spending. A 51% attack is really difficult to perform considering the current amount of hashrate. Though they could have been done during the early days of the network. A 51% attack can be performed when the single miner controls more than 50% of the total hashpower of the network. There is a common rule that the Longest Chain is always considered as the Valid Chain by the network. If the miner controls 51% of the hashrate, he could mine the blocks faster than the current chain, and by this way he can replace the older chain and make his alternative chain the longest one. This chain will be considered by the network as a valid chain,by this way he can reverse the already spent outputs and can perform a double spend. At the current hasrate, a single miner requires to have more than 20 million TH/s to perform a 51% attack which is quite impossible. If this were to performed, it would damage the whole bitcoin network, so possibility for this to take place is very low.
• A third type of attack is a Finney Attack proposed by Hal Finney.

Replace-by-fee is a proposed solution to help the transactions to be processed faster. As explained by nc50lc the older transactions is replaced by the transaction with new fee. Here the miners first accept the tx with higher fee and mine them to a block. Eventually one with lower fee will be rejected by the network considering that they have already been confirmed by the netork.

P.S I write technical posts as simple as possible so that even the non-technical people can understand. I hope this helps you.

You have $50 in your checking account and you write 2 different checks for $50 each.  Whoever cashes the check first gets the money.

This is admittedly a horrible analogy, but I think it's as dumbed down as I could explain double spending attacks and gives you an idea of why the transactions won't both be processed.

The two transactions are spending the exact same coins, so they're mutually exclusive: only one can actually go through. If both were to go through, then this would amount to creating new bitcoins out of thin air.

In this attack, one transaction sends the expected amount of BTC to the ATM, while the other instead sends the BTC back to the thief. The thief then takes several steps to make it more likely that the one paying himself is the one to go through, while tricking the ATM into thinking that this refund transaction either doesn't exist or is unlikely to be the one to go through.


This is not true. Replace-by-fee (RBF) makes it trivially easy to pull off, but a knowledgeable attacker can reliably do it without RBF. The ATM could ban RBF-enabled transactions, but this would be like protecting the cash with a standard keyed padlock: the average person won't know how to break it, but anyone who puts some time into figuring out how to pick it can do so easily and reliably.

The only way to avoid this attack is to wait for some confirmations before acknowledging the transaction. (Or in the ATM case, you could perhaps collect enough KYC data and video evidence to be confident that you can catch any thief after the fact.)

• When your address receive bitcoins, it was stored in the blockchain as "unspent output" (UTXO), it's just being displayed as the sum in blockexplorers.
  Example:
  Address 123456789*** has a balance of 1BTC from multiple UTXO from different transactions: 1. 0.1BTC, 2. 0.7BTC and 3. 0.2BTC.
  
• Now you made a "sending" transaction and the client used the UTXO#2 (2. 0.7BTC) but it was taking too long and you want to speed it up.
• By using "replace-by-fee" to the particulat TX, it will also use the same UTXO (2. 0.7BTC) to the newly created transaction with higher fee of your choice in order to be confirmed in time.
• After the new transaction was confirmed, most nodes will "see" that the previous unconfirmed (low tx fee) transaction's UTXO was already spent by the higher fee tx and will be "discarded".

By making new standard transactions, even using the same address, the client will use other UTXOs to make the tx.
In the other hand, Replace-by-fee will use the same UTXO.

I hope that the terms that I've used were understandable enough.

ATM operators should have waited until replace-by-fee transaction got included in block. Instead they disbursed cash as soon as zero confirmation transaction had been broadcast.

So I was reading this article: https://theccpress.com/suspects-wanted-in-bitcoin-atm-double-spending-scam/

It included a link to double spend attacks which I interpret to mean two transactions being sent simultaneously.

However, the following two paragraphs confused me especially the part in bold. So if you are spending two transactions but one at a higher fee then the other, wouldn't they both be processed by miners eventually?

Paragraph from the site:

Canadian Bitcoin Core developer Peter Todd’s replace-by-fee tools are what made these transactions possible. While it was not designed to facilitate theft, the tool lets “stuck” transactions to become released for the cost of an extra fee. A “double spend” tool is incorporated in the kit, which according to Todd:

“Creates two transactions in succession. The first pays the specified amount to the specified address. The second double-spends that transaction with a transaction with higher fees, paying only the change address. In addition, you can optionally specify that the first transaction additional OP-RETURN, multisig, and “blacklisted” address outputs. Some miners won’t accept transactions with these output types; those miners will accept the second double-spend transaction, helping you achieve a successful double-spend.”

Question 1: Please dumb down for me.

Question 2: How is a 51% attack different from a double spend attack? Or are they the same thing.

Thanks.