Topic: How many confirmations required for btc received to be safe from double spend? (Read 498 times)

If you want to know the actual answer, use block explorer and statistic website which show mempool history (such as https://jochen-hoenicke.de/queue/).


There's no concern when the agreement of the deal/trade is to wait for 1-6 confirmation before doing anything else or you use escrow/multi-sig platform you could trust.


A people could try that no matter how long it's remain unconfirmed. But as @o_e_l_e_o said, just wait until it the transaction has few confirmation.

Pretty much this jerry. Since you are trading your fiat for their bitcoin, then there are two ways around your fear of incredibly rare double spends. The first is to ask them to send the bitcoin first, and wait until it has 1, 2, 3, or whatever you are comfortable with number of confirmations (and pre-agree with the other party how long you will be waiting) before you send them the fiat. The second is for them to deposit the bitcoin in a non-custodial escrow, such as the 2-of-2 escrow provided by Bisq or the trustless smart contract escrow provided by LocalCryptos, you send the fiat across, and then you both agree to release the bitcoin from the escrow and send it to your wallet. Since it is coming from one of these escrows, then there is no chance for a double spend prior to it being confirmed as reaching your wallet.

Could have been fee. Could have been block time. Could have been a combination.

The "priority" of a fee is constantly changing based on what other transactions are in the mempool at the time.

Not unless the mempool was super full and they had set a fee which was unlikely to confirm for days.

They could try, but they are unlikely to be successful if the original transaction is already viewable across multiple block explorers.

The solution to all this remains the same as the solution I gave you above: Just wait for a few confirmations.

If it's not the transaction fee, it's the block time.
The 10 minutes block time is just an average, it can go up to hours or down to seconds depending on the miners' luck.
Moreover, it can also be affected by miners shutting down/powering up their farms causing a drastic changes in difficulty in the next retarget.

so i traded with someone last time my bank funds for their btc and the first confirmation showed up in less than ten minutes.  Then the second confirmation came in about another ten minutes or so.


i then traded with someone else, the same my bank funds for their btc... it took more than an hour for the first confirmation.  Why is that the case?  Was it because of the different fee they paid? 



However, when i checked mempool both times when they sent, the low and medium priority was one sat kb only?  The high priority was either one sat kb or 5 sat kb with the first trader, but the second trader i did with the other person was 5kb for high priority.  Anyone can explain?



Thus with the second trader it showed 0 confirmations for over an hour.  Would that be a big concern for most of you if that is your first time trading with that person?



in that situation, could that person have double spent since it showed unconfirmed for over an hour?

It is worth noting that these numbers depend on the client type (full node, SPV, etc) and are valid for 99.9% of the times when there is no network disturbance (eg. during forks).
- A SPV client is not capable of monitoring the mempool so all the conditions for 0 confirmation such as fee, parent confirmation, etc. are out of the question.
- A SPV client can't recognize a chain split the way a full node does, depending on the implementation it could be later than normal (eg. single server dependent clients) so the minimum numbers need to be increased.
- In certain times like during a fork when full nodes can reject old blocks there is a higher chance of a chain split and reorg. So the minimum number of confirmation here needs to be also increased.

For some people I guess the other part of the questions is where the BTC is going and what else is happening.
If it's in a wallet that I control then 1 conf for just about anything is good for me. Even if it's for 'real' amounts or property there have been so few orphans / reorgs that I can say it just does not matter.
Lets face it, if I was giving someone $1 million in cash for 42.5 BTC right now I would be more worried about a goon with a gun taking the cash then having someone take the BTC back through a reorg.

-Dave

Simple rules of thumb for me are:

 1 confirm always with anyone for any amount under 500 usd value

and 2 confirms for 500-10000

and 6 confirms for 10000 and up

I do the 1 confirm rule as I have seen a few glitches that seriously tied coins up for days.  They are very rare but 1 confirm is usually under 2 hours so I can wait.

I generally use the following rules when determining how many confirmations I want in a transaction I'm receiving before I'll provide anything of value in exchange:

1. Zero confirmation are ONLY acceptable in 2 situations. First is if I have a trust relationship with the sender (someone that I'd agree to provide something of value today in exchange for a promise of payment in a few days). The second is if I'm confident that I'll be able to extract payment via some other method if the Bitcoin transaction doesn't work out (escrow, lawsuit, collateral, etc). If I'm going to accept a zero confirmation transaction, I'll make sure that it isnt marked RBF, that all of the inputs already have at least 1 confirmation, that there are no competing unconfirmed transactions using the same inputs, and that the transaction included a reasonable transaction fee.

2. One confirmation is acceptable for any amount that I wouldn't feel devastated to lose. While it is possible that the confirmation could be part of a block that will be replaced in a reorg, it is very likely that the transaction will still be in whatever block replaces it. It is highly unlikely that a transaction with 1 confirmation will be replaced. Is it a 0% chance?  No. But very little in life is.  Checks or cash could be counterfeit. PayPal, Venmo, Zelle, and CashApp can be reversed. Any number showing up in your bank account could be faked with collusion from the bank. You'll have to decide what amount would be devastating for you, everyone is in a different situation financially. Therefore, if the loss isn't going to leave me unable to eat or sleep, then 1 confirmation is fine.

3. Three confirmations are acceptable for any amount that would be devastating, but not life-altering. At 3 confirmations we're starting to look at situations where collusion with a mining pool would be needed, and that mining pool would need to be willing to risk losing 20 bitcoins or more for just a small chance at success.  How many people do you know that would be willing to risk a greater than 95%+ chance of losing $400,000 or more for a less than 5% chance of gaining an extra few thousand dollars? That's what you'd have to convince the mining pool operator to do.  Convincing a mining pool to destroy their reputation, and risk their entire cash-cow business just to help you steal a few tens of thousands or even hundreds of thousands of dollars is going to be a hard sell unless the sender of the bitcoins is holding their family for ransom. Therefore, if the loss isn't going to leave me homeless, bankrupt, and destitute, then 3 confirmations are fine.

4. If I feel the amount I'd be exchanging would be life-altering (lottery winnings, inheritance from a rich uncle?), I'd need at least 6 confirmations. Though honestly, for that amount, I'd probably revert back to one of my rules for zero confirmations which is: I'd make sure I was confident that I'd be able to extract payment via some other method if the Bitcoin transaction doesn't work out.

In terms of reversing already confirmed transactions, then there's the 51% attack which you've already discussed and there's the possibility of taking advantage of a natural chain split/stale block as I've discussed. There's also the possibility of an attacker with a significant minority of the hashrate getting lucky and being able to mine a longer chain in secret and therefore overturn one or more confirmations. This is essentially a 51% attack but without the 100% guarantee that it could be achieved. There is also a theoretical attack named after user vector76 which essentially creates and takes advantage of a chain split. Note that an attacker must sacrifice a block reward to pull off this attack.

As far as I am aware, a 51% (or even minority alternative chain) attack has never happened, and a chain split has only ever resulted in very rare cases of a transaction with 1 confirmation being double spent. I am unaware of any transaction with 2 or more confirmations ever being double spent in such scenarios.

A 51% attack would cost hundreds of millions of dollars. Taking advantage of a natural chain split could cost nothing, but would require a tremendous amount of luck.

Since you are so concerned about this, then the best thing to do is simply wait for 3 or more confirmations.

"Double-spend" is loose term, I think you mean reverting an already confirmed transaction and replacing it with another, based form the thread's topic.
Honestly, IDK if there are other ways to do that aside from the mentioned attack, others might know.

Uhm, that's per unit.
You need about 1million units to reasonably do the attack.

51% attack was already discussed multiple times and received great replies in the board that I've mentioned.
I'd suggest you to follow my instructions above to be able to see those topics.

i mean to double spend... so how many ways are there besides the 5 percent attack?


So it cost around 5k usd to do it?  So basically nobody would try to double spend and thus try to scam someone for like 1k right because they lose money that way?  So they need to do it for at least 6k usd?  But what is the success rate for that?  So someone would have to do at least 5 figure usd amounts for it to be worth it?

Do you mean 51% attack?
Basically, you need to have 51% of the network's hashrate or more to have a reasonable chance of success.

Currently, the network's total hashrate is (getmininginfo):
Which is roughly 204.257 Ehash/s, half of that is 102.129 Ehash/s
Which is equal to 928,440 units of Antminer S19 Pro (110TH/s advertised hashrate | $4~5k average price)

With that, I think you can get the picture of the cost; not to mention, the availability of the required mining equipment.

For more info, I'd suggest you to go to this board: Development & Technical Discussion
The use the search box at the upper-right side of the page to search for "51% attack".

but does it cost money for someone to try to double spend? 


such as if it does, how much... because that would mean its only worth it for that person if its a big amount?

The most recent case I can find was at block 733,430. A block at this height contained the transaction dd0ada46f59ee9ac962fae10e2e3d63b8898953b4730c74851f344041988aa54. A different block at the same height contained the conflicting transaction 84ce52b6bde454a4b23f2c1cc9e6e67f0c8a28b91e4e170a717d1581d5d556fc. The second block was built upon first, meaning the first transaction was invalidated and no longer exists. Any node which was looking at the first block would have seen the transaction dd0ada46f59ee9ac962fae10e2e3d63b8898953b4730c74851f344041988aa54 go from 1 confirmation to being rejected as invalid.

The block was over 3 months ago, so this is not exactly a common occurrence. I am not aware of any transactions which were reversed after 2 confirmations outside of serious bugs as mentioned by nc50lc above.

Knowing those things is not a prequirement for you to use Bitcoin safely as you shouldn't consider unconfirmed or transactions with 1 confirmation as finalized. Just wait for multiple confirmations as suggested earlier and that's it. But even if there is an orphaned block and your 1 block deep confirmed transaction reverts to unconfirmed, it's still a perfectly fine and valid transaction that just needs to wait in the mempool to be picked up again. Unless it already was in the other valid block.

It's not easy to go from having 1 confirmation to having that transaction being dropped because of an orphaned block and then double spending that transaction to a different address just in case it was also not included in the valid block. But yeah, knowing if such incidents have happened in the past would be interesting. Double spending has happened and people have been scammed with it, but as nc50lc said, Bitcoin was never 51% attacked. 

[1] I can't find any archive or list with that statistic based from 51% attack since AFAIK there's never any successful 51% attack to the Bitcoin network (CMIIAW).
[2] I can't find any archive or list with that statistic based from orphan blocks either since not every Bitcoin node will receive an orphaned block.
[3] There was an incident when bitcoin had to revert back the blockchain due to a serious bug,
during that time, confirmed transactions after the "bad block" had reverted back to unconfirmed. (more info: Value overflow incident)

Additional info for [2] "orphaned block":
We can assume that if a node accepted an (to-be-)orphaned block and if a transaction is included there but not in the main chain
that particular txn can reverse from '1confirmation' into 'unconfirmed' after that node dropped the orphaned block and accepted the valid block.
But since every node isn't the same (location, internet speed, etc.), it only got 1 confirmation in some nodes (minority of the nodes that received the orphaned block)
and not the majority of the network where it's not confirmed.
If the orphaned block and the valid block both contain that transaction, then the transaction will not reverse even after dropping the orphaned block since it's in the valid block too.
So it's a case-to-case basis.

Plus orphaned blocks are uncommon now.

How many cases has there been where just one confirmation was able to get reversed?  How much does it cost that person to do that?  Or it doesn't?

1 confirmation is good enough for most people who are transacting maybe up to 100 BTC. If you want to put a fiat value to it, maybe up to $1m USD worth of BTC. The second confirmation will come soon enough anyway and by the end of the day you can go to sleep knowing the coins are not going anywhere else.

That's quite possible, yes. If both mempools had a record of that transaction, both could have included them in their own blocks. It would really be interesting to see some statistics on stale blocks regarding how many of the same transactions get included in competing blocks and remain valid and confirmed once one block gets orphaned and how many become unconfirmed and return to the mempool. I am not sure if that is possible though. I am not talking about the overall count of orphaned blocks but the status of their transactions compared to those that got mined in a competing block.