Topic: How to stop 'double spend' attack (Read 3743 times)

I've been discussing the technical details of bitcoin, studying the technical details of bitcoin, educating others about the technical details of bitcoin, thinking about the technical details of bitcoin, and to a certain extent obsessing about the technical details of bitcoin for more than 2 years now.

Many of these conversations have been either partly or completely discussed many times before.

While I have very little in written notes, I've always been pretty good at analytical thinking and have gotten pretty good at using the Google search engine.  I've also got quite a bit of knowledge in my head to draw from.

Sorry for being off topic. But, I think u have some ready-made notes. Otherwise, it is very unlikely to come up with such an analogy in such a short time span...

I had made the connection with bitcoin and cash (would you give a stranger your cash - he might run off with it). But I hadn't made the connection with double spends and forged currency (GBP for me btw). Excellent analogy.

If you waited for "x" number of confirmations, with "x being a number that would require hashpower whose value exceeds the value of your transaction.

Another thing to think about.

We are raised to take certain risks without thinking very much about them.  The risk is so low, and accepting that risk is so much a part of daily life, that we often don't even notice.  Therefore, when we find something new (but similar), we have a tendency to notice the risks in the "new" thing without taking into consideration how much identical risk we are accepting in the "old" thing.

I'm not sure which country you are from, but all countries have their own fiat currency.  All those currencies have similar risks.  Let's use the word "dollar" here, but you can substitute your own currency and government agencies as you see fit...

I would like to think I can achieve bullet point point 3 in other aspects (I hope) - which seems the best option - and now I will try and achieve it with btc.

Clever man - thanks

I'm not sure where you got this impression, but I suspect you are mistaken.  There are no "people who control the bitcoin code".  There is a group of people that control releases of the wallet that is called "Bitcoin Core".  They don't have much more power than that.  Individuals decide for themselves if they want to run that wallet, or if they want to run some other wallet. Other than changing the wallet software and convincing a large number of people to upgrade to their new version of the wallet, there isn't much else that the people that control that software can do.


This is a warning that the blockchain.info website chooses to place on their website when they notice that an input that was received at an address is used in more than one transaction that has been broadcast to the network.  Many times this warning is not due to any malicious attack.


Not txns.  Confirmations.  There's a difference, and using the wrong word is likely to lead to disagreement, misunderstanding, and confusion.

I understand that you're uneasy about it.  It's difficult to trust something that you don't completely understand.  I get nervous every time I get in an airplane, or hear about severe weather headed my way.  It can be even more disconcerting when you understand a few of the basics but don't know much about the important details. Like most things in life, at some point it comes down to a few options:

• Completely avoid the thing that you don't understand, since you can't make an accurate risk assessment without complete understanding of the entire process
• Trust the knowledge of other experts that do completely understand the process.  Rely on their expertise, and keep yourself aware of any new developments and warnings from those that have demonstrated reliable and trustworthy knowledge.
• Become an expert yourself.

Keyser Soze - apologies - I must be having a man period...

Asking a question is always welcome. It is always good to better understand the bitcoin network rather than blindly believing anyone. Once upon a time I asked a lot of Qs regarding address collision and Danny patiently replied all of them. If u look back to this thread, u'll see I never disqualified your concerns, but the way u reacted to Keyser Soze, is bad. He was trying to explain u... may be u dont like that. But telling it useless is utter insult, which is most unwelcome.


Thank u Danny

Much appreciated for your time to write the reply, it really is.

Great answer to 1), really great answer to 2) - thanks for that.

3) If so, who does it? - and under what circumstances?


Yesterday I got the impression there was some manual intervention (fire fighting) going on. Like someone was noticing a potential double spend attack and manually altering stuff in the chain.
So can the people who control the bitcoin code do it too?

Happy with 4) & 5). Your 6) made me laugh.
7) OK, I suppose restoring a blockchain from a backup may cause an issue locally - but others seen the double spend warning too.

8. How can I (if at all) defend myself from someone performing a double spend attack when sending me coins?  (like the OP topic states)


Ok so nothing for me to do here apart from wait for txns. Got that but I must admit I'm slightly uneasy about it.

Thankyou again

Dan the man - thankyou

[edit] will suck in this (your) expertise and digest...

Under the right circumstances, yes.  It isn't easy to do, and it doesn't happen commonly, but it isn't impossible.


There are a variety of known attacks.

One attack involves the attacker pre-mining one or more blocks that spends one or more inputs in a transaction to themselves, keeping that block or chain of blocks to themselves, then broadcasting a transaction that includes one or more of those same inputs in a transaction sent to the victim.  Once the transaction is accepted by the victim, the attacker can release their private chain to the public. As long as their chain is longer than the current chain, the broadcast transaction to the vicitim will cease to exist.

Another attack involves gaining a network connection directly to the wallet that the victim is running.  The attack sends a transaction that pays the victim directly to the victim's wallet.  Meanwhile, the attack simultaneously broadcasts to as much of the rest of the network as they can a separate transaction that spends one or more of the exact same inputs but which pays themselves.  The transaction that most of the network sees is most likely to get confirmed, which will cause the transaction that the victim received to cease to exist.

Another attack involves having enough hashing power to overtake the main blockchain from one or more blocks back.  This will allow the attacker to confirm transactions that spend identical inputs to earlier transactions that they sent in place of the already confirmed transactions that they sent to the victim.

Another attack involves sending a transaction that is unlikely to ever get confirmed (due to extremely low priority and no transaction fee) to the victim.  Then waiting for most peers to drop the transaction from their memory pool.  Then sending a replacement transaction that spends one or more of the same inputs to a different address.

There may be a few more well known attacks, but I think that answers your question.


It rarely happens.  It can happen accidentally if someone sends a transaction that isn't likely to be confirmed.  It can happen intentionally as per the previous descriptions if the attacker has the appropriate skills and resources.


Which process?  Bitcoin's confirmation process is quite secure.  The more confirmations you have, the more secure the transaction is.


Any time blockchain.info sees an input that is used in one transaction, and then later used in a different transaction, they mark it with a double spend warning.  This can be due to orphaned blocks, unconfirmable transactions, or malicious actions.


That depends on what you mean by "sure" and what you consider to be an acceptable level of risk.  You're really getting into some philosophical concepts there.  For example, can I ever be "sure" that anything other than my own consciousness "exists"?


If they just started disappearing when I hadn't done anything at all to my wallet? I'd be concerned, and possibly even in a bit of a panic.

If I had just done something significantly outside the normal use case for the wallet design (such as recovering an entire data directory from the recent past or attempting to re-download the entire blockchain)? I'd assume that I misunderstood the process and I'd calmly make an effort to better understand what I was doing.


Wait for a few confirmations.  Be aware of any significant changes in the rate of new blocks.  Be aware of any significant changes in the block orphan rate.

Well I'm sorry you think that - but "ah it will be OK" doesn't help me and I'm frustrated that no-one seems to know the answers. We all just 'hope' that "ah well it will be OK"...

Anyone who probes is obstricised. I don't mind standing out and asking the questions that we should know the answer to but - we don't.

Multiple people are trying to explain u with reasoning. I'm sorry to say, that your adamant attitude is extremely unwelcome.

No insult intended - but you seemed to be repeating the same thing with no apparent knowledge of what you are talking about...

I suppose I shouldn't have wasted my time with "useless" answers. Insulting people trying to help you usually doesn't get you far...

Yesterday I thought I was the victim of a double spend. Today all seems well. That's a bit worrying on its own for me - one day broke next day fine no explanation kind of thing.

When I got the corrupt wallet message I said yes - re-download the entire chain. After I while I got bored, shutdown the client and restored my \AppData\Roaming\Bitcoin folder (after moving the existing one out the way) to a backup I took 7 days ago. When I fired up the client, it said 7 days out of sync as expected. Everything looked normal. As the last 7 days came through I was noticing that the updown txns were showing n/a for txn id and address. Just updown. I can understand if a client is not synching random txns - but this was only the updown ones. Slush and other payments I have sent and recieved were all shoing fine. Getting worried, I block chained some of the updown txn ids and found these double spend warnings. Others seen them too from their own browsers when they checked out the txn ids I posted. That rules out browser cache. That rules out me being an idiot. I welcome your theory but it doesn't give me any kind of warm feeling...

[edit] I back up my wallet.dat file to offline once a week too - but since I restored the entire bitcoin folder I didn't do anything manually with the wallet.dat

Your guesses are useless and give me nothing - I'm hoping someone who actually knows something might answer (some of) my questions...

You can't do it. The system is supposed to do it for you. Rational actors are supposed to preserve the system but as we all know people don't always live up to our version of rational.

I don't believe you were the victim of a double spend. It's more likely that your original bootstrap.dat file became corrupted. You then downloaded it over the corrupted copy adding to the problem. Did you finally delete the old copy of bootstrap.dat or rename it bootstrap.old? If I were you I would save my wallet.dat file, delete all Bitcoin folders, download a fresh copy of QT, copy over the old wallet.dat, and resync with the network.

That blockchain.info warning may have been in error or maybe your browser was loading an older version of the page from its cache. Blockchain.info is just a website and has been known to have issues from time to time.

Your wallet was probably not finished, or it would have shown all the transactions correctly.

Once a transaction receives a confirmation (is included in a block), it is irreversible.

See:

If I knew they already had confirmations, I would know it is an issue with my wallet. While it may be annoying or take time to fix, I know my coins would be there.

Don't rely on the transaction until it is confirmed. Once it is confirmed, it is yours until it is spent.