What is a double spending attack or double espand?

Double-spend is the case when the same unit of digital assets is spent more than once by fraudulent methods.

This concern is natural in the digital world; Because digital files can be easily copied and duplicated. Of course, digital currencies are created precisely to meet this challenge. And use a mechanism that makes it virtually impossible to “copy” them. But there are certain types of hacking attack through which fraudsters can “reverse” digital currency transactions or “send them to someone else” before a transaction is approved and finalized.

The problem of double-spending assets is one of the biggest problems in the world of digital assets. You may be interested to know the idea of ​​digital currencies beforehand Bitcoin. There was also. Before Bitcoin, there had been unsuccessful attempts to invent digital currencies. And one of the main reasons for the failure of their developers was the failure to solve the double-spend problem.

Although bitcoin uses technology Blockchain. It has largely solved this problem, but such attacks are still possible in the blockchain of bitcoin. And other newer digital currencies. In this article. We are going to help an article From the Gemini website encyclopedia, have a comprehensive overview of the issue of re-spending assets in the world of digital currencies, and examine the types of attacks.

What are the types of double expand or double-spending?

Attack double pinch

A double-spending attack (as its name implies) means that a specific unit of a digital currency is spent more than once by fraud. We know that digital movies, music, and photos can be easily stolen or copied. But it is not possible to “copy” digital currencies because of their clever design.

However, there are certain types of DoubleSpand attacks. That scammers and hackers can use to reverse digital currency transactions. Finnish attackcompetitive attack, and 51% attack are among them.

The two attacks we mentioned above, the “Finney attack” and the “race attack”, are both subsets of a broader attack called the ” unverified transaction attack “. If one unapproved transaction (unconfirmed transaction) Accepts your wallet address, you will be vulnerable to both of these attacks.

To better understand the issue of double-spending.  We will look at all three types of attacks separately.

Competitive attack

almost the same time. The method of this attack is that a person publishes two transactions simultaneously; In the same way that in the first transaction the address wallet. The desired contact and in the second transaction, register another address. Then, before the first transaction is registered on the blockchain, replace it with the second transaction and return the funds to its address.

In December 2019, a video was released that made a lot of noise. This video showed stores that accepted bitcoin as a means of payment and could re-spend bitcoin.

This is done using the feature Fee replacement(Replace-By-Fee) was done on some bitcoin wallets. Fee substitution. Or RBF for short is a relatively controversial upgrade to the Bitcoin protocol.

In the DoubleSpand attack shown in this video. The first transaction is sent to the seller, and immediately after that, the second transaction with a higher fee is sent to the sender’s address. Because a higher fee means prioritizing the transaction (for network miners). The first transaction was canceled and allowed bitcoin to be re-spent.

The reason for the success of such attacks was that the sellers accepted the unapproved transactions.

In a similar incident earlier that year, some bitcoin holders in Canada were able to cash in on their bitcoins. Without really spending or losing them. They seem to be sending bitcoins to bitcoin ATMs and canceling the transaction (which has not yet been verified on the network) after receiving cash from the ATM.

Of course, this was due to ATM bugs. But as a general conclusion from such events, keep in mind that any transaction sent over. The Bitcoin network is not necessarily definitive and can be canceled for a variety of reasons.

You know that digital currencies like bitcoin are based on blockchain and their transactions need to be validated and validated by network nodes to be finalized. Therefore:

Never accept unapproved transactions. Just as if a person transfers money to you via Internet Banking, you do not trust his or her online receipt and you must wait to receive a deposit SMS to your card, here you should not trust the initial transaction receipt; Instead, you should wait to receive the transaction receipt (TxID) in your wallet and make sure the transaction is completed in the Chinese blockchain.

When the transaction sent to your address is confirmed on the China Blockchain, the hash or transaction ID (TXID) is displayed in your wallet. It is best to use this identifier in Chinese block explorers Search and check the status of its verifications.

We suggest that you wait for at least 6 approvals for bitcoin transactions with high amounts and do not consider transactions with a lower number of approvals to be final.

Finnish attack

Unlike competitive attacks, Finney attacks are relatively technical and difficult attacks that only miners can perform. Miner pre-extracts a transfer transaction from one wallet to another in a block. It then uses the first wallet to make the second transaction and publishes the pre-extracted block, which contains the first transaction, on the network.

For many digital currency activists, 51% attack the most worrying attack is to spend twice. If a group can control more than 50% of hash power Take control of the bitcoin network, it can organize the bitcoin blockchain as it pleases as long as it has this power.

If the group reorganizes the China bloc, it can re-spend any amount of bitcoins it wants. Note that a 51% attack does not mean access to all network bitcoins; In this attack, the saboteur can only re-spend his spent bitcoins.