5 min read
The attack known as double spending translates as the ability to duplicate a currency and use it in more than one transaction.
When we talk about double-spending we refer to one of the most frequent attacks in the cryptocurrency world. This type of attack allows attackers to use the same coin several times. The problem is that this attack affects the technology and operation of cryptocurrencies with respect to decentralization.
Due to these attacks, developers have been creating various methods of protection against double spending. It would be the perfect comparison between counterfeiting banknotes in FIAT money but in the world of cryptocurrencies.
History of double spending
The first system against a double-spending attack in history was created long before the first attack even took place, even before the launch of the first cryptocurrency, Bitcoin. Before that there were many failed attempts to create digital money.
David Chaum was the creator of the first digital currency called E-Cash in the early 1980s. With it, the concept of electronic money was created, but with it the possibility of being able to duplicate it. For this reason, Chaum included a protection system against double spending attacks.
This system was a cryptographic mechanism called blind or opaque signatures. Its operation consisted of preventing the issuer from knowing the origin of the money. At the same time, it kept a central server from which the coins were kept under control, thus avoiding double spending.
Up to this point everything was going great and we already had a defense mechanism, but there was a reason why E-Cash did not become the first cryptocurrency. The reason was this very mechanism. By having everything controlled by a centralized system and making the whole system centralized, it was enough to take control of the core to compromise the entire platform and its users. This became the weak point of E-Cash and that is why the project failed.
Years later, the implementation of Bitcoin came about thanks to Satoshi Nakamoto. Satoshi found a solution to this centralization that compromised the project based on consensus. He replaced the central with a consensus of multiple nodes connected to each other and to the network itself, in charge of validating and confirming transactions. Today, this process is the one that runs on blockchains and for which nodes receive rewards that keep them incentivized to continue their work.
In case there is a malicious node that wants to attack the network, it will have to compete for the Hash that the rest of the connected nodes that work in an honest way have. The network is growing daily and it is becoming increasingly difficult to carry out attacks.
How does a double-spending attack work?
As we already know, a double-spending attack occurs when a user wants to use the same currency to perform two or more transactions. Below we will see how such an attack works and how the attacker can manage to get two or more transactions by paying only one.
In the world of cryptocurrencies, the user carries out two different transactions at the same time. He buys the product from both sellers at the same time and performs both transactions once he has his product. The nodes then begin to create blocks and validate these two transactions. It is inevitable that at some point one block will be confirmed before the other, since one of them will be transmitted to more nodes and faster. This means that eventually one block will be confirmed and one will not, thus leading to the double spending problem. In this case one of the sellers can collect his sale, while the other would have been cheated.
This type of attack is also known as race attack. In addition, there are other types of attacks derived from the double-spending attack, such as the well-known 51% attack. To carry out this attack, the attacker must control more than 50% of the hash power or mining power in the entire network.
This attack requires a lot of computational power and at first glance is difficult to implement. However, we should not be overconfident, since in certain circumstances this attack can be very easy to carry out.
Taking into account that cryptocurrencies act by consensus, since there is no central controlling them, they are executed by all nodes. This system aims to create and validate blocks and transactions. This forces the attacker to control more than 50% of the network if he wants to achieve a 51% attack. But what would happen if the attacker succeeds?
In this case the cybercriminal could mine and validate the blocks faster than we know leaving the rest of the users behind. This could trigger a double-spending attack with a high probability of success. There are also other double-spending attacks with some nuances such as the Finney attack, the Vector 76 attack or the brute force attack, among others.