Table of contents
The double spend problem is central to the creation of Bitcoin and cryptocurrency.
But what exactly is it?
What Is the Double Spend Problem?
The double spend problem is the risk that money could be used more than once; hence, the name “double spend.”
Digital currencies are especially susceptible to this risk, as it’s less clear when the same unit has been used more than once.
With physical cash, you can empirically tell when a note or coin has been spent, so there’s no need to worry about a double spend.
Anyone who has played video games knows someone who claims they can infinitely spend their in-game coins without a sufficient balance. If they aren't lying, this could be the result of a double spend exploit.
The user could be sending two Roblox transactions out to use the same coins, and the system fails to notice it. The transactions are completed, and the user has effectively doubled their spending power.
Why Is It an Issue?
It should go without saying, but someone who exploits digital currency to double spend is sort of stealing from the market. This is not only unfair to other people who use the same currency, but it could result in the price of the digital currency to fluctuate — double spending is similar to printing more tokens, making the currency inflationary.
If a network falls victim to a double spend attack, the security of the digital currency will be called into question. And, in fixing the issues the double spend created, you may leave someone unpaid for a service they've already provided.
So yeah, it's just not ideal.
How Does Crypto Fix the Double Spend Problem?
The creation of Bitcoin solved the double spend problem for digital currencies. Satoshi Nakamoto, the founder of Bitcoin, even said in the Bitcoin whitepaper that it was a proposal to solve the double spend problem.
When a transaction is sent to the network, it sits in a pool of unconfirmed transactions until the network is ready to process it.
Every 10 minutes, transactions are pulled from this pool to be processed — this will form what is called a “block”. These blocks act as a permanent record of all of the transactions on Bitcoin. For example, this block will show that Paul sent Sally 1 BTC, which affects the balance of both of their wallets.
As all blocks are recorded on the blockchain, everyone's transaction history is traceable. When a transaction is processed, it’ll reference your wallet through this recorded data to ensure you have the money you’re attempting to spend.
As Bitcoin is a distributed ledger, this means that all of this data (including transaction history, wallet balance, etc.) is stored on thousands of nodes across the world. This ensures Bitcoin is decentralized, reducing the risk of someone directly changing this data.
This eliminates the double spend problem; if you were to spend the same Bitcoin twice, the network would check with the data on the blockchain to find that your wallet has an insufficient balance. In this case, either one or both transactions will fail to process.
How Does the Network Quickly Notice Changes in the Ledger?
When a block is successfully mined, it’s stored as an encrypted number called a hash (Bitcoin uses the SHA-256 algorithm). This hash will include the previous block's information, a timestamp, and transaction details.
Due to the avalanche effect, even one tiny change to any part of the original data will cause a completely different hash. This makes it easy for the network to notice any change in data on the blockchain.
How Would the Double Spend Problem Happen?
Although double spend is now unlikely, it’s still possible. There are (at least) four possible attacks that could result in a double spend attack.
The race attack is where two transactions are broadcasted at the exact same time (one to a merchant providing a good or service, and the second to a separate wallet controlled by the attacker). For the attack to be successful, the payment to the attacker's own wallet must be processed first.
An attacker can increase the chances of the second transaction being processed faster by increasing the gas fees, which will incentivize miners to mine this transaction first.
If the attack is successful, the payment to the attacker's wallet will be mined first and the transaction to the merchant will be invalidated, as there’s no money in the wallet.
Why This Is Unlikely
This requires the merchant to provide the goods or service before the transaction was validated; most places will not do so, to protect themselves against this type of attack.
Hal Finney is one of the earliest Bitcoin contributors; he was actually the first person to ever receive the coin from Satoshi Nakamoto himself! Finney theorized that a double spend attack could occur after three steps:
The first step would be the attacker sending a transaction to an address that they already control. This transaction will begin to be mined in a block that they’re responsible for (as a miner).
Next, the attacker would include the transaction in the block, but not broadcast it to the blockchain. Instead, they’ll submit a transaction to a merchant for a good or service.
Finally, once the merchant has accepted the payment and provided the goods or service (without waiting for it to be validated on the blockchain), the attacker will broadcast the original payment to the blockchain. This will invalidate the transaction to a merchant and validate the transaction to their own wallet.
Why This Is Unlikely
Not only does this require a merchant to provide you with the good or service before the transaction is validated, but it also requires the attacker to know they'll be the miner of the block before they start the attack (this will require a very high amount of hashing power).
A 51% attack is when a person, group, or entity gains control of 51% of a blockchain's hashing power. With this level of hashing power, they can mine faster than any other miners to create the longest chain on the network.
Proof-of-work will choose the longest chain when there are two conflicting chains, meaning that the 51% attacker will have the power to manipulate the network.
To double spend, a 51% attacker will spend their coins on the public network (usually for real-world assets that can't be revoked) while excluding these transactions from their own chain. They'll normally do this privately for a while to ensure they have the longest chain before broadcasting it to the blockchain.
For more on the 51% attack, check out our article explaining it in detail.
Why This Is Unlikely
A 51% attack is unlikely for large proof-of-work networks like Bitcoin. This is because in order to get 51% of the hashing power, you'll need to spend just over 15 billion USD...We're probably okay.
It’s also unlikely for proof-of-stake blockchains, as validators in the network need to stake their own tokens that’ll be taken away if they are bad actors.
Alternative Transaction History Attack
The attacker will submit a transaction to a merchant while privately mining their own version of the blockchain, adding a transaction that sends the money back to the attacker.
If the attacker mines more blocks in the time that it took for the merchant to send the goods or service, the attacker can broadcast this to the network and invalidate the original payment to the merchant.
Why This Is Unlikely
Similar to the 51% attack, this would require an incredible amount of hashing power. But again, it’s still theoretically possible.
Has Double Spending Ever Happened on Bitcoin?
Actually, no! There’s no recorded evidence of a successful double spend attack. Many see this as evidence that cryptocurrency has solved the double spend problem.
Double spend attacks are possible but are unlikely to happen to the biggest networks.
The double spend problem is an issue that plagued the future of digital currencies until Satoshi Nakamoto came along and created a little old thing called Bitcoin. This evolution has seemingly solved the double spend problem by creating a distributed ledger that permanently records all transaction data and encrypts it using an SHA-256 hash.
That being said, attacks are still theoretically possible. However, they all require either negligence on the side of a merchant or an unfathomable amount of hashing power.
This article is a part of the Hashnode Web3 blog, where a team of curated writers are bringing out new resources to help you discover the universe of web3. Check us out for more on NFTs, DAOs, blockchains, and the decentralized future.