The double spending problem is at the heart of the creation of Bitcoin and cryptocurrency.
but what exactly is it?
What is the problem with double spending?
The problem with double spending is the risk that money may be used more than once; hence the name “double spending”.
Digital currencies are particularly susceptible to this risk because it is less obvious whether the same unit has been used multiple times.
With physical money, you can know empirically when a bill or coin has been spent, so you don't have to worry about double spending.
Anyone who has played video games knows someone who claims they can spend their coins endlessly without having enough balance. If they're not lying, this could be the result of a double exploit.
The user could send two Roblox Transactions wants to use the same parts, and the system doesn't notice it. The transactions are completed and the user has effectively doubled their purchasing power.
Why is this a problem?
It goes without saying, but someone who leverages digital currency to double their spending is kind of stealing from the market. This is not only unfair to other people using the same currency, but it could also cause the price of the digital currency to fluctuate – double spending is equivalent to printing more tokens, making the currency inflationary.
If a network falls victim to a double spend attack, the security of the digital currency will be called into question. And, by solving the problems created by double spending, you risk leaving someone unpaid for a service they already provided.
So yeah, it's just not ideal.
How does Crypto solve the double spending problem?
The creation of Bitcoin solved the double spending problem of digital currencies. Satoshi Nakamoto, the founder of Bitcoin, even stated in the Bitcoin white paper that it was a proposal to solve the double spending problem.
When a transaction is sent to the network, it remains in a pool of unconfirmed transactions until the network is ready to process it.
Every 10 minutes, transactions are drawn from this pool for processing — this will form what is called a “block”. These blocks act as a permanent record of all transactions on Bitcoin. For example, this block will show that Paul sent Sally 1 BTC, which affects the balance of both of their wallets.
As all blocks are recorded on the blockchain, the transaction history of each is traceable. When a transaction is processed, it will reference your wallet with this recorded data to ensure you have the money you are trying to spend.
As Bitcoin is a distributed ledger, this means that all this data (including transaction history, wallet balance, etc.) is stored on thousands of nodes around the world. This ensures that Bitcoin is decentralized, reducing the risk of someone directly modifying this data.
This eliminates the problem of double spending; If you were to spend the same Bitcoin twice, the network would check the blockchain data to find that your wallet balance is insufficient. In this case, one or both transactions will not be able to be processed.
How does the network quickly notice changes in the ledger?
When a block is successfully mined, it is stored as an encrypted number called a hash (Bitcoin uses the SHA-256 algorithm). This hash will include information from the previous block, a timestamp, and transaction details.
Because of avalanche effect, even a tiny change to part of the original data will result in a completely different hash. This allows the network to easily notice any changes in the data on the blockchain.
How would the double spending problem arise?
Although double spending is now unlikely, it remains possible. There are (at least) four possible attacks that could result in a double attack.
Running attack
The racing attack is where two transactions are broadcast at exactly the same time (one to a merchant providing a good or service, and the second to a separate wallet controlled by the attacker). For the attack to be successful, the payment to the attacker's own wallet must first be processed.
An attacker can increase the chance that the second transaction will be processed faster by increasing gas fees, which will incentivize miners to mine that transaction first.
If the attack is successful, the payment on the attacker's wallet will be extracted first and the transaction with the merchant will be invalidated, as there is no money in the wallet.
Why it's unlikely
This requires the merchant to provide the good or service before the transaction is validated; most places won't do this to protect against this type of attack.
Finney attack
Hal Finney is an early contributor to Bitcoin; he was actually the first person to receive the coin from Satoshi Nakamoto himself! Finney hypothesized that a double-spend attack could occur after three steps:
The first step would be for the attacker to send a transaction to an address they already control. This transaction will start to be mined in a block that they are responsible for (as a miner).
Then the attacker would include the transaction in the block, but not broadcast it to the blockchain. Instead, they will submit a transaction to a merchant for a good or service.
Finally, once the merchant has accepted the payment and provided the good or service (without waiting for validation on the blockchain), the attacker will broadcast the initial payment on the blockchain. This will invalidate the transaction with a merchant and validate the transaction on one's own wallet.
Why it's unlikely
Not only does this require a merchant to provide you with the good or service before the transaction is validated, but it also requires the attacker to know that they will be the miner of the block before beginning the attack (this will require a very high amount of hashing power).
51% attack
A 51% attack This is when one person, group, or entity takes control of 51% of a blockchain's hashing power. With this level of hashing power, they can mine faster than any other miner to create the longest chain on the network.
Proof of work will choose the longer chain when there are two chains in conflict, meaning the 51% attacker will have the power to manipulate the network.
To double spend, a 51% attacker will spend their coins on the public network (usually for real-world assets that cannot be revoked) while excluding these transactions from their own chain. They will normally do this privately for a while to ensure they have the longest chain before releasing it to the blockchain.
To learn more about the 51% attack, visit our article explaining it in detail.
Why it's unlikely
A 51% attack is unlikely for large proof-of-work networks like Bitcoin. Indeed, to obtain 51% of the hashing power, you will have to spend just over 15 billion USD…We're probably fine.
This is also unlikely for proof-of-stake blockchains, as network validators must stake their own tokens which will be withdrawn if they are bad actors.
Alternative attack on transaction history
The attacker will submit a transaction to a merchant while privately operating their own version of the blockchain, adding a transaction that returns the money to the attacker.
If the attacker mines more blocks in the time it took the merchant to send the goods or service, the attacker can broadcast it across the network and invalidate the initial payment to the merchant.
Why it's unlikely
Similar to the 51% attack, this would require an incredible amount of hashing power. But again, this remains theoretically possible.
Has double spending ever happened on Bitcoin?
Actually no! There is no recorded evidence of a successful double spend attack. Many see this as proof that cryptocurrency has solved the double spending problem.
Double-spend attacks are possible, but unlikely to occur on larger networks.
Conclusion
The double spending problem is a problem that plagued the future of digital currencies until Satoshi Nakamoto came along and created a little old thing called Bitcoin. This development seemingly solved the double spending problem by creating a distributed ledger that permanently records all transaction data and encrypts it using an SHA-256 hash.
That said, attacks remain theoretically possible. However, they all require either negligence on the part of a trader or unfathomable hashing power.
This article is part of the Hashnode Web3 Blog, where a team of selected editors offers new resources to help you discover the world of web3. Visit us to learn more about NFTs, DAOs, blockchains and the decentralized future.