You may have heard of the risk of a double-spend attack. Is the risk real? This guide explores what these attacks are and why they are very unlikely to threaten Bitcoin holders who take proper precautions.
Double-spending is the risk that someone can spend the same money twice. It is the problem that cryptocurrencies were designed to solve. Digital products, in general, are easy to copy, so how does Bitcoin stop this from happening and ensure that coins are transferred rather than copied?
When someone makes a Bitcoin payment, it is added to a block of other transactions, which computers on the network work to verify. To do this, Bitcoin miners run a complex program and try to solve a mathematical problem called a "hash." When a computer solves the problem, the algorithmic work would have also verified the transaction.
There are three double-spending attack variants:
Bitcoin has long held a reputation for being the most secure cryptocurrency. Many view it as such because of its makeup that allows key participants to verify transactions in exchange for incentives. But, these incentives have reduced over the years thanks to halving.
Every time the blocks mined reach 210,000, which is about every four years, the reward for mining Bitcoin reduces by half. The first halving was in 2012, where the rewards were reduced from 50 BTC to 25. The rewards fell to 12.5 BTC in 21016, and in 2020, it dropped to 6.25 BTC per block. The reduced incentives have led to a reduction in the number of miners. Thus, fears of a 51% attack affecting Bitcoin have grown.
Does that mean countries like China, whose mining pools control about 70% of the hashpower, could threaten the network? Could these miners one day get together and burn down the house? It's theoretically possible, but it's extremely unlikely.
Firstly, it's hard to imagine Bitcoin miners turning on the network with a double-spend attack because they'd be shooting themselves in the foot and contributing to the devaluing of the very thing they are stealing. More importantly, double-spend attackers can't steal other peoples' Bitcoin arbitrarily, change consensus rules, or reverse valid transactions. They can only double-spend their own Bitcoin, and to do that, they would need an exchange without withdrawal limits or Anti-Money Laundering/Know-Your-Customer requirements which is practically impossible in the current regulatory climate.
For Bitcoin miners, it makes economic sense to secure the network rather than to attack it.
So, is double-spending an issue for Bitcoin users? It's not if you're responsible. If you enter into a Bitcoin trade with a stranger, simply wait for multiple confirmations to verify the authenticity of the trade. A transaction is unconfirmed until it's added to a block on the network. One confirmation means it’s been added to a block. The recommended minimum is six confirmations to consider a transaction final.
So if you’re not both accepting Bitcoin from untrustworthy strangers and in too much of a hurry to wait for your Bitcoin to be properly confirmed then rest assured that you have nothing to worry about!