Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent more than once. This is possible because a digital token consists of a digital file that can be duplicated or falsified. As with counterfeit money, such double-spending leads to inflation by creating a new amount of fraudulent currency that did not previously exist. This devalues the currency relative to other monetary units, and diminishes user trust as well as the circulation and retention of the currency. Fundamental cryptographic techniques to prevent double-spending while preserving anonymity in a transaction are blind signatures and, particularly in offline systems, secret splitting.
The prevention of double-spending attack has taken two general forms: centralized and decentralized.
This is usually implemented using an online central trusted third party that can verify whether a token has been spent. This normally represents a single point of failure from both availability and trust viewpoints.
The cryptocurrency bitcoin implemented a solution in early 2009. It uses a cryptographic protocol called a proof-of-work system to avoid the need for a trusted third party to validate transactions. Instead, transactions are recorded in a public ledger called a blockchain. A transaction is considered valid when it is included in the blockchain that contains the most amount of computational work. This makes double-spending more difficult as the size of the overall network grows. Other cryptocurrencies also have similar features.
Decentralized currencies that rely on blockchain are vulnerable to the 51% attack, in which a malicious actor can rewrite the ledger if they control enough of the computational work being done. For example, one could theoretically spend cryptocurrency then erase the transaction so it appears it never happened. In May 2018, this double-spending technique was used against Bitcoin Gold, the 26th largest cryptocurrency, to defraud cryptocurrency exchanges of millions of dollars. In response, exchanges repeatedly raised the threshold needed to confirm a transaction, but the attacker had enough computing power to exceed those thresholds and continued double-spending for three days.
- The Double Spending Problem and Cryptocurrencies. Banking & Insurance Journal. Social Science Research Network (SSRN). Accessed 24 December 2017.
- Mark Ryan. "Digital Cash". School of Computer Science, University of Birmingham. Retrieved 2017-05-27.
- Jaap-Henk Hoepman (2008). "Distributed Double Spending Prevention". arXiv:0802.0832v1 [cs.CR].
- Osipkov, I.; Vasserman, E. Y.; Hopper, N.; Kim, Y. (2007). "Combating Double-Spending Using Cooperative P2P Systems": 41. doi:10.1109/ICDCS.2007.91.
- Janus Kopfstein (12 December 2013). "The Mission to Decentralize the Internet". The New Yorker. Retrieved 30 December 2014.
The network’s "nodes"—users running the bitcoin software on their computers—collectively check the integrity of other nodes to ensure that no one spends the same coins twice. All transactions are published on a shared public ledger, called the "block chain"
- Varshney, Neer (2018-05-24). "Why Proof-of-work isn't suitable for small cryptocurrencies". Hard Fork | The Next Web. Retrieved 2018-05-25.
- "Bitcoin Gold loses millions as it is hit by a double spend attack". Fast Company. 2018-05-24. Retrieved 2018-05-25.
- "Double Spend Attack on Exchanges". The Bitcoin Gold Community Forum. Retrieved 2018-05-25.
- "Hacker Makes Over $18 Million in Double-Spend Attack on Bitcoin Gold Network". BleepingComputer. Retrieved 2018-05-25.