Double-Spending Made Easy

A practical guide to double-spending with Bitcoin

Prepared and presented by Charles Hill

Inputs and Outputs

All bitcoin transactions contain inputs and outputs, where the inputs to one transaction are outputs from a previous transaction. There is one exception - coinbase transactions - which have no inputs and only have outputs.

Outputs that have not been spent yet are called unspent transaction outputs (UTXO).

What is a Double-Spend?

Using the exact same unspent output (UTXO) as an input for two different transactions. Alice broadcasts Transaction A where Bob is the recipient. Bob sees the transaction and thinks he has been paid. Alice attempts to broadcast Transaction B, but the transaction is rejected as a double-spend.

Race Attack

Alice creates Transaction A that pays Bob. Then Alice creates Transaction B using the exact same input, but the recipient is Alice. Finally, Alice broadcasts Transaction A followed quickly by Transaction B. The first transaction that is mined (confirmed) in a block is valid. The other will be invalid.

Finney Attack

Alice creates Transaction B that pays herself. Alice mines a block with this transaction included, but doesn't broadcast it. Alice creates and broadcasts Transaction A which pays Bob with the exact same input as Transaction B. Alice broadcasts the mined block.

Alternative History Attack

Alice creates and broadcasts Transaction A, while privately mining an alternative blockchain fork in which she has included Transaction B. Once her privately mined chain is longer than the public chain, she broadcasts her fork.

Replace-by-fee (RBF) Attack

RBF is a feature of the Bitcoin protocol that allows users to increase the fee paid by a stuck transaction, improving the odds that it will be confirmed. This feature can be abused to double-spend quite easily, but only for unconfirmed transactions.

Demo Time!

Who wants some bitcoin?

Bitcoin logo with wink emoji

Wallet Apps vs. Double-Spending

So how do wallet applications perform against double-spend attacks?

RBF Flag Double-spend
Intervention is possible
(e.g "child pays for parent")
Bitcoin Core ? ? ? ?
Blockstream Green Wallet no no no partial
Coinomi no no no yes
Electrum yes partial partial yes
Mycelium yes no partial yes
Trezor Web no no no yes

Test results from September 2019

Block Explorers vs. Double-Spending

And what about block explorers?

RBF Flag Double-spend
Both transactions
Original tx
preserved yes partial partial yes no partial yes yes no no no no yes yes yes no yes no no no no no no no no no no no
insight no no no no no yes no no

Test results from September 2019

Root of the Problem

0-conf is fast but not trustless

Businesses and individual users want fast, trustless, censorship-free payments. This means that they are using zero-confirmation transactions and assuming the risk of being defrauded by their counter-parties.

Incomplete Information

Bitcoin nodes do not relay invalid (double-spend) transactions so there is no guarantee that your wallet application (or full-node) will see both the original payment and double-spend transactions. In other words - this cannot be solved with better interfaces alone.

The Solution is Clear

Wait for at least one confirmation - or more for high-value transactions.

For businesses such as cafes, restaurants, or bars - accepting unconfirmed Bitcoin transactions is just a bad idea. So if you require fast payments..

Use the Lightning Network!

A peer-to-peer, second-layer network that facilitates instant, trustless, low-fee payments. The ecosystem around LN is developing rapidly. Download and give a try to one of several Lightning-enabled wallet apps:

Try to double-spend yourself

Don't trust, verify the payment systems which you depend on.

PayNoWay is available now in the PlayStore


Scan the QR code for a link to this presentation