Double-spending is an issue that has existed ever since Bitcoin’s (BTC) inception, and according to a recent report from ZenGo, it still persists across cryptocurrency wallets such as BRD, Ledger Live and Edge.
Although these companies have updated their product offerings since ZenGo pointed out this discrepancy, it is speculated that millions of crypto users could have been exposed to this particular exploit, dubbed BigSpender. Ledger, one of the impacted crypto wallet firms, even claimed that this vulnerability is only a user experience flaw.
What is double-spending?
Double-spending is a flaw that arises across digital cash platforms wherein a single digital token can be spent more than once. Although this is not a weakness that is unique to blockchain and cryptocurrency, it becomes a very significant issue for crypto users. With centralized currencies, this issue is solved by having a trusted third party in place that verifies if the token has already been spent.
With decentralized currencies such as Bitcoin, the unique selling point is that they offer a system that is not linked to any central bank, with the double-spend issue attempting to be solved by having many servers store up-to-date copies of the public transaction ledger.
The hurdle faced by this approach is that once broadcasted, transactions will reach each server at slightly different times, and if two transactions attempt to spend the same token, each server will consider the first to be valid and void the second transaction. If these two servers were to disagree then there would be no way to reconcile the true balance, as each server’s observation is considered valid. Cointelegraph spoke about the matter with Bilal Hammoud, founder and CEO of NDAX — a cryptocurrency exchange based in Canada — who said that despite recurring issues, Bitcoin does have a prevention system in place:
“Bitcoin network utilized multiple measures to prevent such attacks such as time to produce 1 block which averages about 10 minutes and recommendation of 6 confirmation which makes it near impossible to reverse a transaction unless the attacker owns a significant network hash power.”
Legitimate and fraudulent ways
There is a myriad of ways that a crypto user or an entity can double-spend. While some of these methods are legitimate, most are, unsurprisingly, fraudulent. Some of the well-known double-spending techniques are race attacks, Finney attacks, Vector76 attacks, the aforementioned BigSpender attack and the main threat to the Bitcoin network, 51% attacks.
A race attack — also known as a replace-by-fee, or RBF, attack — happens when the merchant or receiving party accepts a transaction with zero confirmations. It is the most common double-spend, where a user sends a transaction to a merchant, and once the transaction has been accepted and goods are delivered, the attacker sends a conflicting transaction to another address with a higher transaction fee, forcing it to be validated before the…