Double spending blockchain attacks are ‘unrealistic’: report

Posted: 23 July 2018 2:45 pm
computer hack small

Large networks are relatively safe but the threat remains for smaller blockchain networks.

A new research study by the Bank of Canada (BoC) has determined that double spending attacks on large blockchain networks, such as bitcoin and Ethereum, is considerably risky and economically “unrealistic”.

The bank’s staff working paper revealed that the potential for double spending, via a 51% attack, on high hashrate blockchain networks was considerably low.

The study analyzed the behaviors of “honest miners” and “dishonest miners” in a distributed ledger system. A proof-of-work protocol monitored activities and double spending was introduced as an incentive compatibility constraint. The research shows that blockchain users approve new transactions through majority concurrence.

“This is related to the so-called ‘51% attack’ problem,” the BoC study said. “If a miner controls more than half the computational power among all miners, confirmation lags, in theory, lose their power in controlling double-spending incentives. The dishonest miner creates an arrival rate that is larger than those of the other honest miners combined. This implies that he is certain to eventually outrun other miners in generating a longer chain and, thus, can always cheat by double spending.”

However, the research notes that these kind of double spending attacks are impractical and improbable.

“From an economic point of view, this requires that a dishonest miner has deep pockets and is risk neutral,” according to the study. “These assumptions tend to be unrealistic and, in practice, users have little economic incentives to launch such an attack, especially when the computational investment by other miners is large.”

For smaller networks and coins, the threat of a 51% attack using double spending is much higher, as a result of lower costs. Attackers often rent hashpower, mostly by the hour, from various “cloud mining services”.

The research paper advises that users can protect against double spending attacks by delaying the
delivery of goods until multiple confirmations of the transaction have been recorded in the blockchain.

A separate research report revealed that there has been significantly more malicious cryptomining, commonly referred to as “cryptojacking”, than ransomware attacks during the first half of the year. Cryptomining malware accounted for nearly one third (32%) of all attacks between January and June 2018. This same statistic was true of ransomware attacks during the second half of last year. However, in the first half of 2018, less than one in ten (8%) cyber attacks employed ransomware.

Last week, the Commodity Futures Trading Commission (CFTC) released a warning to buyers and traders of “utility coins” or “consumption coins” and tokens, cautioning against rushed decisions and a lack of research.

You can learn all about different exchanges, understand exactly how to buy and sell cryptocurrencies, calculate your taxes, discover digital wallets to hold assets and explore a list of all the alternative coins on the market.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Ask an Expert provides guides and information on a range of products and services. Because our content is not financial advice, we suggest talking with a professional before you make any decision.

By submitting your comment or question, you agree to our Privacy and Cookies Policy and Terms of Use.

Questions and responses on are not provided, paid for or otherwise endorsed by any bank or brand. These banks and brands are not responsible for ensuring that comments are answered or accurate.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Go to site