[Double Flower] Also known as "Honeysuckle", it has been known as a good medicine for clearing away heat and detoxification since ancient times. It is sweet and cold in nature and fragrant in nature. It's a good flower to make up the word count!
The double flower we are going to talk about today has nothing to do with plants, but refers to a behavior in the blockchain world. "Double spending" means double payment. In the vernacular, it means "only one coin is spent twice".
Double spending is the most common form of fraud attack that traders encounter, and there has been an increase in the number of fraudulent cases recently. Therefore, friends who are engaged in related industries must read this article carefully.
1. What is double spending?
We can use a real-life case to make an analogy.
You have 5 yuan in your bank card, which is just enough to buy a cold noodle dish, why don't we just spend it...
Under normal circumstances, you pay 5 yuan by scanning the QR code on WeChat, and the balance of your bank card becomes 0, and then you get delicious grilled cold noodles*1. The two parties are mutually beneficial and the transaction is concluded.
In the case of double spending, you use WeChat to scan the QR code for roasted cold noodles, and then use Alipay to scan the QR code for stinky tofu (5 yuan) next door, and choose the same bank card to pay for both times. As a result, you only have 5 yuan, but spent twice, and got a product worth 10 yuan (roasted cold noodles + stinky tofu). Later, the transaction system judged that the transaction of roasted cold noodles was abnormal, and deducted the 5 yuan received by the roasted cold noodles merchant.
The baked cold noodle store successfully lost 5 yuan, and you, the bad guy, have disappeared without a trace.
(However, this situation is almost impossible to happen on WeChat Alipay, because the traditional financial transaction system confirms the transaction in milliseconds, and the balance will be deducted immediately after your first consumption. It is impossible for you to spend at the same time Two deals.
If you really achieve "simultaneity", this kind of centralized database can also give you feedback [the transaction was not successful] with a specific verification program. )
2. How to double spend a bitcoin?
Double-spending behavior is essentially a fraudulent attack. Only by better understanding it can we better defend against it——Pai Pai
Back to our Bitcoin, the transaction confirmation speed of Bitcoin under normal circumstances is about 10 minutes (the confirmation time will be longer when the network is congested and the difficulty of block generation becomes higher)
When a transaction is in the state of 0 confirmation, it actually means that the transaction has not been actually written into the block, and this is also the best time for the "attacker" to carry out a double-spending attack.
Let's use a case to simulate the double-spending process of Bitcoin.
Xiaobi and Xiaoqian agree to make a transaction: Xiaobi needs to be sold to Xiaoqian for 1 bitcoin, and Xiaoqian needs to be transferred to Xiaobi for 100,000 yuan.
Therefore, Xiaobi first transferred 1 bitcoin to Xiaoqian with Wallet A.
Xiaoqian's wallet shows that he has received 1 bitcoin, so he transfers the money to Xiaoqian.
The naive children must have thought that the transaction was successfully concluded at this time, but it turned out not to be the case.
The 1 coin received by Xiaoqian has been in an unconfirmed state, waiting and waiting... Finally, the transaction shows "double spent", and the corresponding bitcoin balance has changed back to the state before the coin was collected.
Xiaoqian successfully lost 100,000 yuan, and the bad guy Xiaobi has disappeared without a trace.
So what did Xiaobi do?
When Xiaoqian transferred coins to Xiaoqian, he set a particularly low miner's fee in Wallet A, which caused the miners not to package the transaction, and Xiaoqian didn't notice that the received coins were in the "unconfirmed" state, so he gave Xiaoqian Coin paid.
After Xiaobi imports the mnemonic phrase (private key) of wallet A into wallet B, it will find that its balance has not decreased, so Xiaobi sends that bitcoin from wallet B to another address of its own, and at the same time sets a lot of High miner fees...
So far, Xiaobi has sent a total of 1 bitcoin twice, because a higher miner fee is set for the second time, because the second transaction will be confirmed faster, resulting in double spending of the coins transferred to Xiaoqian It was invalidated, so Xiaoqian did not receive the coins, but the money has been cheated by Xiaoqian.
3. How to prevent double spending?
The above case is the most common double-spend case and a form of fraudulent attack that costs almost nothing.
The attack is simple, and the corresponding prevention is also simple. The key to this type of attack lies in the three words [unconfirmed].
Because only unconfirmed transactions are likely to be double-spend in this form, everyone must keep in mind that "unconfirmed = no real account". If you are doing a transaction with someone else, at least wait for the transaction to have a confirmation before calling the other party. payment.
If there is 1 confirmation, the cheater will no longer have this kind of double spending opportunity.
4. Is one confirmation enough to be safe?
In daily life, we can think that 1 confirmation is enough security.
In theory, there is still a 51% attack that can double-spend the confirmed transactions, but the 51% attack requires huge costs (billions of dollars) and has no benefit to the attacker, so we can think that it is almost impossible It will happen, so we will not expand on it here. You can first digest the above "zero confirmation double spend fraud"
(In daily transactions, it is safe enough to wait for 1 confirmation. If the transaction amount is huge, you can wait for more confirmations appropriately.)
5. I would like to learn more about the confirmation mechanism of Bitcoin.
You can read this article:https://m.weibo.cn/6404560407/4359920863884136
6. Is double spending a loophole in Bitcoin?
The zero-confirmation double-spending fraud should actually be regarded as the fact that the basic knowledge of the deceived is not solid enough, and the confirmation mechanism of Bitcoin is not well understood. This behavior is the same as only checking text messages for bank card transfers. Text messages are unreliable. It is safer to open online banking to confirm.
7. Will writing this article make liars learn to be bad?
Liars work harder than us, you don't need me to learn it earlier, you will be the last to know in the whole world, and you still worry about it.
A wise man above said that any attack can only be defended against it if you understand it.
In view of the fact that there are not many popular science articles on such attack methods in China, I hope this article can help some users avoid some potential losses, so how can more people avoid losses?
Liars will definitely not spread this article, and the important task of saving the common people in the currency circle depends on you, who is amazing in your bones!
