Double-spending

Double-spending is the unauthorized production and spending of money, either digital or conventional. It represents a monetary design problem: a good money is verifiably scarce, and where a unit of value can be spent more than once, the monetary property of scarcity is challenged. As with counterfeit money, such double-spending leads to inflation by creating a new amount of copied currency that did not previously exist. Like all increasingly abundant resources, this devalues the currency relative to other monetary units or goods and diminishes user trust as well as the circulation and retention of the currency.

Fundamental cryptographic techniques to prevent double-spending, while preserving anonymity in a transaction, are the introduction of an authority (and hence centralization) for blind signatures and, particularly in offline systems, secret splitting.^[1]

Centralized digital currencies

Prevention of double-spending is usually implemented using an online central trusted third party that can verify whether a token has been spent.^[1] This normally represents a single point of failure from both availability and trust viewpoints.

Decentralized digital currencies

In a decentralized system, the double-spending problem is significantly harder to solve. To avoid the need for a trusted third party, many servers must store identical up-to-date copies of a public transaction ledger, but as transactions (requests to spend money) are broadcast, they will arrive at each server at slightly different times. If two transactions attempt to spend the same token, each server will consider the first transaction it sees to be valid, and the other invalid. Once the servers disagree, there is no way to determine true balances, as each server's observations are considered equally valid.

Most decentralized systems solve this problem with a consensus algorithm, a way to bring the servers back in sync. Two notable types of consensus mechanisms are proof-of-work and proof-of-stake.

By 2007, a number of distributed systems for the prevention of double-spending had been proposed.^[2]^[3]

The cryptocurrency Bitcoin implemented a solution in early 2009. Its cryptographic protocol used a proof-of-work consensus mechanism where transactions are batched into blocks and chained together using a linked list of hash pointers (blockchain). Any server can produce a block by solving a computationally difficult puzzle (specifically finding a partial hash collision) called mining. The block commits to the entire history of bitcoin transactions as well as the new set of incoming transactions. The miner is rewarded some bitcoins for solving it.

The double-spending problem persists, however, if two blocks (with conflicting transactions) are mined at the same approximate time. When servers inevitably disagree on the order of the two blocks, they each keep both blocks temporarily. As new blocks arrive, they must commit to one history or the other, and eventually a single chain will continue on, while the other(s) will not. Since the longest (more technically "heaviest") chain is considered to be the valid data set, miners are incentivized to only build blocks on the longest chain they know about in order for it to become part of that dataset (and for their reward to be valid).

Transactions in this system are therefore never technically "final" as a conflicting chain of blocks can always outgrow the current canonical chain. However, as blocks are built on top of a transaction, it becomes increasingly costly and thus unlikely for another chain to overtake it.

51% attack

Due to the nature of a decentralized blockchain, and in lack of a central authority to do so, the correct succession of transactions is defined only by the dominating consensus. This leads to the possibility of one actor gaining majority control over the entities deciding said consensus, to force their own version of events, including alternative and double transactions. Due to information propagation delays, 51% attacks are temporarily possible for a localized subset of actors too.

The total computational power of a decentralized proof-of-work system is the sum of the computational power of the nodes, which can differ significantly due to the hardware used. Larger computational power increases the chance to win the mining reward for each new block mined, which creates an incentive to accumulate clusters of mining nodes, or mining pools. Any pool that achieves 51% hashing power can effectively overturn network transactions, resulting in double spending.

One of the Bitcoin forks, Bitcoin Gold, was hit by such an attack in 2018 and then again in 2020.^[4]^[5]^[6]

A given cryptocurrency's susceptibility to attack depends on the existing hashing power of the network since the attacker needs to overcome it. For the attack to be economically viable, the market cap of the currency must be sufficiently large to justify the cost to rent hashing power.^[7]^[8]

In 2014, mining pool GHash.io obtained 51% hashing power in Bitcoin which raised significant controversies about the safety of the network. The pool voluntarily capped their hashing power at 39.99% and requested other pools to follow in order to restore trust in the network.^[9]^[10]

Ethereum Classic experienced a 51% attack in 2019,^[11]^[12] followed by multiple more in 2020, significantly impacting its security and market perception. These attacks involved malicious actors reorganizing transactions to double-spend coins, leading to concerns regarding the long-term viability and security measures of the Ethereum Classic blockchain.^[13]

Atomic Ownership Blockchains

Atomic Ownership Blockchains achieve a higher degree of decentralization than Bitcoin-style public blockchains through public domain private micro-blockchains, thereby enabling resistance to double-spending attacks at the cryptographic level without relying on ideal economic models or being constrained by the proportion of control over computing power or other resources.^[14]

Atomic Ownership Blockchains (AOB) employs multiple micro-blockchains to represent the system, with each blockchain dedicated to describing a single atomic object. Each blockchain operates as a public-domain private blockchain: it is visible and readable in the public domain, but only its owner has the authority to append new blocks. The owner transfers ownership by adding a block that specifies the recipient's public key as the new target. Upon transfer, the recipient becomes the new owner and can subsequently append blocks to pass the blockchain to another party. This process enables rapid circulation of blockchains among participants without requiring any consensus algorithms. The sequence of transfer blocks on the blockchain records its full ownership history, allowing the current owner to be determined from the most recent block.^[14]

AOB counters double-spending attacks through the following mechanisms:

Punishing Attackers

As private blockchains, each AOB position allows only one individual to append blocks. Any forks—branches created by the same owner—indicate an attack attempt. The block appender can thus be directly identified as the attacker and added to a global blacklist by all nodes, resulting in the forfeiture of their account balance. If account creation incurs a fee, the attacker also loses that cost. This economic penalty ensures attackers cannot profit, achieving security at the economic level.^[14]

Fork Selection

For conflicting blocks at a fork point, the network deems the first-broadcast block as valid. If an attacker broadcasts two conflicting blocks with a sufficiently long interval, the network achieves implicit consensus on their order. If the interval is short, the recipient rejects the payment. The estimated network-wide broadcast time is denoted as t0. Third-party nodes, upon receiving a payment block, wait for 2t0 without detecting a conflicting block, can confirm that—even if a fork emerges later—this block was broadcast first and received by all nodes ahead of alternatives, thereby validating it. For the recipient of the payment, waiting 4t0 without conflicts ensures that all nodes have received the block first and observed the 2t0 window, making acceptance secure.^[14]

References

^ ^a ^b Mark Ryan. "Digital Cash". School of Computer Science, University of Birmingham. Retrieved 2017-05-27.
^ Jaap-Henk Hoepman (2008). "Distributed Double Spending Prevention". arXiv:0802.0832v1 [cs.CR].
^ Osipkov, I.; Vasserman, E. Y.; Hopper, N.; Kim, Y. (2007). "Combating Double-Spending Using Cooperative P2P Systems". 27th International Conference on Distributed Computing Systems (ICDCS '07). p. 41. CiteSeerX 10.1.1.120.52. doi:10.1109/ICDCS.2007.91. S2CID 8097408.
^ Canellis, David (2020-01-27). "Bitcoin Gold hit by 51% attacks, $72K in cryptocurrency double-spent". Hard Fork | The Next Web. Retrieved 2020-02-29.
^ Wong, Joshua; Wong, Joon Ian (24 May 2018). "Every cryptocurrency's nightmare scenario is happening to Bitcoin Gold". Quartz. Retrieved 1 November 2025.
^ Phillips, Daniel (7 November 2020). "The Long Collapse of Bitcoin Gold". Decrypt. Retrieved 1 November 2025.
^ "Cost of a 51% Attack for Different Cryptocurrencies | Crypto51". www.crypto51.app. Retrieved 2020-02-29.
^ Varshney, Neer (2018-05-24). "Why Proof-of-work isn't suitable for small cryptocurrencies". Hard Fork | The Next Web. Retrieved 2018-05-25.
^ "Popular Bitcoin Mining Pool Promises To Restrict Its Compute Power To Prevent Feared '51%' Fiasco". TechCrunch. 16 July 2014. Retrieved 2020-02-29.
^ Hern, Alex (16 June 2014). "Bitcoin currency could have been destroyed by '51%' attack". The Guardian. Retrieved 1 November 2025.
^ Brandom, Russell (9 January 2019). "Why the Ethereum Classic hack is a bad omen for the blockchain". The Verge. Retrieved 1 November 2025.
^ Orcutt, Mike (19 February 2019). "Once hailed as unhackable, blockchains are now getting hacked". MIT Technology Review. Retrieved 1 November 2025.
^ "Ethereum Classic faced '51 percent attack'" (in Turkish). Bloomberg HT. 31 August 2020. Archived from the original on 12 September 2020. Retrieved 21 April 2025.
^ ^a ^b ^c ^d "Achieving Greater Decentralization with Atomic Ownership Blockchains". Ledger. 2025-10-29. Retrieved 2025-11-10.

[Ryan-1] Mark Ryan. "Digital Cash". School of Computer Science, University of Birmingham. Retrieved 2017-05-27.

[prop2007-2] Jaap-Henk Hoepman (2008). "Distributed Double Spending Prevention". arXiv:0802.0832v1 [cs.CR].

[prop2008-3] Osipkov, I.; Vasserman, E. Y.; Hopper, N.; Kim, Y. (2007). "Combating Double-Spending Using Cooperative P2P Systems". 27th International Conference on Distributed Computing Systems (ICDCS '07). p. 41. CiteSeerX 10.1.1.120.52. doi:10.1109/ICDCS.2007.91. S2CID 8097408.

[4] Canellis, David (2020-01-27). "Bitcoin Gold hit by 51% attacks, $72K in cryptocurrency double-spent". Hard Fork | The Next Web. Retrieved 2020-02-29.

[5] Wong, Joshua; Wong, Joon Ian (24 May 2018). "Every cryptocurrency's nightmare scenario is happening to Bitcoin Gold". Quartz. Retrieved 1 November 2025.

[6] Phillips, Daniel (7 November 2020). "The Long Collapse of Bitcoin Gold". Decrypt. Retrieved 1 November 2025.

[7] "Cost of a 51% Attack for Different Cryptocurrencies | Crypto51". www.crypto51.app. Retrieved 2020-02-29.

[8] Varshney, Neer (2018-05-24). "Why Proof-of-work isn't suitable for small cryptocurrencies". Hard Fork | The Next Web. Retrieved 2018-05-25.

[9] "Popular Bitcoin Mining Pool Promises To Restrict Its Compute Power To Prevent Feared '51%' Fiasco". TechCrunch. 16 July 2014. Retrieved 2020-02-29.

[10] Hern, Alex (16 June 2014). "Bitcoin currency could have been destroyed by '51%' attack". The Guardian. Retrieved 1 November 2025.

[11] Brandom, Russell (9 January 2019). "Why the Ethereum Classic hack is a bad omen for the blockchain". The Verge. Retrieved 1 November 2025.

[12] Orcutt, Mike (19 February 2019). "Once hailed as unhackable, blockchains are now getting hacked". MIT Technology Review. Retrieved 1 November 2025.

[Bloomberg_HT-13] "Ethereum Classic faced '51 percent attack'" (in Turkish). Bloomberg HT. 31 August 2020. Archived from the original on 12 September 2020. Retrieved 21 April 2025.

[GreaterDecentr-14] "Achieving Greater Decentralization with Atomic Ownership Blockchains". Ledger. 2025-10-29. Retrieved 2025-11-10.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]