Finney Attack is the first known blockchain attack on the Bitcoin network and was discovered by the first-ever person to receive a Bitcoin. It is a very special type of double-spend attack that affects Bitcoin and any cryptocurrency derived from it.
In this article, you will learn what a Finney attack is, how it works, how it impacts the crypto space and its prevention.
Defining Finney Attack
Hal Finney, an American software developer, was the first-ever recipient of the first Bitcoin transaction. He was also the first to publicly speak about Bitcoin during its initial launching. As a software developer, he also discovered the possibility of a “double-spending scheme” on Bitcoin. This scheme was then named after him as Finney Hack or Finney Attack.
The Finney hack or attack is a type of hack or double spending attack. So, what can happen when a person accepts an unconfirmed transaction on the network? Finney explained that a miner can generate a block where he will include a transaction from an address (A) to another address (B), where both addresses belong to him. Then, you will make another payment with the same currencies, sending from address A to address C (which belongs to another user). If the said user accepts the transaction without confirmations from the network, the attacker can release the block where his initial transaction is included. This invalidates the transaction made to the merchant allowing the attacker to double spend.
How does Finney Attack work?
While the cyberattack may easily attract cybercriminals as it seems an easy way to get rich without doing much effort and remain anonymous, it is not an easy feat that anyone can pull off.
It is difficult to execute since it requires that the attacker is a miner capable of extracting the block where his or her transaction will be validated. Also, you need a merchant to accept a transaction with zero confirmations from the network. Having these two conditions is quite difficult. However, in theory it is possible to carry it out even when you have less than 51% of the hash power of the network. Here’s how this attack is executed:
- Step 1 — The attacker performs a transaction in which he sends his coins to an address under his control. Once this action is performed, it begins mining a valid block in which said transaction is included.
- Step 2 — When it manages to extract the block and include the transaction, it does not transmit it to the network. Instead, make a purchase with the same amount of coins that you used in the first transaction. Thus, it seeks to make the payment of some goods or services with the same amount of money.
- Step 3 — After making the transaction to the merchant and the merchant accepting it without confirmation, the attacker transmits the mined block to the network. This action causes the network to accept the block as valid, while invalidating the transaction made to the merchant.
When the attacker has performed the steps, he or she has executed a Finney hack or attack. However, the success of the attack will still depend on the miner’s hashing power. This means that the lower the miner’s hashrate power is, the lower the chances that he or she will successfully execute it.
On the other hand, the attack will fail if another block is found in the network, in the time that the attacker is finding a block until the transaction is generated to the merchant and the merchant accepts it.
Performing this type of double-spending attack requires careful timing and a lot of patience. Since it must wait to find a block, which can take a long time, especially considering the number of miners and the difficulty of the network. In addition, the attacker must be able to buy some goods or pay for a service from a merchant in a few minutes. If another miner finds and transmits another block, the transaction to the merchant will be included and his attack will fail.
How to avoid Finney Attacks?
It is highly recommended that you wait at least six (6) confirmations on the Bitcoin network to consider a transaction as safe and irreversible.
For example, if you are going to accept less than $100 USD, with a confirmation, it might be enough since the cost of the attack will certainly be higher than the amount. This will never favor the plan of the attacker.
Bitcoin transactions are irreversible as new blocks are generated on every transaction, reflecting each new block as a confirmation to the included transaction. However, for considerable amounts, it is recommended to wait for 6 confirmations to ensure that the transaction is practically impossible to reverse. What remains a risk for users or merchants is accepting unconfirmed transactions from another person.
If an attacker uses the Finney hack to obtain liquid assets, it will be difficult to match the need for the assets while searching for a block. However, if you use it as a way to get something liquid, like exchanging bitcoins for another currency, there is always an opportunity to realize it for yourself, but it is likely that the merchant will ask for a number of confirmations to carry out the action.
Nowadays, pulling off this scheme is really impractical as it requires timing, patience, effort and searching for the right block.
Final Thoughts
While the Finney attack is the lesser known cyberattack, it is also the most difficult one to execute. As time flies by, blockchain technology continues to improve, addressing different concerns from the past to the future. It can’t be helped to worry about this kind of attack as it jeopardizes our crypto assets, but as long as we practice proper and safe transactions on the blockchain, we can be at ease that cryptos are worthwhile investments.
