Fraud Detection & Prevention


  • What are controls that are in place to detect and/or prevent fraud within the bitcoin system?
  • Are there any know exploits, or potential threats to the system?


Posted 2011-09-23T23:03:39.857

Reputation: 321

3This question is pretty open-ended and vague. Is there a particular type of fraud or exploit you are concerned about? – lemonginger – 2011-09-24T00:01:32.220

1Attacks pretty much fall into three categories. Double spending attacks, exploiting client bugs, and defects in the cryptographic operations used. The most interesting (because they're unique to cryptographic currencies and thus less well studied) are double spending attacks. – David Schwartz – 2011-09-24T01:04:17.977

+1 @David Schwartz: Thanks for breaking frequent types of attacks into categories. – blunders – 2011-09-24T01:19:30.257



The primary mechanism of attack in most financial systems, Bitcoin included, is a "double spend" attack which essentially allows the spending of the same money in multiple places either by duplication of funds or by revocation of the earlier of two transactions. We've actually addressed a number of such attacks on the StackExchange site here. Try looking at questions with the tag.

The two most commonly discussed are the 51% attack and the Finney attack.

The 51% attack requires the attacker to hold 51% or more of the complete hashing power of the Bitcoin network. Once the attacker holds the majority of all hashing power he/she may spend bitcoins and then fork the blockchain in such a way as to not include the block they were spent in. This is incredibly expensive and not arbitrarily done. It would also be somewhat detectable as the forking blockchain would regularly cause problems with other transactions until the 51% attack completed.

The Finney attack can be done by a solo miner without 51% of the network hashing power. The miner waits until they solve a block and place a transaction in that block in which they send all their coins to another address they control, but withhold their result. They then spend coins from the originating address elsewhere and then release the block. This essentially breaks the order of operations and makes the valid transaction impossible since the originating address no longer contains an adequate balance to have sent the coins.

These have both been discussed at great length and from many angles here on the StackExchange site. Again, try looking up the tag.

David Perry

Posted 2011-09-23T23:03:39.857

Reputation: 14 120