Vector Attack 76, is a type of double-spending attack attack that takes advantage of a small bug in Bitcoin's consensus system to run. As a result of this, the attacker can maliciously seize funds and cause losses to their victims.

Tall the technologies developed, including blockchain, they have attack vectors that cyber criminals can take advantage of for their own benefit. In the crypto world, one of the least known attacks is the Vector 76 Attack o Vector Attack 76.

The arrival of digital currencies and cryptocurrencies brought with it a serious problem, the double spending. In centralized digital currencies, this problem is easily solved by having all control in one core. But in decentralized currencies like Bitcoin, the problem is much bigger. In fact, the design of Bitcoin manages to minimize the problem of double spending. We can even say that it "removes" it, but due to the decentralized nature of Bitcoin, there will always be some point of failure that can be used to double spend.

It is there where the Vector Attack 76 o Confirmation Attack, take action. This double spend attack allows the attacker to include a double spend transaction in one block and use it to their advantage. This is accomplished by sending a self-built block for the network to give you a confirmation thinking the block is valid. In this way, the attacker can grab a certain amount of funds before the network can realize the problem. This attack was first described by the user vector76 on the Bitcointalk forum.

But, to understand the nature of this attack it is necessary to deepen the way in which it works, and that is what we will do next.

How does Vector Attack 76 work?

This attack is actually a combination of the Career Attack and Finney attack. Its main objective is exchanges or exchange houses, where attackers can buy and sell, their cryptocurrencies and Tokens without being quickly detected.

But how is this possible? Well, let's examine the anatomy of this attack a little more closely.

How is this attack executed?

Un Vector Attack 76 is executable when a dishonest miner, who has control over 2 full nodes network, connect one of these (node ​​A) directly to the service of an exchange. Then the second full node (node ​​B) interconnects it with other nodes that are well positioned within the blockchain network. In order to know which nodes to connect to, the miner must monitor the instant in which the nodes transmit the transactions, and how they then propagate them to the other nodes in the network. Thus, you will be able to know which nodes are the first to transmit the operations and you will be able to connect with the objective service and with well positioned nodes.

After establishing the necessary connections, the miner generates a valid block privately. At that moment, create a pair of transactions, which will have different values, being a high value transaction and a low value transaction. For example, the first transaction may be 25 BTC or more, and the second transaction may be as low as 0.1 BTC. Subsequently, the miner keeps the mined block on hold and assigns node A the high value transaction, that is, the 25 BTC transaction. This will be the transaction that will be directed to make a deposit within the exchange service.

When the miner detects a block advertisement on the network, it immediately transmits the block pre-terminated by it, directly to the exchange service, along with the recently generated block on the network. This in the hope that the rest of the nodes will consider their block as valid and assume them as part of the main chain. Thus, this block will be confirmed, and therefore, the 25 BTC transaction that is included in it is validated.

Once the exchange service confirms the 25 BTC transaction, the attacker makes a withdrawal from the exchange for the same number of cryptocurrencies that they deposited in the previous transaction (25 BTC). The attacker then sends the second transaction created, the 0.1 BTC transaction, to the network from node B. In order to create a fork that causes the network to reject and invalidate the first transaction. If this fork survives, the first transaction with the 25 BTC deposit will be invalidated, but the withdrawal will have been made. Therefore, the attacker will have succeeded and the exchange will lose 25 BTC.

  • Phase 1 of a Vector Attack 76
  • Phase 2 of a Vector Attack 76
  • Phase 3 of a Vector Attack 76
  • Phase 4 of a Vector Attack 76
  • Phase 5 of a Vector Attack 76

Attack probability of success

All these processes occur immediately and simultaneously, so it is very likely that the 0.1 BTC transaction will be taken as the main chain. But, a couple of blocks later, the deposit transaction with 25 BTC is invalidated. This is because node B, which transmits the 0.1 BTC transaction, is connected to well-positioned nodes that will relay that transaction much faster on the network. While node A, which contains the 25 BTC deposit transaction, is directly connected only to the exchange service. This node will have to retransmit said transaction to other nodes, making it much slower than node B.

Otherwise, in which the accepted block in the main chain contains the 25 BTC transaction, the attacker will only withdraw the 25 BTC that he deposited in the exchange. Therefore, Vector Attack 76 would not be successful. Still, in this scenario there are no losses or gains, neither for the attacker nor for the exchange.

Explained this, it can be detected that there is a high probability of success in executing this type of attack. But, even so, it is not common to do it because an exchange is required to agree to make withdrawal payments after just one confirmation, and the vast majority of exchanges usually require 2 to 6 confirmations.

However, a business offering digital goods or services could also be a victim of this type of attack.

How much do you know, cryptonuta?

Is the existence of the Vector Attack 76 a sign of the lack of security of the blockchain?


All systems have vulnerabilities due to their infrastructure, but knowing those errors and solving them is essential to increase its security. Bitcoin is the best example of this, the Vector 76 Attack is something structural, but it is only possible if said structure is not extensive enough and decentralized, something that the community knows and gives them a reason to extend more and more in order to make it safer.

How to protect yourself from a Vector 76 Attack?

To protect yourself from these types of attacks, some recommendations should be taken into account:

  1. Use systems that do not accept transactions with a single confirmation. Vector Attack 76 requires this to be possible to successfully carry the attack. Instead, the least we should expect is to have 2 confirmations, or even 6, as is highly recommended.
  2. The node we use should avoid having inbound connections enabled, or failing that, define inbound connections from well-recognized computers. This prevents the attacker from injecting false information about the blockchain to our node.
  3. Outgoing node connections should also be monitored and only allowed to well known nodes. This prevents our nodes from giving information about the state of the chain that we handle.

With these measures we can protect ourselves from this type of attack without major problems.