It is the first attack or hack known to Bitcoin and discovered by who was the first person to receive a bitcoin transaction, Hal Finney. The Finney hack or attack as it was named in his honor, is a very special type of double-spending attack that affects Bitcoin and any cryptocurrency derived from it.

EThe first recipient of a Bitcoin transaction was Hal Finney and it was he who first spoke of the launch of Bitcoin. He was also the first to suggest the possibility of a double-spending attack on Bitcoin. For this reason, this attack was named as Finney Hack or Finney Attack in his honor.

The Finney hack or attack is a type of hack or double spending attack What can happen when a person accepts an unconfirmed transaction on the network. Finney explained that a miner can generate a block where he will include a transaction from an address A to another address B, where both addresses belong to him. Then, you will make another payment with the same currencies, sending from address A to address C (which belongs to another user). If said user accepts the transaction without confirmations from the network, the attacker can release the block where his initial transaction is included. This invalidates the transaction made to the merchant allowing the attacker to double spend.

Hal Finney the author of the attack Finney with his wife

How does a Finney hack or attack run?

Performing this type of double-spend attack is not an easy task. On the contrary, it is very difficult to execute because it implies that the attacker is a miner capable of extracting the block where his transaction will be validated. Also, you need a merchant to accept a transaction with zero confirmations from the network. Joining these two conditions is quite difficult. However, in theory it is possible to carry it out even when you have less than 51% of the hash power of the network. Let's see how this attack is executed in 3 steps:

When the attacker is successful, it means that he executed a Finney hack or attack. However, depending on the miner's hashing power, this attack is quite unlikely to execute. Thus, the lower the miner's hashrate power, the lower the chances that he will successfully execute it. On the other hand, the attack will fail if another block is found in the network in the time that the attacker takes time to find a block until the transaction is generated to the merchant and the merchant accepts it.

So performing this type of double-spending attack requires careful timing and a lot of patience on the part of the attacker. Since it must wait to find a block, which can take a long time, especially considering the number of miners and the difficulty of the network. In addition, the attacker must be able to buy some good or pay for a service from a merchant in a few minutes. Since as we mentioned, if another miner finds and transmits another block, the transaction to the merchant will be included and his attack will fail.

Who is susceptible to a Finney attack?

If a person or merchant accepts unconfirmed transaction payments, you may be subject to this attack. For example, a store with online services such as downloading video games that accept cryptocurrencies and that allow downloading immediately may be susceptible to these types of attacks. It is also likely to occur in supermarkets, although the purchase time is not exact in them. This is because there can be many people in the pay queue, which prevents an attacker from using the time to their advantage.

How much do you know, cryptonuta?

The Finney attack hasn't been fixed because the developers can't do it?


The Finney attack is easy to fix at the code level, but despite this the developers have not done it due to a powerful reason: it requires a change that drastically changes the way consensus is handled on the network and could have undesirable effects . For that reason, and considering that decentralization and increased mining power make this weakness extremely difficult to exploit, Bitcoin developers have overlooked the mistake in favor of leaving things as is. After all "If it works, don't touch it."

How to protect yourself from a Finney attack?

The first recommendation is to wait at least 6 confirmations on the Bitcoin network to consider a transaction as safe and irreversible.. Despite the decentralization of the network has grown so much that in the vast majority of cases with 1 or 2 it may even be enough, being able to even value the number of confirmations based on the amount transacted.

For example, if you are going to accept less than € 100, with a confirmation it may be enough because the cost of the attack would be enormously higher. Games theory y el Nash equilibrium it will never favor executing the attack.

As we have mentioned in previous articles on irreversible transactions, Bitcoin transactions will be irreversible as new blocks are generated on which the transaction includes. Reflecting each new block as a confirmation to the included transaction. However, for considerable amounts, it is recommended to wait for 6 confirmations to ensure that the transaction is practically impossible to reverse. For what remains at the risk of a user or merchant, accept unconfirmed transactions by another person.

If an attacker intends to use the Finney attack to obtain some illiquid asset, it is difficult to match the need for this asset with the search for a block. However, if you use it as a way to get something liquid, like exchanging bitcoins for another currency, there is always an opportunity to realize yourself. But it is likely that the merchant asked him for a number of confirmations to carry out the action. So in practice it is quite difficult and improbable to achieve something like this.