Author: Gavin Andresen 2011-08-18 14:00:01
Published on: 2011-08-18T14:00:01+00:00
A variation on a 'Finney attack' has been posted on the forums by vector76. The method involves observing when nodes are broadcasting transactions, and establishing a direct connection to the target by watching for which nodes are earliest to broadcast transactions. The attacker then creates a transaction making a valid deposit into their target, but does not broadcast it. Instead, they add it to a block they are attempting to mine. Once they succeed in creating a valid block, they wait until someone else mines a block, at which point they immediately broadcast their block to the target. If the target sees their block before the other block, it will be accepted, and the block chain will fork. The attacker can then request a withdrawal, and if the deposit eventually "wins", they have made a deposit and withdrawal, and lost nothing. The lessons from this attack are "don't accept 1-confirmation transactions" and "try to be well-connected."
Updated on: 2023-05-26T20:20:54.394089+00:00