The bitcoin network is very secure because of the principles of complete transparency and decentralization.
The reasons why the bitcoin network is extremely secure
Complete transparency means that every transaction that has happened on the network since its inception in 2009 is a part of the blockchain. For example, this is information for the block #1 of the blockchain: https://blockchain.info/block/00000000839a8e6886ab5951d76f411475428afc90947ee320161bbf18eb6048
This block contained only 1 transaction. And here is information about all the transactions in block #494424: https://blockchain.info/block/0000000000000000005c62737842565c200ba449425063877133584771c0d287 This block has a total of 2371 transactions and you can see them all using the link above.
Decentralization means that there is no one central authority that regulates the blockchain network or processes transactions. All the activity on the network happens because of its participants.
Finally, the structure of the blockchain technology makes it impossible for anyone to change information in the blocks. If you use the links above, you will see that every block has a hash. A hash is a verification code for data. A set of data will always create the same hash, yet if there’s a change of even one digit, the hash will look completely different. This is one of the ways for the network to keep its integrity.
The issue of double-spending
The issue of double-spending occurs when a user on the bitcoin network tries to spend the funds twice. For the bitcoin network to deem a transaction as valid, the transaction needs to have at least six confirmations from different blockchain blocks. Because it takes about ten minutes on average for the network to generate a block, obtaining six confirmations may take up to an hour.
The biggest potential for the problem of double-spend occurs when a transaction becomes visible to the entire network yet is still unconfirmed. Such transactions are also known as zero-confirmation transactions. Because of this, it makes sense for bitcoin users to wait for six confirmations before moving the funds again. The more confirmations a transaction has, the higher the probability that it is a valid transaction and a double-spend is not occurring. While the bitcoin software requires six confirmations, the protocol of the network requires 100 confirmations. Some pools of miners may require 120 confirmations or more.
While it is possible for someone to try and double-spend the funds, the changes that both transactions will go through are nonexistent because of the way the blockchain technology generates the blocks and verifies transactions. This being said, there are five potential attacks that are related to the issue of double-spending.
Potential attacks related to double-spending
Race attack is an attack on traders and merchants who accept payments in bitcoin and credit them to accounts immediately, without waiting for the necessary six confirmations. The attack may work if an attacker is successful at spending funds before the double-spend and the first transaction successfully makes it into the blockchain. The way merchants and traders can prevent this attack is very simple. All they have to do is to wait for payments to clear and for the bitcoin network to confirm the transaction. While this may take some time, the safety is worth it.
The Finney attack has its name after Hal Finney, a computer scientist who was the recipient of the first bitcoin transaction. Finney was born in 1956 and died in 2014. He was also the author of the application of the principle of reusable work to the financial markets and instruments. His principle plays a crucial role in how the miners obtain bitcoins and add blocks to the blockchain on the bitcoin network.
The Finney attack requires the attacker to also be a miner. In this attack, the attacker generates blockchain blocks occasionally. In each block that the attacker generates, there is a transfer between address 1 and address 2, both of which the attacker owns. The attack consists of generating a block but not broadcasting it. Next, the attacker makes a payment from address 1 to address 3. Because the network does not have information about the transfer between addresses 1 and 2, it accepts the transaction between addresses 1 and 3 as valid. Next, the attacker broadcasts the original block and the transfer between addresses 1 and 2 takes precedence over the transfer between 1 and 3.
Finney attack is possible no matter what precautions a merchant takes. However, the attack does require a participation of a miner and a very specific sequence of events, which make the attack not very likely to happen. Finney attack is non-trivial, hard to perform and expensive.
Vector76 is a combination of the Finney attack and the race attack. With a Vector76, even a transaction that has 1 confirmation can be later rejected by the network. To protect themselves from this attack, merchants need to take the same steps as when protecting themselves against the race attack.
The final type of attack is a 51% attack. In this scenario, an attacker needs to control over 50% of the network. If this happens, the attacker will be able to generate his own fork of the blockchain, which is why this attack has 100% probability of success. However, the bitcoin community has taken a number of steps to prevent this attack from ever occurring.