Double-Spent Attack

Any discussion of Blockchain is incomplete without discussing about double-spend attack mainly with cryptocurrencies. Double-spending happens when the same cryptocurrency coin is spent for two or more transaction at once. This type of attack requires a tremendous computational power and it is very likely to fail. However if successful, it may be profitable.


Assuming it is not a counterfeit paper note, in real world, same paper note can not be in two places at once. For example, Jimmy a rich millionaire visits his favorite local coffee shop to buy a $5 cup of coffee. In purchasing his coffee, Jimmy hands over the paper note to the shop owner. The owner, in accepting Jimmy’s $5 bill, can instantly confirm that Jimmy has paid the correct amount for the coffee. Jimmy therefore can not now spend that same $5 note elsewhere to make another purchase.




In case of digital transactions, they have to go through central authority (such as banks) to clear the electronic transfers. This is how in real world double-spend issue is easily addressed.




In digital currencies, however there is no actual physical relinquishing of a currency which creates the double-spending problem. Following is an example of double-spend attack in a digital currency called Richa Coin. The attack is split into four stages which are described below.

Stage 1 – Current

Assuming it is not a counterfeit paper note, in real world, same paper note can not be in two places at once. For example, Jimmy a rich millionaire visits his favorite local coffee shop to buy a $5 cup of coffee. In purchasing his coffee, Jimmy hands over the paper note to the shop owner. The owner, in accepting Jimmy’s $5 bill, can instantly confirm that Jimmy has paid the correct amount for the coffee. Jimmy therefore can not now spend that same $5 note elsewhere to make another purchase.



Stage 2 – Transfer

Jimmy agrees to sell the painting to Tom for 100 Richa Coins and Tom transfers 100 Richa Coins to Jimmy.


Meantime Tom creates an offspring of the Blockchain from Block 53 and transfers 100 Richa coins to a different account that he owns. This offspring does not broadcast the solution of his blocks to the rest of the Blockchain networks.





Stage 3 – Longest Chain

Jimmy on seeing transaction confirmation, ships the painting to Tom. While in the background, Tom on his private Blockchain succeeds in generating a longer Blockchain with reverse transaction back to him.



Stage 4 – Publish

Once Tom has the longest chain, he connects to the Blockchain network and publishes his blocks. All the nodes in the network agree on considering them as the valid ones because the offspring Blockchain is longer than the current valid Blockchain.


The offspring Blockchain now becomes the valid Blockchain and thereby reversing the transfer of 100 Richa Coins made to Jimmy. In the end Tom still has the 100 Richa Coins and the painting where as Jimmy has neither. This is an example of double-spend attack.





I hope this post now gives you an idea of how double-spent attack is executed and what is involved.

The Crypto Mistakes Newcomers Make

I got into cryptocurrency just over an year or so ago and during that period, I made a few mistakes. As I learnt more about crypo world and talked to other cryptonians (new & old), I found that those mistakes are quite common among newcomers. Therefore this blog post is my take on the most common mistakes newcomers makes when they get into the world of cryptocurrency.


Expecting big profit by mining

Those days are gone when you could mine a coin and make a big profit. Unless you can get ultra cheap electricity (even free), mining is simply not worth it.


Leaving coins on an exchange

Lots of newcomers make a mistake of buying and leaving coins on an exchange. For few years now, a few exchanges have gone busted/crashed or been hacked (i.e. Mt. Gox, Bitfinix). So if you don’t want to loose your crypto then move it somewhere safe (i.e cold storage, paper wallet, hardware wallet). If I plan on trading the coin in short term then I am happy to keep in an exchange else I will move it to a wallet.


Not holding your private keys

Going by point two above, if you are leaving your coin on an exchange then you don’t hold the private keys to your wallet. It is someone else who hold it and you are trusting them with your coin.


Not doing your own research

You are spending your well earned money purchasing crypotcurrency, so make sure you are doing your own research and not relying on someone else. If you do have someone, get their view but still do your own research on cryptocurrency that you would like to buy.


Transferring to wrong crypo-wallet

Make sure you are double checking the wallet address you are sending the fund to and also matches the right crypocurrency. Don’t send TIPS to Doge. Once transaction is made, it is irreversible so SLOW DOWN and make sure it is the right wallet you are sending to.


Use 2 Factor authentication

2FA is an extra layer of security that help reduce digital crime and internet fraud.   Therefore there is no excuse to not enable, whenever appropriate. Make sure you take a backup/save the restoration code incase you forget your 2FA.


Keep hardcopy of everything

Make sure you keep a hardcopy of everything which may include your password, restoration code, private key and save them somewhere secure. Should your computer crash or get compromised, you have backup copy to restore it.


Challenges of Relaunching Community Cryptocurrency


This posted is based on my experience of the challenges encountered when we tried to relaunching a dormant cryptocurrency. So if you are planning on reviving one, you are going to deal with these challenges to some extend. Most of these challenges you would have encountered in one situation or the other, even if you have never been involved in cryptocurrency.

  1. Security:
    • Lot of existing altcoin wallets have not been updated with right security patches for a very long time. Therefore, one of the main challenge will be to make sure the existing code base/libraries is updated with right security patches. In our case, last time the code/external libraries was updated was in 2015.
  1. Team communication, structure & collaboration:
    • If team members are co-located and solely working on coin, it is easy to build rapport and trust among the members. However this becomes challenging when you have team members scattered around the world and most of them have families and day job. Since you do not meet each other when performing the task, relying on each other to progress tasks a stronger level of trust is needed. In our case, we are using applications such as Slack, Trello, Github & Discord for communication and collaboration. Also we have a vetting process for recruiting new team members to make sure they fit in the team.
    • Another challenge you might face is around team structure and decision making. What kind of team structure will you be following? Hierarchy, flat or some other. If you are working on a community based cryptocurrency, should you be engaging rest of the community for any kind of decision making or should only handful of members make decision about the coin?
    • Currently we are a small team so communication, collaboration and decision making is easy to manage. However, I am looking forward to seeing what challenges lie ahead as the core team grows.
  1. Marketing strategy:
    • You might encounter challenge around marketing strategy which will include social media, exchanges, community engagement, roadmap and so forth. If you can liaise with the old team and get access to existing market strategy (if there is one) then it will make your life a lot more easy. Otherwise you might face same challenges as we did, such as:
        1. Social media channels & website: We didn’t have much luck getting right access to the existing social media channels/forums from the old team. This meant we had to start all over again by setting up new social media channels and website. It also meant publishing posts/ articles on different social channels/forums to let existing community know about us, what we are doing with the coin, where we are heading (roadmap), where they could get more information about the coin and how they can come onboard with this new project.
        2. Exchanges: Like social media, we had to reach out to existing exchanges to let them know about the relaunch so they could update appropriate links. Same time to increase our coin exposer, we reached out to new exchanges. Some of these exchanges required us to pay certain amount of fiat/cryptocurrency inorder to be listed and others it was online voting. Incase for voting, we had to reach out to the wider community via social medium to get their help.
        3. Community engagement: While you work on getting new community members (i.e. via using airdrops, twitter etc) on board you will also need to make sure you are engaging with existing members to get their buy in into what new team is trying to achieve. Which means actively engaging in answering their questions, comments and concerns. It could be anything from “How to” guide, hard fork, roadmap, exchanges, old vs new channels, mining and even trolls. All of this requires time and commitment from the team. There is a lot to the community engagement and I am still learning.
  1. Testing:
    • Cryptocurrency has varying challenges when it comes to testing. You have the functional and non functional side of it. The following are some of the challenges you will have to deal with when involved in testing. Depending on your situation, you might focus on specific type of tests for the relaunch while other ones later down the track.
        • Security
        • Performance/Scalability/Volume
        • Wallet functionality on different OS & devices
        • Wallet synching testing
        • Wallet backup functionality
        • Wallet upgrade/new installation etc
        • Miner testing (ASIC, GPU/CPU mining with different # of core/memory setting/disk iops)
        • and so forth
    • I normally use “FEW HICCUPPS” heuristics when I don’t have requirement and I need to do exploratory testing.  Testing all these areas can be time consuming, if done manually so you want to leverage automation. I are in the process of moving towards automation testing so it free us with exploratory testing and other things. Where possible try leverage cloud/virtualization option for testing. For example we use VMWare/Virtualbox/AWS for new wallet installation/upgrade and other functionality testing.


I hope this post gives you enough insight into potential challenges you might be dealing with when relaunching a community cryptocurrency.