The Finney Attack, the first known attack on the Bitcoin network, was discovered by the first person to buy Bitcoin. This type of attack is a special double-spending attack that affects Bitcoin and any cryptocurrency derived from it. In this article, you will learn about the Finney attack and how it works, how it affects the cryptocurrency space, and how to prevent it.

Introducing Finney’s attack

Hal Finney, an American programmer, was the first recipient of the first Bitcoin transaction. He was the first person to speak publicly during the launch of Bitcoin. As a software developer, he also discovered the potential for “dual-use programming” in Bitcoin. The program was then called Feeney Hack or Feeney Attack.

Of course, we can say that this process is not so complicated. Hal Phinney actually explains it more simply: the attack process starts when a miner creates a block on the network and makes a transaction from address 1 to address 2. If the initial transaction is completed and we move from the address to another transaction; From 1 to 3 something unusual can happen. In this situation, if a user accepts a transaction without network confirmation and confirms it, the hacker can gain access to the generated block and release the user’s original transaction. This publishing process invalidates the user’s transaction and finally a hacker can access the user’s property and transact.



How does the Finney attack work?

Cyber ​​attack easily attracts cyber criminals because it looks like an easy way to get rich without much effort and stay hidden, which is not an easy thing that anyone can do.

It is difficult to implement because it requires the attacker to be a miner of a block whose transaction is confirmed. You also need a merchant to accept transactions with zero network confirmation. It is very difficult to have both of these conditions. However, theoretically, this is possible even if the hash power of the network is less than 51%. Here’s how to execute the attack:

Step 1 – The attacker makes a transaction where he sends his coins to an address he controls. After performing this action, the mining of a valid block will begin, in which the mentioned transaction will start.

Step 2 – When we have finished mining blocks and processing transactions, we Do not send it to the network. Instead, buy with the same amount of coins you used in your first transaction. Therefore, they are willing to pay the same amount for certain goods and services.

Step 3- After the transaction is committed to the merchant and accepted by the merchant without confirmation, the attacker transfers the extracted block to the network. This action causes the network to accept the block as valid and at the same time void the transaction for the merchant.

After the attacker completes the steps, He will hack or attack Finney. However, the success of this attack still depends on the strength of the hash miner. which means The lower the power of the hash miner, the lower the power of the hash miner. The lower the chance of success, on the other hand, if another block is found in the network. The attack will fail. The attacker searches for the block until a transaction is created for the trader and accepted by the trader.




This type of double attack requires precise timing and a lot of patience. Because you have to wait to find a block, which can take a long time, especially considering the number of miners and the complexity of the network. In addition, an attacker should be able to purchase certain products or pay for a service from a merchant within minutes. If another miner finds and sends another block, the transaction will be credited to the merchant and his attack will fail.

How can you avoid Finny’s attack?

It is highly recommended to wait for at least six (6) confirmations on the Bitcoin network to consider a transaction secure and irreversible. For example, if you accept less than €100 to confirm, that might be enough, because the cost of the attack will definitely be greater than the amount. This will never benefit the attacker’s plan. Bitcoin transactions are irreversible because new blocks are created with each transaction and each new block is recorded as a confirmation of the transaction. However, for significant amounts it is advisable to wait for 6 confirmations to ensure that the transaction is practically impossible. What remains a risk for users is accepting unverified transactions from another person.

If an attacker uses the Finney hack to extract funds, it will be difficult to meet the asset requirement when searching for a block. However, if you use it as a way to get liquidity, such as exchanging bitcoins for another currency, you always have a chance to settle, but the trader has some permission to do so. Today, implementing this plan is not really practical because it requires time, patience, effort and searching for the right part.


Although Finney’s attack is a little-known cyberattack, it’s more complicated. Over time, blockchain technology continues to advance and address various concerns from the past to the future. We can’t worry about this kind of attack because our crypto assets will suffer; But if we follow proper and safe blockchain practices, we can be confident that cryptocurrencies are a profitable investment.

Useful Articles

Identity Proof Mechanism (Proof of Personhood)

tradelize platform

Introducing the top blockchain oracles

Rate this post

Leave a comment