Review and sign transactions from a single secure screen with Ledger Flex™

Discover now

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Race Attack

Feb 18, 2025 | Updated Feb 18, 2025
A race attack is a malicious practice that involves someone accepting payment for an unconfirmed transaction, leading to double-spending.

A race attack is a malicious practice that involves someone accepting payment for an unconfirmed transaction, leading to double-spending.

What Is a Race Attack?

A race attack is a blockchain security vulnerability that involves creating two transactions using the same funds simultaneously. It’s an attempt to spend the same cryptocurrency multiple times before the network can confirm the transactions, which can result in double-spending

Generally, race attacks are a type of double-spending attack and are more prevalent in proof-of-work (PoW) networks. 

How Does It Work?

In this attack, the attacker initiates two conflicting transactions, intending to spend the same currency twice. To explain, the hacker sends one transaction to their wallet address and the other to a merchant or service provider. Both of these transactions are broadcast to the entire network simultaneously. 

The attacker typically exploits the network’s propagation delays and inconsistencies in transaction processing across different nodes. To put it differently, the perpetrator capitalizes on the time delay of blockchain transaction confirmation to ensure that the transaction sent to their wallet is confirmed first.

At the same time, the merchant may see their own transaction first and believe they’ll get paid. The merchant may mistakenly accept the unconfirmed transaction and fulfill the attacker’s order, thereby benefitting the hacker. This is because the rest of the network notices the double-spend first and effectively invalidates the transaction to the merchant, resulting in a loss for the merchant. However, the second transaction – sending the same coins to the attacker’s wallet – is confirmed. 

What Characterizes This Attack?

In summary, this attack can be characterized by:

  • Timing sensitivity – Malicious actors typically take advantage of the time it takes for blockchain transactions to be broadcast and confirmed. 
  • Network propagation – The attackers exploit the slight differences in the time it takes for different nodes to receive a block, which can lead to the acceptance of competing transactions.
  • Double spending – The main goal of this attack is to spend the same coin twice, where the attacker uses the same funds for two separate transactions. One of them is confirmed, the other is invalidated, and the attacker benefits if the recipient of the second transaction accepts it before it is invalidated.

Assume you’re a vendor selling the latest crypto-enabled smartphones and that you accept online payments. One of the buyers says that they’ve completed the transaction on their end and shows you an edited previously successful transaction. Considering there may be some delay before you receive the transaction confirmation message, you give them the phone. However, you later realize that the buyer never actually sent the money. 

Dust Transaction

A blockchain dust transaction is a crypto transaction where the value of the transfer amount is smaller compared to the transaction fees.

Full definition

PFP

A PFP NFT is an exclusive digital image-based NFT that acts as an individual’s profile picture or avatar on social media platforms, websites, and online gaming platforms.

Full definition

Slashing

Slashing is a process that penalizes validators of proof-of-stake networks when they act dishonestly or behave abnormally. It entails deducting a predetermined percentage from their staked cryptocurrency.

Full definition