Finney Attack Meaning

A Finney Attack is a specific type of fraudulent double-spending attack that can be carried out on a blockchain, specifically targeting merchants or services that accept transactions with "zero confirmations." The attack is named after Hal Finney, a legendary cryptographer and the first person to receive a Bitcoin transaction from Satoshi Nakamoto. While Finney himself was a pioneer of security, he was the first to describe this potential vulnerability in the network’s early days.To execute a Finney Attack, the attacker must be a miner or have the cooperation of a miner. The process begins with the attacker mining a block that includes a transaction transferring coins from their own Address A to their own Address B.

Crucially, the attacker does not broadcast this successfully mined block to the network immediately. Instead, they keep it "in their pocket" while they go to a merchant and use the coins in Address A to make a purchase.If the merchant is "optimistic" and provides the goods or services immediately without waiting for the transaction to be included in a block (zero-confirmations), the attack moves to its final stage. Once the attacker has received the goods, they immediately broadcast their pre-mined block to the network.

Because the pre-mined block was created technically "first" or is accepted as the valid chain tip, the network recognizes the transfer from A to B as the valid one. The merchant’s transaction is rejected as a double-spend.This attack is distinct from a 51% attack because it doesn't require the attacker to control the majority of the network's hash power; it only requires the luck of mining a single block and finding a merchant willing to accept unconfirmed transactions.

The "window of opportunity" for a Finney Attack is very small-only the time between the attacker mining a block and someone else mining a competing block-but it is a significant theoretical risk.The primary defense against a Finney Attack is patience. This is why exchanges and reputable merchants require at least one (and often three to six) confirmations before considering a deposit or payment complete.

By waiting for a transaction to be included in a block by an independent miner, the merchant ensures that the "pre-mined" trap described in the Finney Attack is no longer viable. It remains a classic case study in why the "trustless" nature of blockchain relies on waiting for consensus.