Yesterday, there were several news reports about a “double spend” in Bitcoin and some went a step further and described Bitcoin as being “broken” or “flawed”.
Let me set the record straight and explain what happened, why it’s perfectly normal, and why you need not be concerned.
Bitcoin mining is a process whereby dedicated specialist equipment tries to find a number under a certain value by running a hash algorithm over and over again. It’s mathematically impossible to cheat this system and that’s what gives Bitcoin its security. The target value is called the “difficulty”, which adjusts regularly to ensure that blocks are found - on average - around once every ten minutes.
Each block builds on top of the previous block and all miners are racing to create the next valid block. Once a miner finds a valid block, they broadcast it to the network and every miner who sees this new block starts trying to find the next one, built on top of this new one.
Occasionally - just by chance - two miners find a block at around the same time. Let’s say the last block was block number 31336, so we’ll call these blocks “31337a” and “31337b”. Both of the miners broadcast their respective blocks to the network and start building the next block. Some miners get block 31337a first and begin building on that, while others get 31337b first and begin building candidates for block 31338 on top.
Right now, there are two possible “latest” blocks. If a transaction was in 31337a but not in 31337b, it may appear to have one confirmation in some clients and zero confirmations in others depending on which block they consider to be the latest.
Some time around 10 minutes later, a miner releases block 31338. In this case, he built it on top of 31337b. Anyone who considered 31337a the valid latest block will see block 31338 and based on that discard 31337a, putting 31337b in instead. This is because there’s only one 31338, it’s valid, and it’s the “chain with the greatest amount of work”, being one block longer than the one up to 31337a which had no valid block built on top of it.
On average, this happens once every couple of weeks in Bitcoin and is perfectly normal.
The process of discarding the older blocks and going with the longest chain is called “reorganisation”.
A few times a year, the following block (31338 in my example) also has two miners finding it and so now we’ve got 31337a, 31338a, 31337b, and 31338b. This gets resolved when 31339 is found. This is a 2-block reorganisation.
Reorganisations of 3 blocks or more are theoretically possible but vanishingly rare to the point that they haven’t happened as far as I know within Bitcoins 12 year history.
So, where does the “double spend” come in to it?
Well, imagine that in block 31337a, there was a transaction sending some amount of Bitcoin to some address. In block 31337b, that transaction spent the same Bitcoin to a different address. To someone who considered 31337a the valid chain for those 10 minutes of uncertainty, it would seem as if the transaction went from one confirmation to zero AND that the money was suddenly sent somewhere else instead.
This isn’t really a double-spend, because the money didn’t go to two different addresses. The moment that 31338 comes out and everyone agrees to it, 31337a is invalid. The transaction sending to the first address never really happened.
When accepting on-chain Bitcoin transactions for goods and services, it’s considered good practice to wait for several confirmations before considering it paid for exactly this reason. If this were a purchase, the merchant likely never considered it paid to begin with.
Since there is no way to know in advance that two miners will find candidate blocks at the same time, this isn’t something that can be abused as an “attack” on Bitcoin. Even if you could somehow know in advance (and I stress, this is Impossible) any party involved in large amount of money being transferred will wait for several confirmations for it to be considered final. As it happens, this particular case was only around the equivalent of $20 anyway. It was almost certainly entirely accidental and utterly mundane.