Bribe Attack Introduction
A bribe attack is an attempt to change the history of a blockchain by paying miners a reward (bribing) if they create fork blocks instead of building on top of the longest chain.
Typically, the attacker attempts to double spend funds in a bribe attack. He does this in the following way:
- Order goods and pay with a cryptocurrency.
- Wait until the payment transaction is considered confirmed and the goods are sent to the attacker.
- Announce a reward to miners for building on top of a fork that doesn’t include the payment transaction.
Let’s have a look at the incentives.
If a miner participates in this attack, it risks contributing to the not-canonical blockchain and wasting its resources. In order to mitigate this risk, the bribe must be high enough to compensate the miner for this loss.
For the attacker, the attack is profitable, as long as the amount of bribes paid is less than the value of the goods received.
Typically, exchanges are victims of double-spend attacks because sending the bought tokens or coins doesn’t take long. Besides that, coins are less prone to de-anonymization than physical goods as no receiver’s address is necessary.
How should the bribe be designed?
The actual design depends on the blockchain where the bribe takes place. In Bitcoin, the attacker could create a bribe transaction in which he sends funds to different addresses he controls. Then, he mines a block and includes this transaction. In the next step, he releases the payment transaction to the merchant (or exchange), which refers to the same UTXOs as the bribe transaction, thus creating a double spend. After the merchant sends the goods, the attacker publishes the private key of the first address. Each miner could now create a transaction that spends the funds on this address provided; it is not in the same chain as the payment transaction. A new private key is disclosed with each block as long as the attacker runs out of funds or until the attack fork is the longest chain.
