hatSatoshin
Lvl

1,337

Bits:

0

XP:

21,000,000

0

%

Connect
Cryptocurrency

Cryptocurrency

Wallets

Wallets

Exchanges

Exchanges

News

Indicators

Gainers / Losers
Fear & Greed
Path Liquidations
Liquidations
Heatmap
Tools

Tools

Path Converter
Converter
DCA
Profit
Path Zoom
Zoom
Path Flip
Flip
Interest
Compare
Tax
Loan
Staking
Learn

Learn

Path Glossary
Glossary
Path Articles
Articles
Path Facts
Facts
Quizzes
Asset prices are temporarily delayedSome assets have stopped receiving fresh price data. Updates will resume automatically once the pipeline recovers.
Bitculator

Get Bitculator on Android

Marketcap:

$1,949,474,730,593

Volume 24h:

$209,798,866,754

Jun 06 Liquidations:

$0

24H Long/Short:

Coming soon

Finney Attack

What does Finney Attack mean in crypto terms?

A Finney Attack is a type of double spending attack where a malicious actor takes advantage of a transaction that has not yet been confirmed.

ID: 417
Hero Image

What is Finney Attack?

A Finney Attack is when a miner quietly prepares a block that spends coins back to themselves, then pays a merchant with those same coins using an unconfirmed transaction. If the merchant hands over the goods before a confirmation arrives, the miner releases their prepared block, canceling the payment. Think of it like showing a pending transfer at the register, then having the bank rewind it.


Myth

People often assume a Finney Attack requires majority control of the network. It does not. That is a 51% attack, which is a different beast. A Finney Attack only needs a single miner to find a block in private, then time a purchase before releasing that block.


How Finney Attack works

Here is the play, told straight. A miner sets up a self payment in a block, keeps it private, then spends the same coins with a seller who accepts unconfirmed payments. After walking out with the goods, they publish the private block, which cancels the sale.

  1. Setup: The attacker is part of mining, so they can find blocks and choose what goes inside.
  2. Private: They mine a block in secret that sends the coins back to themselves. The chance to find that block depends on network hash rates and luck.
  3. Spend: They pay a merchant with the same coins using an unconfirmed transaction at the counter.
  4. Accept: If the merchant hands over the goods before any confirmation, the attacker broadcasts their private block.
  5. Reorg: The network accepts the private block, confirms the self payment, and the merchant’s payment disappears. The attacker keeps both coins and goods.

Quick, sneaky, and only works on zero confirmation acceptance.


Why Finney Attack Matters

So what should you take away from this?

  • Benefit: Knowing it exists helps you avoid free merchandise for scammers and missing funds for you.
  • Perspective: It is a targeted form of double spending, and it preys on impatience at point of sale.
  • Relevance: You will see it discussed in retail crypto payments, in person trades, and marketplaces that accept unconfirmed transactions.

Tip

For anything that hurts to lose, wait for at least one confirmation or use an escrow or lightning style payment. Zero confirmation is fine for tiny purchases, but set limits and train staff to never rush that screen tap.


Key Characteristics of Finney Attack

The signature traits are pretty recognizable once you know them:

  • Preload: A private block includes a self payment before the store purchase happens.
  • Miner: Only works if the attacker can mine a block, not just anyone with a wallet.
  • Timing: The window is short, between the sale and the broadcast of that private block.
  • Target: Merchants or peers that accept unconfirmed transactions.
  • Scope: It does not require majority control, it is a surgical trick.

Variations

Related moves you might hear about, plus a common mix up:

  • Race: The attacker broadcasts two conflicting payments and hopes the merchant’s wins first, then loses as the other gets confirmed.
  • Vector76: A mashup that combines private block building with a network race, usually against exchanges or large sellers.
  • Premine: Not the same as pre mining coins, which refers to allocating supply before launch.
  • Tooling: Some attackers script it like an exploit, automating the block release the moment the sale clears.

Reminder

Confirmations exist for a reason. If you accept an unconfirmed payment from a total stranger, a Finney Attack is on the menu, especially if they seem too eager for you to press confirm now.


Example

A small electronics shop accepts a zero confirmation payment for a laptop, the buyer leaves, then a privately mined block appears that cancels the sale, classic Finney Attack play.


Fun Fact

It is named after Hal Finney, early Bitcoin legend and recipient of the first transaction from Satoshi. He wrote about this exact trick to explain why waiting for confirmations matters.


Wrap-Up

If you remember one thing, remember this: Finney Attack bites only when you trust an unconfirmed payment.

Explore Other Crypto Terms

Did you find this term clearly defined?

Did we forget anything?

Your input helps us keep things correct. Contact us if anything is incorrect or missing.

Contact