Finney Attack

The Finney Attack is a theoretical double-spend vulnerability where a miner includes a transaction in a block they are actively mining but does not broadcast to the network, creating a brief window to make conflicting transactions in other blocks before revealing their pre-mined block. This attack exploits the fact that other network participants are unaware of the transaction locked in the unrevealed block, potentially allowing the attacker to spend the same funds twice—once in the hidden block and once in transactions broadcast to the public network. Named after Bitcoin researcher Hal Finney who described it early in Bitcoin's history, this attack requires significant mining power and is largely mitigated by modern consensus mechanisms and transaction confirmation practices. Example: The Finney Attack was theoretically demonstrated against early Bitcoin mining pools, where a miner controlling substantial hashrate could withhold newly mined blocks to create temporary transaction ambiguity during the attack window. Why it matters for crypto security: Understanding the Finney Attack highlights how blockchain security depends on honest mining participation and transaction propagation, informing best practices around transaction confirmation requirements and helping developers design more robust consensus mechanisms resistant to advanced spending attacks.

Category: wallets security

Explore the full Web3 Glossary — 2,062+ expert-curated definitions. Need guidance? Talk to our consultants.