A race attack, also known as an unconfirmed transaction, is a form of double-spend attempt in crypto. In this attack, a malicious user sends two transactions simultaneously: one to a recipient and another to the blockchain. The transaction sent to the recipient appears to transfer a token, while the transaction sent to the network is designed to keep the token with the sender. The attacker exploits network lag to ensure their transaction is confirmed first, potentially leading to double-spending.
Here’s how a race attack unfolds:
- The attacker sends an unconfirmed transaction to the victim.
- Simultaneously, the attacker broadcasts a conflicting transaction to the network.
- Seeing the first transaction, the victim mistakenly believes they have received payment.
- However, the network confirms the conflicting transaction first, leaving the victim without the payment.
To prevent race attacks, exchanges, and recipients can wait for a sufficient number of blocks to confirm a transaction before considering it finalized.
