I will discuss three different types of probable attacks in the Bitcoin system −
As an attacker, you may send the same coin to different vendors in rapid succession, probably by using two different machines. If the vendors do not wait for the block confirmation before delivering the goods, they will very soon realize that the transaction was rejected during the mining process. The solution to this kind of attack is that the vendor must wait for at least one block confirmation before sending out the goods.
In this case, the attacker is the miner. The miner mines a block with his transaction and does not release it in the system. He now uses the same coins in a second transaction and then releases the pre-mined block. Obviously, the second transaction would be rejected eventually by other miners, but this will take some time. To mitigate this risk, the seller should wait for at least six block confirmations before releasing the goods.
In this kind of attack, we come up with an impractical assumption that somebody owns 51% of the computing power of the network. The attacker in this kind of attack mines a private blockchain where he double-spends the coins.
As he owns the majority of computing power, he is guaranteed that his private blockchain at some point of time would be longer than the chain of “honest” network. He then releases his private blockchain in the system making all the transactions earlier recorded in the honest blockchain to be invalid.
This kind of attack is fictitious as it is very expensive to acquire computing power which equals or exceeds 51% of the computing power of the entire network.