If you've ever sent or received cryptocurrency, you've probably seen the term "confirmations" – often with a number like 6/6, 12/12, or something similar. But what exactly are block confirmations? Why do you have to wait for them? And most importantly, how many confirmations do you need before you can consider a transaction truly final?
In this comprehensive guide, we'll demystify block confirmations, explain why they are the backbone of crypto security, and give you practical, network-specific recommendations to protect your funds – whether you're a casual user, a merchant, or an exchange operator.
➡️ Read next (recommended)
📋 Table of Contents
- 1. What Are Block Confirmations?
- 2. Why Confirmations Matter: Preventing Double-Spending
- 3. How Many Confirmations for Bitcoin?
- 4. How Many Confirmations for Ethereum?
- 5. Confirmations on Other Networks
- 6. How to Check Confirmations
- 7. The Risk of Zero-Confirmation Transactions
- 8. Practical Recommendations by Use Case
- 9. Frequently Asked Questions
What Are Block Confirmations?
A block confirmation is the number of blocks that have been added to the blockchain after the block containing your transaction. Each new block that is mined (or validated) on top of your transaction's block serves as an additional confirmation.
How Confirmations Accumulate
In this example, the transaction has 3 confirmations (3 blocks built on top).
When you first broadcast a transaction, it sits in the mempool (memory pool) waiting to be included in a block by miners or validators. Once included, it has 1 confirmation. After another block is added, it becomes 2 confirmations, and so on. The more confirmations a transaction has, the harder it becomes to reverse or double-spend.
🔐 Key Concept: Probabilistic Finality
In proof-of-work blockchains like Bitcoin, confirmations provide probabilistic finality. With each new block, the chance of a successful double-spend attack diminishes exponentially. After enough confirmations, the transaction is considered practically irreversible.
Why Confirmations Matter: The Double-Spending Problem
Unlike cash or credit cards, cryptocurrency transactions are not instantly final. A malicious actor could attempt to send the same coins to two different recipients – this is called a double-spend attack. Confirmations are the defense mechanism that makes double-spending economically unfeasible.
How a Double-Spend Works
Attack VectorAn attacker sends a transaction to a merchant (e.g., paying for goods) and simultaneously broadcasts a conflicting transaction that sends the same coins back to themselves. Miners will include only one of them in a block. If the attacker has significant hash power, they could mine their own version and try to outpace the honest network.
📊 Real-World Example
In 2024, a small exchange accepted Bitcoin deposits with only 1 confirmation. An attacker used a hash power rental service to perform a 1-conf double-spend, stealing over $100,000 before the exchange realized. The exchange now requires 6 confirmations.
By waiting for multiple confirmations, you ensure that the transaction is buried deep under valid blocks, making a reorg (reorganization) of the blockchain extremely costly and unlikely.
How Many Confirmations for Bitcoin?
Bitcoin, the first cryptocurrency, set the standard: 6 confirmations is widely considered safe for large amounts. This recommendation comes from Satoshi Nakamoto's original Bitcoin whitepaper, where he calculated that the probability of a successful double-spend drops below 0.1% after 6 blocks.
| Confirmations | Risk Level | Typical Use Case |
|---|---|---|
| 0 | Very high (unconfirmed) | Only for low-value, trusted transactions (e.g., coffee) |
| 1 | High | Small payments where speed matters and fraud risk is low |
| 3 | Moderate | Small to medium payments, some online services |
| 6 | Low | Standard for exchanges, high-value transactions |
| 12+ | Extremely low | Very large amounts, institutional settlements |
⛏️ Mining Power & 51% Attack
If an attacker controls more than 50% of the network's hash rate, they could theoretically reverse any number of confirmations. However, such an attack is extremely expensive and detectable. Most exchanges require 6 confirmations because it would cost an attacker millions of dollars to reorganize that many blocks.
How Many Confirmations for Ethereum?
Ethereum uses a different security model – since the Merge, it relies on proof-of-stake. Finality on Ethereum is achieved after 2 epochs (approximately 12–15 minutes), but many services use a lower number of block confirmations because the economic security is different.
Ethereum Finality & Confirmations
Proof-of-Stake📊 Exchange Standards
Binance requires 12 confirmations for ETH deposits, while Coinbase uses 30. The higher number accounts for potential reorganizations (though rare in PoS) and provides a safety buffer.
For Ethereum-based tokens (ERC-20), confirmations work the same way because they live on the Ethereum blockchain. Always check the specific requirements of the service you're using.
Confirmations on Other Networks
Different blockchains have different block times and security models. Here's a quick reference:
| Network | Block Time | Typical Confirmations | Notes |
|---|---|---|---|
| Bitcoin (BTC) | ~10 min | 6 | Standard for high value; 1–3 for low value |
| Ethereum (ETH) | ~12 sec | 12–30 | PoS finality after ~12 min |
| Litecoin (LTC) | ~2.5 min | 6–12 | Faster blocks, similar security model |
| Dogecoin (DOGE) | ~1 min | 20–60 | Lower hash rate, more confirmations recommended |
| Solana (SOL) | ~400 ms | ~32 blocks | Uses PoH; finality is fast, but some services wait 1–2 seconds |
| Ripple (XRP) | ~4 sec | – | Uses consensus; after ledger closes, it's final |
Always consult the specific blockchain's documentation or the receiving platform's requirements.
How to Check Confirmations
Checking confirmations is easy using a blockchain explorer. Here's a quick guide:
Get the Transaction ID (TXID)
After sending or receiving crypto, copy the TXID – a long string of characters that uniquely identifies your transaction.
Go to a Blockchain Explorer
For Bitcoin, use mempool.space or blockstream.info. For Ethereum, use etherscan.io. Paste the TXID into the search bar.
Look for "Confirmations"
The explorer will show the number of confirmations, the block height, and the time since inclusion. If it says "Unconfirmed", your transaction is still in the mempool.
Most wallets also display the confirmation count directly in the transaction history.
The Risk of Zero-Confirmation Transactions
⚠️ Why Zero-Conf is Dangerous
- Double-spend possible: An attacker can send a conflicting transaction with a higher fee (replace-by-fee) to replace the original.
- No protection: Zero-conf means the transaction is not yet included in a block – it can be replaced or dropped.
- Merchant risk: Accepting zero-conf for high-value items is a common scam vector.
Some merchants accept zero-conf for small, everyday purchases (like a cup of coffee) because the cost of an attack outweighs the benefit. However, for any significant amount, waiting for at least 1 confirmation is wise.
Practical Recommendations by Use Case
For Individuals Sending Crypto
- Wait for the receiving platform's required confirmations before marking the transaction as complete.
- For personal transfers between your own wallets, 1 confirmation is usually enough – but check if the destination requires more.
For Merchants Accepting Crypto
- Small items (<$100): 0–1 confirmations acceptable if you trust the customer (e.g., in-person).
- Medium items ($100–$1,000): Wait for 3 Bitcoin confirmations or 12 Ethereum confirmations.
- Large items (>$1,000): Use the standard 6 Bitcoin or 30 Ethereum confirmations.
For Exchanges & High-Volume Services
- Always follow industry best practices: Bitcoin 6, Ethereum 30, etc.
- Monitor for chain reorganizations and adjust requirements accordingly.
- Implement risk-based confirmation thresholds (e.g., smaller deposits may require fewer confirmations).
✅ Final Word on Confirmations
Block confirmations are your shield against double-spending. While waiting can be annoying, it's a small price to pay for the security and immutability that makes blockchain technology so powerful. Always check the confirmation requirements of the service you're using, and when in doubt, wait for more.
Frequently Asked Questions
If a transaction remains unconfirmed for days, it may be dropped from the mempool. You can either wait for it to be confirmed (if network congestion clears) or use replace-by-fee (RBF) to accelerate it.
In practice, once a transaction has enough confirmations (e.g., 6 on Bitcoin), it is considered irreversible. However, a 51% attack could theoretically reorganize the chain and reverse confirmed transactions, but this is extremely expensive and unlikely on major networks.
Exchanges handle large volumes and are prime targets for attacks. Requiring more confirmations adds a safety margin against potential reorganizations and sophisticated double-spend attempts.
Yes, because stablecoins like USDT and USDC are ERC-20 tokens on Ethereum. They require the same number of block confirmations as ETH to be considered secure.
A reorganisation (reorg) occurs when a longer or heavier chain replaces a previous one, causing some blocks to be orphaned. Transactions in orphaned blocks lose their confirmations and may need to be re-included. More confirmations protect against reorgs.