You've just sent some Bitcoin to a friend – the wallet shows "unconfirmed" and you're told to wait for confirmations. But what if someone offered you a product and said, "I'll accept your crypto right now, even with zero confirmations"? That's a zero-confirmation transaction (0-conf). In this guide we break down exactly how unconfirmed transactions work, the infamous double‑spend risk, and when (if ever) it's safe to accept them.
📖 Recommended reading first
📋 In this article
- 1. What Does "Zero Confirmation" Mean?
- 2. How Blockchain Confirmations Actually Work
- 3. The Double‑Spend Risk (The Main Reason 0‑conf Is Risky)
- 4. Replace‑by‑Fee (RBF) and Mempool Dynamics
- 5. When Is Zero‑Confirmation Safe to Accept?
- 6. Merchant Guide: Accepting 0‑conf Payments
- 7. 0‑conf vs 1‑conf vs 6‑conf
- 8. Frequently Asked Questions
1. What Does "Zero Confirmation" Mean?
When you broadcast a crypto transaction, it enters the mempool – a waiting room for unconfirmed transactions. Miners then pick transactions from the mempool and include them in the next block. Once included, the transaction gets one confirmation. A zero‑confirmation transaction is one that has been broadcast to the network but not yet included in any block. It's visible on block explorers as "unconfirmed".
💡 Key point
Zero confirmation does not mean the transaction is invalid or reversible. It simply means the network hasn't yet reached consensus that it's final. The transaction is pending.
Many merchants and services display "unconfirmed" transactions in their interfaces, and some even accept them as payment immediately. This is where the concept of 0‑conf acceptance comes from. But why would anyone accept a transaction that could still be reversed? To understand that, we need to look at the confirmation process.
2. How Blockchain Confirmations Actually Work
A confirmation is a block that includes your transaction. Miners compete to solve a cryptographic puzzle; the winner appends a new block to the chain. With each subsequent block built on top of it, your transaction becomes exponentially harder to undo. For Bitcoin, six confirmations (about one hour) is considered final for large amounts. For smaller payments, one confirmation is often enough.
But what about the time before the first confirmation? That's where we are now. During that window, the transaction is visible to everyone, but it hasn't been permanently etched into the ledger.
3. The Double‑Spend Risk (The Main Reason 0‑conf Is Risky)
The biggest danger with zero‑confirmation transactions is the double‑spend attack. A malicious user could send the same coins to two different recipients, but only one will eventually be confirmed. Here's how it works:
- Attacker has 1 BTC.
- They create two transactions: one paying a merchant (Transaction A), and another paying themselves to a different address (Transaction B). Both spend the same UTXO.
- They broadcast Transaction A to the merchant (who accepts 0‑conf) and quickly broadcast Transaction B to the wider network with a higher fee, hoping miners will confirm B first.
- If B gets confirmed, the merchant's transaction becomes invalid and the attacker walks away with the goods and their BTC.
This attack is not easy – it requires network propagation tricks and sometimes miner collusion – but it is possible, especially with smaller coins or low fee environments.
⚠️ Real‑world double spends
While rare, double spends have been successfully executed against zero‑conf accepting services. In 2019, a group performed a 0‑conf double spend on Bitcoin Cash to cheat a gambling site. The risk is real.
To learn more about how transactions propagate, read our guide: What Is a Mempool? Why Your Crypto Transaction Is Stuck.
4. Replace‑by‑Fee (RBF) and Mempool Dynamics
Bitcoin and many other cryptocurrencies support a feature called Replace‑by‑Fee (RBF). If you mark a transaction as RBF, you can later broadcast a new version with a higher fee to replace it – as long as it hasn't been confirmed. This is legitimate and useful for stuck transactions, but it also creates a perfect double‑spend tool. A merchant accepting 0‑conf could see an incoming transaction, only to have it replaced by a conflicting one minutes later.
Some wallets (like Bitcoin Core) allow you to disable RBF or opt out. But you cannot control what the sender does.
5. When Is Zero‑Confirmation Safe to Accept?
Despite the risks, there are situations where accepting zero‑confirmation transactions is considered reasonably safe:
- Low‑value microtransactions – If you're selling a $1 cup of coffee, the cost of a double‑spend attack likely exceeds the gain.
- Trusted environments – Internal transfers between wallets you control, or within a closed exchange system, can be accepted instantly.
- When using monitoring tools – Some services watch the mempool for conflicting transactions and flag risky payments.
- On low‑risk blockchains – Blockchains with very fast block times (like Solana or XRP) have very short 0‑conf windows, making double spends much harder.
6. Merchant Guide: Accepting 0‑conf Payments
If you run a business and want to accept crypto instantly, consider these safeguards:
- Wait for at least one confirmation for anything above a nominal amount. Bitcoin's 10‑minute average wait is acceptable for most in‑person transactions? Not really – that's why many use Lightning Network.
- Use a payment processor like BitPay or Coinbase Commerce that handles risk and may accept 0‑conf after their own analysis.
- Check for RBF – detect if the transaction is replaceable and reject it.
- Monitor the mempool for double‑spend attempts. Some advanced tools can alert you.
For a deeper dive into transaction security, see Crypto Security Best Practices in 2026.
7. 0‑conf vs 1‑conf vs 6‑conf
| Metric | 0 confirmations | 1 confirmation | 6 confirmations |
|---|---|---|---|
| Time (Bitcoin) | 0–10 minutes | ~10 min | ~60 min |
| Reversal cost | Low (double‑spend possible) | Very high (51% attack) | Prohibitively expensive |
| Typical use | Micropayments, instant tips | Everyday purchases | Large transfers, settlements |
| Risk level | Moderate (with RBF) | Low | Near zero |
If waiting for confirmations is too slow, consider Bitcoin Lightning Network or other layer‑2 solutions that offer instant finality without confirmations.
Frequently Asked Questions
Technically, no – it's not reversed, it can be replaced by a conflicting transaction that gets confirmed first. The original transaction then becomes invalid. That's why it's risky to accept 0‑conf as final.
Use a block explorer like Mempool.space. If your transaction remains unconfirmed for hours, you may need to bump the fee using RBF or wait for it to drop and try again. Read our guide to gas fees for tips.
Most UTXO‑based coins (Bitcoin, Litecoin) share similar risks. Coins with fast block times (like Solana, which has ~400ms slots) have a much smaller window, making 0‑conf less risky. Account‑based chains like Ethereum also have mempools, but double‑spends are harder due to nonce rules. However, they can still be front‑run.
They are the same thing. Both mean the transaction has been broadcast but not yet included in a block.
No, Lightning payments are instant and irreversible because they are backed by a multisig on‑chain transaction. They don't rely on block confirmations for the payment itself, only for the channel open/close.
Final Thoughts: Should You Accept Zero‑Confirmation Transactions?
Zero‑confirmation transactions are a trade‑off between speed and security. For small, everyday purchases where the risk of fraud is low, they can work. For larger amounts, waiting for at least one confirmation is the safer path. As the crypto ecosystem evolves, solutions like Lightning, Liquid, and other L2s offer instant finality without the double‑spend risk – making 0‑conf less necessary.
Remember: if you're accepting crypto, always assess the value, the sender's history, and whether you have tools to detect double‑spend attempts. And never accept zero‑conf for irreversible digital goods (like gift cards) – attackers will target you.