In order for a 51% attack to occur the malicious party must control 51% or more of the mining power (hash rate) processing transactions on the blockchain. Once a group has this majority, they then potentially have the ability decide which transactions are verified or not.
In this example we will use Ethereum Classic. Let’s say we are the malicious user and we have 100 ETC. A double spend occurs when the malicious user sends a transaction of 100 ETC to one user and at the same time sends the same 100 ETC in their balance to another user. Whilst the first transaction is being confirmed on the existing blockchain the malicious user utilises their majority hash advantage (50%+) to begin confirming the second transaction in secret.
Once the first transaction is confirmed on the existing blockchain branch, the malicious user then releases the confirmed transactions on the second transaction, which due to the superior hash power, has extended the blockchain further than the original chain. Here is a graphic that can help visualise how it occurs:
The longest chain is always considered the ‘true’ chain and therefore the first transaction is considered null.
The issue is, the time lapse between the first transaction and the second transaction can be long enough that the recipient of the first transaction may have released whatever goods or asset was agreed upon, before realising that their transaction was null and void on the blockchain. They therefore never receive payment.