Simple explanations of the different attacks a miner could perform on the Bitcoin network if they acquired a majority of the hashpower.
System hacks and data breaches have become commonplace in recent years, leading to a loss of privacy and security for most people. However, Bitcoin is quite different from what we are accustomed to because it cannot be hacked, shutdown, or controlled.
To help you understand why this is the case, we will explain in simple terms the theoretical attacks that could occur in the extremely unlikely scenario that somebody manages to secure more than half of Bitcoin's hashpower (the computing power used to secure and extend the blockchain). Seeing how these theoretical attacks differ from normal hacks and data breaches is important in order to "trust" that the Bitcoin network can safely store your wealth over time, and why you don’t have to actually trust any people or 3rd parties in the process.
To understand how a miner could attack the network, it is important to know the roles of miners and the process of mining a block. In short, miners are in competition to mine blocks and extend the blockchain. Since mining is permissionless and decentralized, it’s possible for different versions of the blockchain to exist at once. To address this possibility, one of the critical rules of the network is that the nodes accept the longest version of the blockchain as the single “true” one, where the longest chain is simply the one which has had the most proof of work committed to it.
As long as the hashrate (computing power) stays well distributed and isn’t controlled by an adversarial party that might want to attack the Bitcoin network, miners effectively collaborate and compete at the same time. They all race each other to find the next block, but once a miner wins the race all of the miners begin working on top of their block rather than continuing to compete on the previous block. This article will go through the possible scenarios in which a large proportion of hashrate is not well distributed and does fall into the control of an attacker.
The transactions included in a block are considered “confirmed” because some proof of work has been committed in order to mine each block, as opposed to “unconfirmed” transactions which have been validated by nodes but not yet included in the blockchain.
The most recently mined block is known as the chain tip, and blocks get more and more secure the farther back they are from the tip. This means that transactions in a block 1000 back from the chain tip (i.e. approximately 1 week old) are much more secure than ones just 6 blocks away from the tip (i.e. 1 hour old) because replacing old blocks requires just as much proof of work as mining them in the first place, plus all the extra proof of work needed to mine blocks on top of it and make it the longest chain. A blockchain reorganization refers to an event in which 1 or more blocks which were once part of the longest chain are replaced by a different version of the blockchain.
If somebody succeeds in mining an alternative chain in which more proof of work has been done than any other versions of the blockchain, then the network would begin treating that as its new source of truth. Blockchain reorganizations become more expensive the more blocks they are replacing. For instance, a 6-block reorg is approximately 6 times more expensive than a 1-block reorg.
Miners would need to acquire more than 50% of Bitcoin’s hashpower to be able to potentially rewrite recent blocks in the chain and complete a series of attacks on the network. The cost of this attack is astronomical, as explained in our previous article “How Much Would it Cost to 51% Attack Bitcoin?“, but for now we will assume that a miner has >50% hashpower and can attempt these attacks so that you can understand how they would work.
It is worth noting that any of these attacks could be achieved for a short period of time or with occasional success using <50% of the network hashpower, but to understand the worst case scenario, we will assume this attacking miner has the majority hashpower and is omitting or rewriting all blocks that do not aid in the attack.
A Double spend attack, as it sounds, is when a miner spends the same bitcoin UTXOs (Unspent Transaction Outputs) on 2 different transactions. Let’s assume that somebody wants to spend 200 bitcoins to buy a house. They send the coins to the current home owner and the transaction is accepted as final once it has been mined into a block. Meanwhile, the buyer secretly started mining a different version of the chain where they send the coins to themselves instead. With the house title transferred over, the buyer keeps using their substantial hashpower to mine in secret (>51%) until their version of the blockchain is longer than the current public chain and they can broadcast it. The buyer walks away with a new house for “free” by replacing the purchasing transaction using their hashpower.
Bitcoin is considered “censorship resistant” money, meaning that nobody can control who uses the blockchain to transfer funds. However, this property could be weakened or eliminated by a miner or group of colluding miners with a majority of the network hashrate as they could control which blocks (and therefore which transactions) are part of the longest chain. For example, addresses on the OFAC sanctions list could be blocked from transferring any funds, effectively making their coins non-fungible for as long as the censoring miner controls a majority of the hashrate.
Any block that gets by from another, honest, miner could simply be rewritten or replaced by the government’s hashpower. In reality it would be incredibly difficult for anybody, even a government, to determine the country a transaction came from.
As you may know, sometimes Bitcoin miners mine empty blocks, meaning that the block has zero transactions in it. The miner is still awarded the block subsidy, but does not receive any reward from transaction fees. This is generally not intentional and is caused by latency issues which can be read about in our article “Why Pools Mine Empty Blocks and How Stratum V2 Fixes This”.
If a miner wanted to hinder the Bitcoin Network they could do an empty block attack where they only mine blocks with 0 transactions in them. This would keep all transactions in a pending status, and would stall the use of the network for as long as the attack can be maintained. An extensive analysis of this unlikely attack and methods to mitigate its effectiveness can be read about in Jimmy Song’s “Debunking the Empty Block Attack” article.
With all this talk of mining attacks, we feel it is important to mention the importance of transaction confirmations. Once a block is mined, it means that all the transactions in that block have one confirmation. While this is considered decently secure already, it becomes more secure with each block mined on top of it. In the Bitcoin space, it is widely accepted that at least 6 confirmations should be used for very large or important transactions because it is extremely unlikely for a blockchain reorganization to go that deep.
If it is expensive to rewrite one block it is significantly more expensive to rewrite six blocks, and such a substantial amount of hashrate working on a different version of the blockchain in secret would be fairly obvious unless they are using hashrate which was not previously mining on the longest chain. In other words, a majority of hashrate suddenly going offline to attempt a deep blockchain reorganization would result in blocktimes slowing by at least 2x, which would be easy to observe over a multi-hour time period In summary, one confirmation may be good for a smaller purchase, but six is practically permanent or unchangeable.
We’ve explained some of the theoretical attacks possible on Bitcoin to shed light on how its design differs from our legacy systems which seem to be getting more vulnerable every day. The Bitcoin blockchain can be partially rewritten with enough hashpower, but it cannot be hacked. This is much different than the traditional data center approach companies use. In these cases data centers are difficult to hack but if it can be done, then data can be stolen and modified at a very low cost.
Although the above attack scenarios are theoretically possible, in practice they are extremely costly to undertake making them highly unlikely to occur. In addition, bitcoin is designed to remove the need to trust any individual, company, or government, all of which are important so that users can feel confident storing their wealth in bitcoin. The security of the network does not rely on a security team and these attacks can only be initiated with sufficient computing power and capital as laid out in the Bitcoin code, which anybody can review.
Konference | Web | X | Where | When | Confirmed |
---|---|---|---|---|---|
Cell | Cell | Cell | Cell | ||
Cell | Cell | Cell | Cell | ||
Cell | Cell | Cell | Cell | ||
Cell | Cell | Cell | Cell | ||
Cell | Cell | Cell | Cell | ||
Cell | Cell | Cell | Cell | ||
Cell | Cell | Cell | Cell |
Bitcoin mining software company: Braiins Pool, Braiins OS & Stratum V2.
By miners, for miners.
Increase hashrate on your Bitcoin ASICs, improve efficiency as much as 25%, and mine on any pool or get 0% pool fees on Braiins Pool.
Reduce data transmission between your farm and pool by 95%. Configure parallel usage of multiple pools. Set a backup pool for the whole farm.
It focuses on making data transfers more efficient, reducing physical infrastructure requirements for mining operations, and increasing security
Industry leaders in transparency and innovation, with more than 1.25 million BTC mined since 2010.
Published
20.7.2021
Simple explanations of the different attacks a miner could perform on the Bitcoin network if they acquired a majority of the hashpower.
Table of Contents
System hacks and data breaches have become commonplace in recent years, leading to a loss of privacy and security for most people. However, Bitcoin is quite different from what we are accustomed to because it cannot be hacked, shutdown, or controlled.
To help you understand why this is the case, we will explain in simple terms the theoretical attacks that could occur in the extremely unlikely scenario that somebody manages to secure more than half of Bitcoin's hashpower (the computing power used to secure and extend the blockchain). Seeing how these theoretical attacks differ from normal hacks and data breaches is important in order to "trust" that the Bitcoin network can safely store your wealth over time, and why you don’t have to actually trust any people or 3rd parties in the process.
To understand how a miner could attack the network, it is important to know the roles of miners and the process of mining a block. In short, miners are in competition to mine blocks and extend the blockchain. Since mining is permissionless and decentralized, it’s possible for different versions of the blockchain to exist at once. To address this possibility, one of the critical rules of the network is that the nodes accept the longest version of the blockchain as the single “true” one, where the longest chain is simply the one which has had the most proof of work committed to it.
As long as the hashrate (computing power) stays well distributed and isn’t controlled by an adversarial party that might want to attack the Bitcoin network, miners effectively collaborate and compete at the same time. They all race each other to find the next block, but once a miner wins the race all of the miners begin working on top of their block rather than continuing to compete on the previous block. This article will go through the possible scenarios in which a large proportion of hashrate is not well distributed and does fall into the control of an attacker.
The transactions included in a block are considered “confirmed” because some proof of work has been committed in order to mine each block, as opposed to “unconfirmed” transactions which have been validated by nodes but not yet included in the blockchain.
The most recently mined block is known as the chain tip, and blocks get more and more secure the farther back they are from the tip. This means that transactions in a block 1000 back from the chain tip (i.e. approximately 1 week old) are much more secure than ones just 6 blocks away from the tip (i.e. 1 hour old) because replacing old blocks requires just as much proof of work as mining them in the first place, plus all the extra proof of work needed to mine blocks on top of it and make it the longest chain. A blockchain reorganization refers to an event in which 1 or more blocks which were once part of the longest chain are replaced by a different version of the blockchain.
If somebody succeeds in mining an alternative chain in which more proof of work has been done than any other versions of the blockchain, then the network would begin treating that as its new source of truth. Blockchain reorganizations become more expensive the more blocks they are replacing. For instance, a 6-block reorg is approximately 6 times more expensive than a 1-block reorg.
Miners would need to acquire more than 50% of Bitcoin’s hashpower to be able to potentially rewrite recent blocks in the chain and complete a series of attacks on the network. The cost of this attack is astronomical, as explained in our previous article “How Much Would it Cost to 51% Attack Bitcoin?“, but for now we will assume that a miner has >50% hashpower and can attempt these attacks so that you can understand how they would work.
It is worth noting that any of these attacks could be achieved for a short period of time or with occasional success using <50% of the network hashpower, but to understand the worst case scenario, we will assume this attacking miner has the majority hashpower and is omitting or rewriting all blocks that do not aid in the attack.
A Double spend attack, as it sounds, is when a miner spends the same bitcoin UTXOs (Unspent Transaction Outputs) on 2 different transactions. Let’s assume that somebody wants to spend 200 bitcoins to buy a house. They send the coins to the current home owner and the transaction is accepted as final once it has been mined into a block. Meanwhile, the buyer secretly started mining a different version of the chain where they send the coins to themselves instead. With the house title transferred over, the buyer keeps using their substantial hashpower to mine in secret (>51%) until their version of the blockchain is longer than the current public chain and they can broadcast it. The buyer walks away with a new house for “free” by replacing the purchasing transaction using their hashpower.
Bitcoin is considered “censorship resistant” money, meaning that nobody can control who uses the blockchain to transfer funds. However, this property could be weakened or eliminated by a miner or group of colluding miners with a majority of the network hashrate as they could control which blocks (and therefore which transactions) are part of the longest chain. For example, addresses on the OFAC sanctions list could be blocked from transferring any funds, effectively making their coins non-fungible for as long as the censoring miner controls a majority of the hashrate.
Any block that gets by from another, honest, miner could simply be rewritten or replaced by the government’s hashpower. In reality it would be incredibly difficult for anybody, even a government, to determine the country a transaction came from.
As you may know, sometimes Bitcoin miners mine empty blocks, meaning that the block has zero transactions in it. The miner is still awarded the block subsidy, but does not receive any reward from transaction fees. This is generally not intentional and is caused by latency issues which can be read about in our article “Why Pools Mine Empty Blocks and How Stratum V2 Fixes This”.
If a miner wanted to hinder the Bitcoin Network they could do an empty block attack where they only mine blocks with 0 transactions in them. This would keep all transactions in a pending status, and would stall the use of the network for as long as the attack can be maintained. An extensive analysis of this unlikely attack and methods to mitigate its effectiveness can be read about in Jimmy Song’s “Debunking the Empty Block Attack” article.
With all this talk of mining attacks, we feel it is important to mention the importance of transaction confirmations. Once a block is mined, it means that all the transactions in that block have one confirmation. While this is considered decently secure already, it becomes more secure with each block mined on top of it. In the Bitcoin space, it is widely accepted that at least 6 confirmations should be used for very large or important transactions because it is extremely unlikely for a blockchain reorganization to go that deep.
If it is expensive to rewrite one block it is significantly more expensive to rewrite six blocks, and such a substantial amount of hashrate working on a different version of the blockchain in secret would be fairly obvious unless they are using hashrate which was not previously mining on the longest chain. In other words, a majority of hashrate suddenly going offline to attempt a deep blockchain reorganization would result in blocktimes slowing by at least 2x, which would be easy to observe over a multi-hour time period In summary, one confirmation may be good for a smaller purchase, but six is practically permanent or unchangeable.
We’ve explained some of the theoretical attacks possible on Bitcoin to shed light on how its design differs from our legacy systems which seem to be getting more vulnerable every day. The Bitcoin blockchain can be partially rewritten with enough hashpower, but it cannot be hacked. This is much different than the traditional data center approach companies use. In these cases data centers are difficult to hack but if it can be done, then data can be stolen and modified at a very low cost.
Although the above attack scenarios are theoretically possible, in practice they are extremely costly to undertake making them highly unlikely to occur. In addition, bitcoin is designed to remove the need to trust any individual, company, or government, all of which are important so that users can feel confident storing their wealth in bitcoin. The security of the network does not rely on a security team and these attacks can only be initiated with sufficient computing power and capital as laid out in the Bitcoin code, which anybody can review.
Read Privacy Policy.
12.12.2024
4.12.2024
11.11.2024
Read Privacy Policy.