Definition
Fork-after-withholding (FAW) attack is a pool-level mining attack, introduced in 2017 academic research, that fuses the classic block withholding attack with the deliberate forking logic of selfish mining. The attacker joins a target mining pool as an ordinary member, splitting its hashpower between honest mining elsewhere and infiltration mining inside the victim pool. In plain block withholding, the infiltrator submits partial shares to collect payouts but discards any full blocks it finds, quietly bleeding the pool. FAW's insight is that discarding those blocks wastes ammunition.
The attack matters less as a live threat than as a result in the security literature: it demonstrated that two known attacks, each individually constrained, compose into something strictly stronger, and that the informal reassurances then circulating about withholding attacks, chiefly that mutual attack was self-defeating, did not survive a sharper strategy. Papers of this kind are how pooled mining's trust assumptions get mapped in advance of exploitation, and FAW remains a standard citation wherever pool security is analyzed seriously.
How the fork is engineered
Instead of throwing a withheld block away, the FAW attacker keeps it in reserve. The moment some external miner outside the pool publishes a competing block at the same height, the attacker submits its withheld block to the pool manager, who, acting in good faith, propagates it immediately. The network now sees two valid blocks at the same height and a fork forms, resolved by whichever branch the next block extends, exactly the race described under chain reorganization. When the pool's branch wins, the pool earns a full block reward that the attacker shares in through the normal payout scheme, on top of the share income it was already collecting from its partial submissions. When the branch loses, the block becomes one more stale block, and the attacker is no worse off than a plain withholder. The attack converts a discarded block into a lottery ticket with no downside relative to the baseline.
Why it out-earns plain withholding
The 2017 analysis showed FAW is always at least as profitable as block withholding, and against multiple pools simultaneously, which mirrors the real network, the extra reward was estimated at roughly 56 percent more than plain withholding. FAW also reshapes the so-called miner's dilemma, the game-theoretic result that when two pools attack each other with block withholding, both lose, a standoff that discourages the practice. Under FAW, the larger pool can consistently come out ahead in a mutual attack, removing the deadlock and its comforting implication that rational pools would not bother. And unlike pure selfish mining, FAW does not require the attacker to win block-propagation races across the public network, sidestepping the practicality objections that keep selfish mining largely theoretical.
Detection and defenses
Countermeasures remain imperfect. A pool can watch for members whose submitted shares never include full blocks, but a patient attacker with modest infiltration power hides comfortably inside statistical noise for a long time. Payout design matters at the margins, and the reward-scheme dynamics covered under PPLNS change how quickly infiltration pays, but no scheme eliminates the incentive. Proposed protocol-level fixes, such as making miners unable to recognize whether a share is a full block, would require changes Bitcoin has not adopted. FAW is therefore best read as a standing reminder of the trust structure inside pooled mining: a pool aggregates strangers' hashpower on the honor system, and attacks that compose pool-level and network-level tricks are strictly stronger than either alone. It is one more argument, at the margin, for the transparency of solo mining, where there is no pool to infiltrate and no one to cheat but yourself.
In Simple Terms
Fork-after-withholding (FAW) attack is a pool-level mining attack, introduced in 2017 academic research, that fuses the classic block withholding attack with the deliberate forking logic…
