Block Withholding Attack

A block withholding attack targets a mining pool from the inside. The attacker joins the pool and mines normally, submitting partial proof-of-work shares to claim its slice of payouts. The twist: when it actually finds a valid full block, it throws the solution away instead of reporting it. The attacker still earns nearly all of its expected share-based income, but the pool never collects the block reward that work should have produced.

Why It Hurts the Pool

The economics are deliberately asymmetric. Withholding costs the attacker only a fraction of a percent of expected revenue, because full blocks are rare relative to the lower-difficulty shares it keeps submitting. The pool, however, loses 100% of every block the attacker silently kills. In reward schemes like PPLNS or PPS, those losses are spread across honest participants, dragging down everyone's effective payout. A documented 2014 incident against the Eligius pool reportedly cost it roughly 300 BTC.

Distinct From Selfish Mining

Block withholding is not the same as selfish mining. Selfish mining withholds a block from the entire network to win a private chain race; block withholding withholds a block from one pool while the rest of the network is unaffected. It also seeds more advanced strategies such as the fork-after-withholding attack. The defining tension is the gap between what a pool can verify (low-difficulty shares) and what actually pays (full blocks meeting network difficulty).

For operators, the practical defenses are reputation-based pool admission, statistical detection of miners whose share rate never converts into found blocks, and reward designs that reduce the incentive. See related entries on stale shares and proof of work.