Skip to content

We're upgrading our operations to serve you better. Orders ship as usual from Laval, QC. Questions? Contact us

Bitcoin accepted at checkout  |  Ships from Laval, QC, Canada  |  Expert support since 2016

1325 Rue Bergar, Laval, QC [email protected] 1-855-753-9997 Mon-Fri: 8:30 - 18:00
The Different Bitcoin Mining Attacks Explained
Bitcoin Culture

The Different Bitcoin Mining Attacks Explained

· D-Central Technologies · 18 min read

Every ten minutes, a new block gets added to the longest proof-of-work chain in existence. That block represents something no government, no corporation, and no military can replicate: trustless, permissionless consensus among thousands of nodes scattered across the planet. This is the system Satoshi Nakamoto engineered. And like any system worth attacking, Bitcoin mining has attracted adversaries since day one.

The difference between Bitcoin and every other digital system? It was designed to be attacked. The proof-of-work mechanism does not merely tolerate adversarial conditions — it thrives on them. Every failed attack makes the network stronger. Every dollar spent trying to subvert the chain is a dollar wasted against thermodynamic reality.

But understanding how these attacks work is not optional for miners. If you are running hardware — whether it is a Bitaxe solo miner on your desk or an Antminer S21 in your basement — you are a participant in the security model. You are a node in the defense network. You need to know what you are defending against.

This guide breaks down every major attack vector against Bitcoin mining: how they work, why most of them fail in practice, and what you as a home miner can do to strengthen the network. No corporate fluff. No hand-waving. Just the technical reality of securing the hardest money ever created.

How Bitcoin Mining Actually Works: The Security Foundation

Before dissecting attacks, you need to understand the system they target. Bitcoin mining is not “solving math problems” — that is a simplification that borders on misinformation. Mining is the process of converting real-world energy into unforgeable, timestamped blocks of transaction data, secured by cryptographic proof.

Proof-of-Work: Energy as Security

The proof-of-work algorithm requires miners to find a nonce value that, when combined with the block header data and run through SHA-256 twice, produces a hash below a target threshold. The difficulty of that threshold adjusts every 2,016 blocks (roughly two weeks) to maintain the ten-minute average block interval.

This is not busywork. This is the conversion of electricity into security. Every hash computed represents real energy expenditure. To rewrite history, an attacker must re-expend all of that energy — plus outpace the honest network going forward. As of 2026, the Bitcoin network operates at over 800 exahashes per second (EH/s). The energy required to sustain even a fraction of that for a sustained attack is staggering.

The block reward currently stands at 3.125 BTC following the April 2024 halving. Combined with transaction fees, this reward incentivizes miners to play by the rules. Honest mining is profitable. Attacking the network is not — and the math gets worse for attackers with every halving.

Mining Pools: Necessary Coordination, Potential Risk

Individual miners rarely find blocks on their own due to the sheer difficulty involved. Mining pools aggregate hashrate from thousands of participants, distributing rewards proportionally when the pool finds a block. This makes income more predictable for individual miners.

But pools introduce a paradox. While they democratize access to mining rewards, large pools concentrate hashrate under a single coordinator. If a pool operator controls 30% or more of the network hashrate, certain attack vectors become theoretically possible. This is why pool selection matters — and why the decentralization-minded miner should seriously consider solo mining or smaller, transparent pools.

The pool operator decides which transactions go into blocks. The pool operator decides the block template. If you care about censorship resistance, you care about who runs your pool.

The Consensus Mechanism: Why the Longest Chain Wins

Bitcoin’s consensus is elegant in its simplicity: the chain with the most cumulative proof-of-work is the valid chain. Period. Not the chain with the most blocks (though these usually correlate), but the chain representing the most energy expenditure. This is Nakamoto Consensus.

The Longest Chain Rule in Practice

When two miners find valid blocks at approximately the same time, a temporary fork occurs. Two competing chain tips exist simultaneously. Nodes follow whichever they received first, but the moment a subsequent block extends one tip, the other is orphaned. Transactions in the orphaned block return to the mempool for re-inclusion.

This is not a bug — it is the system working as designed. Temporary forks resolve naturally. The more blocks that build on top of a transaction, the more energy has been committed to that version of history, and the more expensive it becomes to revert.

Six confirmations has long been the standard for “finality” in Bitcoin. At current hashrate levels, reversing six blocks would require an attacker to outpace 800+ EH/s for roughly an hour straight — a physical impossibility for any known entity.

Miners as the Immune System

Every miner, from the largest industrial operation to a single Bitaxe on a home miner’s shelf, contributes to the network’s immune system. Your hashrate makes the chain heavier. Your energy expenditure makes history harder to rewrite. This is why home mining matters for decentralization — not just for the block reward, but for the security of the entire network.

The more geographically distributed and independently operated the mining network is, the harder it becomes to coordinate any attack. Every home miner running independent hardware is another node in the defense mesh.

The Full Spectrum of Bitcoin Mining Attacks

Now for the attacks themselves. Some are theoretical. Some have been attempted. All of them fail against Bitcoin’s current security parameters — but understanding them is what separates an informed miner from a passive participant.

Double-Spend Attacks

How it works: An attacker sends Bitcoin to a merchant, receives goods or services, then broadcasts an alternative transaction spending the same UTXO back to themselves. If the attacker can get the alternative transaction confirmed in a block that replaces the original, the merchant loses both the Bitcoin and the goods.

Why it matters: This is the fundamental attack that proof-of-work exists to prevent. The entire security model of Bitcoin revolves around making double-spends economically irrational.

The reality in 2026: For zero-confirmation transactions, double-spend risk is real. Merchants accepting unconfirmed transactions are gambling. But with even a single confirmation, the attacker needs to mine a competing block faster than the rest of the network — meaning they need more hashrate than everyone else combined. With two or more confirmations, the probability of a successful double-spend drops to negligible levels.

Defense: Wait for confirmations. For small transactions, one or two confirmations suffice. For large amounts, six confirmations remain the gold standard. The math is on your side.

51% Attacks (Majority Attacks)

How it works: An entity controlling more than 50% of the total network hashrate can theoretically mine blocks faster than the honest network. This gives them the ability to: reverse recent transactions (enabling double-spends), prevent specific transactions from being confirmed (censorship), and prevent other miners from finding valid blocks (mining monopoly).

The economics of impossibility: At 800+ EH/s, acquiring 51% of Bitcoin’s hashrate would require controlling roughly 400+ EH/s. The capital cost of that hardware alone would run into tens of billions of dollars — before you factor in the electricity to run it, the facilities to house it, and the global supply chain to acquire it. The newest generation ASIC miners cost thousands of dollars each and produce hashrates measured in hundreds of terahashes per second. You would need millions of them.

Even if a nation-state attempted this, the attack would be visible immediately. Honest nodes would see the chain reorganization. The community would respond. The attacker’s hardware would immediately lose value as confidence in the network eroded — a self-defeating proposition.

Defense: Decentralize hashrate. Run your own miner. Support smaller pools. The more distributed the hashrate, the harder a 51% attack becomes. This is literally why home mining exists.

Selfish Mining

How it works: A miner finds a valid block but withholds it from the network. While honest miners waste energy working on the old chain tip, the selfish miner builds a secret chain. When the selfish miner’s secret chain is longer, they release it all at once, orphaning the honest miners’ blocks and claiming the rewards.

The theoretical threshold: Research by Eyal and Sirer (2014) showed that selfish mining can be profitable for miners controlling as little as 33% of the hashrate under certain network conditions. However, this assumes perfect information, zero latency in block propagation, and a cooperative network topology — assumptions that rarely hold in practice.

Why it mostly fails: Selfish mining requires sustained secrecy. The longer you withhold blocks, the greater the risk that another miner finds a competing block and your secret chain becomes worthless. Network monitoring tools can detect anomalous block withholding patterns. And the economic incentive to simply mine honestly is almost always stronger than the marginal gain from selfish mining.

Defense: Network-level improvements to block propagation (like compact blocks and the FIBRE network) reduce the advantage of selfish mining. Monitoring tools that track block arrival times can flag suspicious behavior.

Eclipse Attacks

How it works: An attacker takes control of all the network connections to a target node, completely isolating it from the honest network. The attacker can then feed the victim a false view of the blockchain — showing fake confirmations, hiding legitimate transactions, or facilitating double-spends against the isolated node.

The method: The attacker floods the target’s peer table with malicious IP addresses, then triggers a restart of the target node (or waits for one). When the node reconnects, it connects only to attacker-controlled peers. From that point, the victim sees only what the attacker wants them to see.

Why it is harder than it sounds: Bitcoin Core has implemented multiple defenses against eclipse attacks over the years: diversified peer selection, anchor connections that persist across restarts, limits on connections from the same IP range, and outbound connection protections. A well-configured node running current software is significantly harder to eclipse than nodes running older versions.

Defense: Run the latest Bitcoin Core release. Use multiple independent connections. Monitor your node’s peer diversity. If you run a business that accepts Bitcoin, consider running multiple nodes with different network paths.

Empty Block Mining

How it works: A miner produces valid blocks that contain only the coinbase transaction (the block reward) and zero user transactions. This is technically valid according to protocol rules — there is no requirement that blocks contain transactions beyond the coinbase.

Why miners do it: There is a brief window after a new block is found when miners begin working on the next block before they have fully validated the previous one. During this window, it is safer to mine an empty block (to avoid including transactions that might conflict with the newly found block) than to risk building an invalid block. This is called “spy mining” or “head start mining.”

The nuance: Empty block mining is not inherently malicious. It is a rational response to network latency. However, persistent empty block mining from a large pool would reduce the network’s transaction throughput and increase confirmation times for users. In practice, the transaction fees lost by mining empty blocks create a natural economic disincentive against the practice.

Defense: Better block propagation protocols (compact blocks, Erlay) minimize the validation window and reduce the incentive for empty block mining. Pool transparency also helps — miners can choose pools that consistently include transactions.

Advanced Threats: Sophisticated Attack Vectors

Beyond the well-known attacks, several more sophisticated vectors deserve attention. These are less likely but demonstrate the depth of adversarial thinking that Bitcoin’s security model must withstand.

Timejacking Attacks

How it works: Bitcoin nodes use timestamps from their peers to maintain a “network-adjusted time.” An attacker who controls a sufficient number of a victim’s peer connections can skew the victim’s perception of time by reporting false timestamps. This can cause the victim to reject valid blocks (because they appear to be “from the future”) or accept blocks that the rest of the network considers invalid.

Practical limitations: Bitcoin Core limits the acceptable time offset from a peer to 70 minutes and uses the median of connected peers’ times rather than a single source. Manipulating the median requires controlling a majority of a node’s connections — which circles back to the eclipse attack problem.

Defense: Maintain diverse peer connections. Run NTP (Network Time Protocol) on your mining hardware. Monitor for unexpected time drift in your node logs.

Finney Attacks

How it works: Named after Bitcoin pioneer Hal Finney, this attack is a targeted double-spend. The attacker mines a block containing a transaction that pays themselves, but does not broadcast it. They then make a separate payment to a merchant using the same coins. After receiving goods, the attacker broadcasts their pre-mined block, which (if accepted by the network) reverses the merchant payment.

Requirements: The attacker must actively be mining and must find a block at exactly the right time. The window of opportunity is extremely narrow. The merchant must accept zero-confirmation transactions, and the attacker must have enough hashrate that finding a block in a reasonable timeframe is plausible.

Why it is impractical at scale: The Finney attack works only against zero-confirmation transactions and requires the attacker to waste mining revenue while waiting for the right moment. The expected cost usually exceeds the expected gain, especially at current hashrate levels.

Defense: Do not accept zero-confirmation transactions for high-value goods. Even a single confirmation makes Finney attacks exponentially harder.

Block Withholding Attacks (BWH)

How it works: A malicious miner joins a pool and submits partial proof-of-work solutions (shares) to prove they are mining, but withholds any full solutions (valid blocks) they find. The pool pays the attacker for shares, but never receives the block reward from the attacker’s withheld blocks.

Impact: The pool’s revenue decreases while the attacker still receives share-based payouts. The cost is spread across all other pool members who see their per-share reward diminish.

Defense: Pool operators use various share validation schemes to detect anomalous patterns. Some pools have moved to pay-per-last-N-shares (PPLNS) models that reduce the profitability of BWH attacks. Oblivious share validation research continues to address this vector.

Transaction Pinning and Mempool Manipulation

How it works: An attacker crafts transactions with specific fee structures designed to prevent legitimate transactions from being confirmed in a timely manner. By exploiting mempool policies (like BIP 125 replace-by-fee rules), an attacker can “pin” a victim’s transaction in an unconfirmable state.

Relevance to miners: This affects Layer 2 protocols like the Lightning Network more than base-layer mining, but miners should understand it because it relates to how transaction selection and fee estimation interact with network security.

Defense: Protocol-level improvements (like package relay and v3 transaction policies) are actively being developed to address pinning attacks.

The Evolving Threat Landscape: What Miners Should Watch

The attack surface of Bitcoin mining does not stand still. As the network grows and new technologies emerge, new considerations arise.

Pool Centralization Risk

As of 2026, the top three mining pools control a significant share of total hashrate. While no single pool approaches 51%, collusion between two or three major pools could theoretically reach that threshold. This is not a protocol vulnerability — it is a social and economic one.

The antidote is decentralization at every layer. Run your own node. Mine solo or with small pools. Use Stratum V2, which gives miners control over their own block templates rather than ceding that power to pool operators. Every miner who takes back control of their block template is a miner who strengthens censorship resistance.

State-Level Adversaries

Nation-states have the resources to mount attacks that no private entity could sustain. Theoretical state-level attacks include: seizing mining operations within their borders, mandating transaction censorship by domestic miners, or investing in purpose-built mining hardware to disrupt the network.

Bitcoin’s defense against state-level attacks is geographic distribution. Mining that is spread across every continent, embedded in homes, powered by diverse energy sources, and operated by sovereign individuals is the hardest network to attack. This is why home mining is not a hobby — it is an act of network defense.

Quantum Computing: The Long Horizon

Quantum computers could theoretically break the ECDSA signatures used to authorize Bitcoin transactions. However, they do not threaten proof-of-work directly — SHA-256 is quantum-resistant in the sense that Grover’s algorithm only provides a quadratic speedup, which the network could counteract by increasing difficulty.

The Bitcoin development community is already researching post-quantum signature schemes. This is a multi-decade horizon concern, not an imminent threat. Miners should stay informed but not lose sleep over it.

Hardening Your Operation: Best Practices for Miners

Knowing the attacks is step one. Defending against them is step two. Here is what every miner — from hobbyist to professional — should implement.

Node Security

  • Run a full node. Do not trust someone else’s view of the blockchain. Verify everything yourself. Bitcoin Core is the reference implementation and remains the most battle-tested.
  • Keep software updated. Every Bitcoin Core release includes security fixes. Running outdated software is running vulnerable software.
  • Diversify peer connections. Ensure your node connects to peers across multiple IP ranges, geographies, and ASNs. This is your primary defense against eclipse attacks.
  • Use Tor or I2P. Running your node over Tor hides your IP address from potential attackers who might target your specific node.
  • Monitor your node. Watch for unusual peer disconnections, unexpected chain reorganizations, or time drift. Anomalies can be early indicators of targeted attacks.

Mining Operation Security

  • Choose pools carefully. Prefer pools that support Stratum V2, publish transparent statistics, and have a track record of honest operation. Better yet, mine solo.
  • Secure your network. Mining hardware should be on a segregated network. Use VPNs for pool connections. Encrypt everything you can.
  • Implement monitoring. Set up alerts for hashrate drops, pool connectivity issues, or unexpected firmware changes. Hardware-level attacks (like malicious firmware that redirects hashrate) are a real threat.
  • Verify your firmware. Only run firmware from trusted sources. Check hashes. Avoid random “performance-boosting” firmware from unknown sources — some contain hashrate-stealing malware.
  • Maintain physical security. If someone can access your mining hardware, they can reflash firmware, redirect hashrate, or steal equipment. Secure your mining space.

Supporting Network Health

  • Advocate for decentralization. Every conversation about mining centralization matters. Support protocols and tools that distribute power away from large entities.
  • Participate in upgrades. When the Bitcoin development community proposes security improvements, run the updated software. Signal support for changes that strengthen the network.
  • Educate other miners. Share knowledge about attack vectors and best practices. A more informed mining community is a more secure mining community.
  • Report vulnerabilities responsibly. If you discover a potential vulnerability, report it through proper channels (like the Bitcoin Core security disclosure process) before discussing it publicly.

Why Every Hash Counts

The attacks described in this guide range from the theoretically devastating to the practically impossible. That gradient exists because of miners. Every watt of electricity converted into hashrate, every block validated and propagated, every node run from a basement or spare room — all of it contributes to the wall of thermodynamic proof that makes Bitcoin the most secure network in human history.

At D-Central Technologies, we have been building, repairing, and hacking mining hardware since 2016. We have seen the network grow from single-digit exahashes to over 800 EH/s. We have watched solo miners hit blocks against astronomical odds — because in Bitcoin, every hash counts.

Understanding mining attacks is not about fear. It is about respect — for the system, for the adversarial conditions it was designed to withstand, and for your role as a miner in maintaining its integrity. Run your hardware. Verify your own blocks. Strengthen the network.

That is what Bitcoin Mining Hackers do.

Frequently Asked Questions

What is the most dangerous attack against Bitcoin mining?

The 51% attack is theoretically the most dangerous because it enables double-spending, transaction censorship, and chain reorganization. However, at current hashrate levels exceeding 800 EH/s, executing a 51% attack on Bitcoin would cost tens of billions of dollars in hardware alone — making it economically irrational for any known entity. The attack remains a theoretical possibility that guides protocol design rather than a practical threat.

Can a mining pool execute a 51% attack?

If a single pool controlled more than 50% of the network hashrate, its operator could theoretically attempt a 51% attack. However, the pool’s individual miners would likely notice and leave, immediately reducing the pool’s hashrate below the threshold. Pool operators also have strong economic incentives against attacking — their business depends on the network’s integrity. The greater risk is collusion between multiple large pools, which is why hashrate decentralization across many independent pools and solo miners remains critical.

How many confirmations should I wait before considering a Bitcoin transaction final?

For everyday transactions, two to three confirmations provide strong security. For high-value transactions, the traditional standard is six confirmations (roughly one hour). At current network hashrate, even reversing a single confirmation would require an attacker to outpace 800+ EH/s — which is beyond the capability of any known entity. Zero-confirmation transactions should never be trusted for anything of significant value.

Does solo mining help protect against mining attacks?

Yes. Solo mining directly strengthens the network’s decentralization, which is the primary defense against most mining attacks. When you solo mine, you control your own block templates — meaning no pool operator can censor transactions on your behalf. Even with low hashrate devices like a Bitaxe, you contribute to the geographic and organizational diversity that makes coordinated attacks harder. Every independent miner is another point of failure an attacker must account for.

What is selfish mining and should I be worried about it?

Selfish mining is a strategy where a miner withholds discovered blocks to gain a competitive advantage over honest miners. While academically interesting, selfish mining requires controlling at least 33% of the network hashrate to be potentially profitable — and real-world network conditions (latency, monitoring, economic incentives) make it even harder to execute successfully. For home miners, selfish mining is not a direct personal threat, but understanding it reinforces why hashrate decentralization matters.

Are quantum computers a threat to Bitcoin mining?

Not in the foreseeable future. Quantum computers could theoretically weaken SHA-256 mining (via Grover’s algorithm providing a quadratic speedup), but the network could counteract this by increasing difficulty. The more pressing quantum concern is breaking ECDSA signatures used for transaction authorization, but Bitcoin developers are already researching post-quantum cryptographic schemes. This is a long-horizon concern measured in decades, not a current operational threat to miners.

How does running a full node improve my security as a miner?

Running a full node means you independently verify every block and transaction against the protocol rules — you trust no one else’s version of the blockchain. This protects you from eclipse attacks (where an attacker feeds you false data), ensures you are always mining on the correct chain tip, and allows you to detect chain reorganizations immediately. For any serious mining operation, running your own full node is non-negotiable.

What is Stratum V2 and why does it matter for mining security?

Stratum V2 is the next-generation mining protocol that gives individual miners control over their own block templates — the selection of which transactions to include in blocks. Under the older Stratum V1, pool operators make this decision. Stratum V2 shifts that power back to miners, reducing the risk of transaction censorship by centralized pool operators and strengthening the network’s censorship resistance at the protocol level.

D-Central Technologies

Jonathan Bertrand, widely recognized by his pseudonym KryptykHex, is the visionary Founder and CEO of D-Central Technologies, Canada's premier ASIC repair hub. Renowned for his profound expertise in Bitcoin mining, Jonathan has been a pivotal figure in the cryptocurrency landscape since 2016, driving innovation and fostering growth in the industry. Jonathan's journey into the world of cryptocurrencies began with a deep-seated passion for technology. His early career was marked by a relentless pursuit of knowledge and a commitment to the Cypherpunk ethos. In 2016, Jonathan founded D-Central Technologies, establishing it as the leading name in Bitcoin mining hardware repair and hosting services in Canada. Under his leadership, D-Central has grown exponentially, offering a wide range of services from ASIC repair and mining hosting to refurbished hardware sales. The company's facilities in Quebec and Alberta cater to individual ASIC owners and large-scale mining operations alike, reflecting Jonathan's commitment to making Bitcoin mining accessible and efficient.

Related Posts