TERM_DEF // SECURITY_ATTACKS / SELFISH_MINING_ATTACK
SELFISH MINING
ATTACK
ATTACK
mining-attack/">Selfish Mining Attack. Withholding blocks to gain disproportionate relative reward; profitable above ~33% hashrate.
This page sits in the Security Attacks section — Threat models and named attacks every Bitcoin practitioner should recognise. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
This page sits in the Security Attacks section — Threat models and named attacks every Bitcoin practitioner should recognise. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
WHAT_SELFISH_MINING_ATTACK_IS
Selfish Mining Attack — at a glance
SECURITY ATTACKS
Selfish Mining Attack is one of the attack patterns the Bitcoin protocol is designed to resist. Withholding blocks to gain disproportionate relative reward; profitable above ~33% hashrate. Understanding the threat model is what makes the design choices (proof-of-work, deep confirmations, peer-discovery/">peer discovery, signature schemes) make sense — every defence is paying for some specific class of attack.
Why it exists
DESIGN
Bitcoin holds hundreds of billions of dollars across an open, public network. That makes it the single largest bounty target in the history of computing. The protocol's security comes from making attacks more expensive than the reward — but the attacks themselves have names, mechanics, and history. Reading them is how you develop intuition for which threat models are real and which are bogeymen.
HOW_IT_WORKS
Mechanism
HOW IT WORKS
An attacker exploits a property of the system — economic, cryptographic, or networking — to take, censor, or destabilise value. Selfish Mining Attack works by Withholding blocks to gain disproportionate relative reward; profitable above ~33% hashrate; the cost of executing it is what the defence relies on remaining prohibitive.
1. Attacker identifies an exploitable property (e.g. brief miner majority, weak peer connection, predictable nonce).
2. They acquire the necessary resources — hashrate, IP capacity, leaked secret, compromised infrastructure.
3. They execute the attack, often briefly to minimise detection and counter-response.
4. They extract value (double-spent coins, blocked transactions, stolen secrets) before the network can react.
5. Defenders respond: deeper confirmations, peer rotation, additional checks, sometimes a soft fork to patch.
6. The cost of the attack rises (more hashrate, more peers, better RNG) and the next attacker has to spend even more.
WORKED_EXAMPLE
Notable attacks against Bitcoin (and ones that never materialised)
EXAMPLE
2010 — value overflow incident : single tx created 184 billion BTC; soft-forked away in <12h
2014 — Mt. Gox malleability : signature malleability used to deny withdrawal accounting (custodial bug)
2014 — Bitfinex hash rate scare : Ghash.io briefly exceeded 50%; voluntarily backed off
2017 — Bitmain ASICBoost dispute : covert AsicBoost mining variant; SegWit fixed by accident
2018 — Bitcoin Gold 51% attacks : altcoin-level, not Bitcoin; demonstrated cost-of-PoW differential
2019 — Binance theft (~7000 BTC) : hot-wallet compromise; Binance considered (then rejected) a re-org
Pattern: protocol-level attacks on Bitcoin proper are extremely rare. Custodial breaches dominate the losses.
KEY_PROPERTIES
COST-BOUND
Every attack has a $ cost to execute. Bitcoin's security argument is that the cost exceeds the reward.
PROOF-OF-WORK SHIELD
Rewriting confirmed history requires re-doing all the PoW since — hundreds of millions of dollars per day.
TRANSPARENT
Every attack leaves on-chain evidence — observers see double-spends, orphans, and unusual reorgs in real time.
EVOLVING DEFENCES
Each major attack has been answered by patches, BIPs, or new conventions in wallet software.
COMMON_PITFALLS
Things that catch people out
PITFALLS
- "51% attack" sounds total but is actually narrow — an attacker can only reverse their own recent transactions and censor for a short window. They cannot mint new coins or steal others' keys.
- Most "Bitcoin hacks" you read about are exchange/custodial hacks, not protocol attacks. The protocol itself has been remarkably robust.
- Quantum threats are real but distant (10+ years until cryptographically relevant) — and post-quantum BIPs are already drafted.
- Defenders' best tool is patience: deep confirmations (≥6 blocks) defeat every short-window attack ever seen.
RELATED_CONCEPTS
Other terms from Security Attacks — click any to read its page:
TERMINOLOGY_INDEX
TERMINOLOGY
Selfish Mining Attack
Withholding blocks to gain disproportionate relative reward; profitable above ~33% hashrate.
Eclipse Attack
Isolating a node by monopolizing its peer connections to feed it a fake chain or censor its data.
Sybil Attack
Filling the peer network with attacker-controlled identities to skew gossip or peer selection.
Fee Sniping
Mining attempting to rewrite recent blocks to capture their fees; mitigated by anti-fee-sniping locktimes.
Time-Warp Attack
Manipulating timestamps within difficulty rules to bring difficulty down on a minority chain.
Address Reuse
Spending from or receiving repeatedly on the same address; leaks privacy and risks key compromise.
Double Spend Attack
Broadcasting two conflicting txs hoping a service accepts one as confirmed before the other reorgs it.
Dust Attack
Sending tiny amounts to many addresses hoping to trace them when consolidated.