Sabotaging Bitcoin

Source

I find myself in the unusual position of defending Bitcoin from its critics, if only reluctantly.

In 2024 Soroush Farokhnia & Amir Kafshdar Goharshady published Options and Futures Imperil Bitcoin's Security and:

showed that (i) a successful block-reverting attack does not necessarily require ... a majority of the hash power; (ii) obtaining a majority of the hash power ... costs roughly 6.77 billion ... and (iii) Bitcoin derivatives, i.e. options and futures, imperil Bitcoin’s security by creating an incentive for a block-reverting/majority attack.

Source

It is worth noting that they are not talking about profiting from double-spending. The Bitcoin blockchain transacts around $17B/day of nominal value in around 450K transactions (average ~$38K), but in 2021 Igor Makarov & Antoinette Schoar found that:

90% of transaction volume on the Bitcoin blockchain is not tied to economically meaningful activities but is the byproduct of the Bitcoin protocol design as well as the preference of many participants for anonymity ... exchanges play a central role in the Bitcoin system. They explain 75% of real Bitcoin volume.

Of course, just because they aren't "economically meaningful" doesn't mean they aren't worth attacking! The average block has ~3.2K transactions, so ~$121.6M/block. As a check. $121.6M * 144 block/day = $17.5B. So to recover their cost for a 51% attack would require double-spending about 8 hours worth of transactions.

I agree with their technical analysis of the attack, but I believe there would be significant difficulties in putting it into practice. Below the fold I try to set out these difficulties.

brevity is for the weak
Maciej Cegłowski

First, I should point out that I wrote about using derivatives to profit from manipulating Bitcoin's price more than three years ago in Pump-and-Dump Schemes. These schemes have a long history in cryptocurrencies, but they are not the attack involved here. I don't claim expertise in derivatives trading, so it is possible my analysis is faulty. If so, please point out the problems in a comment.

The Attack

Farokhnia & Goharshady build on the 2018 work of Ittay Eyal & Emin Gün Sirer in Majority is not enough: Bitcoin mining is vulnerable:

The key idea behind this strategy, called Selfish Mining, is for a pool to keep its discovered blocks private, thereby intentionally forking the chain. The honest nodes continue to mine on the public chain, while the pool mines on its own private branch. If the pool discovers more blocks, it develops a longer lead on the public chain, and continues to keep these new blocks private. When the public branch approaches the pool's private branch in length, the selfish miners reveal blocks from their private chain to the public.
...
We further show that the Bitcoin mining protocol will never be safe against attacks by a selfish mining pool that commands more than 1/3 of the total mining power of the network. Such a pool will always be able to collect mining rewards that exceed its proportion of mining power, even if it loses every single block race in the network. The resulting bound of 2/3 for the fraction of Bitcoin mining power that needs to follow the honest protocol to ensure that the protocol remains resistant to being gamed is substantially lower than the 50% figure currently assumed, and difficult to achieve in practice.

In April 2024 Farokhnia & Goharshady observed that:

Given that the rule of thumb followed by most practitioners is to wait for 6 confirmations, a fork that goes 6 levels deep can very likely diminish the public’s trust in Bitcoin and cause a crash in its market price. It is also widely accepted that a prolonged majority attack (if it happens) would be catastrophic to the cryptocurrency and can cause its downfall.

But, as they lay out, this possibility is discounted:

The conventional wisdom in the blockchain community is to assume that such block-reverting attacks are highly unlikely to happen. The reasoning goes as follows:

1. Reverting multiple blocks and specifically double-spending a transaction that has 6 confirmations requires control of a majority of the mining power;
2. Having a majority of the mining power is prohibitively expensive and requires an outlandish investment in hardware;
3. Even if a miner, mining pool or group of pools does control a majority of the mining power, they have no incentive to act dishonestly and revert the blockchain, as that would crash the price of Bitcoin, which is ultimately not in their favor, since they rely on mining rewards denominated in BTC for their income.

Source

Starting in late 2020, as shown in The Economist's graphic, the spot market in Bitcoin became dwarfed by the derivatives markets. In the last month $1.7T of Bitcoin futures traded on unregulated exchanges, and $6.4B on regulated exchanges. Compare this with the $1.8B of the spot market in the same month.

These huge futures markets enable Farokhnia & Goharshady's attack:

In short, an attacker can first use the Bitcoin derivatives market to short Bitcoin by purchasing a sufficient amount of put options or other equivalent financial instruments. She can then invest any of the amounts calculated above, depending on the timeline of the attack, to obtain the necessary hardware and hash power to perform the attack. If the attacker chooses to obtain a majority of the hash power, her success is guaranteed and she can revert the blocks as deeply as she wishes. However, she also has the option of a smaller upfront investment in hardware in exchange for longer wait times to achieve a high probability of success. In any case, as long as her earnings from shorting Bitcoin and then causing an intentional price crash outweighs her investments in hardware, there is a clear financial incentive to perform such an attack. The numbers above show that the annual trade volume in Bitcoin derivatives is more than three orders of magnitude larger than the required investment in hardware. Thus, it is possible and profitable to perform such an attack.

Assumptions

Farokhnia & Goharshady make some simplifying assumptions:

• We only consider the cost of hardware at the time of writing. We assume the attacker is buying the hardware, rather than renting it and do not consider potential discounts on bulk orders.
• We ignore electricity costs as they vary widely based on location.

The justification for the first assumption is that it keeps our analysis sound, i.e. we can only over-approximate the cost by making this assumption. As for the second assumption, we note that electricity costs are often negligible in comparison to hardware costs and that our main argument, i.e. the vulnerability of Bitcoin to majority attacks and block-reverting attacks, remains intact even if the estimates we obtain here are doubled. Indeed, as we will soon see, the trade volume of Bitcoin derivatives is more than three orders of magnitude larger than the numbers obtained here.

Goal

As Farokhnia & Goharshady stress, the success of a block-reverting attack is probabilistic, so the attacker needs to have a high enough probability of making a large enough profit to make up for the risk of failure.

My analysis thus assumes that the goal of the attacker is to have a 95% probability of earning at least double the cost of the attack.

Attacker

There are two different kinds of attackers with different sets of difficulties:

• Outsiders: someone who has to acquire or rent sufficient hash power.
• Insiders: someone or some mining pool who already controls sufficient hash power.

Farokhnia & Goharshady study the outsider case. Both kinds of attacker's practical problems occur in two areas:

• Obtaining and maintaining for the duration of the attack sufficient hash power without detection.
• Obtaining and maintaining for the duration of the attack a sufficient short position in Bitcoin without detection.

The short position must be maintained for the duration of the attack because succeess may come at any 10-minute block time, and there would not be time to obtain a large enough short position in ten minutes.

Hash Power

The outsider's problems are more complex than the insider's.

Outsider Attack

The outsider attacker requires three kinds of resource:

• Mining rigs.
• Power to run the rigs.
• Data center space to hold the rigs.

Each of these is problematic, but assuming that the difficulties could be overcome, there is then the question of what it would cost to run the attack..

Mining rigs

• Could they acquire mining rigs sufficient to provide 30% of the combined insider and outsider hash power, or ~43% of the pre-attack hash power?
• How long would it take to acquire the rigs?
• Would their acquisition of the rigs be detected?

Bitmain is estimated to have 82% of the market for mining rigs, and they either control or have very close relations with all the major mining pools, who thus have priority access to the latest rigs. Because rigs depreciate rapidly, position in the queue for rigs has a big impact on the profitability of mining. Bitmain is unlikely to give a new customer priority access to rigs.

Because the economic life of mining rigs is less than two years, the first part of Bitmain's production goes into maintaining the hash rate by replacing obsolete rigs. The second part goes into increasing the hash rate. If we assume that the outsider attacker could absorb the second part of Bitmain's production, how long would it take to get the necessary 43% of the previous hash power?

Source

This can be estimated by examining the hash power through time graph. Over the last 3 years the hash rate has increased from about 240EH/s to about 1120EH/s, or about 24EH/s/month. Roughly, 82% of this is Bitmain's output, or about 20EH/s/month. The attacker needs 43% of the current hash rate, or about 482EH/s, or 24 months of the second part of Bitmain's production. At the current price for leading-edge rigs of $14.11/TH/s this would cost about $6.8B plus say $340M in interest at 5%, or $7.14B.

The lack of rigs to increase the hash rate over a period of much less than two years would clearly be detectable.

Power

The Cambridge Bitcoin Energy Consumption Index's current estimate is that the network consumes 22GW. The outside attacker would need 43% of this, or about 9.5GW, for the duration of the attack. For context, Meta's extraordinarily aggressive AI data center plans claim to bring a single 1GW data center online in 2026, and the first 2GW phase of their planned $27B 5GW Louisiana data center in 2030. The constraint on the roll-out is largely that lack of access to sufficient power. The attacker would need double the power Meta's Louisiana data center plans to have in 2030.

Access to gigawatts of power is available only on long-term contracts and only after significant delays.

Data centers

Hyperion

Meta's 5GW Louisiana "Hyperion" data center's "footprint will be large enough to cover most of Manhattan", and the outsider attacker would need two of them. If Meta expects to take more than 5 years to build one of them, the outsider attacker is likely to need a decade.

Estimates for AI data centers are that 60% of the capital cost is the hardware and 40% everything else. Thus the "everything else" for Meta's $27B 5GW data center is $10.8B. "Everything else" for the attacker's two similar data centers would thus be $21.6B. Plus say 5 years of interest at 5% or $5.4B.

Operational cost

Ignoring the evident impossibility of the outsider attacker amassing the necessary mining rigs, power and data center space, what would the operational costs of the attack be?

It is hard to estimate the costs for power, data center space, etc. But an estimate can be based upon the cost to rent hash power, noting that in practice renting 43% of the total would be impossible, and guessing that renters have a 30% margin. A typical rental fee would be $0.10/TH/day so the costs might be $0.07/TH/day. The attack would have a 95% probability of needing 482EH/s over 34 days or less, so $516M or less.

Thus the estimated total cost for the hash power used in the attack would have a 95% probability of being no more than $7.66B. Plus about $27B in data center cost, which could presumably be repurposed to AI after the attack.

Insider Attack

Source

The insider attacker already controls the 30% of the hash power they need, so only the question of detection remains. The essence of the block-reverting attack is that the attacker mines in secret until they can publish a chain with 6 blocks following a target block. A reduction of 30% of the public hash rate over an average period of 17 days would clearly be detectable. The hash rate is noisy, but the graph shows that over the last year the largest drop was 16% from June 14^th to 27^th. There was one large drop in the hash rate, 51% between May 10^th and July 1^st 2021 as China cracked down on mining.

The insider's loss of income from the blocks they would otherwise have mined would have a 95% probability of being 4,590 BTC or less, or about $425M.

Short Position

Both kinds of attackers need to ensure that, when the attack succeeds, they have a large enough short position in Bitcoin that would generate their expected return from the attack's decrease in the Bitcoin price. There are two possibilities:

• When the attacker's chain is within one block of being the longest, they have ten minutes to purchase the shorts. There is unlikely to be enough liquidity in the market to accommodate this sudden demand, which in any case would greatly increase the price of the shorts. I will ignore this possibility in what follows.
• At the start of the attack the attacker gradually accumulates sufficient shorts. Even assuming there were enough liquidity, and that the purchases didn't increase the price, the attacker has to bear both the cost of maintaining the shorts for the duration of the attack, and the risk of the market moving up enough to cause the position to be liquidated.

The success of a block-reverting attack on Bitcoin would have implications on other cryptocurrencies. It would likely increase the prices fo Proof-of-Stake coins such as Ethereum, as being much ore difficult to attack, and decrease the price of other Proof-of-Work coins. Derivatives on these coins might be included int he attacker's toolkit, but I will ignore this possibility as the open interest on these coins is smaller.

Farokhnia & Goharshady note that:

At the time of writing, the open interest of BTC options is a bit more than 20 billion USD. Thus, a malicious party performing the attack mentioned in this work would need to obtain a considerable amount of the available put contracts. This may lead to market disruptions whose analysis is beyond the scope of this work. This being said, if the derivatives market continues to grow and becomes much larger than it currently is, purchasing this amount of contracts might not even be detected.

There are two different kinds of market in which Bitcoin shorts are available:

• Regulated exchanges such as the CME offering options on Bitcoin and stock exchanges with Bitcoin ETFs and Bitcoin treasury companies such as Strategy.
• Unregulated exchanges such as Binance offering "perpetual futures" (perps) on Bitcoin.

Unregulated Exchanges

Patrick McKenzie's Perpetual futures, explained is a clear and comprehensive description of the derivative common on unregulated exchanges:

Instead of all of a particular futures vintage settling on the same day, perps settle multiple times a day for a particular market on a particular exchange. The mechanism for this is the funding rate. At a high level: winners get paid by losers every e.g. 4 hours and then the game continues, unless you’ve been blown out due to becoming overleveraged or for other reasons (discussed in a moment).

Consider a toy example: a retail user buys 0.1 Bitcoin via a perp. The price on their screen, which they understand to be for Bitcoin, might be $86,000 each, and so they might pay $8,600 cash. Should the price rise to $90,000 before the next settlement, they will get +/- $400 of winnings credited to their account, and their account will continue to reflect exposure to 0.1 units of Bitcoin via the perp. They might choose to sell their future at this point (or any other). They’ll have paid one commission (and a spread) to buy, one (of each) to sell, and perhaps they’ll leave the casino with their winnings, or perhaps they’ll play another game.

Where did the money come from? Someone else was symmetrically short exposure to Bitcoin via a perp. It is, with some very important caveats incoming, a closed system: since no good or service is being produced except the speculation, winning money means someone else lost.

So the exchange makes money from commissions, and from the spread against the actual spot price. The price of the perp is maintained close to the spot price by the "basis trade", traders providing liquidity by shorting the perp and buying the spot when the perp is above spot, and vice versa. Of course, the spot price itself may have been manipulated, for example by Pump-and-Dump Schemes.

How else does the exchange make money?

Perp funding rates also embed an interest rate component. This might get quoted as 3 bps a day, or 1 bps every eight hours, or similar. However, because of the impact of leverage, gamblers are paying more than you might expect: at 10X leverage that’s 30 bps a day.

A "basis point (bps)" is "one hundredth of 1 percentage point", so 30bps/day is 0.3%/day or around 120%/year. But the lure of leverage is the competitive advantage of unregulated exchanges:

In a standard U.S. brokerage account, Regulation T has, for almost 100 years now, set maximum leverage limits (by setting minimums for margins). These are 2X at position opening time and 4X “maintenance” (before one closes out the position). Your brokerage would be obligated to forcibly close your position if volatility causes you to exceed those limits.

Unregulated markets are different:

Binance allows up to 125x leverage on BTC.

Although these huge amounts of leverage greatly increase the reward from a small market movement in favor of the position, they greatly reduce the amount the market has to move against the position before something bad happens. The first bad thing is liquidation:

One reason perps are structurally better for exchanges and market makers is that they simplify the business of blowing out leveraged traders. The exact mechanics depend on the exchange, the amount, etc, but generally speaking you can either force the customer to enter a closing trade or you can assign their position to someone willing to bear the risk in return for a discount.

Blowing out losing traders is lucrative for exchanges except when it catastrophically isn’t. It is a priced service in many places. The price is quoted to be low (“a nominal fee of 0.5%” is one way Binance describes it) but, since it is calculated from the amount at risk, it can be a large portion of the money lost. If the account’s negative balance is less than the liquidation fee, wonderful, thanks for playing and the exchange / “the insurance fund” keeps the rest, as a tip.

The bigger and faster the market move, the more likely the loss exceeds your collateral:

In the case where the amount an account is negative by is more than the fee, that “insurance fund” can choose to pay the winners on behalf of the liquidated user, at management’s discretion. Management will usually decide to do this, because a casino with a reputation for not paying winners will not long remain a casino.

But tail risk is a real thing. The capital efficiency has a price: there physically does not exist enough money in the system to pay all winners given sufficiently dramatic price moves. Forced liquidations happen. Sophisticated participants withdraw liquidity (for reasons we’ll soon discuss) or the exchange becomes overwhelmed technically / operationally. The forced liquidations eat through the diminished / unreplenished liquidity in the book, and the magnitude of the move increases.

The second bad thing is automatic de-leveraging (ADL):

Risk in perps has to be symmetric: if (accounting for leverage) there are 100,000 units of Somecoin exposure long, then there are 100,000 units of Somecoin exposure short. This does not imply that the shorts or longs are sufficiently capitalized to actually pay for all the exposure in all instances.

In cases where management deems paying winners from the insurance fund would be too costly and/or impossible, they automatically deleverage some winners.

McKenzie illustrates ADL with an example:

So perhaps you understood, prior to a 20% move, that you were 4X leveraged. You just earned 80%, right? Ah, except you were only 2X leveraged, so you earned 40%. Why were you retroactively only 2X? That’s what automatic deleveraging means. Why couldn’t you get the other 40% you feel entitled to? Because the collective group of losers doesn’t have enough to pay you your winnings and the insurance fund was insufficient or deemed insufficient by management.

For our purposes, this is an important note:

In theory, this can happen to the upside or the downside. In practice in crypto, this seems to usually happen after sharp decreases in prices, not sharp increases. For example, October 2025 saw widespread ADLing as (more than) $19 billion of liquidations happened, across a variety of assets.

How does this affect the outsider attacker? Lets assume that the attack has a 95% probability of costing no more than $7.5B and would reduce the Bitcoin price from $100K to $80K in a single 4-hour period. With 10X leverage this would generate $200K/BTC in gains.

Source

The outsider wants to double the cost of the attack, so needs to short $15B/$180K BTC, or 83,333BTC at 10X leverage for the duration of the attack. Establishing the position costs $8.333B. Assuming the BTC price is fixed at $100K until the attack succeeds the funding rate is zero. But we have to assume that the attacker borrowed the $8.333B for the duration, so would pay interest, plus two commissions plus two spreads. I'll ignore these costs.

Source

I will also ignore the fact that $83B is around 148% of the peak aggregated open interest in Bitcoin options over the past year of about $56B.

The way liquidation of a short works is that as the market moves up, the initial leverage increases. Each exchange will have a limit on the leverage it will allow so, allowing for the liquidation fee, if the leverage of the short position gets to this limit the exchange will liquidate it.

Move %	Leverage
0	10
1	11.1
2	12.5
3	14.3
4	16.7
5	20
6	25
7	33.3
8	50
9	100

The table shows the effect of increasing percentage moves against an initial 10X leveraged short. If we assume a short with an initial 10X leverage and an exchange limit of 50X was taken out on the first of each month of 2025, on 9 of the 12 months it would have been liquidated before the month was out. So Bitcoin is volatile enough that the attacker's short has a high probability of being liquidated before the attack succeeds. And note Binance's "nominal fee" of 0.5% for liquidating $83.33B, or $417M.

In the unlikely event that the attack succeeds early enough to avoid liquidation there would have been one of those "sharp decreases in prices" that cause ADL, so as a huge winner it would be essentially certain that the attacker would suffer ADL and most of the winnings needed to justify the attack would evaporate.

Regulated Exchanges

The peak open interest in Bitcoin futures on the Chicago Mercantile Exchange over the past year was less than $20B, so even if we add together both kinds of exchange, the peak open interest over the last year isn't enough for the attacker.

Conclusions

Neither an outsider nor an insider attack appears feasible.

Outsider Attack

An outsider attack seems infeasible because in practice:

• They could not acquire 43% or more of the hash power.
• Even if they could it would take so long as to make detection inevitable.
• Even if they could and they were not detected, the high cost of the rigs makes the necessary shorts large relative to the open interest, and expensive to maintain.
• These large shorts would need to be leveraged perpetual futures, bringing significant risks of loss of collateral through liquidation, and of the potential payoff being reduced through automatic de-leveraging.
• The attacker would need more than the peak aggregate open interest in Bitcoin futures over the past year.

Insider Attack

The order-of-magnitude lower direct cost of an insider attack makes it appear less infeasible, but insiders have to consider the impact on their continuing mining business. If the assumed 20% drop in the Bitcoin price were sustained for a year, the cost to the miner controlling 30% of the hash rate would be about 15,750 BTC or nearly $1.5B making the total cost of the attack (excluding the cost of carrying the shorts) almost $2B.

Source

The drop in Bitcoin's price and the smaller, lagging drop in network difficulty over the last three months has decreased miners' revenue by about 25%. In the medium term a further drop is in prospect. Sometime in April 2028 the regular Bitcoin halvening will occur, halving the income of miners in aggregate Bitcoin terms.

Source

These drops turn the insiders' access to data center space and power into a double-edged sword because, as Vicky Ge Huang explains in Bitcoin Miners Thrive Off a New Side Hustle: Retooling Their Data Centers for AI:

mining-company stocks are still flying, even with cryptocurrency prices in retreat. That's because these firms have something in common with the hottest investment theme on the planet: the massive, electricity-hungry data centers expected to power the artificial-intelligence boom. Some companies are figuring out how to remake themselves as vital suppliers to Alphabet, Amazon, Meta, Microsoft and other "hyperscalers" bent on AI dominance.
...
Miners often have to build new, specialized facilities, because running AI requires more-advanced cooling and network systems, as well as replacing bitcoin-mining computers with AI-focused graphics processing units. But signing deals with miners allows AI giants to expand faster and cheaper than starting new facilities from scratch.
...
Shares of Core Scientific quadrupled in 2024 after the company signed its first AI contract that February. The stock has gained 10% this year. The company now expects to exit bitcoin mining entirely by 2028.

I wonder why the date is 2028! As profit-driven miners use their bouyant stock price to fund a pivot to AI the hash rate and the network difficuty will decrease, making an insider attack less infeasible. The drop in their customer's income will likely encourage Bitmain to similarly pivot to AI, devoting an increasing proportion of their wafers to AI chips, especially given the Chinese government's goal of localizing AI.

A 30% miner whose rigs were fully depreciated might consider an insider attack shortly before the halvening as a viable exit strategy, since their future earnings from mining would be greatly reduced. But they would still be detected.

Counter-measures

Even if we assume the feasibility of both the hash rate and the short position aspects of the attack, it is still the case that for example, an attack with 30% of the hash power and a 95% probability of success will, on average, last 17 days. it seems very unlikely that the coincidence over an extended period of a large reduction in the expected hash rate and a huge increase in short interest would escape attention from Bitcoin HODl-ers, miners and exchanges, not to mention Bitmain. What counter-measures could they employ?

Source

The theoretically correct counter-measure would be to raise the 6-block finality criterion to the 24 blocks that corresponds to a pool with 30% of the hash power. But this would violate what people incorrectly believe is the revealed word of Satoshi. And Goharshady correctly pointed out in email that this is in any case impractical:

• The 6-block rule is just a convention, there is no dial that can be turned.
• Much of the access to the Bitcoin blockchain is via APIs that typically have the 6-block rule hard-codded in.
• Many, typically low-value, transactions do not wait for even a single confirmation.
• Even it were possible, changing from a one-hour to a four-hour confirmation would have significant negative impacts on the Bitcoin ecosystem.

In the case of an insider attack, the absence of a pool previously mining around one in three of all blocks would readily de-anonymize the attacker. Bitmain would necessarily be aware of the identity of an outside attacker. Although unregulated exchanges are notoriously poor at KYC/AML, the sums involved in the shorts are so large that they would be highly motivated to use the blockchain information to de-anonymize the attacker. Given their terms of service, and the lack of effective recourse, they would be able to ham-string the attack.

Acknowledgements

This post benefited greatly from insightful comments on a draft from Jonathan Reiter, Amir Kafshdar Goharshady and Joel Wallenberg, but the errors are all mine.