According to ChatGPT, a small number of mining pools control a large portion of the mining power on the Bitcoin network. Such a scenario could lead to centralization of power and decision-making.
First of all, it’s nice to see that the AI model introduces a little bit of nuance by suggesting that the attack described is hypothetical. “Could” is a tad softer than “can collaboratively centralize” or any other phrasing which puts emphasis on the consequences of this threat.
Secondly, it’s interesting that ChatGPT doesn’t mention the 51% attack which reorganizes recent transactions and can theoretically rewrite the history across multiple blocks. Maybe that the programmers didn’t spend enough time training it to FUD Bitcoin (and shill the Orwellian Worldcoin which Open AI endorses as an alternative), or maybe that the vagueness was left there on purpose. Regardless of semantics, let’s break this FUD.
In order to challenge the FUD about mining centralization in Bitcoin, one must look at historical, technical, and game theoretical examples. Because the concerns date back to 2011 and they were never really validated – as a blockchain reorg attack takes a lot of coordination, and even if the attack takes place it’s financially costly and socially difficult to sustain.
As described in the previous article, which debunked some dishonest concerns about Proof of Work mining and energy consumption, there have been previous moments in Bitcoin’s history when users expressed fear of witnessing a 51% attack. What is a 51% attack, you say? It’s a situation where one mining entity reaches a simple majority of hash rate and decides to reorganize recent blocks and steal money from transactions. It’s not about a majority of participants, but a majority of processing power (or hash).
The reason why a successful 51% attack never happened on Bitcoin is that mining pools are not singular entities that can act on behalf of all participants. Also, at least up to this point, the miners have always found it more profitable to play by the rules and collect the coinbase rewards.
To recap, here are the moments in history when a mining pool reached a dangerously high hash rate – one which could theoretically enable them to launch attacks against Bitcoin:
– in July 2011, Deepbit surpassed the 50% mark: an event that inspired Bitcoin Talk forum user bcearl to post about it and tell others “Don’t panic, but watch carefully!”. In less than 2 years, Deepbit was already irrelevant and bitcoiners migrated towards new and more efficient pools;
– in September 2013, Bitcoin Talk forum user mechs pointed out that BTC Guild might become a “51% attack risk”. Funnily enough, the first reply by Nancarrow was “Whoa man, deja vu”. Bitcoin Core developer Greg Maxwell also tuned in to explain why the concerns are unjustified. But the most prophetic answer came from a user named johnyj, who suggested that GHash.io poses a greater risk because the hardware manufacturer is also the biggest operator;
– in January 2014, the rise of GHash.io has made Bitcoin Magazine co-founder Vitalik Buterin lose faith in Proof of Work mining. Around the same time, then-Bitcoin Core developer Peter Todd took to Reddit to announce that he sold half of his bitcoins to mitigate the risk. But in March 2014, the community coordinated a massive DDoS attack against GHash. In the aftermath, the pool shut down its cloud mining service and quickly faded into obscurity as it was no longer accepting new members. Only GHash’s exchange service, CEX.io, is still around today;
– in 2017, bitcoiners would once again battle against a large mining pool named Bitmain. Like GHash.io, Bitmain was manufacturing chips that the rest of the industry was using. But what Bitmain did was to develop and enable the so-called ASIC boost, a special type of software which pushes the performance of their mining devices. Then, when they figured out that Bitcoin’s SegWit upgrade would nullify their ASIC boost, the company shifted towards supporting Bitcoin Cash – the big block version of Bitcoin, which failed to get enough traction. Bitmain’s support for BCH resulted in a loss of dominance for their two mining pools: BTC.com and AntPool. So while bitcoiners were concerned that Bitmain may get too big and attack Bitcoin, bad management made the company shrink and ultimately diminished its role in providing hash rate. However, Bitmain is still the biggest manufacturer of SHA-256 ASICs for Bitcoin mining and most other pools (as well as individual contributors) use their hardware.
This short history lesson is meant to help us understand that Proof of Work mining is dynamic and no entity is too big to fail. But since the concept of a mining pool has been brought into discussion so many times, it’s important to explain what it is and how it works.
A mining pool is a voluntary association of miners who want to maximize their chances to get rewards more frequently. By putting together their hash power, they become a pool and share the revenue according to the amount of contribution each member brings. For example, someone who mines from Buthan using hydro energy may find it way too hard and unreliable to find Bitcoin blocks all alone. So they look at existing mining pools and pick the one which charges the lowest fees. There are large mining pools from China (F2Pool, AntPool, ViaBTC), large mining pools from the United States of America (Foundry, MARA Pool, Luxor), and there’s also a smaller option from Europe (Braiins).
The miners from Buthan can pick any pool and flip flop between them at will. Naturally, they will search for the best balance of predictability and high rewards. Though the largest mining pool offers the most frequent payouts, the smaller ones have lower fees and offer extra services such as free firmware updates to boost your hardware’s efficiency and advanced profitability calculators. It makes no sense for everyone to go towards the biggest player – as the “small fish in a large tank” situation isn’t always the most effective way to make money and free markets provide incentives to support competition.
Assuming that the Buthan miners pick a pool which is secretly malevolent and will attack Bitcoin as soon as the 51% hash rate mark is hit, this scenario doesn’t mean that the Buthanese participants must be on board with the decision. They can leave the pool which acts in bad faith and contribute towards restoring the balance somewhere else.
In some cases, 51% attacks can be profitable for the miners. But this destructive short-term bet will only harm the long-term business at large. Assuming that every participant acts in the most rational economic way, it makes no sense to accept a short-term big payout instead of protecting a source of revenue that can bring higher rewards over an extended time frame. It’s as if a farmer gets paid a lot of money to burn his crops – it may be momentarily tempting, but what’s the point of risking his reputation and means to make a living when he can harvest the land for many more years in order to make a decent living?
Furthermore, if Bitcoin is under attack it’s likely that the market participants will panic and crash the price. So the potential rewards at the end of a successful attack are significantly lower, as everything is in BTC. Sure, the attackers can use US dollars to short the price on some exchange… but they have no guarantee that their attempt would succeed and they’re only exposing themselves to more risk. An unsuccessful 51% attack makes the entire effort a waste of time and energy, destroys the reputation of the attackers, and only strengthens the Bitcoin network to better respond to such a threat. But now we’re assuming that such a coordination is possible, though history teaches us that it hasn’t happened in times when the probability seemed high.
As of May 2023, there’s geopolitical multipolarity in Bitcoin mining pools. The Chinese miners, who have been suspected of one day colluding to launch a 51% attack against the network, still retain about 40% of the hash power across a handful of pools. Meanwhile, the US and European mining pools also add up to roughly 39% of the hash power. In the event of a totalitarian takeover in China or the US, which results in a politically-motivated attack against Bitcoin, no party can gain the necessary majority.
Furthermore, just because the pool is from China or the USA doesn’t mean that the miners must be physically located in the same country. As a Romanian who might be mining from home, I am free to either launch a lottery ticket as a solo miner and only get the entire block reward by sheer luck, or else join any pool which offers me the best balance of low fees and high rewards at a predictable rate.
Though the pool itself is responsible for coordinating the participants, decentralizing limitations are set in place thanks to software innovations such as Stratum V1 (the industry standard since 2012) and Stratum V2 (a newer standard that’s currently implemented by Braiins and offers even more decentralization through allowing individual miners to negotiate their own transaction sets). It’s even more difficult for a pool to attack Bitcoin if the miners have the autonomy to opt out from certain types of transactions.
What is the cost to launch a 51% attack, though? As of May 2nd 2023, when the hash rate is 322 EH/s and the price is $28700, it costs about $1.27 million US dollars per hour to rent the hardware that can pull off this attack. In the last hour, thanks to a combination of full blocks and high fees, Bitcoin has produced $1.6 million worth of coins. Theoretically, an attacker could have made $0.33 million in profits – assuming that the majority lasted for so long and other miners didn’t turn on more machines to dilute the 51%.
However, this model is purely theoretical. Mostly because there aren’t enough machines that an attacker can rent to use against the Bitcoin network. Currently, Proof of Work mining on Bitcoin uses a SHA-256 hashing algorithm which requires dedicated hardware. Due to limited and specialized demand, these ASIC miners are only made in a few places around the world and their supply is always limited. In hindsight, this scarcity of devices is oligopolistic and bad for the average Bitcoin enthusiast who wants to mine from home. But in practice, this means that enemies of Bitcoin must invest extra resources to purchase the hardware, run it in areas where excess energy is available, and start an initiative that might as well fail.
Back in January 2021, Braiins published an article which does some basic math about what a successful 51% attack requires. At the time, the hash rate was 150 EH/s. In the meantime, it doubled. So if we use their model and assume that the current miners remain honest and the attacker must get at least the same amount of hash rate (300 EH/s), and there’s also an unlimited availability of Antminer S19 XP Hyd mining devices that do approximately 257 TH/s each, then at least 1167315 units are necessary to initiate the attack. Never mind that Bitmain’s production can’t accommodate this type of demand, let’s assume that a nation state actor is able to get what they want or else build their own hardware in a secret factory.
What we should take into account now is that every single Antminer S19 XP Hyd device consumes 5346 watts per hour. 5346 multiplied by 1167315 is 6.23 GW/h. This amount of energy is immense and it would be very difficult to find it among excess sources without causing disruption in places that require electricity. Only powerful nation states such as China, Russia, and the United States can theoretically mobilize to deploy such a large-scale attack. But in reality, given how one Antminer S19 XP Hyd costs $10000 and they’d have to spend $11.67 billions in taxpayer money only for an attempt (and then pay for electricity and personnel), it’s much easier and cheaper for them to launch social attacks which actively discourage the use of Bitcoin: they can push regulations, they can spread all sorts of FUD, and they can leverage financial mechanisms to suppress the price on compliant trading hubs within their jurisdiction.
At this point, some would ask “isn’t it easier for Bitcoin to migrate to Proof of Stake and leave behind this complicated game theory with likely attack vectors from global superpowers?”. Well, the answer is a clear no. Proof of Stake is a “one coin, one vote” system that can’t function without a concerning degree of centralization. Assuming that a nation state wants to attack Ethereum, Cardano, or any other Proof of Stake system, all it has to do is threaten with harsh regulations to crash the price and then print money to acquire a majority of coins. Then it’s game over for the entire system, as the largest stake is in control of governance.
Attacking Bitcoin requires investing money in hardware and electric energy. And even if you do everything by the book and deploy the most successful attack in which the USA and China collaborate, it’s still likely that the users will fork off to migrate to another chain which copies the pre-attack history of the previous network and changes the mining algorithm to turn any further attack into a waste of resources.
Bitcoin has never had a successful 51% attack specifically because the game theory system works. There’s geopolitical competition between nations, there’s electricity efficiency competition between miners, and the incentives to play by the rules are stronger than the consequences of attacking. Thinking about 51% attacks against Bitcoin is a nice intellectual exercise and the idea of this threat is useful in keeping honest miners in check (if they care about the network, they will consider migrating to smaller pools). But in practice, it’s a nightmare to successfully undergo.
Sorry ChatGPT, but you’re taking another big loss here.