Key Takeaways
Selfish mining is a strategy where a miner (or mining pool) withholds newly found blocks from the network rather than broadcasting them immediately, creating a private chain advantage in proof-of-work (PoW) systems.
The strategy can become more rewarding than honest mining when an attacker controls roughly 25–33% of the total network hash rate, depending on network connectivity advantages.
If successful, selfish mining can lead to centralization pressure, as rational miners may join the selfish pool to share in its higher-than-proportional rewards.
Some researchers have proposed that certain selfish mining variants may produce on-chain patterns that are difficult to distinguish from normal network latency, potentially making purely statistical detection unreliable.
Countermeasures include random tie-breaking rules, adaptive difficulty adjustments, decentralized block template construction (such as DATUM and Stratum V2), and improved block relay mechanisms.
Introduction
In blockchain networks that use proof-of-work consensus, miners compete to find valid blocks and earn rewards. Normally, a miner who finds a block broadcasts it immediately. Selfish mining is an alternative strategy where the miner withholds blocks to gain a revenue advantage over honest participants.
First described formally by researchers Ittay Eyal and Emin Gün Sirer in 2013, selfish mining raised important questions about the long-term security assumptions of Bitcoin and similar networks. This article explains how the strategy works, the conditions that make it viable, relevant research developments, and the countermeasures designed to limit its impact.
Understanding the Bitcoin Incentives
Bitcoin is designed as a balanced system of incentives. Miners that secure the network are rewarded financially for honest behavior. They invest capital into electricity and specialized hardware (ASICs), hoping to earn revenue by appending valid blocks to the chain.
When a miner successfully adds a block, they receive all transaction fees from that block plus the block subsidy — newly minted bitcoins released according to a predictable schedule. After the April 2024 Bitcoin halving, the block subsidy dropped from 6.25 BTC to 3.125 BTC. This halving occurs roughly every four years (every 210,000 blocks), gradually reducing the rate of new coin issuance.
The competitive nature of mining, combined with increasing difficulty, generally strengthens network security. However, researchers have identified scenarios where these incentives can potentially be exploited through strategic block withholding.
How Does Selfish Mining Work?
In the standard selfish mining strategy, a miner (or coordinated pool) follows these steps:
Find and withhold: When the selfish miner finds a valid block, they keep it private rather than broadcasting it to the network.
Extend privately: While honest miners continue working on the public chain tip, the selfish miner extends their private chain. If they find additional blocks before the honest miners catch up, they build a lead.
Strategic reveal: When the honest chain threatens to catch up (usually within one block of the private chain's length), the selfish miner publishes their longer chain all at once.
A worked example
Suppose network hash rate is divided equally among four miners: Alice, Bob, Carol, and Dan (25% each). Alice, Bob, and Carol mine honestly, but Dan employs selfish mining.
After block 100,000, Dan finds block 100,001 but keeps it secret. The others continue trying to find 100,001. Meanwhile, Dan starts working on 100,002. If Dan finds 100,002 before anyone else finds their version of 100,001, he now holds a private chain two blocks ahead of the public chain.
Dan continues mining privately. When honest miners eventually find their version of 100,001 (putting them only one block behind Dan's private chain), Dan reveals his entire chain. Because Bitcoin follows the heaviest chain rule (the chain with the most accumulated proof-of-work), all nodes switch to Dan's chain. The honest miners' work on their competing chain is wasted, and Dan collects all the rewards from his privately mined blocks.
Note that in this simplified example, Dan's strategy works because he gets lucky with block timing. In practice, profitability at exactly 25% hash rate depends heavily on network connectivity advantages (explained below).
The profitability threshold
Selfish mining is not always more rewarding than honest mining. Two key parameters determine profitability:
Alpha (α): The attacker's share of the total network hash rate. Classical analysis suggests selfish mining can become more rewarding than honest mining when alpha exceeds approximately 25–33%, depending on the value of gamma.
Gamma (γ): The probability that, during a tie (when both chains are the same length), honest miners happen to mine on the attacker's block rather than the competing honest block. Network advantages — such as faster connectivity or strategically placed relay nodes — can increase gamma and lower the hash rate threshold needed for profitable selfish mining. With gamma = 0 (worst case for attacker), the threshold is approximately 33%. With higher gamma values, it can drop toward 25% or lower.
Selfish Mining Research Developments
Since the original 2013 paper, researchers have explored several important variants and refinements of the selfish mining strategy.
Intermittent selfish mining
Some researchers have proposed that an attacker could alternate between selfish and honest mining in carefully timed phases. During the selfish phase, increased orphan rates may eventually cause the network difficulty to adjust downward (noting that Bitcoin's difficulty adjustment uses a 2,016-block window, so this effect would take considerable time to manifest). The attacker could then switch back to honest mining at the reduced difficulty, potentially earning above-proportional rewards even without actively withholding blocks. This line of research suggests that difficulty adjustment mechanisms themselves could serve as an attack surface under certain conditions.
Strategies with reduced detectability
Academic work has explored whether selfish mining strategies could produce on-chain patterns (such as fork rates, stale block distributions, and consecutive block occurrences) that are difficult to distinguish from those caused by honest-but-high-latency mining. If such strategies exist in practice, purely statistical detection methods may not be able to reliably confirm or deny the presence of selfish mining on a live network. However, the real-world feasibility of such strategies remains an area of ongoing research and debate.
Competing selfish miners
Extensions to the original single-attacker model analyze scenarios with multiple rational pools simultaneously deviating from honest behavior. When several pools employ self-optimizing strategies, they may cannibalize each other's gains. However, the overall effect on the network could include increased orphan rates, reduced security margins, and potential arms-race dynamics in block withholding.
Does Selfish Mining Pose a Threat to Bitcoin?
The practical risk of selfish mining depends on mining pool concentration, economic incentives, and network architecture.
Current mining pool landscape
As of 2025, Bitcoin mining pools show notable concentration. A small number of large pools each control significant portions of the total network hash rate, and the top five pools together may account for a majority of total hash power.
While no single pool consistently exceeds the classical selfish mining profitability threshold, the concentration is material enough that a coalition of pools could theoretically reach the required hash rate share. However, this scenario involves significant coordination challenges and risks.
Economic and reputational constraints
Despite theoretical vulnerability, several factors reduce the practical likelihood of selfish mining on Bitcoin:
Miners have substantial capital invested in hardware and infrastructure. A successful attack that damages confidence in the network could depress the asset's value, harming the attacker's own holdings and future revenue.
Pool operators are generally public entities with reputational stakes. Suspected selfish mining behavior could lead to miners migrating away from that pool.
The post-halving economics of mining (thinner margins, higher operational costs) mean that any disruption to revenue predictability is costly.
Centralization risk
In a worst-case scenario, if selfish mining proved consistently more rewarding, rational miners might join the selfish pool, gradually increasing its hash rate share. This could push the pool toward the threshold for a 51% attack, which would pose far more severe risks to the network, including the potential for double spending.
Countermeasures and Protocol Responses
Random tie-breaking
The original Eyal and Sirer paper recommended that when miners receive two competing chains of equal length, they should choose randomly which one to extend (rather than always using first-seen). This reduces the attacker's gamma parameter, raising the hash rate threshold needed for profitable selfish mining. While conceptually simple, standardizing this behavior across all mining software has proven difficult in practice.
Adaptive difficulty adjustment
Some researchers have proposed modifying difficulty adjustment algorithms to incorporate stale block rates and variance metrics. If effective block production deviates from expected patterns, difficulty could adjust to help neutralize the attacker's advantage. However, aggressive adjustments risk destabilizing block intervals and can be difficult to calibrate without false positives.
Decentralized block template construction
Protocols like DATUM (used by OCEAN pool) and Stratum V2 with job negotiation aim to move block template creation back to individual miners' own full nodes. In the traditional pooled mining model, the pool operator constructs the block template and individual miners function essentially as "hashers" with no control over transaction selection. By decoupling reward pooling from template control, these protocols aim to reduce a single entity's ability to engage in strategic block withholding at scale. These approaches are still relatively new and adoption is growing.
Improved block relay mechanisms
Reducing baseline block propagation latency across the network narrows the window in which an attacker can exploit connectivity advantages. Early solutions like the FIBRE relay network (now deprecated) demonstrated the value of fast block propagation. More recent approaches, including Compact Block Relay (BIP 152) integrated into Bitcoin Core, serve a similar purpose by reducing the data that needs to be transmitted when a new block is found. Lower overall latency effectively reduces gamma for all participants, making selfish mining less profitable for a given hash rate share.
Frequently Asked Questions
What is the difference between selfish mining and a 51% attack?
Selfish mining is a strategy to earn disproportionate block rewards by withholding blocks. A 51% attack involves controlling the majority of hash power to rewrite transaction history (enabling double spending). Selfish mining can be a stepping stone toward a 51% attack if it attracts enough miners to the selfish pool, but it does not directly enable transaction reversal or censorship.
Has selfish mining been proven on Bitcoin's network?
No widely accepted, proven case of selfish mining has been documented on Bitcoin's mainnet. Some empirical studies have found statistical patterns that deviate from simple independent mining models, but these could be explained by latency variations, pool architecture, or hash rate fluctuations rather than intentional strategy. Given the difficulty of distinguishing certain withholding strategies from normal network behavior, confirming its presence or absence remains challenging.
Are smaller proof-of-work blockchains more vulnerable?
Generally, yes. Smaller PoW networks with lower total hash rates, fewer mining pools, and less community scrutiny may be more vulnerable. An attacker can more easily acquire the hash rate share needed for profitable selfish mining, and the economic disincentives (value at risk from attacking) are proportionally smaller.
Can proof-of-stake networks suffer from selfish mining?
Classical selfish mining applies specifically to proof-of-work longest-chain consensus. Proof-of-stake systems use different block production and finality mechanisms (such as validator committees and BFT overlays) that are generally less susceptible to block withholding strategies. However, PoS systems face their own strategic manipulation vectors, including equivocation and timing games.
What can individual miners do to reduce selfish mining risk?
Individual miners can run their own full nodes (to verify chain state independently), use mining protocols that give them control over block templates (such as DATUM or Stratum V2 with job negotiation), connect to multiple peers for faster block propagation, and diversify pool selection to avoid concentrating hash rate in any single entity.
Closing Thoughts
Selfish mining is a widely studied strategic attack vector in proof-of-work blockchain security. While theoretical research has expanded the understanding of possible attacks — including variants that may be difficult to detect — the practical risk on Bitcoin's network appears constrained by economic incentives, reputational costs, and ongoing protocol improvements.
Effective defenses may combine protocol-level changes (random tie-breaking, adaptive difficulty), infrastructure improvements (fast relay mechanisms, decentralized template construction), and monitoring (statistical anomaly tracking). As mining economics evolve post-halving and pool concentration continues to shift, ongoing vigilance and research remain important to maintaining the security assumptions that underpin proof-of-work consensus.
Further Reading
Disclaimer: This content is presented to you on an "as is" basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Where the content is contributed by a third party contributor, please note that those views expressed belong to the third party contributor, and do not necessarily reflect those of Binance Academy. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance Academy is not liable for any losses you may incur. For more information, see our Terms of Use, Risk Warning and Binance Academy Terms.