Selfish Mining

What Is Selfish Mining?

Selfish mining is an adversarial mining strategy first formally described by Ittay Eyal and Emin Gün Sirer in their 2013 paper "Majority is not Enough: Bitcoin Mining is Vulnerable." Instead of immediately broadcasting a newly found block (honest behavior), a selfish miner keeps it secret and continues mining on top of it privately. By building a hidden chain and releasing it at calculated moments, the attacker causes other miners' blocks to be orphaned, wasting their computational work while the selfish miner's blocks end up on the canonical chain at a rate exceeding their share of hashrate.

The discovery was significant because it challenged a core assumption about Bitcoin security. Before this research, the consensus was that the protocol remained secure as long as more than 50% of mining power was honest. Selfish mining demonstrated that a miner controlling as little as 25% to 33% of hashrate could gain an unfair advantage, depending on their network connectivity. This shifted the discussion around double-spend thresholds and the economics of mining incentives.

How It Works

Selfish mining operates as a state machine based on the attacker's "private lead": the number of secret blocks ahead of the publicly known chain. The attacker adjusts their behavior depending on this lead.

The Attack Step by Step

1. The selfish miner finds a block but does not broadcast it. Instead, they begin mining the next block on top of their secret one. Their private lead is now 1.
2. If the selfish miner finds another block before the honest network, the lead grows to 2. They continue withholding.
3. If the honest network finds a block while the lead is 1, a race begins: the selfish miner immediately publishes their withheld block, creating a fork. Some fraction of the network will mine on the selfish miner's block, while the rest mine on the honest one. Whichever fork extends first wins.
4. When the private lead reaches 2 or more and the honest network closes the gap to within 1 block, the selfish miner publishes their entire private chain. Because it is longer, all honest miners must adopt it per the longest-chain rule, orphaning every honest block mined during the withholding period.
5. The cycle resets. The selfish miner has earned block rewards for all their published blocks, while honest miners received nothing for their orphaned work.

A Simplified Example

Consider a selfish miner controlling 35% of the network hashrate. The honest network (65%) finds block 100 and everyone begins mining block 101:

Public chain:   ... -> Block 100

Selfish miner finds Block 101a (keeps it secret)
Private chain:  ... -> Block 100 -> Block 101a

Selfish miner finds Block 102a (still secret, lead = 2)
Private chain:  ... -> Block 100 -> Block 101a -> Block 102a

Honest network finds Block 101b (published)
Public chain:   ... -> Block 100 -> Block 101b

Selfish miner publishes their longer chain:
Published:      ... -> Block 100 -> Block 101a -> Block 102a
Result: Block 101b is orphaned. Honest miner gets nothing.

The honest miner spent energy finding Block 101b, but it was discarded because the selfish miner's chain was longer. Over time, this pattern means the selfish miner earns more than their 35% fair share of rewards.

The Gamma Parameter

A critical variable in selfish mining analysis is gamma (γ): the fraction of honest miners that mine on the selfish miner's block during a fork race (when both chains are the same length). This parameter captures the attacker's network connectivity advantage.

• γ = 0: the selfish miner's block never reaches honest miners first during a race. This is the worst case for the attacker.
• γ = 0.5: honest miners randomly choose between competing blocks with equal probability.
• γ = 1: the selfish miner's block always reaches all honest miners first. Best case for the attacker, achievable with superior network connectivity.

A well-connected miner with many peer connections can achieve a higher γ value by ensuring their blocks propagate faster than competitors' blocks. This is why improvements to Bitcoin's block relay infrastructure directly reduce selfish mining viability.

The Profitability Threshold

The hashrate fraction (α) required for selfish mining to become profitable depends on γ. The formula from Eyal and Sirer's paper:

Selfish mining is profitable when:

  α > (1 - γ) / (3 - 2γ)

γ = 0   →  α > 1/3  (33.3% of hashrate)
γ = 0.5 →  α > 1/4  (25.0% of hashrate)
γ = 1   →  α > 0    (any hashrate, theoretical)

The commonly cited ~33% threshold represents the worst-case scenario for the attacker (γ = 0). With any network propagation advantage, the threshold drops. Follow-up research by Sapirshtein, Sompolinsky, and Zohar (2016) found optimal selfish mining strategies that lower the threshold further, to roughly 23.2% with poor connectivity.

This stands in contrast to the double-spend attack, which typically requires a full 51% of hashrate. Selfish mining does not allow the attacker to reverse confirmed transactions: it only lets them earn a disproportionate share of new block rewards by wasting honest miners' work.

The Centralization Spiral

If selfish mining is known to be profitable for a given pool, rational miners face an incentive to join that pool rather than mine honestly at reduced effective returns. As the pool grows, its strategy becomes even more profitable, attracting more miners. This feedback loop could theoretically push a single pool toward majority control, undermining the decentralization that secures Bitcoin. This concern motivates ongoing research into protocol changes that raise the selfish mining threshold.

Why It Matters

Selfish mining is relevant to anyone evaluating the security assumptions of proof-of-work blockchains. The attack demonstrates that incentive compatibility (whether following the protocol rules is the most profitable strategy) cannot be taken for granted, even in mature systems like Bitcoin.

For miners and mining pool operators, understanding selfish mining informs decisions about pool size limits, relay network participation, and block propagation infrastructure. For protocol developers, it motivates research into difficulty adjustment and fork-choice rule improvements.

Layer 2 solutions like the Lightning Network and Spark inherit their security from the base layer. If selfish mining were to compromise Bitcoin's block production integrity, it could affect the reliability of on-chain settlement that these protocols depend on. This makes base-layer mining incentive alignment a concern for the entire Bitcoin ecosystem.

Relationship to Block Withholding Attacks

Selfish mining is sometimes confused with block withholding attacks, but they operate at different levels:

Block withholding is an internal sabotage attack: the attacker infiltrates a pool and reduces its output. Selfish mining is an external strategy: the attacker (often a pool itself) competes against all other miners by timing block releases. Researchers have described combined strategies (sometimes called "Selfholding") that merge both approaches, where an attacker simultaneously sabotages a rival pool while selfish mining against the broader network.

A related concern is the eclipse attack, where an attacker isolates a node from the rest of the network. An eclipse attack can increase the attacker's effective γ value by ensuring targeted nodes only see the attacker's blocks, amplifying selfish mining's effectiveness.

Mitigations and Detection

Uniform Tie-Breaking

Eyal and Sirer proposed that when miners encounter two competing blocks of equal height, they should choose randomly rather than defaulting to the first one received. This sets γ = 0.5, raising the minimum profitable hashrate to 25%. While not a complete solution, it reduces the attacker's ability to exploit network positioning.

Freshness Preferred

Proposed by Ethan Heilman in 2014, this approach embeds unforgeable timestamps in blocks. During fork resolution, miners prefer the "fresher" block (the one mined more recently). Because withheld blocks carry older timestamps, this penalizes the selfish mining strategy. The approach raises the profitability threshold to roughly 32% regardless of network advantage.

Improved Block Propagation

Practical mitigations deployed on Bitcoin's network include the Compact Blocks protocol (BIP 152) and relay networks like FIBRE (Fast Internet Bitcoin Relay Engine). By reducing block propagation latency across the network, these technologies minimize the γ advantage any single miner can achieve. When all miners receive new blocks almost simultaneously, the propagation advantage that selfish mining exploits shrinks substantially.

Statistical Detection

Researchers have developed methods to detect selfish mining by analyzing orphan block rates, consecutive block patterns, and block timing anomalies. A 2024 study by Li, Campajola, and Tessone analyzed five proof-of-work blockchains and found minimal evidence of selfish mining in Bitcoin, while identifying significant anomalies in smaller networks like Monacoin.

However, a 2024 paper by Bahrani and Weinberg demonstrated a selfish mining variant that is statistically indistinguishable from honest mining with higher network delay. This "undetectable" variant requires roughly 38.2% hashrate: higher than standard selfish mining but concerning because it undermines detection-based defenses.

Real-World Evidence

In August 2025, the Qubic mining pool conducted a documented selfish mining campaign against Monero, controlling roughly 22% to 34% of the network hashrate at various points. The campaign caused a 6-block chain reorganization but was ultimately unprofitable: analysis estimated 9% to 36% revenue loss compared to honest mining. The case confirmed the theoretical difficulty of executing selfish mining profitably at hashrate levels below the threshold.

No confirmed selfish mining attack has been documented on Bitcoin itself. The combination of Bitcoin's large and distributed hashrate, fast block relay infrastructure, and the reputational and economic risks facing any pool that attempts it has kept the attack theoretical for Bitcoin's network.

Risks and Considerations

• Selfish mining lowers Bitcoin's effective security threshold from 50% to as low as 25% to 33%, depending on network conditions. This means fewer miners need to collude to distort block production incentives.
• Post-halving economics (after Bitcoin's April 2024 halving) tighten mining margins, which could increase incentives for large pools to explore strategies beyond honest mining.
• Research on multi-attacker scenarios shows that when multiple independent miners selfish mine simultaneously, the individual hashrate threshold drops significantly: to roughly 21% each for two attackers and below 15% for five attackers.
• The Sybil resistance provided by proof-of-work assumes honest incentives. Selfish mining demonstrates that rational (but not honest) behavior can still undermine the protocol, even without a majority.
• Layer 2 protocols that settle on-chain depend on Bitcoin's block production integrity. Persistent selfish mining could delay confirmations and increase the fee sniping risk for time-sensitive transactions.

This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.