The pressure testing of Monero coin and PoW security risks

Author: Tanay Ved Source: Coin Metrics Translation: Shan Ouba, Jinse Finance

Key Points:

• Qubic briefly claimed to control more than half of the Monero network's hash power, resulting in a minor reorganization of the blockchain ledger with 6 blocks.
• Monero adopts the RandomX algorithm, lowering the barriers to CPU mining participation, but the overall hash rate is relatively low, making it more susceptible to the threat of hash rate centralization. Qubic has leveraged this by acquiring disproportionate influence through incentive mechanisms.
• The event shows that small PoW networks are more susceptible to consensus disturbances when security budgets are limited and hash power concentration is high.

Introduction

Earlier this month, Monero experienced a significant cybersecurity incident. A layer one blockchain named Qubic claimed to have control of over half of Monero's hash power, allowing it to briefly rewrite part of the transaction history. This incident highlights the issue of consensus stability being more fragile in small proof-of-work (PoW) blockchains, raising concerns about hash power centralization and long-term security. Although the event was characterized as a "stress test" rather than a true "double-spend attack," it underscores the importance of distributed hash power and sustainable miner incentives for the security of PoW networks.

This article will use the Monero event as a case study to explore the risks related to PoW security. We will explain what a 51% attack and chain reorganization are, review past cases from networks like Ethereum Classic, and consider what this means for the potential vulnerabilities of small PoW networks.

The Entry of Qubic and the Stress Test of Monero

On August 12, Qubic claimed that it briefly gained control of the majority of Monero's hash power. In a PoW network, such a situation is typically referred to as a "51% attack", where a single actor or colluding group controls more than half (>50%) of the network's mining capacity. This majority control can manipulate network consensus, leading to block reorganization ("reorg"), transaction censorship, and even attempts at double spending attacks, severely undermining network trust.

Like Bitcoin, Monero relies on miners to secure the network through PoW consensus, requiring miners to expend computational power to propose and validate new blocks. However, unlike Bitcoin, which uses dedicated ASIC hardware (designed for the SHA-256 algorithm), Monero employs the RandomX algorithm, aiming to enable mining with general-purpose CPUs. While this lowers the barrier to entry for mining, it also results in Monero's overall hash rate being significantly lower than Bitcoin's (5.5 GH/s compared to 930 EH/s), making the network more susceptible to the threat of hash rate centralization.

Since May, Qubic's influence on Monero has significantly increased. Through its "Useful Proof of Work" (UPoW) model, Qubic attracts miners to use CPU resources for Monero mining. Instead of rewarding miners directly with Monero's native token XMR, Qubic sells the mined tokens on the market and uses the proceeds to buy back and destroy its own tokens. These higher rewards have attracted a large amount of hash power to Qubic, enhancing its mining profitability, while also intensifying concerns about network centralization.

This ultimately led to a slight reorganization of 6 blocks on the Monero ledger, with Qubic's block production speed temporarily exceeding that of the rest of the network. Although a small portion of history was briefly rewritten, researchers found that there were no real signs of a 51% attack after analyzing the event, but rather a demonstration of how incentive centralization can skew mining rewards in the short term.

Ethereum Classic Reorganization Event (2020)

This event is not unique to Monero; similar situations have also occurred on other networks, such as Bitcoin Gold (2019), Ethereum Classic (2019, 2020), and Bitcoin SV (2021). One of the more serious incidents occurred in August 2020, when Ethereum Classic experienced a deep chain reorganization after going offline in a large mining pool. The attacker privately mined a longer chain and broadcast it to the network, replacing over 4,000 blocks and reorganizing thousands of historical transactions.

This situation can be clearly seen in the block data of Ethereum Classic, with a range approximately between block 10904147 and 10907761. The above chart shows the consensus size (measured in bytes) and the number of transactions for each block. During the attack, long periods of red dotted segments can be observed, where the consensus size drops to zero, indicating that these blocks were isolated while competing for links. The blue dots mark the main chain that ultimately remained, while the attacker's chain reorganized thousands of previous blocks.

Hash Rate Distribution and Miner Economics

These cases indicate that the security of PoW networks depends on hash rate distribution and the sustainability of miner incentives. Medium and small PoW networks like Monero, which have a hash rate significantly lower than Bitcoin, reflect the differences in mining hardware and overall scale. Due to the limited total hash rate protecting the chain, the resource threshold required for a single mining pool or collaborative actors is lower, making it easier to achieve majority control, thus exposing these networks to a greater threat of consensus disruption.

As demonstrated by the Qubic event, computing power tends to concentrate due to stronger incentives. Miners must receive sustainable compensation to continuously secure the network. Monero's block reward has been steadily decreasing under its deflationary issuance mechanism, currently issuing about 430 XMR (approximately $120,000) per day. Transaction fees are limited, amounting to only about 9–10 XMR daily. Under these conditions, alternative incentive mechanisms such as Qubic's uPoW model could attract sufficient computing power, potentially disrupting the network balance in the short term.

The following image presents this dynamic from a broader perspective: it compares the hash price of major PoW networks (i.e., the income per unit of computing power per day) with the average daily income of miners. Bitcoin stands alone in one category, while mid-sized chains like Monero, Litecoin, and ZCash cluster in the range of weaker security budgets.

In contrast, Bitcoin's massive revenue base helps to maintain the distribution of ASIC hardware and the diversity of mining pools. Although there are still questions surrounding transaction fee dynamics and mining pool concentration, Bitcoin's hash power scale and capital threshold make the cost of coordinated attacks extremely high.

This point is also supported by research; for example, "Breaking BFT" points out that considering the capital investment scale of ASIC hardware and the electricity costs required to sustain an attack, launching a 51% attack on Bitcoin is almost economically unfeasible.

Conclusion

The events between Monero and Qubic do not constitute a complete 51% attack, but they serve as a stress test on PoW security. It reveals that when miner incentives and computing power are concentrated, small PoW blockchains may be exposed to the risk of consensus disruption, ultimately undermining network trust. Past cases from networks like Ethereum Classic also indicate that these risks are not hypothetical, but recurring challenges.

The scale effect of Bitcoin remains a key differentiating factor, with its attack threshold far higher than that of smaller networks. However, its long-term security model still raises questions, especially in the context of continuously decreasing block rewards and transaction fees gradually becoming the core of the security budget. Ultimately, the Qubic incident once again emphasizes that PoW security relies on sustainable incentive mechanisms and widely distributed computing power, and similar incidents may serve as catalysts for the network to strengthen its resilience.