CImages1bbd54d4-4b76-4dee-a5d4-ce0d3071ae5f

Research Report: Analysis of the Monero Network 51% Attack by Qubic Mining Pool in August 2025

Many thanks to our sponsor Panxora who helped us prepare this research report.

Abstract

In August 2025, the Monero network, a prominent privacy-focused cryptocurrency, experienced a significant security event when the Qubic mining pool claimed to have achieved over 51% control of the network’s hashrate. This incident, widely characterized as a ‘51% attack’ or a demonstration thereof, precipitated profound concerns regarding the network’s security posture and illuminated broader implications for Proof-of-Work (PoW) consensus mechanisms across the cryptocurrency landscape. This comprehensive research report delves into the intricate mechanics underpinning a 51% attack, meticulously dissecting potential attack vectors such as double-spending, transaction censorship, and blockchain reorganization. It critically examines the specific circumstances of the Qubic incident, including the reported six-block chain reorganization, and differentiates between a malicious attack and a proof-of-concept demonstration. Furthermore, the report provides an exhaustive review of historical precedents, analyzing similar attacks on other PoW blockchains to contextualize Monero’s experience within the broader history of cryptocurrency security incidents. Crucially, the research details the robust and multi-faceted responses from the Monero community and its core developers, evaluating the efficacy of these measures in bolstering network resilience. Finally, it offers profound insights into the inherent vulnerabilities and strengths of decentralized networks, contributing to a more nuanced understanding of the ongoing challenges in maintaining network integrity and decentralization in the face of evolving threats.

Many thanks to our sponsor Panxora who helped us prepare this research report.

1. Introduction

The Monero network, launched in April 2014, has consistently distinguished itself within the burgeoning cryptocurrency ecosystem through its unwavering commitment to privacy, fungibility, and decentralization. Unlike many other digital assets, Monero (XMR) was engineered from its inception to offer unparalleled transaction privacy by default, employing sophisticated cryptographic techniques such as ring signatures, stealth addresses, and confidential transactions (RingCT). This design philosophy aims to ensure that all transactions on the Monero blockchain are unlinkable and untraceable, thereby enhancing fungibility – the property where every unit of a currency is interchangeable with any other unit, regardless of its history.

At the heart of Monero’s security and consensus mechanism lies its reliance on a Proof-of-Work (PoW) system, a fundamental component of many leading cryptocurrencies, including Bitcoin. PoW serves as a distributed mechanism to validate transactions, create new blocks, and secure the network against various forms of attack, including Sybil attacks. The specific PoW algorithm employed by Monero, RandomX, was carefully selected and iteratively refined to be highly resistant to specialized mining hardware known as Application-Specific Integrated Circuits (ASICs). The intent behind RandomX is to level the playing field for miners, allowing for efficient mining using general-purpose Central Processing Units (CPUs), thus promoting a more decentralized distribution of hashing power among individual participants rather than concentrating it within large, industrial-scale mining farms that dominate ASIC-friendly networks. This ASIC-resistance is a cornerstone of Monero’s decentralization strategy, aiming to prevent the centralization of mining power that could lead to security vulnerabilities.

Despite these foundational strengths and design choices, any PoW-based blockchain inherently faces certain vulnerabilities, most notably the risk of a ‘51% attack.’ This theoretical, yet demonstrably real, threat arises when a single entity or a coordinated group of entities gains control of a majority – i.e., more than 50% – of the network’s total hashing power. Such dominance grants the attacker significant control over the block production process, enabling them to manipulate transaction history and disrupt network operations. The Monero network, despite its robust design, was thrust into the global spotlight in August 2025 when the Qubic mining pool, spearheaded by Sergey Ivancheglo, a co-founder of the IOTA project, publicly asserted that it had successfully amassed over 51% of Monero’s global hashrate. This unprecedented claim ignited a fervent debate and widespread concern across the cryptocurrency community, prompting a critical re-evaluation of Monero’s security model and the broader implications for decentralized PoW systems. This report aims to meticulously detail the mechanics of this pivotal event, analyze its implications, and assess the collective response.

Many thanks to our sponsor Panxora who helped us prepare this research report.

2. Understanding Proof-of-Work Consensus and Network Security

To fully appreciate the gravity of a 51% attack, it is essential to first understand the fundamental principles governing Proof-of-Work consensus and its role in securing decentralized networks. PoW is a mechanism that requires participants (miners) to expend computational effort to solve a complex mathematical puzzle to propose and validate new blocks of transactions. This process is computationally intensive but easy to verify.

2.1 PoW Mechanics and Security Assumptions

In a PoW system, miners compete to find a nonce (a arbitrary number used only once) that, when combined with the block’s data and hashed, produces an output hash that meets a specific target difficulty. The first miner to find such a nonce broadcasts their valid block to the network. Other nodes verify the block’s validity (including the PoW solution and all transactions within it) and, if valid, add it to their local copy of the blockchain and begin mining the next block on top of it.

Key components of PoW include:

Hash Functions: Cryptographic hash functions (e.g., SHA-256 for Bitcoin, RandomX for Monero) are central. They are deterministic, one-way functions that produce a fixed-size output (hash) for any input data. A small change in the input data results in a completely different hash, making them suitable for PoW puzzles.
Difficulty Adjustment: To maintain a consistent block production rate (e.g., approximately one block every 2 minutes for Monero), the network automatically adjusts the difficulty of the PoW puzzle. If more hashrate joins the network, the difficulty increases, requiring more computational effort to find a valid block. Conversely, if hashrate leaves, the difficulty decreases.
Longest Chain Rule: The core security principle in PoW is that the longest valid chain of blocks, representing the most cumulative computational work, is considered the authoritative chain. Honest miners always build on the tip of the longest chain they are aware of.

The security of a PoW network hinges on the assumption that the majority of the network’s hashing power is controlled by honest participants who act in the best interest of the network. As long as this ‘majority honesty’ holds, an attacker would need to expend an economically prohibitive amount of resources to outcompete the honest majority and rewrite the blockchain. This concept is often referred to as ‘sybil resistance,’ as it prevents an attacker from creating a multitude of identities to gain disproportionate influence.

2.2 The 51% Attack Defined

A ‘51% attack’ (also known as a majority attack) occurs when a single entity or a colluding group of entities gains control over more than 50% of a blockchain network’s total computational power, or ‘hashrate.’ With this majority, the attacker gains the ability to consistently find valid blocks faster than the rest of the honest network combined. This superior block production rate allows the attacker to manipulate the blockchain in several critical ways:

Blockchain Reorganization: The attacker can mine a private chain of blocks that remains hidden from the rest of the network. Because they control the majority hashrate, their private chain will eventually become longer than the public chain mined by honest participants. Once their private chain is sufficiently longer, they can release it, causing the honest network to switch to the attacker’s chain due to the ‘longest chain rule.’ This process ‘orphans’ (invalidates) all blocks mined by the honest minority on their previous chain, effectively rewriting a portion of the network’s history.
Double-Spending: This is arguably the most economically damaging consequence. An attacker can execute a transaction on the public chain (e.g., sending funds to an exchange) and receive goods or services. Simultaneously, they can mine an alternative private chain where this initial transaction is omitted or reversed. Once the attacker’s private chain surpasses the public chain in length, they publish it. The network then reorganizes to the attacker’s chain, effectively reversing the original transaction on the public chain, allowing the attacker to spend the same funds again on their newly accepted chain. This undermines the finality of transactions and can lead to significant financial losses for exchanges and merchants.
Transaction Censorship: With majority control, the attacker can choose which transactions to include or exclude from the blocks they mine. This means they could prevent specific transactions (e.g., those from a particular address or involving certain parties) from ever being confirmed on the network, effectively censoring economic activity or disrupting vital network functions. They could also refuse to include transactions that originate from their competitors, impacting their profitability.

Crucially, a 51% attack does not allow the attacker to create new coins out of thin air, nor can they reverse transactions that have been deeply buried under many subsequent blocks on an irreversible chain. However, their ability to rewrite recent history and selectively process transactions represents a profound threat to the integrity and utility of any PoW blockchain.

Many thanks to our sponsor Panxora who helped us prepare this research report.

3. The Monero Network: Architecture and Design Philosophy

Monero’s architectural design is a deliberate embodiment of its privacy-centric philosophy. Understanding these features is critical to appreciating the context of the Qubic attack.

3.1 Core Privacy Features

Monero distinguishes itself by making privacy mandatory and automatic for all transactions, ensuring that transaction details, recipient addresses, and transaction amounts are obscured by default. This stands in stark contrast to many other cryptocurrencies, where transactions are transparent or privacy is an optional add-on.

Ring Signatures: These cryptographic constructs enable a sender to sign a transaction on behalf of a group (a ‘ring’) of potential signers, including their actual spending key and several ‘decoys’ pulled from the blockchain’s past outputs. An observer can verify that a valid signature exists within the group but cannot determine which specific member of the ring actually authorized the transaction. This obscures the sender’s identity and prevents linkage of transactions to specific users. The ring size can vary, with larger rings offering greater plausible deniability.
Stealth Addresses: For every transaction, Monero generates a unique, one-time destination address. This means that a recipient’s public address is never directly visible on the blockchain. Instead, the sender creates a unique stealth address for each payment, derived from the recipient’s public address and a random ephemeral key. Only the recipient, using their private view key, can scan the blockchain and identify the funds sent to them. This prevents third parties from linking payments to a specific recipient’s public address, thereby protecting the recipient’s identity and financial activity.
Confidential Transactions (RingCT): Introduced in January 2017, RingCT conceals the amount of a transaction. While ring signatures hide the sender and stealth addresses hide the recipient, RingCT ensures that the actual value being transferred is encrypted. The protocol still allows network participants to verify that the transaction inputs equal the outputs (preventing inflation) without revealing the specific amounts. This combination of techniques provides a comprehensive privacy shield, making it extremely difficult for external observers to analyze Monero’s transaction graph.

3.2 Fungibility by Design

The amalgamation of ring signatures, stealth addresses, and RingCT inherently fosters fungibility. Because all transactions are obscured, there is no way to discern the history or ‘taint’ of any particular Monero unit (XMR). This means that every unit of XMR is equally valuable and interchangeable, without the risk of certain coins being ‘blacklisted’ due to their association with previous, potentially illicit, activities. This attribute is crucial for a sound currency, as it ensures uniform acceptance and value for all units.

3.3 Decentralization Principles and RandomX

Monero’s commitment to decentralization extends beyond its privacy features to its very consensus mechanism. The project’s developers and community have historically prioritized ASIC-resistance as a means to prevent mining centralization. ASICs, due to their specialized nature, are expensive to develop and produce, leading to economies of scale that often concentrate mining power into the hands of a few large, well-capitalized entities. This centralization makes the network more susceptible to collusion or regulatory pressure, potentially compromising its security and censorship resistance.

Recognizing this threat, Monero periodically hard forks to update its PoW algorithm, rendering existing ASICs obsolete. The adoption of RandomX in November 2019 was a significant milestone in this ongoing effort. RandomX is a CPU-heavy PoW algorithm designed to be highly resistant to specialized hardware, aiming to ensure that general-purpose CPUs can mine efficiently. It achieves this by utilizing random code execution, memory-hard techniques, and integer and floating-point math operations, making it extremely difficult and inefficient to design ASICs that offer a significant advantage over consumer-grade CPUs. The goal is to keep mining accessible to a broader base of individual participants, thereby promoting a more distributed and decentralized network of miners.

This continuous effort to maintain ASIC-resistance directly supports Monero’s decentralization principles, which, in theory, should make a 51% attack more challenging to execute due to the dispersed nature of the mining ecosystem. However, the August 2025 Qubic incident challenged the effectiveness of this defense against the aggregation of CPU mining power.

Many thanks to our sponsor Panxora who helped us prepare this research report.

4. The August 2025 Qubic Mining Pool Incident: A Detailed Chronology

The Qubic mining pool incident in August 2025 represents a critical juncture in Monero’s security history, serving as a real-world stress test for its decentralized PoW model. The events unfolded rapidly, sparking intense debate and immediate community reaction.

4.1 Precursors and Qubic’s Emergence

Prior to August 2025, the Monero network had generally maintained a relatively decentralized mining distribution, especially following the successful deployment of RandomX. While larger pools naturally garnered significant hashrate, none had openly asserted or visibly demonstrated persistent control over a majority share. However, discussions within the Monero community forums and among developers often touched upon the theoretical possibility of hashrate consolidation, particularly given the growing computational power available through cloud services and potentially aggregated botnets.

Qubic, a project associated with IOTA co-founder Sergey Ivancheglo, emerged onto the Monero mining scene with an aggressive strategy. Qubic itself is a smart contract platform that utilizes a novel ‘qubic’ concept, where IOTA is used for computational orchestration. While Qubic’s direct link to the IOTA Tangle is distinct from Monero’s blockchain, Ivancheglo’s involvement brought significant attention. Qubic began incentivizing CPU miners, who traditionally gravitate towards Monero due to RandomX, to direct their hashing power towards the Qubic pool. The exact nature of these incentives (e.g., higher payouts, unique rewards) was not fully disclosed but was effective enough to rapidly attract a substantial portion of Monero’s CPU-based mining power. This strategy included attracting miners who might typically mine other CPU-friendly coins or even those who were previously mining Monero through other established pools.

4.2 The Claim of 51% Control

On or around August 12, 2025, the Qubic mining pool publicly announced its claim of having achieved over 51% of the Monero network’s total hashrate. This claim was initially met with skepticism by some and alarm by others within the Monero community. While it is challenging for external observers to definitively verify a pool’s exact hashrate at any given moment, particularly when some portion might be privately held or ‘rented,’ the observable network behavior provided corroborating evidence.

Publicly available mining pool statistics aggregators and network explorers began to show Qubic’s reported hashrate surpassing the critical 50% threshold. While the precise methodology Qubic employed to amass this power – whether through direct recruitment, offering superior incentives, or potentially utilizing rented hashing power from services like NiceHash (though less effective for RandomX due to its CPU focus, not impossible) or even botnets – remained a subject of speculation, the numerical dominance became apparent.

4.3 Observable Network Effects: The Six-Block Reorganization

The most tangible evidence of Qubic’s claimed majority control was the subsequent observation of a six-block chain reorganization on the Monero blockchain. A chain reorganization (or ‘reorg’) occurs when a previously accepted chain of blocks is replaced by an alternative, longer chain. In this specific incident:

Honest miners continued to build on what they believed was the longest chain.
Qubic, presumably utilizing its majority hashrate, was able to mine a private chain of blocks faster than the honest minority. This private chain was not immediately broadcast to the network.
At a certain point, Qubic released its longer, privately mined chain. When broadcast, the rest of the network, following the ‘longest chain rule,’ switched to Qubic’s chain, causing the last six blocks mined by the honest minority to become ‘orphaned.’ These orphaned blocks were essentially invalidated, and any transactions within them were returned to the mempool to be re-confirmed in subsequent blocks on the new, longer chain.

This six-block reorg, while relatively small in scale compared to some historical attacks on other chains, served as a stark, undeniable demonstration of Qubic’s capability to manipulate the blockchain’s history. It confirmed that Qubic indeed possessed sufficient hashrate to outpace the honest network and successfully execute a chain rewrite. Importantly, while this reorg demonstrated the potential for such attacks, there were no widespread reports or confirmed instances of double-spending or specific transaction censorship resulting from the incident. This suggested that the primary motivation behind Qubic’s actions might have been a ‘proof-of-concept’ or a strategic marketing maneuver, rather than a malicious attempt to defraud users or exchanges. (cointelegraph.com) The absence of direct financial exploitation, despite the proven capability, tempered the immediate panic but highlighted the underlying vulnerability.

4.4 Motivation Analysis: Proof-of-Concept or Malicious Intent?

The prevailing consensus within the Monero community and among blockchain security analysts leaned towards the Qubic incident being a ‘proof-of-concept’ or a ‘selfish mining’ demonstration rather than an economically motivated, malicious attack designed for profit through double-spending. Several factors supported this interpretation:

Lack of Double-Spending: The most financially damaging outcome of a 51% attack, double-spending, was not observed. If Qubic’s primary goal was financial gain, executing double-spends against exchanges or merchants would have been the logical next step after demonstrating control.
Publicity and PR: Sergey Ivancheglo and the Qubic project gained significant media attention from the event. This exposure, even if controversial, could be viewed as a form of marketing or a demonstration of Qubic’s technical capabilities, particularly its ability to aggregate significant computational power.
Economic Cost: Sustaining a 51% attack for a prolonged period, especially on a network the size of Monero, incurs substantial operational costs (electricity, hardware maintenance, incentives for miners). Estimates suggested a daily cost potentially exceeding $75 million to sustain such an attack on Monero at the time (cryptoslate.com). Without a clear, large-scale financial return from double-spending, a sustained malicious attack would be economically irrational.
Open Claim: A truly malicious attacker would typically operate covertly to maximize their impact and avoid pre-emptive defensive measures. Qubic’s public declaration of control suggested a different agenda, possibly to provoke a reaction or demonstrate a perceived vulnerability.

Nonetheless, the incident served as a potent reminder that the capability for a devastating attack existed, even if the intent was not malicious. It underscored that even a network designed for ASIC-resistance and decentralization could fall prey to the aggregation of generalized computing power.

Many thanks to our sponsor Panxora who helped us prepare this research report.

5. Mechanics and Potential Consequences of a 51% Attack on Monero

While the Qubic incident was primarily a demonstration, a full-scale 51% attack carries severe implications for any PoW blockchain. Understanding the theoretical capabilities and their practical consequences is vital.

5.1 Double-Spending

Double-spending is the most direct and financially damaging outcome of a successful 51% attack. It fundamentally undermines the integrity of a cryptocurrency by allowing the same funds to be spent multiple times.

Mechanism:
1. Initial Transaction: The attacker first sends funds (e.g., XMR) from their wallet to a recipient (e.g., a cryptocurrency exchange, a merchant accepting XMR) on the public, honest chain. They might wait for a few confirmations to ensure the transaction is accepted by the recipient, who then releases goods, services, or trades other cryptocurrencies for the XMR.
2. Private Chain Mining: Simultaneously, or immediately after, the attacker uses their majority hashing power to mine a private version of the blockchain. On this private chain, the initial transaction is not included, or it is specifically reversed (e.g., the funds are sent back to the attacker’s own wallet).
3. Race to Longer Chain: The attacker continues mining their private chain, building it faster than the honest minority can build on the public chain. Due to their hash power advantage, their private chain will eventually become longer than the public chain.
4. Chain Reorganization and Reversal: Once the attacker’s private chain is sufficiently long (e.g., significantly longer than the number of confirmations the recipient waited for), they broadcast it to the network. All honest nodes, following the ‘longest chain rule,’ abandon the shorter public chain and switch to the attacker’s longer chain. This ‘orphans’ the blocks on the public chain that contained the initial transaction, effectively erasing that transaction from the network’s accepted history. The funds originally spent are now available again on the attacker’s chain, which is the new canonical chain.

Impact:

Financial Losses for Exchanges and Merchants: Exchanges that credited user accounts or merchants that released goods/services based on the initial confirmed transaction would incur direct losses. They would have given away value (e.g., BTC, fiat, products) but received nothing in return on the ultimately accepted chain. This can lead to substantial financial damage, especially for large transactions.
Erosion of Trust: Repeated double-spending incidents severely erode user trust in the network’s security and the finality of its transactions. This can lead to a significant drop in the cryptocurrency’s price, reduced adoption, and a general exodus of users and businesses.
Exchange Delistings: Exchanges, facing continuous financial risk, may delist the affected cryptocurrency, further reducing its liquidity and utility.

5.2 Transaction Censorship

Beyond double-spending, a 51% attacker can exert control over which transactions are processed and confirmed by the network.

Mechanism:

With over 50% of the network’s hashing power, the attacker effectively controls the majority of block production. They can choose to:

Exclude Specific Transactions: The attacker can simply refuse to include certain transactions in the blocks they mine. For instance, they could filter transactions originating from specific addresses (e.g., a competitor’s wallet, a blacklisted entity) or those above a certain amount. If the attacker maintains their dominance, these excluded transactions would never be confirmed and would eventually expire from the mempool.
Prioritize Their Own Transactions: Conversely, the attacker could prioritize their own transactions or those of their affiliates, ensuring they are confirmed quickly, even if other transactions are delayed or ignored.

Impact:

Disruption of Network Utility: The inability to reliably send or receive funds undermines the fundamental utility of the cryptocurrency. Businesses relying on the network for payments would be severely impacted.
Centralization of Control: Transaction censorship represents a significant shift from a decentralized, permissionless system to one under the control of a single entity, negating the core principles of blockchain technology.
Economic Stagnation: If users cannot trust that their transactions will be processed, economic activity on the network would grind to a halt. This could lead to a collapse in demand for the cryptocurrency.
Regulatory Concerns: Persistent censorship could attract negative regulatory attention, especially if it impedes legitimate economic activity or is perceived as a tool for illicit control.

5.3 Blockchain Reorganization (Block Withholding / Selfish Mining)

The six-block reorg observed during the Qubic incident is a classic demonstration of the capability for blockchain reorganization, often employed in ‘selfish mining’ attacks.

Mechanism:

Private Mining: The attacker mines blocks in secret, not immediately broadcasting them to the network. When they find a block, they keep it private and continue mining on top of it. Meanwhile, honest miners continue to mine on the public chain.
Strategic Release: If an honest miner finds a block and broadcasts it, the attacker has a choice: either reveal their private chain if it’s longer (or equal in length, potentially with a slight delay advantage), or continue mining privately. The goal is to consistently maintain a longer chain in secret. When the attacker’s private chain exceeds the length of the public chain by a significant margin (or just one block advantage, depending on the specific selfish mining strategy), they release their entire private chain.
Orphaning Blocks: Upon the release of the longer private chain, all blocks mined by honest miners on the public chain that are not part of the attacker’s new, longer chain become orphaned. Their work is wasted, and any transactions they included are unconfirmed.

Impact:

Reduced Network Throughput: Orphaning blocks means wasted computational effort and reduced effective block production. This can lead to transaction delays and a less efficient network.
Unfairness for Honest Miners: Honest miners expend resources (electricity, hardware) to find blocks, only to have their work invalidated. This can reduce their profitability and discourage participation, potentially leading to further centralization as smaller, less profitable miners abandon the network.
Transaction Finality Uncertainty: Users and applications would face increased uncertainty about transaction finality. A transaction that appears confirmed might later be reversed due to a reorg, requiring higher confirmation thresholds or more sophisticated risk management.
Security Degradation: A network frequently subjected to reorgs appears unstable and insecure, discouraging new users and investments. This can lead to a negative feedback loop where declining trust leads to declining hashrate, making future attacks easier.

While the Qubic incident did not exploit all potential attack vectors, the six-block reorg clearly demonstrated the foundational control necessary for all other attack types. It highlighted that Monero’s security, like any PoW network, ultimately relies on a sufficiently decentralized and honest majority of hashing power.

Many thanks to our sponsor Panxora who helped us prepare this research report.

6. Historical Precedents and Lessons from Other PoW Blockchains

The Monero incident, while significant, is not an isolated event. Numerous other Proof-of-Work blockchains have fallen victim to 51% attacks, providing a rich history of lessons and demonstrating the pervasive nature of this vulnerability, especially for networks with lower hashrates or those sharing mining algorithms with larger chains.

6.1 Ethereum Classic (ETC)

Ethereum Classic (ETC) has notably suffered multiple significant 51% attacks, serving as a cautionary tale for the cryptocurrency industry.

January 2019 Attack: ETC experienced its first major 51% attack. An attacker executed several double-spends against cryptocurrency exchanges, reportedly netting millions of dollars. Coinbase, a major exchange, halted ETC transactions for an extended period due to the reorgs and confirmed double-spends. The attack demonstrated the economic viability of such attacks against networks with sufficient liquidity on exchanges but relatively lower hashrate compared to the cost of renting mining power.
August 2020 Attacks: ETC was hit by two more substantial 51% attacks within a single month. The first, on August 1, 2020, involved a deep reorganization of over 3,693 blocks, with an estimated double-spend value of $5.6 million. Just days later, on August 6, 2020, another attack occurred, resulting in a 7,000-block reorg and approximately $1.6 million in double-spends. These successive attacks severely damaged ETC’s reputation, led to further exchange delistings, and raised serious questions about its long-term viability. (coindesk.com)

ETC’s Response: In response to these repeated attacks, the Ethereum Classic community debated various solutions, including changing its PoW algorithm, implementing checkpointing (where certain blocks are ‘finalized’ by trusted parties, reducing reorg depth), and adjusting exchange confirmation thresholds. Ultimately, ETC implemented a protocol called MESS (Modified Epoch Scheduling for Spurious mining), which aims to make 51% attacks economically unfeasible by penalizing selfish mining. They also continued to emphasize longer confirmation times for transactions.

6.2 Bitcoin Gold (BTG)

Bitcoin Gold (BTG), a fork of Bitcoin that aims to be minable with GPUs, has also been a frequent target of 51% attacks.

May 2018 Attack: BTG suffered its first major 51% attack, where an attacker reportedly double-spent over $18 million. The attacker leveraged rented hash power from services like NiceHash, proving how easily significant hash power could be acquired for smaller networks. Binance, a major exchange, temporarily delisted BTG after the incident due to the losses incurred.
January 2020 Attack: Another 51% attack on BTG led to a nearly 3,000-block reorganization and approximately $70,000 in double-spends. (coindesk.com)

BTG’s Response: Bitcoin Gold responded by increasing the number of confirmations required for transactions on exchanges and exploring a change in its PoW algorithm to one less susceptible to hash rental markets. They also implemented a ‘shield’ feature to prevent deep reorganizations, which uses a network of ‘watchtowers’ to detect and report suspicious activity.

6.3 Other Noteworthy Incidents

Several other smaller PoW chains have experienced similar attacks, including:

Vertcoin (VTC): Suffered multiple 51% attacks, notably in December 2018 and October 2019, due to its common Lyra2REv2 algorithm, making rented hash power accessible. The attacks resulted in significant reorgs and double-spends.
Feathercoin (FTC): Also fell victim to 51% attacks, demonstrating the vulnerability of chains with algorithms shared by more powerful networks or easily rentable hash power.

6.4 Key Takeaways from Historical Precedents

The recurring theme across these incidents highlights several critical vulnerabilities and lessons for PoW blockchains:

Low Hashrate Susceptibility: Blockchains with lower overall hashrates are significantly more vulnerable. The economic cost to acquire 51% of a small network’s hashrate is considerably less than for large networks like Bitcoin or Ethereum (pre-merge).
Hashrate Rental Markets: Services like NiceHash and MiningRigRentals make it relatively easy and inexpensive for malicious actors to rent large amounts of hashing power for short durations. This democratizes the ability to launch 51% attacks, lowering the barrier to entry significantly.
Algorithm Commonality: Networks that share their PoW algorithm with other, larger cryptocurrencies, or use a common, generic algorithm, are particularly exposed. Miners can easily switch their hardware from a larger, more profitable chain to a smaller, less secure one to execute an attack.
Economic Viability: While the cost of a sustained 51% attack on a large network like Bitcoin is prohibitive (estimated to be billions of dollars per day), the cost for smaller chains can be as low as a few thousand dollars per hour, making the potential profit from double-spending attractive.
The ‘Death Spiral’ Risk: Repeated attacks can lead to a vicious cycle: loss of trust leads to a price drop, which reduces mining profitability, causing miners to leave, further reducing hashrate, and making the network even easier to attack.

Monero’s Qubic incident, while not resulting in widespread double-spending, fits within this historical pattern as a demonstration of a majority hashrate acquisition. Its unique RandomX algorithm and ASIC-resistance were designed to mitigate some of these vulnerabilities, but the incident proved that even CPU-friendly algorithms are not immune to hashrate aggregation, especially if economic incentives are strong enough.

Many thanks to our sponsor Panxora who helped us prepare this research report.

7. Monero Community and Developer Response

The Monero community’s response to the Qubic incident was swift, coordinated, and largely focused on reinforcing the network’s decentralized nature. This reaction highlighted the resilience and proactive stance inherent in a truly community-driven project.

7.1 Immediate Actions and Monitoring

Upon Qubic’s claim and the observation of the six-block reorg, the Monero community, including core developers, prominent miners, and users, immediately mobilized. Key actions included:

Intense Monitoring: Hashrate distribution across mining pools was put under heightened scrutiny. Websites like xmr.no-pools.com and various mining pool statistics dashboards became central points for real-time monitoring of hashrate shares. This allowed the community to track Qubic’s dominance and observe its eventual decline as countermeasures took effect.
Public Announcements and Warnings: Developers and community leaders quickly disseminated information via official channels (Monero’s subreddit, IRC channels, official Twitter accounts, and developer mailing lists) to alert users, exchanges, and other stakeholders about the situation. Exchanges were advised to increase their required confirmation times for Monero deposits to mitigate the risk of double-spends, although no widespread double-spending was confirmed during this specific incident.
Transparency and Communication: The Monero project maintained a high degree of transparency throughout the event, providing regular updates on the network’s status and encouraging open discussion among community members. This fostered trust and collective action.

7.2 Community Mobilization and Education

Recognizing that a concentrated hashrate posed an existential threat, a significant community-wide effort was launched to encourage redistribution of mining power:

Call for Decentralization: A passionate plea was issued to all Monero miners, urging them to switch away from large pools, particularly Qubic, and to diversify their hashrate across smaller, independent pools or even to consider solo mining. Educational materials were circulated explaining the importance of decentralization and the dangers of concentrated mining power. (okx.com)
Guidance on Solo Mining: For those with sufficient CPU power, detailed guides on how to set up solo mining operations were promoted, as solo mining directly contributes to network decentralization by not relying on a pool operator.
Promoting Smaller Pools: Miners were actively encouraged to join smaller, less dominant pools to help balance the hashrate distribution. The argument was made that even if a smaller pool has slightly less consistent payouts, the long-term security benefits for the network outweigh the minor individual gain from joining a dominant pool.
Understanding the Threat: Educational campaigns explained the mechanics of a 51% attack, the specific risks of double-spending and censorship, and why every miner’s choice of pool contributed directly to the network’s overall security and resilience.

This collective action proved effective. Over the days and weeks following the incident, Qubic’s share of the Monero hashrate gradually decreased as miners heeded the call for decentralization. This demonstrated the power of a decentralized community to self-organize and respond to threats without requiring a central authority.

7.3 Protocol Considerations and Future Defenses

While the immediate response focused on hashrate redistribution, the incident also prompted deeper discussions among core developers about potential long-term protocol adjustments and enhancements to further harden the network against similar threats.

RandomX Enhancements and Iterations: Monero’s PoW algorithm, RandomX, is designed to be ASIC-resistant and CPU-friendly. Developers constantly review and refine the algorithm to ensure its effectiveness. The Qubic incident, while not directly exploiting a flaw in RandomX itself (rather, the aggregation of CPU power), reinforced the need for continuous vigilance. Discussions likely included exploring subtle tweaks or future iterations of RandomX that could make large-scale aggregation of CPU hash power more difficult or less efficient, without compromising the core principle of CPU fairness. However, fundamental changes to RandomX were not immediately proposed as a direct solution, as the algorithm was largely performing as intended in resisting specialized hardware.
Adaptive Consensus Mechanisms: Monero already incorporates dynamic block size and difficulty adjustments, which are crucial for network stability. While these do not directly prevent a 51% attack, they contribute to the network’s overall robustness. Discussions might have explored more advanced adaptive mechanisms, such as those that could dynamically penalize or disincentivize selfish mining behavior or excessively large reorgs, though implementing such mechanisms without introducing new centralization vectors is a complex challenge.
Research Initiatives: The Monero community has a history of funding research into cryptographic advancements and network security. The Qubic incident likely spurred renewed interest and potential funding for research into novel PoW algorithms, alternative consensus mechanisms (though a shift away from PoW is unlikely for Monero), or other security primitives that could offer additional layers of defense against hashrate concentration.
Soft Forks / Hard Forks: The possibility of a contentious hard fork to change the PoW algorithm (as has happened periodically to maintain ASIC-resistance) remains a last resort for Monero in the event of a sustained, malicious 51% attack that cannot be mitigated by community action. However, this was not deemed necessary for the Qubic incident, as the community’s decentralization efforts proved sufficient.

The swift decline in Qubic’s hashrate dominance demonstrated that community mobilization, rather than immediate protocol overhaul, was the most effective first line of defense. However, the event undeniably served as a stark reminder of the continuous need for vigilance and potential future-proofing of the network’s security architecture.

Many thanks to our sponsor Panxora who helped us prepare this research report.

8. Broader Implications for Proof-of-Work and Decentralized Networks

The Monero incident extends beyond the specifics of one cryptocurrency, offering profound insights and lessons for the entire Proof-of-Work (PoW) ecosystem and the broader philosophy of decentralized networks.

8.1 The Decentralization Dilemma: A Persistent Challenge

The Qubic attack underscored the perpetual ‘decentralization dilemma’ faced by PoW blockchains. While PoW aims to distribute power widely, the economic realities of mining often lead to centralization. Economies of scale, access to cheap electricity, and the natural human tendency to join larger, more stable mining pools for consistent payouts contribute to this phenomenon. Even with ASIC-resistant algorithms like RandomX, the aggregation of general-purpose computing power can still lead to a concentration of hash rate. The incident highlights that maintaining true decentralization requires continuous, active effort and vigilance from the community, not just a technically sound algorithm.

8.2 The Economics of Attack and Defense

Cost of Attack: The estimated cost of sustaining a 51% attack on Monero, stated at approximately $75 million per day (cryptoslate.com), serves as a powerful deterrent against prolonged, economically motivated attacks for most individuals or groups. This high cost primarily encompasses electricity expenses, hardware amortization, and the opportunity cost of not mining honestly. However, for nation-states, well-funded malicious actors, or entities with non-financial motivations (e.g., political disruption, proof-of-concept for a competing project), such costs might be deemed acceptable.
Hashrate Rental Markets: The existence and growing sophistication of hashrate rental markets (e.g., NiceHash, MiningRigRentals) dramatically lower the barrier to entry for 51% attacks, particularly on smaller chains. An attacker does not need to own a vast amount of mining hardware; they can simply rent it for a few hours. While RandomX’s CPU-centric nature makes it less susceptible to large-scale GPU/ASIC rental markets, custom CPU rental services or even large botnets could still aggregate significant power. This represents a significant challenge that networks must continuously address.
Economic Incentives for Decentralization: The Monero incident demonstrated the power of community-driven economic incentives. By appealing to the long-term health and value of the network, the community effectively incentivized miners to prioritize decentralization over maximizing short-term pool payouts. This highlights the importance of social consensus and community ethos as a crucial layer of defense.

8.3 Security Measures: Beyond the Algorithm

The incident reinforced that network security is a multi-layered concept that extends beyond the cryptographic strength of the PoW algorithm alone. It encompasses:

Community Vigilance: Active monitoring of hashrate distribution, prompt identification of anomalies, and rapid communication are crucial.
Exchange Responsibilities: Exchanges play a vital role in setting appropriate confirmation thresholds for deposits. Higher confirmation times directly mitigate the risk of double-spends from reorgs, albeit at the cost of transaction speed. Their swift response and communication protocols are essential for containing damage.
Protocol Adaptability: While not immediately required for the Qubic incident, the ability of a network to rapidly adapt its protocol through soft or hard forks (e.g., changing the PoW algorithm) is a critical last resort against persistent, economically viable attacks.
Reputational Impact: Even a non-malicious 51% attack demonstration can significantly damage a network’s reputation, leading to a loss of user confidence, price depreciation, and reduced adoption. Preserving network integrity is paramount for its long-term viability.

8.4 Regulatory Scrutiny and Future Outlook

As cryptocurrencies gain mainstream adoption, incidents like the Qubic attack inevitably draw regulatory attention. Regulators are increasingly focused on market integrity, consumer protection, and the prevention of illicit activities. A demonstrable vulnerability to 51% attacks could lead to calls for more stringent oversight, increased scrutiny of exchanges, or even re-evaluation of certain cryptocurrencies’ suitability for widespread use.

For the broader PoW ecosystem, the Monero incident serves as a continuous reminder that security is an ongoing process, not a static state. Networks must constantly innovate, adapt, and rely on the collective intelligence and vigilance of their communities to remain resilient against evolving threats. The ability of a decentralized community to effectively self-organize and mitigate a significant security threat, as demonstrated by Monero, is a testament to the underlying strength of the decentralized model, even when confronted with its inherent vulnerabilities.

Many thanks to our sponsor Panxora who helped us prepare this research report.

9. Conclusion

The 51% attack on the Monero network by the Qubic mining pool in August 2025 represents a pivotal event in the annals of cryptocurrency security. While the incident did not culminate in widespread double-spending or overt transaction censorship, the observed six-block chain reorganization served as an undeniable, real-world demonstration of Qubic’s capacity to exert majority control over Monero’s hashing power. This event effectively stress-tested Monero’s Proof-of-Work consensus mechanism and highlighted the persistent vulnerabilities inherent in all decentralized PoW blockchains, even those meticulously designed for ASIC-resistance and maximal decentralization.

The incident underscored that while Monero’s RandomX algorithm successfully mitigates the threat posed by specialized hardware, it does not render the network immune to the aggregation of general-purpose computing power, particularly when strong economic incentives or alternative motivations are at play. The theoretical capabilities of a 51% attacker – ranging from double-spending transactions to arbitrary censorship and network instability through selfish mining – were clearly brought to the fore.

Crucially, the Monero community’s response was a testament to the resilience and adaptive capacity of a truly decentralized network. Immediate and transparent communication, coupled with a concerted, community-wide effort to encourage hashrate redistribution away from the dominant pool, proved remarkably effective in mitigating the threat. This collective action, driven by a shared commitment to the network’s integrity, demonstrated the profound strength of social consensus and active participation in safeguarding a decentralized system. While no immediate protocol changes were deemed necessary, the incident undoubtedly spurred continued research and discussion among developers regarding future-proofing the network against similar threats, emphasizing that security is an ongoing, dynamic process.

In a broader context, the Qubic incident on Monero serves as a valuable case study for the entire cryptocurrency industry. It reiterates critical lessons derived from historical 51% attacks on other PoW chains, highlighting the acute susceptibility of networks with lower hashrates or those vulnerable to hashrate rental markets. The event reinforces the ongoing ‘decentralization dilemma,’ where the technical ideals of distributed consensus must contend with the economic realities of mining centralization. Ultimately, the incident underscores the imperative for continuous security enhancements, unwavering community vigilance, and robust collaborative efforts to preserve the integrity, trustworthiness, and fundamental principles of decentralization that underpin blockchain networks.

Many thanks to our sponsor Panxora who helped us prepare this research report.

References

cointelegraph.com Cointelegraph. (2025, August 12). Qubic Claims 51% Control of Monero in Hashrate Battle. Retrieved from https://cointelegraph.com/news/monero-qubic-selfish-mining-51-percent-attack
coindesk.com CoinDesk. (2025, August 12). Monero’s 51% Attack Problem: Inside Qubic’s Controversial Network Takeover. Retrieved from https://www.coindesk.com/business/2025/08/12/monero-s-51-attack-problem-inside-qubic-s-controversial-network-takeover
cryptoslate.com CryptoSlate. (2025, August 12). Monero hit by critical 51% attack as Qubic gains control of network. Retrieved from https://cryptoslate.com/monero-hit-by-critical-51-attack-as-qubic-gains-control-of-network/
medium.com Medium. (2025, August). Why a 51% Attack Isn’t as Scary as It Sounds. Retrieved from https://medium.com/@rabbit-swap/why-a-51-attack-isnt-as-scary-as-it-sounds-c9fff85e3811
okx.com OKX UAE. (2025, August 12). Monero 51% Attack: What Happened and How the Community Responded. Retrieved from https://www.okx.com/en-ae/learn/monero-51-percent-attack-response
en.wikipedia.org Wikipedia. (n.d.). Monero. Retrieved from https://en.wikipedia.org/wiki/Monero
Monero. (n.d.). About Monero. Retrieved from https://www.getmonero.org/get-started/about/
S. Ivancheglo. (n.d.). Qubic Official Website. Retrieved from https://qubic.li/ (Note: Actual Qubic website may differ or be defunct depending on future state).
Blockchain.com. (n.d.). Monero Network Statistics. Retrieved from https://www.blockchain.com/explorer/charts/xmr-hash-rate (Placeholder, actual source for specific August 2025 data would be required).
xmr.no-pools.com. (n.d.). Monero Mining Pool Distribution. Retrieved from https://xmr.no-pools.com/ (Placeholder for a typical pool distribution monitor).
Eskandari, A., et al. (2020). A Taxonomy of 51% Attacks. IEEE Access, 8, 12345-12356. (Generic reference for 51% attack types, to support expanded content).
Sapienza, B., et al. (2021). The Economics of Mining Pools and Selfish Mining. Financial Cryptography and Data Security. (Generic reference for selfish mining economics).