Examining Attacks on Consensus and Incentive Systems in Proof-of-Work Blockchains: A Systematic Literature Review

BY KEYHUNTER 05.03.2025
Examining Attacks on Consensus and Incentive Systems in Proof-of-Work Blockchains: A Systematic Literature Review

Cryptocurrencies have gained popularity due to their transparency, security, and accessibility compared to traditional financial systems, with Bitcoin, introduced in 2009, leading the market. Bitcoin’s security relies on blockchain technology—a decentralized ledger consisting of a consensus and an incentive mechanism. The consensus mechanism, Proof of Work (PoW), requires miners to solve difficult cryptographic puzzles to add new blocks, while the incentive mechanism rewards them with newly minted bitcoins. However, as Bitcoin’s acceptance grows, it faces increasing threats from attacks targeting these mechanisms, such as selfish mining, double-spending, and block withholding. These attacks compromise security, efficiency, and reward distribution. Recent research shows that these attacks can be combined with each other or with either malicious strategies, such as network-layer attacks, or non-malicious strategies, like honest mining. These combinations lead to more sophisticated attacks, increasing the attacker’s success rates and profitability. Therefore, understanding and evaluating these attacks is essential for developing effective countermeasures and ensuring the long-term security. This paper begins by examining the individual attacks executed in isolation and their profitability. It then explores how combining these attacks with each other or with other malicious and non-malicious strategies can enhance their overall effectiveness and profitability. The analysis further explores how the deployment of attacks such as selfish mining and block withholding by multiple competing mining pools against each other impacts their economic returns. Lastly, a set of design guidelines is provided, outlining areas future work should focus on to prevent or mitigate the identified threats.

Keywords: Block withholding attack, Blockchain, Bitcoin, Mining attack,

  1. Introduction

Cryptocurrency is a type of digital or virtual money that runs on decentralized networks, which are not under the jurisdiction of a single centralized authority like a bank or government [1, 2, 3]. Currently, there are thousands of different cryptocurrencies available which can be used for investing, enabling smart contracts, powering decentralized applications, facilitating peer-to-peer transactions, and taking part in decentralized finance (DeFi) systems [4, 5, 6]. The market leader and original cryptocurrency in the cryptocurrency market is Bitcoin [7] which makes up 48.6% of the total value of the crypto market as of 2024. As of February 2024, the global cryptocurrency market cap is USD 2.09 trillion whereas Bitcoin’s market cap of USD 1.02 trillion accounts for around 50% of that total.

During the global economic crisis of 2009, Bitcoin was introduced as a solution to the issues with centralized transaction management. It offers a number of advantages, including increased trust, security, and transparency among member organizations by enhancing the traceability of data shared across a business network and generating cost savings through new efficiencies [11]. Nearly all cryptocurrencies, including Bitcoin [7], Ethereum [12], Bitcoin Cash [13], and Litecoin [14], are secured by blockchain networks. A blockchain is essentially a public ledger of transactions that anybody can examine and validate [15]. Transactions are broadcast by users in a peer-to-peer network, and participants use this ledger to validate them. The decentralization of the blockchain among a network of nodes ensures that it is not under the control of a single entity [16].

The consensus and incentive mechanisms are two of the core components of blockchain networks [16, 17, 18]. As the blockchain is decentralized, a consensus mechanism is essential for achieving common agreement among all nodes on the state of the ledger, thereby preventing inconsistencies and fraudulent updates [19, 20]. There are several consensus mechanisms, each with its own approach. These include Proof-of-Work (PoW) [16], Proof-of-Stake (PoS) [21], Proof-of-Activity (PoA) [22], and Proof-of-Burn (PoB) [23], among others. Bitcoin employs PoW consensus mechanism which involves, participants, known as miners, compete to solve a complex cryptographic puzzle known as the PoW puzzle [17, 24]. When a miner successfully solves this puzzle, they share the solution

[\text{1Cryptocurrency Prices, Charts, and Crypto Market Cap [8, 9, 10]}]

with the network. The other nodes in the network then check if the solution is correct. After confirmation, the new block is appended to the blockchain. This process is referred to as mining [25].

The incentive mechanism in blockchain is responsible for issuing and distributing rewards [26]. Incentives are financial rewards provided by the system to motivate miners to participate in the mining process and verify transactions [27, 28]. The issuing mechanism specifies how new cryptocurrency tokens are created. In many blockchain systems, miners who successfully validate transactions and add new blocks to the blockchain are rewarded with newly created units of the digital currency [29]. In the context of Bitcoin, there are two main sources of incentives: mining and transaction fees [16]. The miner who successfully solves the PoW puzzle receives a reward, which consists of newly issued Bitcoins [30, 16]. Interestingly, the term “mining” is used to describe this process because, much like digging for precious metals, it involves a resource-intensive effort to uncover valuable newly minted Bitcoins through complex computations [16]. The other source of incentives is the transaction fees for the transactions miners include in a block. These transaction fees are charges paid by users to prioritize their transactions and ensure they are processed quickly [31]. The distribution mechanism determines how the rewards issued by the system are allocated among miners after successfully solving the PoW puzzle. Typically, in Bitcoin, most of the mining work is done by so called pooled-mining [32]. In pooled mining, individuals collaborate by forming a mining pool, where they combine their computing power. This teamwork increases their chances of solving the PoW puzzle and receiving rewards more consistently. When a mining pool successfully solves a PoW puzzle, the distribution mechanism decides how the rewards are divided among the pool members.

To better understand the interaction between Bitcoin’s consensus and incentive mechanisms, consider an example of a transaction between two users. Suppose Alice wants to send 10 Bitcoins (BTC) to Bob. Alice’s transaction data is broadcast across the Bitcoin network, entering a memory pool of unconfirmed transactions that await verification and inclusion in a new block. Miners continuously monitor this memory pool, selecting transactions to validate. They gather Alice’s transaction along with many others and aggregate these into a block. Each miner competes to solve the PoW puzzle associated with this block, which involves repeatedly attempting to find a solution by varying a small part of the block known as the nonce. When Jane, a miner, discovers a nonce that successfully solves the puzzle, she shares the solution with the network. The other miners then verify the solution, and once confirmed, the block is incorporated into the blockchain, provided that the majority of nodes approve it. As a result, the 10 BTC that Alice intended to send to Bob is successfully transferred, finalizing the transaction and securely recording it on the blockchain. Jane, the miner who solved the puzzle, receives a reward in the form of newly created Bitcoins, in addition to any transaction fees from the block.

Malicious parties can employ various strategies targeting consensus and incentive mechanisms to gain an unfair share of mining rewards, or manipulate transactions for personal financial gain. These attacks can take different forms, with some sticking to a single strategy, referred to as pure attacks in this study. Alternatively, attackers might combine these pure attacks together or with other malicious and non-malicious strategies to enhance their effectiveness and profitability. We term these combined strategies as hybrid attacks.

Under pure attacks, selfish mining-style attacks have been extensively explored in various studies [33, 34, 35, 36, 37, 38]. They enable a minority pool to earn more revenue than is equitable based on its total mining power [33]. Bitcoin protocols prescribe that a miner who discovers blocks should immediately broadcast the valid blocks across the network. The miners who adhere to the Bitcoin protocols are called honest miners. In the previous example, Jane is an honest miner as she published her block as soon as she discovered it. In contrast, a selfish mining pool keeps the newly mined blocks private and releases them strategically instead of broadcasting them immediately. Continuing from the previous example, let’s assume Kevin is a rational miner leading a selfish mining pool that controls a large portion of the network’s computational power. Jane, like other honest miners, works to confirm transactions and append new blocks to the blockchain, adhering to the rules of the network. Instead of immediately broadcasting newly mined blocks, Kevin’s pool withholds these blocks, creating a private chain, while Jane and the other honest miners work on the public chain. Suppose that, at one moment, the length of the honest chain is 1 and Kevin’s private chain is 3, giving Kevin a lead of 2 blocks. If Jane successfully mines the next block, Kevin immediately publishes his private chain to the network. Since Bitcoin follows the rule of the longest chain, the network accepts Kevin’s chain, discarding the blocks that Jane and other honest miners had worked hard to add, thereby wasting Jane’s computational efforts. Consequently, Kevin obtains the rewards of two blocks while Jane receives nothing. Selfish mining attacks present a significant threat to the fairness of the mining process, allowing attackers to earn rewards that exceed their fair share. Additionally, the resulting unfair distribution of rewards can lead some rational participants to engage in malicious behaviors [33, 39, 40, 41]. This, in turn, may result in a decrease in the number of honest miners, thereby weakening the network’s security and creating opportunities for various types of attacks, particularly double-spending attacks [42].

In a double-spending attack, the attacker spends the same cryptocurrency tokens more than once [43]. This allows the attacker to use the coins to purchase goods or services and then reverse the transaction while keeping both the goods/services and the coins. Essentially, this means obtaining the goods or services without spending any coins. Suppose the majority of the network’s hash rate is under Kevin’s pool’s control. Because of this, the pool is able to mine blocks more quickly than Jane and other honest miners. Suppose, Kevin decides to use this advantage to double-spend his coins. For instance, Kevin buys a jet by spending a certain amount of his coins, and the transaction is broadcast to the network. Jane, the honest miner, includes Kevin’s transaction in a block she successfully mines, extending the main chain and confirming the transaction. However, Kevin does not include his transaction in his private chain. Since Kevin’s mining pool can mine blocks faster, he is able to maintain a private chain that is longer than the public chain Jane is working on. While Jane and other honest miners contribute to extending the public chain, Kevin continues to mine additional blocks on his private chain, excluding the jet transaction. Once Kevin’s private chain exceeds the length of the public chain, he publishes it to the network. As Kevin’s chain is longer, the network accepts Kevin’s chain, discarding the blocks mined by Jane, including the block with the jet transaction. As a result, the jet transaction is effectively reversed, allowing Kevin to reclaim the coins he spent on the jet while also receiving block rewards for his private chain. This successful double-spending attack not only allows Kevin to fraudulently regain his spent bitcoins but also reduces the trust among users and merchants and integrity of the entire blockchain network.

1.1. Contributions

This paper provides several contributions to the field of blockchain security, with a focus on PoW-based blockchain networks:

This study investigates how pure attacks can be combined with other malicious and non-malicious strategies to form hybrid attacks. We analyze how these hybrid attack vectors create more sophisticated and effective attack strategies, enhancing attackers’ success rates and profitability.

We provide a detailed examination of pure attacks on consensus and incentive mechanisms in PoW-based blockchain networks. Our analysis assesses the efficiency and profitability of these attacks when executed in isolation.

  1. Our analysis explores game theory-based approaches proposed by various authors to assess the dynamics and profitability of selfish mining and block withholding when two or more pools engage in these attacks against one another. By applying these models, we offer a quantitative understanding of the profitability of these pools in such adversarial environments.
  2. We propose a set of design guidelines to steer future research focused on preventing or mitigating the threats posed by the identified attack strategies.

1.2. Road map

The remainder of the paper is structured as follows: Section 2 provides the blockchain preliminaries. Section 3 outlines the planning and execution of the conducted SLR. Section 4 presents the findings from the SLR, organized into pure attacks, hybrid attacks, and multiple pool attacks. Section 5 provides the design guidelines to guide future research. Finally, Section 6 concludes the SLR.

  1. Preliminaries

This section offers a brief overview of blockchain fundamentals, covering the PoW consensus algorithm, mining process, blockchain forks, and mining pools.

2.1. Proof of Work and Mining

Blockchain is a distributed ledger technology that operates in a decentralized manner, enabling the secure and transparent recording of transactions across a network of computers [44, 45, 46]. At its essence, a blockchain consists of a series of blocks, each containing a collection of transactions. A block in the Bitcoin blockchain typically consists of components such as Block Header, Transactions, Block Size, Block Height, Block Hash, and Block Reward [47]. The Block header contains metadata about the block. It includes Version, Previous Block Hash, Merkle Root, Timestamp, Nonce, and Difficulty Target. The blocks are connected through cryptographic hashing, with each block referencing the hash of the preceding block in its header (Figure 1), forming a chronological sequence that is highly resistant to tampering [7].

The PoW algorithm functions as Bitcoin’s consensus mechanism, facilitating agreement on the state of the blockchain and transaction validation [7, 16].

2 The Merkle root of a block is a single cryptographic hash that uniquely represents the collective hash of all transactions in that block [48].

It involves participants, referred to as miners, solving computationally demanding puzzles to generate new blocks and append them to the blockchain [49]. To solve the PoW puzzle, a miner first selects a random nonce (a unique 32-bit number used only once) and constructs a Block header. Once the Block header has been constructed, the miner concatenates the Block header fields and hashes the concatenated string using a hashing algorithm (SHA-256 for Bitcoin [7]). If the generated hash is less than or equal to the current difficulty target, the miner has successfully solved the puzzle. This can be mathematically denoted as given below.

[ H(n, p, m) < D ] \hfill (1)

where ( n ) is the nonce value, ( p ) is the hash value of the previous block, and ( m ) is the Merkle root of all the included transactions in the block, and $D$ is the target.

The successful miner shares the new block with the network, along with the nonce and hash value. Other nodes in the network verify the block by independently hashing the block header with the nonce and comparing the resulting hash against the target. If the block is valid, it is accepted by the network and added to the blockchain. The miner who successfully mines a new block receives a specified number of newly created bitcoins, known as the block reward. Additionally, they may collect transaction fees related to the transactions included in the block.

The difficulty target is a 64-digit hexadecimal code that indicates how challenging it is to obtain a valid hash. An example difficulty target is given below.

0000000000000000000abcd1234567890
fedcba09876543210abcdef123456789

The difficulty level is determined by the number of leading zeros in the difficulty target; the greater the number of leading zeros, the harder it is to find a valid hash. The difficulty target is adjusted periodically (e.g., every 2016 blocks in Bitcoin [7]) to ensure blocks are mined at a consistent rate (approximately every 10 minutes for Bitcoin [50]). The target hash given above has a large number of leading zeros, indicating a high level of difficulty. This process is known as “proof of work” because the miner has demonstrated that they have expended computational effort (work) to find a valid hash. The PoW algorithm can be summarized as shown in Figure 2.

2.2. Blockchain Forks

A blockchain fork occurs when the main chain splits into two separate branches [51]. This situation typically arises when two miners simultaneously discover and broadcast different valid blocks that reference the same preceding block. Each branch of the blockchain now contains a different valid block at the same height. When both blocks are broadcast to the network, nodes receive and propagate both versions. Consequently, different parts of the network may temporarily see different versions of the blockchain, leading to a brief period of uncertainty about which block is the “correct” one. During this time, miners and nodes will continue to build upon the block they received first, effectively extending their respective branches of the blockchain. This creates a competitive environment where miners compete to discover the next block. The branch that expands the fastest—meaning the one with the most blocks added—ultimately becomes the dominant chain. According to the blockchain’s consensus rules, the network will recognize the longer discarded. Blocks that were part of the shorter branch are considered orphaned or stale. Transactions from these orphaned blocks are returned to the memory pool and can be included in subsequent blocks. This process ensures that the blockchain eventually converges back to a single, unified chain, maintaining the network’s integrity and consensus.

2.3. Mining Pools

The current hash rate of modern mining operations exceeds $7 \times 10^{19}$ hashes per second [52]. As a result, the likelihood of an individual miner successfully discovering a block is extremely low. To address this, miners join mining pools to achieve a steadier income and reduced variance in rewards [33]. Mining pools provide miners with a higher probability of mining blocks and earning rewards, thereby reducing the financial risks associated with solo mining by increasing their chances of earning rewards more consistently [53]. Nowadays, more than 90% of cryptocurrency mining is conducted through pooled mining [54].

In a mining pool, miners collaborate by pooling their resources to jointly work on block discovery and share the resulting rewards. In a typical setup, a pool operator oversees the management of mining, coordinating the pool’s activities. The operator sets up and maintains the pool’s server, monitors its performance, distributes the rewards among the participants, and may charge a fee for their services. Individual miners join the pool by connecting their mining hardware to the pool’s server, allowing their computational power to be combined with that of other miners. The pool operator assigns smaller, manageable tasks to each miner, and miners contribute to the pool’s computational effort by finding and submitting shares. When a miner finds a block that produces a hash starting with a considerable number of zeros, they submit this hash to the pool manager as a share. Each hash attempt has a probability of $\frac{1}{2^{32}}$ of resulting in a share. Solving shares involves the same process as mining a block, but shares are solutions that meet a lower difficulty target set by the pool, rather than the full network difficulty. The pool manager verifies the share submitted by the miner to ensure it meets the pool’s difficulty target. When a miner in the pool discovers a share that satisfies the network’s difficulty target, it is submitted as a valid block to the blockchain network. Upon finding a valid solution that meets the network’s difficulty, Bitcoin’s incentive mechanism decides how the rewards are distributed among the miners involved in the pool. These distribution mechanisms, also known as payout or reward schemes, vary in structure and impact. Below are some of the most common payout schemes.

Useful information for enthusiasts:

Contact me via Telegram: @ExploitDarlenePRO