The Looming Threat of China: An Analysis of Chinese Influence on Bitcoin

BY KEYHUNTER 06.03.2025
The Looming Threat of China: An Analysis of Chinese Influence on Bitcoin

As Bitcoin’s popularity has grown over the decade since its creation, it has become an increasingly attractive target for adversaries of all kinds. One of the most powerful potential adversaries is the country of China, which has expressed adversarial positions regarding the cryptocurrency and demonstrated powerful capabilities to influence it. In this paper, we explore how China threatens the security, stability, and viability of Bitcoin through its dominant position in the Bitcoin ecosystem, political and economic control over domestic activity, and control over its domestic Internet infrastructure. We explore the relationship between China and Bitcoin, document China’s motivation to undermine Bitcoin, and present a case study to demonstrate the strong influence that China has over Bitcoin. Finally, we systematize the class of attacks that China can deploy against Bitcoin to better understand the threat China poses. We conclude that China has mature capabilities and strong motives for performing a variety of attacks against Bitcoin.

1 Introduction

In 2008 Satoshi Nakamoto published the Bitcoin white paper, using cryptography to create the world’s first decentralized currency \cite{nakamoto}. Since its creation, Bitcoin’s popularity has grown substantially, reaching a market capitalization of over $100 billion USD as it continues to attract interest from technology enthusiasts, black markets, and legitimate markets \cite{coinyield}.

Despite this popularity, the security of Bitcoin is still not fully understood. Many serious attacks have been theorized by researchers but have not yet come to pass, leading to the adage “Bitcoin is secure in practice but not in theory.” Some analyses approach this strange characterization of Bitcoin by saying that the security model of Bitcoin must consider the socioeconomic and political forces in addition to the underlying cryptography \cite{doncho,thegraph}.

The decentralized nature of Bitcoin presents unique socioeconomic and political challenges. Operation and maintenance tasks are distributed across a massive number of peers called miners, and because there is no central governing structure, these miners are kept honest by a carefully balanced incentive scheme. The system is designed so that anyone can contribute by devoting some computing power to mining, but over the last several years, Bitcoin mining has become…

heavily centralized due to advances in specialized hardware that render commodity hardware obsolete. As a result, miners have congregated into mining pools: consortia of miners who work together and share profits. As of June 2018, over 80% of Bitcoin mining is performed by six mining pools [8], and five of those six pools are managed by individuals or organizations located in China.

One broadly understood security property of Bitcoin is that no single party can control more than 50% of the hash rate, so this statistic is worrying. The Chinese government exerts strong, centralized control over economic and financial activity and also operates extensive surveillance and censorship regimes over the domestic Internet. These capabilities do not grant them direct command of all of the hash power in Chinese-managed pools, but they do have a variety of tools at their disposal to influence those pools and Bitcoin in general. They have deployed multiple rounds of restrictive regulations that have upended global and domestic Bitcoin markets, and as we show in §4, Chinese Internet surveillance has affected transaction throughput.

This interest and activity in Bitcoin by China raises many questions. Where does China actually stand on Bitcoin? Do they have motivations to influence Bitcoin globally, and have they succeeded in doing so in the past? What capabilities do they have to influence Bitcoin?

Contributions: In this paper, we explore whether and how China threatens the security, stability, and viability of Bitcoin through its position in the Bitcoin ecosystem, political and economic control over domestic activity, and technical control over its domestic Internet infrastructure. We find that China has motivations to threaten Bitcoin and has influenced it through domestic regulatory and technical measures. We also show that China has a number of mature capabilities for executing a variety of attacks. We enumerate and classify the attacks that China can execute and what goals that they would achieve. Finally, we outline directions for future research, including additional dimensions of analysis and surveying potential mitigations to the threat China poses.

Organization: The paper is organized as follows. §2 summarizes the design and operation of Bitcoin. §3 briefly summarizes China’s relationship with Bitcoin and the technical and non-technical capabilities China could bring to bear on Bitcoin. §4 presents an analysis of how China’s Internet censorship limited throughput for Bitcoin as a whole, demonstrating a link between Chinese domestic policy and the global stability of Bitcoin. §5 systematizes the risk that China poses to the Bitcoin ecosystem. Finally, §6 concludes and outlines directions for future work.

2 Bitcoin

Bitcoin is a distributed ledger that tracks payments in a digital currency. Whereas traditional currencies and payment systems rely on monolithic financial institutions to control supply and mediate transactions, Bitcoin distributes those responsibilities among a set of peers called miners who are rewarded for their efforts by receiving payouts in the currency. This approach diffuses trust, allow-ing users to place small amounts of trust in many different parties rather than all of their trust in a single entity.

2.1 Technical overview

As outlined in [10], Bitcoin consists of three components: transactions transferring ownership of coins, the consensus protocol, and the communications network.

Transactions: Bitcoin transactions are protocol messages that transfer currency called bitcoins (abbreviated BTC) from one user to another. Each user is represented by a public/private key pair, and the hash of the public key serves as an address that can be associated with transaction inputs and outputs. By creating a new transaction, a user can claim bitcoins output from a prior transaction if they prove ownership of the corresponding private key.

Consensus protocol: In order to maintain consensus, transactions are organized into a shared public ledger, implemented as a series of blocks. Each block contains a set of transactions, a timestamp, an arbitrary number called a nonce, a hash of the previous block, and some other protocol information. Storing the previous hash means that each block is cryptographically linked to its predecessor, creating the blockchain data structure. Integrity is preserved through the blockchain since any alteration to an earlier block will cause its hash to change and therefore ‘break’ the chain.

Miners collect transactions, check their validity, organize them into blocks and publish them to the network. They are rewarded for the effort of creating blocks by a special transaction in each block that sends a quantity of bitcoins to an address of the miner’s choosing. This is called the block reward, and it is the only means by which new bitcoins are created.

To determine which block is next in the chain to maintain global consensus, Bitcoin uses a computational puzzle called Proof of Work. A valid block is defined as one whose double SHA256 hash is below a target threshold value. Miners fix all of the fields of the block except for the nonce, then randomly guess different nonces until a valid block is found. If multiple valid next blocks are mined, a fork occurs and other miners must choose which branch to mine off of. To resolve forks, miners simply mine from the longest branch.

Typically miners collaborate in groups called mining pools. Pool members submit partial proofs-of-work (PPoWs), which are blocks that hash to a value close to the target but are not actually valid. PPoWs serve to measure the amount of work that a miner has been conducting in the effort to find a block. They are sent to a pool manager who allocates rewards to members in proportion to the computational work they performed.

Communication network: Bitcoin nodes use a peer-to-peer broadcast network to announce and propagate transactions and blocks. Nodes in the communications network follow a set of rules to enhance performance and support the consensus protocol; for example, they will only forward new data once to prevent infinite propagation and will only relay valid data to prevent invalid blocks or transactions from being spread on the network.

The communication network’s performance and degree of centralization have an effect on the consensus protocol. With respect to performance, high latency between nodes can cause temporary forks which in turn cause instability. With respect to centralization, centralized control of nodes or the connections between them can affect the fairness of the protocol. For example, if a miner controls enough of the nodes, they can favor their own blocks to win the forks and earn the block reward. Similarly, if anyone is able to censor the network, they can prevent blocks and transactions from spreading. Thus, to ensure stability and fairness, Bitcoin requires a low latency, decentralized, uncensorable network.

Usage of Bitcoin: In practice, some people use Bitcoin as a store of value, but it is mostly used as a speculative investment asset. It remains largely divorced from existing monetary systems, although in some places it has gained a foothold. In countries experiencing high degrees of inflation, Bitcoin and other cryptocurrencies gain popularity because they do not rely on the country’s financial infrastructure and their value cannot be manipulated by the government. In Venezuela, for example, some citizens have converted rapidly inflating Bolivars into Bitcoin to store value or purchase goods online, and mining has become increasingly common as a source of income [48]. Similar trends have been observed when similar economic conditions have occurred in Greece, Zimbabwe, and Ukraine [3]. In the US, investment banks have begun to tentatively embrace Bitcoin, with Goldman Sachs leading the way by first facilitating Bitcoin trading on other platforms and soon offering its own Bitcoin derivative products to clients [39].

3 Bitcoin in China

Bitcoin’s rise in China began in 2013. In the following years, Chinese exchanges grew to dominate the global exchange market, as shown by the relative share of Bitcoin exchange transactions executed in Chinese Yuan (CNY) versus other currencies (Figure 1a). Mining pools managed by individuals in China have constituted over half of the total network hash power since 2015 (Figure 1b) and currently more hash power is located in China than in any other country [24].

Through this time, China’s official position on Bitcoin remained ambiguous and regulators proved unwilling to institute tight controls despite expressing concerns over criminal activity, subversion of capital controls, and speculative risk. This tenuous equilibrium between demand by Chinese users and investors and intermittent regulatory impedance shaped Bitcoin’s global trajectory until it was punctured in 2017 by firm regulations on the exchange industry. Appendix 1 provides a more detailed discussion of the Bitcoin exchange and mining sectors in China over this period. In this section, we identify how China’s dominant position in the Bitcoin ecosystem and tight control over domestic economic and technical resources grant them capabilities to influence Bitcoin.

4 We attribute the following pools to Chinese managers: AntPool, Bixin, BTCC, BTC.com, BTC.TOP, BW.COM, DPOOL, F2Pool, Poolin, ViaBTC, and 58COIN.

Regulatory authority: The Chinese government enjoys broad regulatory authority that it can bring to bear on domestic Bitcoin users, exchanges, and miners. Regulators have issued policy decrees to directly influence the exchange and mining sectors and also targeted Bitcoin indirectly through externalities like energy prices (see Appendix 1 for details).

Internet traffic tampering and surveillance: China operates a variety of Internet control measures that can affect Bitcoin traffic. The most well-understood system is the Great Firewall (GFW), which performs on-path surveillance and traffic filtering using deep packet inspection (DPI) and active probing of connection endpoints [18]. As an on-path tool, the GFW can observe network traffic and inject new packets but it cannot prevent packets that have already been sent from reaching their destination. For more active traffic tampering, China operates a separate in-path tool known as the Great Cannon, which can inject malicious code into packets in transit and levy denial-of-service attacks by redirecting traffic to a target host [30]. Both of these systems primarily operate on traffic transiting between China and the rest of the world, but central government regulators also control all Internet Service Providers (ISPs) in China, allowing for collection and analysis of domestic traffic.

Hash power: At the time of writing, 74% of the hash power on the Bitcoin network is in Chinese-managed mining pools. Pool miners cannot be directly controlled by China, but the managers are located within China and as such are subject to Chinese authorities. Because managers are responsible for assigning mining jobs and propagating completed blocks, they control the inputs and outputs of their miners, allowing Chinese authorities indirect control over that hash power. China has more direct control over the hash power physically located in China. This is a significant share of the global hash…

rate – more than controlled by any other single country [24] – but the precise quantity is unknown.

Well-connectedness within the Bitcoin network: Which blocks reach consensus in Bitcoin depends in part on how quickly they propagate through the network from their source miner to other peers. Blocks found in China are already proximate to a majority share of hash power, so they can reach consensus more quickly than blocks found elsewhere. If the Chinese government assumed control of domestic hash power, this property would grant them an advantage in selecting blocks for the ledger, which is important for some types of attacks (see §5).

4 Technical Interference

In this section, we demonstrate a case of Chinese technical interference in Bitcoin. Specifically, we discuss how the GFW imparts a latency overhead on all traffic it processes, including Bitcoin traffic. Until protocol upgrades were introduced to address this problem in June 2016, Chinese miners were disadvantaged by this latency as it slowed the rate at which their proposed blocks could propagate. This created an incentive for those miners to mine empty blocks because those were less disadvantaged by the latency. However, empty blocks are bad for Bitcoin, as they process no transactions but consume network resources, thus damaging system throughput.

4.1 Analysis

Bitcoin blocks adhere to a fixed size limit of 1MB. Since mid-2016, blocks on the main chain have generally been at or above 800KB in size, suggesting that throughput is at 80% of capacity, although prior to this smaller blocks were the norm (see Figure 2a).

Miners are free to include as many or as few transactions in a block as they want. Because the difficulty of mining a block does not depend on its size, to maximize their profits miners would be expected to include as many fee-bearing transactions in their blocks as possible (even though transaction fees are quite small compared to the block reward). If there are not enough fee-bearing transactions in the mempool to fill a block, a rational miner might publish a block with some empty space because although including additional non-fee-bearing transactions does not cost them anything, it also does not earn them anything.

Based on this incentive structure, empty blocks (those containing only the coinbase transaction) should be exceedingly rare, as there are virtually always some fee-bearing transactions in the mempool. However, historically empty blocks

5 The SegWit protocol upgrade, activated in August 2017, kept the 1MB limit for transactions but allowed other block data to consume an additional 3MB. This is why Figure 2a shows that some recent blocks are larger than 1MB.

were occasionally produced. There are reasons a miner might do this and forgo transaction fees; for example, once a miner is notified that a block has been found by another miner, they may start mining an empty block in the time it takes to download and validate that block and choose the next set of transactions. Although this process is typically fairly quick, the probabilistic nature of mining means that sometimes the miner successfully finds that empty block in time, and so they publish it to reap the block reward.

Prior to May 2015, empty blocks were produced at a consistent rate of 2 – 3%, except for a few aberrations in 2011 and 2012 before Bitcoin was widely used (see Figure 2b). Beginning in May 2015, a noticeable spike up to around 5% that lasts through June 2016 is visible. We examined the behavior of the eight largest mining pools during this period, which cumulatively found nearly 80% of all blocks. Table 1 summarizes this information. The four Chinese pools cumulatively account for 64% of the hash power while non-Chinese pools account for 24%.

Looking at the combined average rates of empty blocks produced by each of these pool groups (Figure 3a), we see that the Chinese pool group produced an unusually high rate of empty blocks, spiking up above 7%. Meanwhile, non-Chinese miners produced empty blocks at a historically consistent rate of around 2%. These observations suggest that some factor that applied to Chinese miners – but not other miners – created an incentive to mine empty blocks. We posit that this factor is the Great Firewall, and more specifically, the bandwidth bottleneck it imparts.

The GFW is known to limit bandwidth by inducing packet loss in TCP streams. In 2017 a test showed 6.9% packet loss in connections between the US and China and only 0.2% for connections between the US and Hong Kong, which is just outside the GFW [51]. Packet loss causes latency, as dropped packets must

6 Within the group, two individual pools (AntPool and BW Pool) peaked with empty block rates as high as 13% (see Figure 3b).

Table 1. Nationality of mining pools and their share of hash rate between May 1, 2015 and June 30, 2016.

Mining poolLocated in ChinaEstimated share of network hash rate
F2PoolYes22.17
AntPoolYes21.54
BTCCYes12.79
BitFuryNo12.39
BW PoolYes7.84
KnCMinerNo4.89
SlushPoolNo4.72
21 Inc.No2.27

Fig. 3. (a) Percentage of published blocks that are empty, sampled once per three weeks and grouped by national affiliation, using data from [7]. See Table 1 for information on mining pool hash rates and national affiliations. (b) Percentage of blocks published by Chinese-controlled pools that are empty, sampled once per three weeks, using data from [7].

be re-requested and re-sent, and this was also observed in the same test (218ms latency for Chinese agents compared to 81ms for Hong Kong). This latency has been observed to affect Bitcoin block propagation. In 2015 it was shown that block propagation across the GFW was an order of magnitude slower than propagation between nodes on the same side of the GFW [47]. Separate research the following year found that mean propagation times for near-full Bitcoin blocks were 3.9 seconds between nodes on the same side of the GFW and 17.4 seconds between nodes on opposite sides, representing a slowdown of nearly 450% [41].

Propagation latency perverts the incentives for miners behind the GFW because they are at an inherent disadvantage. If a miner behind the GFW finds a valid next block at the same time as an outside miner, the latter can more quickly propagate their block to the rest of the network, meaning they are more likely to win a forking race and have their block accepted. Mining smaller blocks, which propagate more quickly, can counteract this disadvantage for miners behind the GFW. While transaction fees are designed to dissuade empty block mining, those fees fluctuate and at times are insubstantial. Across the period when empty block rates were high, transaction fees averaged only .25 BTC per block. The block reward of 25 BTC was far more valuable, so mining more empty blocks to earn more block rewards would seem profitable.

Compact block relay was incorporated into the Bitcoin Core client on June 22, 2016 as BIP152 (Bitcoin Improvement Proposal #152) [16]. Leveraging the fact that full nodes store transactions they have already seen in their mempool, the BIP significantly reduced the bandwidth required for block propagation. Specifically, it permitted peers to avoid sending full blocks to each other and instead send compact block “sketches” along with a small set of transactions the sender guesses the receiver has not yet seen. Under this protocol, a full block can be relayed using only 15KB of data [22], reducing the bandwidth requirement of block propagation by 98%.

With BIP152 incorporated, block propagation time became largely independent of block size, and so the incentive to mine empty blocks was eliminated. Correspondingly, the practice quickly subsided to its pre-2015 level (as seen in Figures 3a and 3b). While this particular threat to Bitcoin has abated, it demonstrates the power of China’s technical capabilities for domestic control to weaken Bitcoin, even unintentionally, on a global scale. We now turn to an analysis of other vectors by which China could leverage their capabilities to attack Bitcoin.

5 Threats

There are many known attacks on Bitcoin’s consensus, miners, software clients, and communication network (see [15] for a survey). In this section, we catalog four classes of attacks that China could perpetrate on Bitcoin using the capabilities outlined in §3 and posit a set of metrics for understanding the attack classes.

5.1 Metrics

Goals: There are four goals that China may wish to achieve by attacking Bitcoin. First, as discussed in Appendix 1, Bitcoin stands in ideological opposition to China’s centralized governing philosophy, so they may be motivated to weaken or destroy it to make an ideological statement; for example, demonstrating the futility of decentralized control paradigms. Virtually any violation of Bitcoin’s security suffices to achieve this goal as long as it is highly visible.

Second, the government may attack Bitcoin for the purpose of law enforcement: administering capital controls or preventing other illegal activity. Targeting specific users for deanonymization and censorship would allow China to crack down on illicit uses of Bitcoin.

Third, although China has expressed distrust of Bitcoin, they may still determine that increasing control over the system is beneficial (e.g., to achieve other goals outlined in this section). By disrupting non-Chinese mining pools, especially those with significant hash power, China could further increase the proportion of hash power they can control and thus exert more influence over Bitcoin.

Finally, as Bitcoin becomes more widely used and more tightly integrated into global financial systems, it becomes a possible vector for attacking foreign economies. To exert influence in a foreign country where Bitcoin is in use, China may aim to weaken or even totally destroy Bitcoin. This could be done by targeting specific users or miners for attack or by generally weakening consensus to increase volatility to a breaking point.

Visibility: Some attacks on Bitcoin can be performed surreptitiously while others are easily detectable. We distinguish covert attacks, which are difficult to detect and only minimally perturb the Bitcoin network or ledger, from overt attacks which produce visible signatures suggesting Chinese culpability. Note that any attack can be overt if China announces their actions; we do not classify an attack as overt if this is the only way it can be linked to China.

Targets: An attack can target Bitcoin users, miners, or the entire ecosystem.

Capabilities: We discuss China’s capabilities to effect Bitcoin in §3 and note the difficulty of accurately estimating hash power under their control. For our attack analysis, we divide attacks dependent on hash rate into three thresholded categories. If an attack requires the majority of the network hash rate (i.e., 51% or more), we label that as high threshold. Attacks that are more effective with the majority of the hash rate but are possible with less have a medium threshold, and attacks requiring significantly less than a majority of the hash rate are low threshold.

5.2 Attacks

Table 2 summarizes the different classes of attacks that are feasible for China, specifies the technical means by which each could be achieved, and connects them to the goals outlined above. Further discussion of each individual attack class follows.

Censorship: One class of attacks in China’s arsenal is the ability to perform targeted censorship of Bitcoin users, preventing them from committing transactions to the blockchain. By censoring specific users, China could achieve three possible goals: first, they could make an ideological statement that even decentralized ecosystems like Bitcoin are still subject to China’s centralized control; second, they could censor Bitcoin addresses known to belong to criminals to crack down on illegal activity; and third, they could weaken organizations or foreign economies that rely on Bitcoin by selectively censoring addresses important to those parties.

With control of at least 51% of the hash rate, Chinese mining pools could simply announce that they will not mine on chains containing transactions from their list of censored addresses. This is called a (a) punitive forking attack. With less than 51% of the hash power, Chinese miners could still attempt to fork whenever they see a censored transaction, but some attempts may fail.

Useful information for enthusiasts:

Contact me via Telegram: @ExploitDarlenePRO