Monero Stress Test and PoW Security Risks

Author: Tanay Ved Source: Coin Metrics Translation: Shan Ouba, Golden Finance Key Points: Qubic briefly claimed control of over half of Monero's hash rate, causing a minor reorganization of the blockchain's ledger, spanning six blocks. Monero uses the RandomX algorithm, which raises the bar for CPU mining, but its overall hash rate is relatively low, making it more vulnerable to the threat of hash power concentration. Qubic exploited this advantage to gain disproportionate influence through its incentive mechanism. This incident demonstrates that small PoW networks, with limited security budgets and high hash rate concentration, are more vulnerable to consensus perturbations. Earlier this month, Monero experienced a significant cybersecurity incident. A layer-one blockchain called Qubic claimed control of over half of Monero's hashrate, allowing it to temporarily rewrite part of its transaction history. This incident highlighted the vulnerability of small Proof-of-Work (PoW) blockchains to consensus stability, raising concerns about hashrate concentration and long-term security. While the incident was framed as a "stress test" rather than a true "double-spend attack," it highlighted the importance of distributed hashrate and sustainable miner incentives for PoW network security. This article will use the Monero incident as a case study to explore the risks associated with PoW security. We will explain what a 51% attack and chain reorganization are, review past examples on networks like Ethereum Classic, and consider their implications for the potential vulnerabilities of small PoW networks. On August 12th, Qubic announced it had briefly gained a majority of Monero's hash rate. In PoW networks, this situation is often referred to as a "51% attack," where a single actor or coordinated group controls more than half (>50%) of the network's mining power. This majority control can manipulate network consensus, allowing for the reorganization of blocks ("reorgs"), censorship of transactions, and even attempts at double-spend attacks, severely undermining trust in the network. Like Bitcoin, Monero relies on miners to secure the network through PoW consensus. Miners expend computing power to propose and validate new blocks. However, unlike Bitcoin, which uses specialized ASIC hardware for the SHA-256 algorithm, Monero uses the RandomX algorithm, designed to be mineable with general-purpose CPUs. While this lowers the barrier to entry for mining, it also results in Monero's overall hashrate being significantly lower than Bitcoin's (5.5 GH/s vs. 930 EH/s), making the network more vulnerable to the threat of hashrate concentration. Since May, Qubic's influence on Monero has grown significantly. Through its "Uniform Proof of Work" (UPoW) model, Qubic attracts miners to dedicate their CPU resources to Monero mining. Rather than directly rewarding miners with Monero's native XMR token, Qubic sells the mined tokens on the market and uses the proceeds to buy back and burn its own tokens. These higher rewards attracted a significant amount of hashing power to Qubic, increasing its mining profitability while also heightening concerns about network centralization. This ultimately led to a minor reorganization of the Monero ledger of six blocks, briefly allowing Qubic to produce blocks faster than the rest of the network. While a small portion of history was briefly rewritten, researchers analyzing the incident found no signs of a true 51% attack, but rather a demonstration of how incentive centralization can skew mining rewards in the short term. This incident isn't unique to Monero; similar incidents have occurred on other networks, including Bitcoin Gold (2019), Ethereum Classic (2019 and 2020), and Bitcoin SV (2021). A more serious incident occurred in August 2020, when Ethereum Classic experienced a deep chain reorganization following the outage of a major mining pool. The attacker privately mined a longer chain and broadcast it to the network, replacing over 4,000 blocks and reorganizing thousands of historical transactions. This phenomenon can be clearly seen in Ethereum Classic's block data, ranging from approximately blocks 10,904,147 to 10,907,761. The chart above shows the consensus size (in bytes) and transaction count for each block. During the attack, long periods of red dots can be observed where the consensus size dropped to zero, indicating that these blocks were orphaned during the competition for blockchain control. The blue dots mark the main chain that ultimately survived, while the attacker's chain reorganized thousands of previous blocks. These cases demonstrate that the security of PoW networks depends on the distribution of hashing power and the sustainability of miner incentives. Small and medium-sized PoW networks like Monero have significantly lower hashing power than Bitcoin, reflecting differences in mining hardware and overall scale. Because the total hashing power required to secure the chain is limited, a single mining pool or coordinated actor requires fewer resources, making it easier to achieve majority control and making these networks more vulnerable to consensus disruptions. As the Qubic incident demonstrates, computing power tends to concentrate due to stronger incentives. Miners must receive sustainable compensation to ensure continued network security. Monero's block rewards have steadily declined under its deflationary issuance mechanism, with the network currently issuing approximately 430 XMR (approximately $120,000) per day. Transaction fee supplementation is limited, at approximately 9–10 XMR per day. Under these conditions, alternative incentive mechanisms like Qubic's uPoW model could attract enough hashrate to tip the network balance in the short term. The chart below provides a broader perspective on this dynamic, comparing the hashrate (i.e., daily revenue per unit of hashrate) of major PoW networks with the average daily miner income. Bitcoin occupies a distinct niche, while mid-sized chains like Monero, Litecoin, and ZCash cluster in a range with weaker security budgets. In contrast, Bitcoin's massive revenue base helps maintain the distribution of ASIC hardware and the diversity of mining pools. While questions remain regarding transaction fee dynamics and mining pool concentration, Bitcoin's scale of computing power and capital requirements make coordinated attacks extremely costly. This point is also supported by research, such as "Breaking BFT," which argues that a 51% attack on Bitcoin is economically unfeasible given the capital investment required for ASIC hardware and the electricity costs required to sustain an attack. While the Monero and Qubic incidents weren't complete 51% attacks, they served as a stress test of PoW security. They reveal that when miner incentives and hash power are concentrated, small PoW blockchains can be vulnerable to consensus disruptions, ultimately undermining trust in the network. Past examples from networks like Ethereum Classic have also demonstrated that these risks aren't hypothetical, but recurring challenges. Bitcoin's scale remains a key differentiator, making it far more resistant to attack than smaller networks. However, questions remain about its long-term security model, particularly as block rewards continue to decline and transaction fees become a core component of security budgets. Ultimately, the Qubic incident reinforces the fact that PoW security relies on sustainable incentives and widely distributed computing power, and similar incidents may be catalysts for strengthening the network's resilience.