Block Withholding Attacks in PoW

Updated 7 January 2026

Block Withholding Attacks are adversarial strategies where attackers infiltrate PoW mining pools to submit valid shares while deliberately withholding full blocks, thereby reducing overall pool revenue.
Game-theoretic analysis shows that optimal infiltration parameters, such as a 50/50 split of mining power, can yield significant profit gains for attackers and trigger a miner’s dilemma among pools.
Mitigation strategies focus on protocol-level countermeasures, including reward redesign, transparent auditing, and statistical monitoring, to detect and deter block withholding in blockchain networks.

Block Withholding Attacks (BWAs) are a class of adversarial mining strategies against Proof-of-Work (PoW) blockchains, notably targeting mining pools in protocols such as Bitcoin and Ethereum. BWAs exploit the reward-sharing mechanics of pools by submitting partial proofs-of-work (“shares”) while deliberately withholding full blocks. This behavior suppresses pools’ revenue, siphoning value to the attacker’s solo mining or private pool operations. BWAs form a foundational subset of subversive miner strategies, encompassing practical instantiations, game-theoretic equilibria, hybrid attack variants, and evolving protocol-level countermeasures. Their analysis illuminates critical incentive failures in open pool architectures and motivates numerous security innovations.

1. Attack Model and Theoretical Framework

A Block Withholding Attack is characterized by an infiltrator (individual miner, Sybil entity, or pool manager) joining a mining pool and behaving honestly with respect to partial PoWs (shares) but discarding (withholding) any full PoW blocks discovered. Because rewards in most pools are distributed pro rata to shares contributed, the attacker continues to collect payouts while systematically suppressing a portion of the pool’s total expected revenue (Courtois et al., 2014, Eyal, 2014, Kwon et al., 2017, Wijewardhana et al., 2024). The attack may be constructed as follows:

Let network hash power be normalized to 1; attacker controls $\alpha < 1$ .
Attacker splits $\alpha$ into $\alpha \cdot \beta$ for infiltration, $\alpha \cdot (1-\beta)$ for private mining.
Infiltrated power earns pool share rewards but withholds blocks; private power mines honestly (Courtois et al., 2014).
Over time, the attacker’s per-hash payout exceeds the honest baseline, for appropriate parameterization ( $\beta = 0.5$ is optimal under the Courtois prescription).

Mathematically, the attacker’s excess reward per unit hash is: $\text{Excess} = \frac{\alpha \beta (1-\beta)}{1 - \alpha}$ with maximum at $\beta=0.5$ . This causes an 11% revenue drop in a 20% hash attacking pool, corresponding to a 6.25% gain for the attacker (Courtois et al., 2014). The attack cycle is robustly represented as pseudocode (see source (Courtois et al., 2014)), and its detection is generally infeasible in small pools due to Poisson variance.

2. Revenue Analysis, Game Theory, and Miner’s Dilemma

The economic equilibrium of BWA has been rigorously characterized using game-theoretic models. In isolated settings,

$R_{\text{BWA}}(\tau) = \frac{(1-\tau)\alpha}{1-\tau\alpha} + \frac{\beta}{1-\tau\alpha} \frac{\tau\alpha}{\beta+\tau\alpha}$

where $\tau$ is the fraction infiltrating, and $\beta$ is the honest pool's hash rate (Kwon et al., 2017). For optimal $\tau$ , $R_{\text{BWA}}(\tau) > \alpha$ .

When multiple pools compete, each may infiltrate the others with a fraction of its mining power, leading to a payoff structure analogous to the iterative Prisoner's Dilemma: | | Pool 1: No-Attack | Pool 1: Attack | |-----------------|-------------------|----------------| | Pool 2: No-Attack | $(1,1)$ | $(>1,<1)$ | | Pool 2: Attack | $(<1,>1)$ | $(<1,<1)$ |

As analyzed by Eyal and Sirer, mutual attack leads to strictly diminished rewards for both pools compared to honest mining—termed the "Miner’s Dilemma" (Eyal, 2014). The Nash equilibrium in diverse pool environments is interior, resulting in net negative outcomes for all attacking pools.

3. Variants and Hybrid Attacks

BWAs comprise several key variants identified in the literature (Wijewardhana et al., 2024):

Simple Pool BWA: Classic Rosenfeld-style attack based on infiltration and block withholding.
Dual-Pool BWA: Multiple pools mutually infiltrate, giving rise to complex Nash equilibria and the miner’s dilemma.
Fork After Withholding (FAW): Attacker withholds blocks until an honest block appears, then immediately publishes the withheld block, triggering a fork and earning both share-reward and fork-reward. FAW provides a $1$– $4\times$ uplift over standard BWA (Kwon et al., 2017).
Power-Adjusting Withholding (PAW): The attacker's infiltration fraction is dynamically tuned to optimize revenue, outperforming static BWA and FAW under certain conditions (Doger et al., 14 Nov 2025).
Eclipsed FAW (EFAW): Integrates network-layer eclipse attacks to amplify the effectiveness of FAW (Wijewardhana et al., 2024).
Share Withholding Attacks (SWH): Generalize BWA by selectively withholding high-difficulty shares, further skewing pool payouts (Chang, 2020).

Such hybrids, including combinations with selfish mining, dramatically increase profitability, with empirical and simulation results reflecting up to $56\%$ gain over plain BWA (Kwon et al., 2017).

4. Impact on Reward Distribution, Detection, and Pool Structure

BWAs decrease the victim pool’s public block-finding rate while maintaining nominal share-based contributor counts, diluting reward density for honest operators (Eyal, 2014, Wijewardhana et al., 2024). Over time, honest participants experience revenue drops, leading to potential miner migration and heightened centralization risk.

Detection is stymied by Poisson block-finding variance and share submission noise; unless a miner exhibits a statistically significant drop in block submissions relative to shares, BWA is not trivially detectable in short observation windows (Courtois et al., 2014, Eyal, 2014). Large pools may observe persistent revenue shortfalls, triggering out-of-band trust responses. Novel protocols such as APoW introduce probabilistic detection via audit tags and accountable re-scanning of the nonce space (Lerner, 5 Jan 2026), providing retroactive verifiability without trusted hardware.

Self-destructive phenomena have been observed, notably in block double-submission (BDS): spies within an attack pool may betray the attacker, selling withheld blocks back to the victim pool for double rewards, effectively making honest mining the limiting optimal strategy in principal-agent equilibria (Lee et al., 2022).

5. Protocol-Level Countermeasures

Effective defense against BWAs encompasses both economic and cryptographic protocol modifications:

Reward Allocation Redesign: Dedicate a fraction of block reward solely to the block finder, reducing the share reward portion, which mathematically eliminates attack incentive for any number of pools (Chen et al., 2020).
Transparent Auditing: Implement APoW constructions, allowing pools to verify claimed nonce intervals and probabilistically catch withholding agents (Lerner, 5 Jan 2026).
Incentive-Compatible Difficulty Adjustment: Amend the difficulty algorithm to account for orphan blocks, making honest mining strictly optimal even if orphan rewards are partial (Grunspan et al., 2022). This change is robust to network connectivity and signaling.
ZeroBlock Mechanism: Enforce maximum delay intervals, inserting dummy blocks if real blocks are withheld, ensuring withheld blocks are invalidated (Solat et al., 2016).
Quorum Certificates (Crystal protocol): Each block is certified by a committee, making private withholding infeasible as certification requires public broadcast to committee members (Niu et al., 2023). Crystal reduces double-spend and selfish mining success probabilities by multiple orders of magnitude.
Statistical Monitoring: Pools monitor miner share-to-block ratios, though advanced attackers can remain undetectable within statistical noise in large pools (Eyal, 2014).

Mitigation approaches often require protocol changes, reward redistribution, or additional pool-side cryptography, and may trade off decentralization and implementation complexity.

6. Expanding Context: Timestamp Manipulation, Conflicting Transactions, and Beyond

Contemporary variants such as Staircase-Unrestricted Uncle Maker (SUUM) exploit timestamp manipulation in difficulty-adjusting PoW chains, enabling adversaries to persistently exploit honest miners with arbitrary hash fractions, at zero attack cost and minimal difficulty risk (Hu et al., 8 May 2025). SUUM combines block withholding with systematic time manipulation and difficulty control; mitigation strategies involve decoupling timestamps from difficulty, multi-node attestation, economic slashing, and network monitoring.

In permissioned ledgers, withholding attacks may be orchestrated using floods of conflicting transactions, inflating block height and causing honest parties to waste resources; proposed countermeasures include dependency checks, parallelized ordering, and priority-based queues (Bappy et al., 2024).

BWAs also extend to PoS chains: coordinated withholding of blocks and attestations in Ethereum 2.0 can induce chain reorganizations (“reorgs”) and delay finality, with success probabilities depending on attacker stake and protocol specifics; protocol changes such as fork-choice rule hardening and slashing are necessary to address these new classes of attacks (Neuder et al., 2021).

7. Implications, Open Challenges, and Future Directions

Block Withholding Attacks serve as a canonical demonstration of incentive misalignment in open pool-based PoW blockchains. Although numerous countermeasures are analytically viable, adoption is impeded by backward compatibility concerns, decentralization trade-offs, ASIC retooling, and the complexity of integrating non-share-based auditing. The ongoing proliferation of hybrid and protocol-specific variants (e.g., FAW, PAW, SUUM) necessitates continued research into incentive-compatible mining, transparent block certification, and cryptographically robust reward schemes. Open questions persist regarding miner migration dynamics, share withholding in non-blockchain applications, and the ultimate equilibrium of multi-pool competition in the presence of undetectable attacks. The frequent interplay of BWAs with other attack classes (selfish mining, eclipse, timestamp manipulation) underscores the centrality of comprehensive incentive analysis and protocol design in PoW and hybrid blockchains.