Overview
Selfish mining is a strategic attack on Bitcoin's mining incentive structure, first formally described by researchers Ittay Eyal and Emin Gun Sirer in a 2013 paper titled "Majority is Not Enough: Bitcoin Mining is Vulnerable." In a selfish mining attack, a miner (or mining pool) who discovers a new valid block does not immediately broadcast it to the network. Instead, the attacker keeps the block secret and continues mining on top of it privately, attempting to build a longer chain than the rest of the network.
The core insight is that by strategically timing the release of withheld blocks, the selfish miner can cause honest miners to waste their work on blocks that will ultimately be orphaned. When the honest network is about to catch up, the selfish miner releases their private chain, invalidating the honest miners' work. If executed successfully, this allows the attacker to earn a disproportionate share of block rewards relative to their fraction of total hash rate.
How It Works
Normal Mining:
Miner finds block → Broadcasts immediately → Network builds on it
Selfish Mining:
1. Selfish miner finds Block N
→ Does NOT broadcast
→ Continues mining Block N+1 privately
2a. If selfish miner finds N+1 before network finds N:
→ Now has 2-block lead
→ Continues mining privately
2b. If network finds competing Block N:
→ Selfish miner broadcasts their Block N immediately
→ Race condition: ~50% chance network adopts selfish block
→ If selfish miner also had N+1 ready, broadcasts both → wins
3. If selfish miner's private chain ever falls behind:
→ Abandons private chain
→ Rejoins honest mining on the public chain
The strategy exploits the fact that honest miners will always switch to the longest valid chain. By selectively releasing blocks, the selfish miner can force honest miners to abandon their work and adopt the selfish chain, effectively wasting the honest miners' energy and hash power.
Threshold and Profitability
The original paper demonstrated that selfish mining can be profitable for miners controlling as little as ~33% of the network hash rate under certain network conditions. The exact threshold depends on the attacker's connectivity to the network:
γ = fraction of honest miners that mine on selfish block during a race
If γ = 0 (worst case for attacker):
Threshold ≈ 33% of network hash rate
If γ = 0.5 (attacker well-connected):
Threshold ≈ 25% of network hash rate
If γ = 1 (attacker reaches entire network first):
Threshold ≈ 0% (any hash rate is profitable, theoretically)
In practice, the attack is significantly harder to execute profitably than the theoretical analysis suggests. Network latency, the risk of detection, and the variance inherent in mining make selfish mining a high-risk strategy.
Defenses and Mitigations
Several approaches have been proposed and implemented to make selfish mining less viable:
Improved block propagation reduces the window during which a selfish miner can exploit timing advantages. Technologies like compact block relay and the FIBRE network minimize the time it takes for blocks to reach all nodes, reducing the attacker's ability to win "races" during block release.
Random tie-breaking was proposed in the original paper: instead of always adopting the first-seen block during a fork, nodes could randomly choose between competing blocks of equal height. This reduces the advantage a well-connected selfish miner gains from network topology.
Unforgeable timestamps and other protocol-level changes have been discussed but not implemented, as they introduce their own complexities and trade-offs.
In practice, selfish mining has never been conclusively demonstrated on the Bitcoin mainnet. The economic incentives to mine honestly, the reputational risk to known mining pools, and the technical challenges of maintaining a private chain all serve as practical deterrents.
Relationship to the 51% Attack
Selfish mining is related to but distinct from a 51% attack. A 51% attack requires majority hash rate to guarantee the ability to reorganize the chain. Selfish mining can theoretically be profitable below 50%, making it a more subtle threat. However, both attacks become more viable as an attacker controls a larger share of hash rate, and both undermine the fairness assumption that miners earn rewards proportional to their contribution.
Related Concepts
- Mining — the proof-of-work process that selfish mining exploits
- 51% Attack — a related but more powerful attack requiring majority hash rate
- Orphan Block — blocks abandoned when the network adopts a competing chain
- Block Propagation — faster propagation reduces selfish mining viability
- Mining Pool — large pools could theoretically execute selfish mining
- Compact Block Relay — a defense that reduces block propagation time