But ask a Bitcoin supporter, and they will probably tell the exact opposite. So, which one is it?
This article looks at:
Why Bitcoin's security model may be broken and why that matters.
How Bitcoin's security works.
The problem of Bitcoin security.
Motives for attacking the Bitcoin network.
How a potential attack could happen.
Risk factors for the Bitcoin network.
How to defend Bitcoin's security.
The Bitcoin transaction fee market.
A wildcard: merged mining.
*record scratch and freeze frame* Wait, but what does a security model of Bitcoin even mean?
The Bitcoin security model is a combination of factors that keeps the Bitcoin network functional and decentralized. It combines the power of proof-of-work (expensive!) with protocol incentives so that it is difficult to achieve a monopoly control of Bitcoin!
Join us in showcasing the cryptocurrency revolution, one newsletter at a time. Subscribe now to get daily news and market updates right to your inbox, along with our millions of other subscribers (that’s right, millions love us!) — what are you waiting for?
Why Bitcoin's Security Model May Be Broken and Why That Matters
Bitcoin's security is derived from the cost of attacking the network. The higher the cost, the more secure the network. We can calculate the cost of attacking the network by looking at the revenue that miners receive from validating new blocks. This miner revenue is commonly used as a proxy for the “Bitcoin security budget.”
So, where's the problem?
Currently, 99% of miner revenue comes from the block reward (also known as block subsidies). Only 1% comes from transaction fees. In the next section, we look at why this ratio is so lopsided. This is a problem, because the block reward is halved every four years. This is Bitcoin's famous halving and the reason why its inflation tends to zero until all coins have been mined. But this also means that the security budget will soon have to come from transaction fees alone, although that is estimated to be sometime in 2140.
Remember, miner revenue is a proxy for the security budget. If miners do not receive revenue from the block reward, it must come from transaction fees.
So, what if the security budget does not increase?
We will dive deeper into what a sufficient security budget is and why we need it. But the short answer is that Bitcoin may become a victim of the Turkey Fallacy. With a security budget that is too low, the incentives for an attack increase — the network works flawlessly until it doesn't.
Time for a quick refresher on how we know that transactions are secure.
How Bitcoin Security Works
When you send a transaction over the Bitcoin network, that transaction is included in a block. Each block can include several transactions up until a certain limit called the block size. Some chains have bigger block sizes (like BCH), some smaller ones (like BTC). Blockchain transactions are immutable, and in the Bitcoin network, miners validate transactions. They do so by producing blocks.
A block is valid when the miner has performed the famous proof-of-work mechanism. In plain English, miners perform a bunch of complex computations that require a lot of computing power. These computations are performed with specific hardware called ASICs. The more computing power a miner has, the more likely they are to win the block reward. In other words, it pays to spend more money on ASICs. That improves a miner's chances of making money.
The conclusion: miner income comes from the block reward (and transaction fees). Miner expenditure is electricity costs and the cost of hardware.
The key incentive structure to know about miner behavior is:
Miners have the incentive to stay honest as long as their income exceeds their expenditure.
In other words, yes, cheating is possible. But the network is set up in such a way that no rational actor would want to cheat.
But what if?
For example, what if expenditures exceed income?
This is known as miner capitulation. There is a high upfront cost to mining. If miners create new bitcoins at a loss, they start selling their Bitcoin inventory to cover costs. Some may capitulate and close their farms by selling their hardware to other mining farms with lower variable costs. Hasu estimates that miners have to put up one entire year of block rewards to mine BTC for two years. In other words, if you decide to get into the mining business tomorrow, you will mine for one entire year to cover the cost of hardware first.
Therefore, miners have the incentive to mine honestly. They do not want to kill their cash cow.
Ok, but if someone wanted to cheat, could they do it?
Yes. That is called a 51% attack. If you control a majority of the computing power used to validate new blocks (the hash rate), you can refuse to add blocks from other miners. You can also engage in a double-spend attack. The Nakamoto Consensus postulates that the longest chain is the true chain. Therefore, a miner with the majority of the hash rate is in control of the network.
Of course, an attack would destroy the chain's value proposition. The price of Bitcoin would crash in case of a double-spend attack. The attacker would have to gain in monetary or other value for an attack to be worthwhile.
Let's see how that could happen…
Motives for Attacking the Bitcoin Network
For the sake of this example, we assume that an attacker would engage in the most devastating form of attack: double-spending coins. There are two possible motivations for attacking the network:
Both attackers have to take into account the same variables to calculate the expected value of an attack:
A probabilistic estimation of the price after the attack (to sell the double-spent coins).
The amount of coins gained in the attack.
The cost of acquiring the necessary hardware and operating costs for electricity.
The probability of other network participants defending against the attack through various ways, like switching to a different hashing algorithm or suspending the consensus mechanism.
Keep in mind that a sabotage attack is less concerned with the post-attack price or possible defense mechanisms. For such an attacker, a price crash is a feature, not a bug. They are not looking to attack in order to double-spend coins but to disrupt and destroy the network’s credibility and functionality.
Possible defense mechanisms — even if they're successful — could undermine the network's legitimacy. For example, switching to a social consensus to “save Bitcoin” would reveal that proof-of-work wasn’t the actual security backstop. In that case, it would have been a social consensus (like OGs agreeing on the true chain) that secured Bitcoin all along.
However, there is currently no incentive for an economic attack. The primary defense against this form is the spread between the expected value of honest mining and attack mining. If miners expect the long-term value of honest mining to be bigger than that of attack mining, the network works as designed.
However, with miner rewards getting halved every four years, transaction fees have to make up the difference. This is the crux — this has not been happening. Thus, if this trend continues, the spread between the EV of honest mining and attack mining shrinks.
Still, how could an attack on Bitcoin be pulled off?
How To Theoretically Attack the Bitcoin Network
Joe Kelly laid out the blueprint for attacking Bitcoin in his excellent three-part series called "How to Kill Bitcoin."
In essence, only state actors have the means and motivations to attack the network. A state's cost/benefit analysis is driven by more than just economic gain. Kelly argues that if a state wants to attack Bitcoin, there's little defense against it.
For one, a state would first block entry points to the network by banning exchanges, effectively “'canceling” Bitcoin and shunning interaction with it. The next step could be to seize mining equipment and announce that the state will do “whatever it takes” to acquire a hash rate majority. This state-sponsored FUD would probably cause a price crash and lower the cost of an attack.
Since a state is not concerned with economic profit, even increasing its hash rate at a small loss is a viable strategy. Once a hash majority is acquired, the state can overtly or covertly start censoring transactions or outright sabotage the network with double-spend attacks.
This process would be neither quick nor cheap. However, Kelly argues that this is not the point. If the perceived political gain of “banning Bitcoin” for whatever reason is deemed worth the cost, a state can essentially field unlimited resources to engage in such an attack.
Still, the cost of such an attack would be prohibitive for all but a handful of state actors.
Risk Factors for the Bitcoin Network
Well, that's a bummer. Seems like if they wanted to kill Bitcoin, they could.
For now, the attack surfaceislow. The BTC-based economy is tiny compared to other financial markets, and many addresses can be traced back to KYC'd accounts. Furthermore, capital markets do not have a lot of liquidity to short a possible attack and hedge a price drop.
However, Kelly argues that the attack surface will increase if Bitcoin continues to develop as envisioned: more privacy features, deeper derivatives markets and a bigger Bitcoin-based economy. A consistently increasing hash rate has no effect on Bitcoin's security. Newer hardware can compute more hashes, but an attacker would only be concerned with the potential cost. New mining hardware produces more hashes per dollar spent.
For now, Bitcoin's biggest asset is its irrelevance. It is simply not big or dangerous enough to merit an attack. At the same time, the cost is too high for rational actors. But if a country was significantly exposed to the network — either because Bitcoin mining has become a relevant factor of its energy policy or because it has, for some reason, acquired a significant chunk of coins — the incentives for other states to disrupt the network increase.
Is there any way to defend the network?
How To Defend Bitcoin's Security
Bitcoin suffers from its own security trilemma. There can only be two out of the following three:
Bitcoin can introduce a perpetual inflation rate that would continue the block reward. Alternatively, the network could force users to spend old coins or devalue them through something called demurrage. But that would make it less scarce.
Or the network can become less liquid: if the demand for transactions does not pick up and higher transaction fees do not materialize, there will be less incentive to pay fees. A tragedy of the commons would be the result, where users would have to wait longer for confirmations and/or send smaller transactions not to increase the incentive to reverse them.
Alternatively, (and most probably), Bitcoin will have to become less decentralized. This will lead to miner cartels developing (de facto already a thing) and more custodial trading and off-chain settlements to avoid transaction fees.
However, some changes to the Bitcoin protocol are not socially acceptable. As Hasu researched, decentralized systems do not have an identity and thus rely on a subjective consensus around core values. For Bitcoin, that is resistance to change. In his surveys, intermediation and deliberate inflation were rated highly unacceptable by Bitcoiners. For the same reason, a solution like adaptive block size would also be likely rejected by the community.
But how can we defend the Bitcoin network in that case?
In the case of attacks, several solutions have been proposed. One would be changing the hashing algorithm. However, honest miners would be the collateral damage. For this to make sense, hashing with ASICs would have to become a thing of the past. Even then, it would not prevent an attacker from trying again.
A better solution would be a social consensus as to which chain is the “true chain.” However, Kelly points out that this political solution would render the entire existence of proof-of-work moot — if the true defense of the network is not proof-of-work but a social consensus, why do we have proof-of-work to begin with? Although it does serve as a “deterrence,” it's questionable whether the costs would justify the ends.
Finally, a hypothetical hash war between states would de facto back the network by state power. This could happen directly or indirectly with, say, states using Bitcoin mining to monetize non-rivalrous energy sources. Still, as we pointed out earlier, this could also increase the incentive for an attack by hostile states. Say the U.S. used Bitcoin on a large scale to mine with flare gas, China and Russia may become a lot more interested in attacking the network. Thus, one-sided dependency on the network could also be a strategic weakness.
The best-case scenario: massive bottom-up adoption of the network, with Bitcoin becoming so entrenched that the cost of attacking the network would incur such massive economic collateral damage to make it undesirable. At the same time, the state would be incentivized to help defend the network from potential outside attackers.
There is only one way this can happen: more transactions need to be settled on Bitcoin.
Let's see if that's happening…
The Bitcoin Transaction Fee Market
Unfortunately, Data Always paints a fairly bleak picture of the state of the BTC transaction fees market.
For one, price capitulation led to miner capitulation. Miners remaining in the game are those with:
Extremely cheap energy contracts
New and more efficient mining machines
Good access to capital markets or good treasury management
Grid balancing applications
Flare mining applications
Retail miners are only profitable in highly specialized cases. That confirms what we already suspected: mining tends by design to become more centralized. That is because only the most recent generation of ASICs have significant profit margins:
Remember, this data is from June 2022. Things are likely even bleaker now as the bear market drags on. Centralized mining also makes regulation of the business easier, but you have probably already heard enough bad news.
The biggest problem with transaction fees is that they are pro-cyclical. Fees rose during the 2021 bull market, but have been mostly flat since:
Even more worryingly, the revenue share of fees is back to 2018 levels:
The latest data shows that demand for Bitcoin blockspace peaked only during liquidation events but saw no clear uptrend in 2022:
That means that in four years, there has been virtually no growth in the demand for Bitcoin transactions. That is not what the models promised us. During the last bull run, fee revenue was predicted to equal block reward revenue in the next (the 2021) bull run and subsequently exceed it. Well, see for yourself...
In other words, the ratio of transaction fees to block reward revenue hasn't been this low in more than a decade.
Where is this problem coming from?
A big reason is most likely Bitcoin's value proposition. Bitcoin has over the years firmly moved into the “store of value” corner. However, being a store of value means that coin velocity is low — you won't spend your Bitcoins if you believe they preserve your wealth.
There is really no way around this fact: Bitcoin needs to become a medium of exchange to have a sustainable security model. If we assume that the community does not want any significant changes to the protocol, that is the only solution.
This will inevitably lead to a degree of centralization. Even though the Lightning Network also allows for non-custodial transfers, some people will prefer custodial transfers. The Bitcoin community is well-advised to embrace this. Luckily, at least the Lightning Network is growing, albeit from a tiny base:
Even though 5,100 BTC public capacity on Lightning is the proverbial fart in the wind compared to wrapped Bitcoin on Ethereum, it is all utility-based liquidity. Adoption of the Lightning Network will likely be the key to a sustainable security model for Bitcoin. However, the Lightning Network also has major shortcomings. For example, it would take 128 years to onboard the entire planet to non-custodial Lightning wallets. That is to say that even with the Lightning Network in full-adoption mode, some centralization will be inevitable.
Is Merged Mining a Wildcard Solution?
But maybe there is another solution that can at least support faster bottom-up adoption. Bitcoiner researcher Paul Sztorc suggests merged mining in his own two-part deep dive into the Bitcoin security budget. Merged mining is simply mining another cryptocurrency with the same algorithm at the same time. In practice, these would be sidechains of Bitcoin that run on the same SHA-256 algorithm and leverage the security of the Bitcoin blockchain.
Mining these side chains would increase miners' revenues and de facto increase the block size. Sztorc refutes the claim that merged mining is prone to centralization and inherently not secure enough. He contends that mining is already significantly centralized and that centralization through specialization is not a security risk as long as the decentralization of nodes is guaranteed.
Merged mining would de facto be a scaling solution that allows paying miners fees without diluting the Bitcoin supply. However, there would still need to be demand for the blockspace any sidechain offers to make economic sense. Therefore, merged mining can be a complementary solution but does not solve the adoption problem.
Phew! This was quite a ride, wasn't it? Let's recap:
Bitcoin's security depends on its security budget. Now, the budget is all block rewards but soon, it will have to come from transaction fees.
There is currently no economic incentive to attack the network. Only the most powerful states would even have the means to do it.
If Bitcoin becomes more widely adopted in the future, it also becomes more interesting to attackers. Having a sustainable security model is key.
There are several solutions to this, but more bottom-up adoption of BTC as a medium of exchange is probably the most sustainable and realistic one.
Currently, there is no growth in demand for BTC transactions. A spike in demand was a temporary bull market factor.
Adoption of the Lightning Network looks to be the key to the solution, and the network is growing quickly from a tiny base.
Merged mining can supplement miner revenues as long as there is demand for the blockspace on sidechains.
To conclude, Bitcoin's security model is unsustainable as it stands today. In other words, Bitcoin with 2022 adoption rates and lower block rewards will be much more vulnerable to an attack two halvings from now. Luckily, the community still has time to figure things out.
Given how conservative Bitcoiners are, big protocol changes look out of the question. Increasing the “medium of exchange” value proposition via Lightning does not contradict having Bitcoin as a store of value and should be embraced by the community. However, Lightning will have to keep growing exponentially to make up for the currently poor numbers.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.