The top two mining pools have a combined hashrate exceeding 51%. Will Bitcoin be vulnerable to a double-spending attack?

Recent discussions about the top two Bitcoin mining pools (Foundry USA and AntPool) collectively exceeding 51% of the network's hashrate have raised concerns about potential double-spending attacks. However, experts argue that such fears are largely unfounded and based on a misunderstanding of how mining pools operate.

The combined hashrate of multiple pools does not equate to a single entity controlling 51%, making coordinated attacks highly improbable.
Miners are economically incentivized to avoid overly dominant pools to maintain network security and decentralization, often redistributing their hashrate to mitigate risk.
Bitcoin's Proof-of-Work (POW) consensus is reinforced by a delicate balance of computational power, economic incentives, and game theory, making it resilient against short-term attacks.
The article contrasts Bitcoin's security with that of Monero, which recently suffered a 51% attack by Qubic. Qubic utilized a "selfish mining" strategy, briefly creating a private chain to invalidate honest miners' blocks without initially controlling a majority of hashrate.
A more insidious, long-term threat is identified: the potential for "parasitic" attacks where AI companies (like Qubic) could gradually bribe miners to disrupt networks (e.g., by mining empty blocks), eventually driving miners away and increasing their control. This is made possible because AI training provides an alternative revenue stream for computational power, undermining the traditional economic model of pure mining.

Thanks for the insightful comments, I learned a lot. I really found that this matter can be big or small, and insiders see the doorway while outsiders see the excitement. I would like to add a few more points:

1) I saw an overseas influencer using this incident to criticize Bitcoin. The reasoning was that the current mining pool hashrate share, with the top two mining pools, Foundry USA (33.6%) and AntPool (17.9%), already exceeding 51%, led them to draw the crude conclusion that if the two mining pools were to act in collusion, Bitcoin would be doomed. This is a typical example of an outsider blindly observing the incident because they overlooked two key points:

1. Two mining pools holding 51% of the market share and one mining pool holding more than 51% of the market share are two completely different things.

2. The computing power of a mining pool does not mean that it can completely buy out the computing power of miners. When the computing power of a single mining pool is too high, miners will usually choose to reduce computing power to avoid risks.

Therefore, Satoshi Nakamoto's POW consensus has reached a delicate balance by integrating factors such as computing power, economy, and interest games. There is almost no possibility of it being broken in the short term, so those who are using this incident to Fud BTC should just stop.

2) I agree with Professor Zhang Ren that Monero ’s problems are not equivalent to POW’s problems. Even if POW has security risks under extreme conditions, it does not mean that POS is the optimal solution.

In fact, the problem of POW is that ASIC is the best solution as a moat, avoiding the pitfalls of general CPU/GPU mining. Even for a chain with pure CPU/GUP mining, there are various challenges in trying to attack it by using a disclosed method of bribing miners. For example, exchanges increasing the number of confirmations, miners adding checkpoints, etc. can reduce the probability of being attacked.

You see, when discussing POW, the focus is on POW itself. When comparing across consensuses, there will be misunderstandings. In fact, there are security risks when going beyond the consensus boundaries. Of course, the ways of countering them are also different, and we cannot favor one over the other.

3) I saw that Professor 0xTodd forwarded my post, discussing the concept of "selfish mining." Simply put, after a miner mines a block, they should broadcast it immediately. However, selfish miners secretly hide the block, forming a "private chain." When the honest miner announces a new block, the selfish miner suddenly releases their hidden, longer chain, rendering all the honest miner's work in vain.

This is a rather rogue approach, and it's also the primary attack vector used by Qubic. In reality, its hashrate doesn't actually reach 51%, perhaps controlling around 30%. This allows for a brief, theoretical "double-spend attack." This is because 30% of miners selfishly mine, forming a shadow chain. When honest miners mine new blocks, Qubic suddenly releases its hidden, longer chain, invalidating a large number of genuine miners' blocks. This could theoretically undermine over 51% of the hashrate. Furthermore, if the mining pools controlled by Qubic are widely distributed, they can exploit factors like network latency to further reduce the proportion of hashrate, still achieving the same control over the entire network's hashrate.

Therefore, Qubic 's attack was highly accidental and covert, which means that once this method is made public, the threshold for repeating the same trick will be much higher.

4) But I discussed with security expert n33k the possibility that Qubic will not repeat its old tricks, but will use a "boiling frog in warm water" attack to further bribe miners to increase the size of their mining pools, and then let some miners deliberately mine empty blocks to create chaos for the normal operation of the Monero network.

If this continues, more and more Monero miners will flee, as their profits decrease and their experience becomes awful. This will gradually increase the amount of computing power controlled by Qubic, until it exceeds 50%, and then it will be game over for everyone. This type of slow attack is actually quite terrifying.

While there's no reason to believe Qubic would need to do this, this kind of "parasitic" attack is a real possibility. Initially, Qubic doesn't need to worry about some miners mining empty blocks on Monero; they still receive $XMR rewards and can train their AI. However, if Monero goes out of business and profitability declines, they could potentially attack other chains like Grin and Beam. Throughout this process, Qubic can maintain its core AI training strategy, making the logic sound.

Because when the demand for AI computing power grows exponentially, and when mining is no longer the only destination for computing power, the rules of the game itself have changed. The original cost of attacking the network was "purely burning money", but now there is an "extra sponsor" of AI training to pay the bill - the cost of attack is hedged by the benefits of AI.

This is the biggest concern I raised in that article: AI demand is undermining the fundamental assumption of general-purpose CPU/GPU proof-of-work mining—that miners rely on mining profits and therefore maintain the network. This assumption breaks down when computing power finds more profitable uses. While this process will be slow, it's always possible.